Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request is a significant refactoring of the memcache tests, aiming to reduce code duplication by introducing helper functions and parametrizing tests. While this is a great improvement for maintainability, the new implementation introduces several critical and high-severity issues, including a syntax error, flawed test logic that would cause failures, and several inconsistencies between test names, docstrings, and their implementations. I've detailed these issues in the review comments.
danlavu
force-pushed
the
tests-rm-memcache
branch
from
88f67f3 to
4164a67
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
danlavu
force-pushed
the
tests-rm-memcache
branch
from
4164a67 to
92e2433
Compare
danlavu
force-pushed
the
tests-rm-memcache
branch
4 times, most recently
from
800149e to
79780ef
Compare
danlavu
force-pushed
the
tests-rm-memcache
branch
2 times, most recently
from
36e1b79 to
757722f
Compare
danlavu
force-pushed
the
tests-rm-memcache
branch
2 times, most recently
from
bc7b7a2 to
b484bad
Compare
|
@danlavu, can you please check, |
danlavu
force-pushed
the
tests-rm-memcache
branch
from
b484bad to
29ad9e3
Compare
|
@madhuriupadhye @andreboscatto I suggest reviewing this PR using the split diff view and not the unified diff. |
Indeed, I started reviewing the old document, understanding each case and looking at yours. Doing that side by side is helpful. |
fixed. |
| Each cache type the user membership is checked differently. For 'users' cache, it will use 'id' and check the | ||
| memberof attribute. For 'groups' cache, it will use 'getent group' and check the members attribute. For | ||
| 'initgroups' cache, it will use 'getent initgroups' and check the memberof attribute with group ids. Importantly, | ||
| for 'initgroups' the results are ids; using the user_map, a lookup is performed to get the correct GIDs.DD |
There was a problem hiding this comment.
extra DD at the end of line, ...to get the correct GIDs..
| Check the existence of objects, either users, groups, or initgroups. | ||
|
|
||
| This is a helper function to parameterize the memcache test. The assertions for each | ||
| cache time are different. Looking up 'users, will use 'id', groups will use 'getent group', |
There was a problem hiding this comment.
Please update to Looking up 'users', will use
cache time or cache type?
| ): | ||
| """ | ||
| :title: Invalidate all parts of cache after SSSD is stopped | ||
| :title: Lookup objects and changing when the cache is invalidated, before or after stooping sssd |
| @pytest.mark.preferred_topology(KnownTopology.LDAP) | ||
| def test_memcache__all_caches_disabled_and_all_lookups_fails(client: Client, provider: GenericProvider): | ||
| :param provider: Known topology. | ||
| :type provider: KnownTopology |
There was a problem hiding this comment.
wrong parameter type,
:type provider: GenericProvider
| 7. User is not found | ||
| 8. Group is not found | ||
| :customerscenario: False | ||
| 2. Users are found |
| @pytest.mark.topology(KnownTopologyGroup.AnyProvider) | ||
| @pytest.mark.preferred_topology(KnownTopology.LDAP) | ||
| def test_memcache__invalidate_user_cache_after_stop(client: Client, provider: GenericProvider): | ||
| def test_memcache__lookup_users_by_name_with_case_sensitive_false(client: Client, provider: GenericProvider): |
There was a problem hiding this comment.
Name suggests “case_sensitive false”, but the test sets case_sensitive = "True" and checks that uppercase lookup fails. So either rename (e.g. to something like ...when_case_sensitive_true) or fix the docstring/title so they clearly describe “when case_sensitive is True, different case is not found”.
There was a problem hiding this comment.
To even add more confusion, the test use to be called case_insensitivity
| :type cache: str | ||
| :param id: Lookup object by id, default is False | ||
| :type id: bool | ||
| :return: |
There was a problem hiding this comment.
return: is empty. Either document “None” or remove the line.
|
please check, 289: 2: Group membership is correct -> 2. Group membership is correct |
|
|
||
| if cache == "initgroups": | ||
| for initgroup in objects.get("users", []): | ||
| _group = objects.get("groups", [])[-1].name |
There was a problem hiding this comment.
getent.initgroups returns None if the user is not found, and then calling memberof() will throw an error instead of a graceful failure, right?
Even if that's not the case, the logic is verifying only the last group [-1], so, even tough the user is in other groups, the test pass. Shouldn't it verify if the user is NOT in any of the groups?
Please correct me if my understanding is wrong :)
There was a problem hiding this comment.
So this logic is confusing. I pass in the created user objects, so those objects will always exist. The .get method returns a list of dict objects, and the value is another list. We iterate through the added group list and check whether the get entry results contain that value. It's the last item in the list because the first item is the user's gidnumber.
user1
[user_group, group1] # Since it has one group, it will iterate once
user2
[user_group, group1]
[user_group, group1, group2]
Not the prettiest logic.
There was a problem hiding this comment.
Hmmm I see. Is it worth to add a comment there for future reference? Your call, I am fine with the explanation, but I want to avoid people changing anything in the test and having a hard time figuring out the logic.
|
|
||
| if cache == "initgroups": | ||
| for initgroup in objects.get("users", []): | ||
| result_initgroup = client.tools.getent.initgroups(str(initgroup.name)) |
There was a problem hiding this comment.
Should we also check which groups are there or None is sufficient? I don't recall it, it was a long time ago I played with that attribute.
* parametrized test cases * added colliding hash test case * remove poor test scenarios
danlavu
force-pushed
the
tests-rm-memcache
branch
2 times, most recently
from
f45a3e2 to
3ab0a1e
Compare
3 participants
No description provided.