tests: migrate passkey tests from umockdev to vfido#8510
tests: migrate passkey tests from umockdev to vfido#8510ikerexxe wants to merge 23 commits intoSSSD:masterfrom
Conversation
Transform `test_passkey__register_sssctl()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__register_ipa()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_user()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_user_with_failed_pin()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_user_with_incorrect_mapping()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_user_when_server_is_not_resolvable()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_user_when_offline()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__lookup_user_from_cache()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_user_with_multiple_keys()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_user_same_key_for_other_users()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
…y_only()` Transform `test_passkey__check_passkey_mapping_token_as_ssh_key_only()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
…ping()` Transform `test_passkey__su_user_when_add_with_ssh_key_and_mapping()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_fips_fido_key()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__check_tgt()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__ipa_server_offline()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_with_12_mappings()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_no_pin_set()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__prompt_options()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Transform `test_passkey__su_fallback_to_password()` to use vfido instead of umockdev Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Now that passkey tests are using vfido this fixture was unnecessary Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
Using this commit for testing purposes Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
This PR depends on SSSD/sssd-ci-containers#167 and SSSD/sssd-test-framework#237 |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request successfully migrates the passkey system tests from umockdev to the more dynamic vfido framework. This is a significant improvement, making the tests more robust and self-contained by removing a large number of static test data files. However, there are two critical points to address before merging. The requirements.txt file has been updated to point to a personal fork, which must be reverted to an official repository. Additionally, a test case for FIPS-compliant keys appears to have lost its FIPS-specific validation, which could be a regression in test coverage.
| git+https://github.com/next-actions/pytest-tier | ||
| git+https://github.com/next-actions/pytest-output | ||
| git+https://github.com/SSSD/sssd-test-framework | ||
| git+https://github.com/ikerexxe/sssd-test-framework@test-passkey-vfido |
There was a problem hiding this comment.
The sssd-test-framework dependency points to a personal fork (ikerexxe/sssd-test-framework). For merging, this should be changed to point to the official repository. Please ensure the necessary changes from the test-passkey-vfido branch are merged into the official sssd-test-framework repository and update this dependency accordingly.
| @pytest.mark.builtwith(client=["passkey", "umockdev"], provider="passkey") | ||
| def test_passkey__su_fips_fido_key(client: Client, provider: GenericProvider, moduledatadir: str, testdatadir: str): | ||
| @pytest.mark.builtwith(client=["passkey", "vfido"], provider="passkey") | ||
| def test_passkey__su_fips_fido_key(client: Client, provider: GenericProvider): |
There was a problem hiding this comment.
This test was previously named test_passkey__su_fips_fido_key and used umockdev recordings created on a FIPS-enabled host with a FIPS FIDO key. The new implementation uses the standard vfido setup without any specific FIPS configuration. This might result in a loss of test coverage for FIPS-specific scenarios. Please verify if vfido is configured to simulate a FIPS-compliant key, or update the test to reflect that it's no longer FIPS-specific. If vfido supports FIPS simulation, it should be enabled for this test.
1 participant
Migrate all passkey system tests from
umockdevbased hardware mocking tovfidovirtual FIDO2 device. The change involves converting around 20 passkey test cases to use the newvfidoapproach, removing approximately 100umockdevrecording files that are no longer needed and updating the test infrastructure to work with virtual FIDO2 devices. Additionally, unused passkey fixtures and references have been cleaned up.