[Freeipa-devel] Gaps in upstream tests
Petr Spacek
pspacek at redhat.com
Wed Dec 3 17:35:09 UTC 2014
On 25.11.2014 10:43, Petr Spacek wrote:
> On 7.11.2014 14:41, Martin Kosek wrote:
>> FreeIPA team will soon grow with a new member focusing on upstream QE tests. I
>> would like to collect ideas what are the biggest gaps in the current upstream
>> test suite from your POV.
>>
>> Existing requests are tracked here:
>> https://fedorahosted.org/freeipa/query?status=assigned&status=new&status=reopened&component=Tests&col=id&col=summary&col=component&col=status&col=owner&col=type&col=priority&col=milestone&group=milestone&order=priority
>>
>>
>> First idea that I head proposed are Upgrade tests. These are often done
>> manually. I think that upgrade test from currently supported FreeIPA/Fedora
>> version would go a long way (like 3.3.5 on F20 upgraded built RPMs and running
>> unit tests).
>>
>> Second, it would be nice to try testing FreeIPA server in a container. Not
>> only it would verify our container efforts, but it may also allow easy
>> multi-master tests on one Jenkins VM or local host instead of expensive VM
>> orchestration.
>>
>> Any other areas worth focusing on (besides of course testing newly developed
>> features)?
>
> At least simple automated MitM attack against TLS.
>
> First thing which comes to mind is CLI<->server interaction and also
> certmonger<->server interaction.
>
> TLS is hard to get right and if I recall it correctly we already had a problem
> with certificate validation...
Related link:
http://thehackernews.com/2014/11/nogotofail-Network-Security-Testing-Tool.html
"The Nogotofail tool requires Python 2.7 and pyOpenSSL>=0.13. It features an
on-path network Man-in-the-Middle (MiTM), designed to work on Linux machines,
as well and optional clients for the devices being tested."
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list