maint(pam/integration-tests): Run all the tests with a shared authd in race mode #593
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #593 +/- ##
==========================================
- Coverage 83.43% 83.13% -0.31%
==========================================
Files 83 96 +13
Lines 8689 9630 +941
Branches 74 74
==========================================
+ Hits 7250 8006 +756
- Misses 1111 1241 +130
- Partials 328 383 +55 ☔ View full report in Codecov by Sentry. |
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
3 times, most recently
from
4bd8ec9 to
1493b08
Compare
There was a problem hiding this comment.
I'm not going to lie, I'm a bit worried... I like the idea of using a single instance as much as possible, but it will be handling an insane amount of requests (which is not a real use case [how many users do we expect to authenticate in the "same" moment?]).
This feels like it would be a pain to debug and fix if it starts going wrong, no? I'm just wondering if we might not be shooting ourselves in the foot here...
@adombeck, @didrocks any opinions regarding the above?
Despite the rambling: changes look good to me but a comment about naming, easy to fix.
| gPasswd string | ||
| groups string |
There was a problem hiding this comment.
These are a bit vague... Do you mind updating them to indicate better what they mean or add a comment for them?
There was a problem hiding this comment.
Changed the naming, let me know if it's better.
|
Indeed it's not meant to respect a real scenario, but experience taught me that the more we stress a system, the more potential issues can arise. So, in case we can also make this opt-in and just happen in the race job though. |
|
I agree that as we don’t have a context ID, this could make things difficult. How hard would it be to only run in this mode if we are in race mode? |
Not much, it's just about inverting the logic, so it should be doable. |
|
Blocked by #661 for now, let's wait to reconsider |
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
5 times, most recently
from
1cc9930 to
5265441
Compare
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
from
5265441 to
efe85f9
Compare
This is now handled via efe85f9 |
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
from
efe85f9 to
e02ae0d
Compare
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
from
f176f2c to
3a62dcf
Compare
adombeck
force-pushed
the
pam-tests-shared-authd
branch
from
3a62dcf to
ed3bc22
Compare
3v1n0
changed the title
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
2 times, most recently
from
8c108d7 to
dc00dfe
Compare
Use const variables to build expected example broker user names so that we can be more reliable when testing them
…er names This is valid for the standard case, while on specific cases we still rely on manual names
This includes very long user names or prompt values
So we can run a shared authd for everything
… tests So that we won't clash with other test in the suite
…l tests So we can run a shared authd for everything
We removed the temporary dir on test cleanup but we may want to keep the lifecycle of the daemon bound to the daemon itself instead
The user name now has only to contain the pre-check value prefix while we don't care about its location to allow more combination of cases (such as pre-check MFA users).
… daemon The daemon is ref-counted in order to decide when killing it, so that multiple tests can share the same daemon if they want to
…nces It can be useful for debugging purposes
In case of issues it allows easier debugging
…by default In case, the env variable AUTHD_TESTS_USE_SHARED_AUTHD_INSTANCES can be set to force it even in non-race test runs
adombeck
force-pushed
the
pam-tests-shared-authd
branch
from
dc00dfe to
b8e50b5
Compare
Sure thing, I had done it last night too (see), since that was the initial version of the fix that then I decided to improve in 6c1bf10 |
| @@ -512,7 +512,7 @@ func qrcodeData(sessionInfo *sessionInfo) (content string, code string) { | |||
| "https://www.ubuntu-it.org/", | |||
| } | |||
|
|
|||
| if strings.HasPrefix(sessionInfo.username, "user-integration-qrcode-static") { | |||
| if strings.HasPrefix(sessionInfo.username, UserIntegrationQrcodeStaticPrefix) { | |||
There was a problem hiding this comment.
-UserIntegrationQrcodeStaticPrefix
+UserIntegrationQRcodeStaticPrefix
| if info.sessionMode == auth.SessionModePasswd { | ||
| info.neededAuthSteps++ | ||
| info.pwdChange = mustReset | ||
| } | ||
|
|
There was a problem hiding this comment.
examplebroker: Fix support for integration tests users in passwd mode
It would be nice if you could explain in the commit message what was broken and why this change fixes it.
| @@ -225,6 +225,7 @@ func (b Broker) cancelIsAuthenticated(ctx context.Context, sessionID string) { | |||
|
|
|||
| // UserPreCheck calls the broker corresponding method. | |||
| func (b Broker) UserPreCheck(ctx context.Context, username string) (userinfo string, err error) { | |||
| log.Debugf(context.TODO(), "Pre-Checking user %q", username) | |||
There was a problem hiding this comment.
-Pre-Checking
+Pre-checking
| sharedAuthdInstance = authdInstance{} | ||
| ) | ||
|
|
||
| func runAuthdForTesting(t *testing.T, gpasswdOutput, groupsFile string, currentUserAsRoot bool, args ...testutils.DaemonOption) (string, func(), func()) { |
There was a problem hiding this comment.
It's not clear from the function signature what the return values are for, so I would prefer to use named return values here.
| sharedInstance := testutils.IsRace() | ||
| if s, err := strconv.ParseBool(os.Getenv("AUTHD_TESTS_USE_SHARED_AUTHD_INSTANCES")); err == nil { | ||
| sharedInstance = s | ||
| } | ||
|
|
||
| if !sharedInstance { |
There was a problem hiding this comment.
| sharedInstance := testutils.IsRace() | |
| if s, err := strconv.ParseBool(os.Getenv("AUTHD_TESTS_USE_SHARED_AUTHD_INSTANCES")); err == nil { | |
| sharedInstance = s | |
| } | |
| if !sharedInstance { | |
| useSharedInstance := testutils.IsRace() | |
| if b, err := strconv.ParseBool(os.Getenv("AUTHD_TESTS_USE_SHARED_AUTHD_INSTANCES")); err == nil { | |
| useSharedInstance = b | |
| } | |
| if !useSharedInstance { |
Run by default all the tests using an unique instance of authd daemon running so that we can test better that all the codepaths work well with lots of concurrency.
Leaving this as a draft for now because it has dependencies on some commits of #583UDENG-5377