On 08/20/2015 12:38 AM, Jakub Hrozek wrote:
as we're stabilizing the 1.13 branch and before we plan what we
want to
work on during the 1.14 development, we should use that time to write
some more tests!
Here are some areas where we could add tests. Please discuss or add your
ideas, I would like to turn this list into tickets we can start
implementing:
* Extend the LDAP provider tests with more dynamic test cases.
- add a user to a group, run sss_cache, assert id user displays the
new group and getent group displays the new member
- conversely with removing users from groups
There are some more basic tests which can be implemented, on my original
design page:
https://fedorahosted.org/sssd/wiki/DesignDocs/CwrapLDAP
I can help with this.
* Background refresh
- could be built atop the LDAP NSS tests as well. I think we have
all the infrastructure in place.
Caching/refreshing tests would be a very useful thing, I agree. We'd have to
be careful with timing, though, so they're robust enough under load on our CI
setup.
* Local overrides integration test:
- this could be relatively easy, just call the overrides tool and
request the entry. Could be built atop the existing LDAP tests
or even use the local provider.
I can help with this.
* Add a KDC
- until we have a pam_wrapper, this would only be useful to test
ldap_child, but adding the KDC instantiation might be worth it
nonetheless
- there is a protorype of KDC instantiation on the list for some
time now, since we enabled rootless SSSD
I can try helping with this.
* IFP - could we reuse the existing sbus tests to spawn a custom
bus?
* SUDO - can we trick sudo into connecting to our test sssd instance?
This is interesting. Wouldn't we have to have some sort of nss_wrapper here
too, as we can't write to /etc/nsswitch.conf? Would sudo be fine with
uid_wrapper? I wrote a ton of sudo tests in QE, so I can at least help with
the test plan.
Overall, I think I will be able to spare about two weeks after our autumn
get-together to help with writing integration tests, maybe more later.
Otherwise I'll need to work on session recording before that, so I have
something to demo and talk about.
I think the order of priority is roughly as above. I think the LDAP
provider is critical enough to be well tested. The refresh and local
override tests might be nice to have because we would be refactoring the
NSS responder in 1.14, so we should have it tested.
I'll be happy to hear other opionions, though!
Thanks for bringing this up Jakub!
Personally, I'm always glad to see more integration tests upstream.
Nick