[autobackport: sssd-2-9] Pkcs11 soft ocsp tests#8756
Conversation
…ests for smart card authentication (resolves: RHEL-5043) Reviewed-by: Scott Poore <spoore@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com> (cherry picked from commit 47f67f0)
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request adds helper functions and regression tests for smart card authentication, covering multi-token matching and soft OCSP verification under various network conditions. However, the changes contain unresolved Git conflict markers and missing imports or definitions for IPA, TOKEN_PIN, and setup_two_tokens, which will cause syntax and runtime errors.
| <<<<<<< HEAD | ||
| ======= |
There was a problem hiding this comment.
Unresolved Git conflict markers (<<<<<<< HEAD and =======) are present in the code. These must be removed to prevent syntax errors and ensure the test suite can be parsed and executed.
| assert ( | ||
| "PIN" not in result.stderr or result.rc != 0 | ||
| ), f"Expected authentication to fail without soft_ocsp when OCSP is unreachable! rc={result.rc}" | ||
| >>>>>>> 47f67f025 (Add default timeout handling for soft_ocsp and regression tests for smart card authentication (resolves: RHEL-5043)) |
There was a problem hiding this comment.
Unresolved Git conflict marker (>>>>>>> 47f67f025...) is present at the end of the file. This must be removed to prevent syntax errors.
| @@ -11,6 +11,44 @@ | |||
| from sssd_test_framework.topology import KnownTopology | |||
There was a problem hiding this comment.
The types/variables IPA, TOKEN_PIN, and setup_two_tokens are used in the new tests but are neither imported nor defined in this file. This will cause NameError exceptions at runtime when the tests are executed. Please import IPA and setup_two_tokens from their respective modules (e.g., sssd_test_framework), and define TOKEN_PIN (e.g., TOKEN_PIN = "123456").
from sssd_test_framework.topology import KnownTopology
from sssd_test_framework.roles.ipa import IPA
TOKEN_PIN = "123456"![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| result = client.host.conn.run("su - localuser1 -c 'su - localuser1 -c whoami'", input="123456") | ||
| assert "PIN" in result.stderr, "String 'PIN' was not found in stderr!" | ||
| assert "localuser1" in result.stdout, "'localuser1' not found in 'whoami' output!" | ||
| <<<<<<< HEAD |
spoore1
left a comment
spoore1
left a comment
There was a problem hiding this comment.
At a minimum, I think the conflict diff stuff needs to be resolved.
5 participants
This is an automatic backport of PR#8557 Pkcs11 soft ocsp tests to branch sssd-2-9, created by @krishnavema.
Caution
@krishnavema The patches did not apply cleanly. It is necessary to resolve conflicts before merging this pull request. Commits that introduced conflict are marked with
CONFLICT!.You can push changes to this pull request
Original commits
47f67f0 - Add default timeout handling for soft_ocsp and regression tests for smart card authentication (resolves: RHEL-5043)
Backported commits
Conflicting Files Information (check for deleted and re-added files)
Original Pull Request Body
Add optional label parameter for pkcs11 support