maint(pam/integration-tests): Run all the tests with a shared authd when possible #593
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We were running a new authd instance for each gdm test, but this is not needed anymore as we're using unique user names (since commit 7a77d33), so let's just add more concurrency to the game, ensuring that authd is still behaving well when multiple requests are happening concurrently with gdm too
So that we can avoid troubles when running the tests in parallel
We were running multiple instances of authd daemon for each test that in order to make some specific cases to be tested. However this is unneeded for the great majority of the test cases and it doesn't allow us to test the daemon concurrency properly. So, just run a specific daemon if the test case requires it, and so in just in case we need to do root-checks or to ensure that the local groups are updated. The only downside of this is that if a test generates a gpasswd file we are going to fail also in other tests that are not affected by the issue but that's still something that can be easily debugged checking the logs or temporary enabling the single-authd instance to be used all the times
This is what the great majority of PAM-based tools do, so also with the experience of CVE-2024-9313 it's just better to test this case by default while keeping the cases where the user selection is happening as the special ones. Doing this for the native model authentication only for now, since this allows to share most of the tapes with SSH test cases, but that's something we should do also for CLI tests and passwd cases
So we can run a shared authd for everything
… tests So that we won't clash with other test in the suite
We removed the temporary dir on test cleanup but we may want to keep the lifecycle of the daemon bound to the daemon itself instead
… daemon The daemon is ref-counted in order to decide when killing it, so that multiple tests can share the same daemon if they want to
…l tests So we can run a shared authd for everything
…nces It can be useful for debugging purposes
In case of issues it allows easier debugging
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #593 +/- ##
==========================================
- Coverage 83.38% 83.36% -0.03%
==========================================
Files 80 80
Lines 7013 7028 +15
Branches 75 75
==========================================
+ Hits 5848 5859 +11
- Misses 829 832 +3
- Partials 336 337 +1 ☔ View full report in Codecov by Sentry. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Run by default all the tests using an unique instance of authd daemon running so that we can test better that all the codepaths work well with lots of concurrency.
Leaving this as a draft for now because it has dependencies on some commits of #583