|
 |
ecf709 |
From fd008eddbf069014d8f17944d018ad3d85d5679f Mon Sep 17 00:00:00 2001
|
|
|
ecf709 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ecf709 |
Date: Wed, 19 Jul 2017 14:22:17 +0200
|
|
|
ecf709 |
Subject: [PATCH 188/190] TESTS: Integration test for idle timeout
|
|
|
ecf709 |
MIME-Version: 1.0
|
|
|
ecf709 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ecf709 |
Content-Transfer-Encoding: 8bit
|
|
|
ecf709 |
|
|
|
ecf709 |
The secrets responder test was chosen even though the bug was in the generic
|
|
|
ecf709 |
responder code b/c it runs a single responder process, so it's trivial to
|
|
|
ecf709 |
read the PID of the responder under test.
|
|
|
ecf709 |
|
|
|
ecf709 |
Changes subprocess.call() for os.execv() so that the setup function can
|
|
|
ecf709 |
return the secret responder PID right away.
|
|
|
ecf709 |
|
|
|
ecf709 |
The client timeout in the test has to be at least 10 seconds because
|
|
|
ecf709 |
internally, the responders don't allow a shorter timeout.
|
|
|
ecf709 |
|
|
|
ecf709 |
Regression test for https://pagure.io/SSSD/sssd/issue/3448
|
|
|
ecf709 |
|
|
|
ecf709 |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
ecf709 |
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
ecf709 |
---
|
|
|
ecf709 |
src/tests/intg/test_secrets.py | 75 ++++++++++++++++++++++++++++++++++--------
|
|
|
ecf709 |
1 file changed, 62 insertions(+), 13 deletions(-)
|
|
|
ecf709 |
|
|
|
ecf709 |
diff --git a/src/tests/intg/test_secrets.py b/src/tests/intg/test_secrets.py
|
|
|
ecf709 |
index 202f43e61cb0e4986394ad2b32da5abdcb0be3e9..1be31318b194de1550bc84af16260bf1503567dc 100644
|
|
|
ecf709 |
--- a/src/tests/intg/test_secrets.py
|
|
|
ecf709 |
+++ b/src/tests/intg/test_secrets.py
|
|
|
ecf709 |
@@ -55,9 +55,9 @@ def create_sssd_secrets_fixture(request):
|
|
|
ecf709 |
assert secpid >= 0
|
|
|
ecf709 |
|
|
|
ecf709 |
if secpid == 0:
|
|
|
ecf709 |
- if subprocess.call([resp_path, "--uid=0", "--gid=0"]) != 0:
|
|
|
ecf709 |
- print("sssd_secrets failed to start")
|
|
|
ecf709 |
- sys.exit(99)
|
|
|
ecf709 |
+ os.execv(resp_path, ("--uid=0", "--gid=0"))
|
|
|
ecf709 |
+ print("sssd_secrets failed to start")
|
|
|
ecf709 |
+ sys.exit(99)
|
|
|
ecf709 |
else:
|
|
|
ecf709 |
sock_path = os.path.join(config.RUNSTATEDIR, "secrets.socket")
|
|
|
ecf709 |
sck = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
|
|
ecf709 |
@@ -83,13 +83,8 @@ def create_sssd_secrets_fixture(request):
|
|
|
ecf709 |
return secpid
|
|
|
ecf709 |
|
|
|
ecf709 |
|
|
|
ecf709 |
-@pytest.fixture
|
|
|
ecf709 |
-def setup_for_secrets(request):
|
|
|
ecf709 |
- """
|
|
|
ecf709 |
- Just set up the local provider for tests and enable the secrets
|
|
|
ecf709 |
- responder
|
|
|
ecf709 |
- """
|
|
|
ecf709 |
- conf = unindent("""\
|
|
|
ecf709 |
+def generate_sec_config():
|
|
|
ecf709 |
+ return unindent("""\
|
|
|
ecf709 |
[sssd]
|
|
|
ecf709 |
domains = local
|
|
|
ecf709 |
services = nss
|
|
|
ecf709 |
@@ -100,11 +95,19 @@ def setup_for_secrets(request):
|
|
|
ecf709 |
[secrets]
|
|
|
ecf709 |
max_secrets = 10
|
|
|
ecf709 |
