test: authentication, adding generic password policy tests #7728
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
danlavu
commented
Nov 30, 2024
•
danlavu
commented
- depends on roles, adding default domain password policy management sssd-test-framework#139
- added generic password change tests
- removed generic password change tests in test_ldap and made them only ppolicy tests, since generic now covers ldap
- renamed test_ldap names.
- updated assertions, client.auth.ssh.password_with_output, now returns a different value because of the mentioned pull request
danlavu
added
Tests
branch: sssd-2-9
branch: sssd-2-10
branch: sssd-2-9-4
danlavu
force-pushed
the
tests-authentication-password-changes
branch
3 times, most recently
from
bfc5ed5 to
aea7f4e
Compare
spoore1
requested changes
Feb 5, 2025
danlavu
force-pushed
the
tests-authentication-password-changes
branch
from
aea7f4e to
1242992
Compare
danlavu
force-pushed
the
tests-authentication-password-changes
branch
from
1242992 to
20248d2
Compare
Will post the test_authentication runs when they are done, but all the test are passing with SSSD/sssd-test-framework#139 |
danlavu
force-pushed
the
tests-authentication-password-changes
branch
2 times, most recently
from
bf3564c to
a1a7718
Compare
|
This is ready for review. |
danlavu
force-pushed
the
tests-authentication-password-changes
branch
from
a1a7718 to
28554ea
Compare
spoore1
requested changes
Mar 18, 2025
danlavu
force-pushed
the
tests-authentication-password-changes
branch
4 times, most recently
from
1da3edb to
922826c
Compare
aplopez
reviewed
Mar 20, 2025
danlavu
force-pushed
the
tests-authentication-password-changes
branch
6 times, most recently
from
39c5577 to
adb13f2
Compare
added 2 commits
April 8, 2025 09:55
* user is forced to changed password at login * user logins and issues a password change
* few scenarios have been removed * ppolicy tests have been made into ppolicy tests only, since normal ldap is covered by the generic provider now * renamed some of the test cases * removed su from a password change test * removed some test cases that are now covered by the new test cases
danlavu
force-pushed
the
tests-authentication-password-changes
branch
from
adb13f2 to
000121d
Compare
danlavu
force-pushed
the
tests-authentication-password-changes
branch
from
000121d to
1a08a2a
Compare
|
I cancelled the CI run since they are going to fail. Here is the link to a successful run, the failure in Fedora 42 is not related. |
spoore1
reviewed
Apr 8, 2025
| :customerscenario: True | ||
| """ | ||
| old_password = "Secret123" | ||
| invalid_password = "secret" |
There was a problem hiding this comment.
Should the variables match wording used in the docstrings (i.e. bad_password instead of invalid_password)?
| 3. Start SSSD | ||
| :steps: | ||
| 1. Login as user | ||
| 2. Issue password change as user with password that does not meet complexity requirements |
There was a problem hiding this comment.
Just a thought but if we're trying to simplify wording in docstrings, could we drop "as user with password" from this and the next step and have it still explain well enough what is happening?
| LDAP modify. | ||
| The 'test_authentication__change_password' test is a generic provider test that already | ||
| covers LDAP. This test is an edited copy that only tests LDAP with the ppolicy overlay. |
There was a problem hiding this comment.
Is "covers" indented an extra space?
| 2. Configure the LDAP ACI to permit user password changes | ||
| 3. Set "ldap_pwmodify_mode" | ||
| 4. Start SSSD | ||
| 1. Create user 'user' |
There was a problem hiding this comment.
Were we going to suggest dropping specifics like 'user' from the docstring setup and steps?
| 2. Configure the LDAP ACI to permit user password changes | ||
| 3. Set "ldap_pwmodify_mode" | ||
| 4. Start SSSD | ||
| 1. Create user 'user' |
There was a problem hiding this comment.
Do we need to state 'user' here or would removing that be in line with some of the simplification of steps/setup we've talked about?
| 4. Start SSSD | ||
| :steps: | ||
| 1. Attempt to change the password but enter the incorrect password | ||
| 1. Login as user | ||
| 2. Issue password change as user with password that does not meet complexity requirements |
There was a problem hiding this comment.
Same question as above about shortening steps by removing "as user with password".
|
F42 still fails |
alexey-tikhonov
added
Ready to push
@danlavu, please open explicit backport requests. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.