[Freeipa-devel] [PATCH 0081] Add initial tests for OTP

[Nathaniel McCallum]

On Thu, 2014-11-20 at 11:13 -0500, Nathaniel McCallum wrote:
> This tests the general workflow for OTP including most possible
> token combinations. This includes 5872 tests. Further optimization
> is possible to reduce the number of duplicate tests run.
> 
> Things not yet tested:
> * ipa-kdb
> * ipa-otpd
> * otptoken-sync
> * RADIUS proxy
> * token self-management
> * type specific attributes

Attached is the latest iteration of the OTP test work. This now includes
all major cases except token self-management and RADIUS proxy (which
will come in its own patch). Token self-management is held up by the
fact that I can't get alternate ccaches to work with the API. I have
tried kinit-ing to an independent ccache and exporting KRB5CCNAME, but
this doesn't work for some reason I can't figure out.

I ended up creating my own fixture mechanism. I'm not in love with it,
but it is simple and at least gets the scoping correct. It also
generates individual tests for each parameterized state, so the output
is both correct and obvious.

I also implemented OTP myself. This isn't much code, but pyotp has a
major bug and is dead upstream. I'd like to migrate to
python-cryptography when it lands as a dependency of FreeIPA. But due to
timing issues, we can't land it now. This will be a small patch in the
future.

Even with the caveats above, I feel like the test coverage provided by
this test is worth review/merge. As a rough estimate, I think this is
about 70% code coverage. Of the remaining coverage, I see:
* RADIUS proxy - 10%
* token self-management - 10%
* misc testable - 5%
* misc untestable - 5%

All tests in this patch succeed on 4.1.2.

Nathaniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-npmccallum-0081.1-Add-initial-tests-for-OTP.patch
Type: text/x-patch
Size: 18299 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150105/e41a19a2/attachment.bin>