max_payload_size = 2
|
|
|
ecf709 |
- """).format(**locals())
|
|
|
ecf709 |
+ """)
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+@pytest.fixture
|
|
|
ecf709 |
+def setup_for_secrets(request):
|
|
|
ecf709 |
+ """
|
|
|
ecf709 |
+ Just set up the local provider for tests and enable the secrets
|
|
|
ecf709 |
+ responder
|
|
|
ecf709 |
+ """
|
|
|
ecf709 |
+ conf = generate_sec_config()
|
|
|
ecf709 |
|
|
|
ecf709 |
create_conf_fixture(request, conf)
|
|
|
ecf709 |
- create_sssd_secrets_fixture(request)
|
|
|
ecf709 |
- return None
|
|
|
ecf709 |
+ return create_sssd_secrets_fixture(request)
|
|
|
ecf709 |
|
|
|
ecf709 |
|
|
|
ecf709 |
def get_secrets_socket():
|
|
|
ecf709 |
@@ -386,3 +389,49 @@ def test_containers(setup_for_secrets, secrets_cli):
|
|
|
ecf709 |
with pytest.raises(HTTPError) as err406:
|
|
|
ecf709 |
cli.create_container(container)
|
|
|
ecf709 |
assert str(err406.value).startswith("406")
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+def get_num_fds(pid):
|
|
|
ecf709 |
+ procpath = os.path.join("/proc/", str(pid), "fd")
|
|
|
ecf709 |
+ return len([fdname for fdname in os.listdir(procpath)])
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+@pytest.fixture
|
|
|
ecf709 |
+def setup_for_cli_timeout_test(request):
|
|
|
ecf709 |
+ """
|
|
|
ecf709 |
+ Same as the generic setup, except a short client_idle_timeout so that
|
|
|
ecf709 |
+ the test_idle_timeout() test closes the fd towards the client.
|
|
|
ecf709 |
+ """
|
|
|
ecf709 |
+ conf = generate_sec_config() + \
|
|
|
ecf709 |
+ unindent("""
|
|
|
ecf709 |
+ client_idle_timeout = 10
|
|
|
ecf709 |
+ """).format()
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+ create_conf_fixture(request, conf)
|
|
|
ecf709 |
+ return create_sssd_secrets_fixture(request)
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+def test_idle_timeout(setup_for_cli_timeout_test):
|
|
|
ecf709 |
+ """
|
|
|
ecf709 |
+ Test that idle file descriptors are reaped after the idle timeout
|
|
|
ecf709 |
+ passes
|
|
|
ecf709 |
+ """
|
|
|
ecf709 |
+ secpid = setup_for_cli_timeout_test
|
|
|
ecf709 |
+ sock_path = get_secrets_socket()
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+ nfds_pre = get_num_fds(secpid)
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+ sock = socket.socket(family=socket.AF_UNIX)
|
|
|
ecf709 |
+ sock.connect(sock_path)
|
|
|
ecf709 |
+ time.sleep(1)
|
|
|
ecf709 |
+ nfds_conn = get_num_fds(secpid)
|
|
|
ecf709 |
+ assert nfds_pre + 1 == nfds_conn
|
|
|
ecf709 |
+ # With the idle timeout set to 10 seconds, we need to sleep at least 15,
|
|
|
ecf709 |
+ # because the internal timer ticks every timeout/2 seconds, so it would
|
|
|
ecf709 |
+ # tick at 5, 10 and 15 seconds and the client timeout check uses a
|
|
|
ecf709 |
+ # greater-than comparison, so the 10-seconds tick wouldn't yet trigger
|
|
|
ecf709 |
+ # disconnect
|
|
|
ecf709 |
+ time.sleep(15)
|
|
|
ecf709 |
+
|
|
|
ecf709 |
+ nfds_post = get_num_fds(secpid)
|
|
|
ecf709 |
+ assert nfds_pre == nfds_post
|
|
|
ecf709 |
--
|
|
|
ecf709 |
2.9.4
|
|
|
ecf709 |
|