maint(pam/integration-tests): Run all the tests with a shared authd when possible #593
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #593 +/- ##
==========================================
- Coverage 83.28% 83.23% -0.06%
==========================================
Files 80 80
Lines 8617 8630 +13
Branches 75 75
==========================================
+ Hits 7177 7183 +6
- Misses 1112 1118 +6
- Partials 328 329 +1 ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
2 times, most recently
from
0f3f9c6
to
4bd8ec9
Compare
We can then expose these cleanly
Use const variables to build expected example broker user names so that we can be more reliable when testing them
…er names This is valid for the standard case, while on specific cases we still rely on manual names
So we can run a shared authd for everything
… tests So that we won't clash with other test in the suite
…l tests So we can run a shared authd for everything
We removed the temporary dir on test cleanup but we may want to keep the lifecycle of the daemon bound to the daemon itself instead
The user name now has only to contain the pre-check value prefix while we don't care about its location to allow more combination of cases (such as pre-check MFA users).
… daemon The daemon is ref-counted in order to decide when killing it, so that multiple tests can share the same daemon if they want to
…nces It can be useful for debugging purposes
In case of issues it allows easier debugging
3v1n0
force-pushed
the
pam-tests-shared-authd
branch
from
4bd8ec9
to
1493b08
Compare
There was a problem hiding this comment.
I'm not going to lie, I'm a bit worried... I like the idea of using a single instance as much as possible, but it will be handling an insane amount of requests (which is not a real use case [how many users do we expect to authenticate in the "same" moment?]).
This feels like it would be a pain to debug and fix if it starts going wrong, no? I'm just wondering if we might not be shooting ourselves in the foot here...
@adombeck, @didrocks any opinions regarding the above?
Despite the rambling: changes look good to me but a comment about naming, easy to fix.
| gPasswd string | ||
| groups string |
There was a problem hiding this comment.
These are a bit vague... Do you mind updating them to indicate better what they mean or add a comment for them?
|
Indeed it's not meant to respect a real scenario, but experience taught me that the more we stress a system, the more potential issues can arise. So, in case we can also make this opt-in and just happen in the race job though. |
|
I agree that as we don’t have a context ID, this could make things difficult. How hard would it be to only run in this mode if we are in race mode? |
Run by default all the tests using an unique instance of authd daemon running so that we can test better that all the codepaths work well with lots of concurrency.
Leaving this as a draft for now because it has dependencies on some commits of #583UDENG-5377