On Fri, Aug 21, 2015 at 04:24:13PM +0300, Nikolai Kondrashov wrote:
On 08/20/2015 12:38 AM, Jakub Hrozek wrote:
>as we're stabilizing the 1.13 branch and before we plan what we want to
>work on during the 1.14 development, we should use that time to write
>some more tests!
>
>Here are some areas where we could add tests. Please discuss or add your
>ideas, I would like to turn this list into tickets we can start
>implementing:
>
>* Extend the LDAP provider tests with more dynamic test cases.
> - add a user to a group, run sss_cache, assert id user displays the
> new group and getent group displays the new member
> - conversely with removing users from groups
There are some more basic tests which can be implemented, on my original
design page:
https://fedorahosted.org/sssd/wiki/DesignDocs/CwrapLDAP
I can help with this.
Thank you very much for the help offer. I know you're also involved in
some other projects -- do you think you'll have time for these in the
near future? No is a perfectly acceptable answer, I'm mostly trying to
find out the priorities and split the work..
>* Background refresh
> - could be built atop the LDAP NSS tests as well. I think we have
> all the infrastructure in place.
Caching/refreshing tests would be a very useful thing, I agree. We'd have to
be careful with timing, though, so they're robust enough under load on our CI
setup.
>* Local overrides integration test:
> - this could be relatively easy, just call the overrides tool and
> request the entry. Could be built atop the existing LDAP tests
> or even use the local provider.
I can help with this.
>* Add a KDC
> - until we have a pam_wrapper, this would only be useful to test
> ldap_child, but adding the KDC instantiation might be worth it
> nonetheless
> - there is a protorype of KDC instantiation on the list for some
> time now, since we enabled rootless SSSD
I can try helping with this.
>* IFP - could we reuse the existing sbus tests to spawn a custom bus?
>* SUDO - can we trick sudo into connecting to our test sssd instance?
This is interesting. Wouldn't we have to have some sort of nss_wrapper here
too, as we can't write to /etc/nsswitch.conf? Would sudo be fine with
uid_wrapper? I wrote a ton of sudo tests in QE, so I can at least help with
the test plan.
Overall, I think I will be able to spare about two weeks after our autumn
get-together to help with writing integration tests, maybe more later.
Otherwise I'll need to work on session recording before that, so I have
something to demo and talk about.
>I think the order of priority is roughly as above. I think the LDAP
>provider is critical enough to be well tested. The refresh and local
>override tests might be nice to have because we would be refactoring the
>NSS responder in 1.14, so we should have it tested.
>
>I'll be happy to hear other opionions, though!
Thanks for bringing this up Jakub!
Personally, I'm always glad to see more integration tests upstream.
Nick