tests: port LDAP+Kerberos tests to pytest by madhuriupadhye · Pull Request #8544 · SSSD/sssd

madhuriupadhye · 2026-03-23T11:07:03Z

Port three downstream krb_misc_bugzilla bash tests to upstream pytest
BZ 773660: Clock skew errors logged to syslog
BZ 869150: ldap_child handles missing keytab without segfault
BZ 805281: Correct principal selected from multi-realm keytab

gemini-code-assist

Code Review

This pull request ports three bash tests for LDAP+Kerberos to pytest. The new tests are well-structured and cover important scenarios like clock skew handling, missing keytabs, and multi-realm principal selection. My review focuses on improving the robustness of the clock skew test by removing a hardcoded external dependency, which will make the test more reliable.

madhuriupadhye · 2026-03-23T15:31:02Z

/gemini review

gemini-code-assist

Code Review

This pull request ports three LDAP+Kerberos tests from bash to pytest, which is a great improvement for maintainability. The new tests are well-structured and cover important bug-fix scenarios.

My review has identified a few issues that should be addressed:

A critical issue in requirements.txt where a dependency points to a personal fork. This must be changed to an official repository before merging.
The tests have some reliability concerns. One test depends on a hardcoded external NTP server, which can cause flakiness.
Two tests lack robust resource cleanup (for keytab files). If a test fails, it could leave the system in a modified state and affect subsequent test runs. I've suggested using try...finally blocks to ensure cleanup always happens.

Addressing these points will improve the reliability and maintainability of the new tests.

thalman

LGTM, thanks

We just have to wait for requirements.txt not to point to personal repo

madhuriupadhye · 2026-04-06T15:29:01Z

Tested with IDM-CI,

collected 3 items                                                                                                    

tests/test_ldap_krb5.py::test_ldap_krb5__clock_skew_errors_logged_to_syslog (ldap) PASSED
tests/test_ldap_krb5.py::test_ldap_krb5__ldap_child_handles_missing_keytab_without_segfault (ldap) PASSED
tests/test_ldap_krb5.py::test_ldap_krb5__keytab_selects_correct_principal_with_multiple_realms (ldap) PASSED

============================== 3 passed in 237.77s (0:03:57) =======================================

danlavu

This is great. We have quite a few more ldap/krb5 (multihost) tests. Before we move anymore should create a new topologycontroller that creates the host keytab and downloads it to the client to configures the client. I'm approving this now, and we can do that later, unless you want to do it now?

madhuriupadhye · 2026-04-07T11:57:56Z

This is great. We have quite a few more ldap/krb5 (multihost) tests. Before we move anymore should create a new topologycontroller that creates the host keytab and downloads it to the client to configures the client. I'm approving this now, and we can do that later, unless you want to do it now?

Created the 3rd commit in same PR for topologycontroller, thanks for suggesting,
SSSD/sssd-test-framework@346ba85

madhuriupadhye · 2026-04-07T11:59:00Z

Again tested with IDM-CI,


collected 3 items                                                                                                    

tests/test_ldap_krb5.py::test_ldap_krb5__clock_skew_errors_logged_to_syslog (ldap_krb5) PASSED
tests/test_ldap_krb5.py::test_ldap_krb5__ldap_child_handles_missing_keytab_without_segfault (ldap_krb5) PASSED
tests/test_ldap_krb5.py::test_ldap_krb5__keytab_selects_correct_principal_with_multiple_realms (ldap_krb5) PASSED

==================================== 3 passed in 204.14s (0:03:24) =================================

danlavu

This is great, thank you @madhuriupadhye

thalman

Tests looks good, thanks for the update.

Ping me when requirements.txt change is reverted an I will approve.

thalman

Thanks, ACK

- Port three downstream krb_misc_bugzilla bash tests to upstream pytest - BZ 773660: Clock skew errors logged to syslog - BZ 869150: ldap_child handles missing keytab without segfault - BZ 805281: Correct principal selected from multi-realm keytab Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Dan Lavu <dlavu@redhat.com> Reviewed-by: Tomáš Halman <thalman@redhat.com>

sssd-bot · 2026-04-15T10:16:41Z

The pull request was accepted by @madhuriupadhye with the following PR CI status:

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

gemini-code-assist bot reviewed Mar 23, 2026

View reviewed changes

Comment thread src/tests/system/tests/test_ldap_krb.py Outdated

github-advanced-security AI found potential problems Mar 23, 2026

View reviewed changes

Comment thread src/tests/system/tests/test_ldap_krb.py Fixed

madhuriupadhye force-pushed the ldap_krb1 branch from 5e56975 to 83e1b5d Compare March 23, 2026 11:31

gemini-code-assist bot reviewed Mar 23, 2026

View reviewed changes

Comment thread src/tests/system/requirements.txt Outdated

Comment thread src/tests/system/tests/test_ldap_krb.py Outdated

Comment thread src/tests/system/tests/test_ldap_krb.py Outdated

Comment thread src/tests/system/tests/test_ldap_krb.py Outdated

madhuriupadhye force-pushed the ldap_krb1 branch 4 times, most recently from 45f0377 to 812552e Compare March 24, 2026 11:10

madhuriupadhye assigned danlavu Mar 26, 2026

alexey-tikhonov requested review from danlavu and thalman March 26, 2026 13:44

alexey-tikhonov assigned thalman Mar 26, 2026

thalman requested changes Mar 27, 2026

View reviewed changes

madhuriupadhye force-pushed the ldap_krb1 branch 2 times, most recently from 68ae3d4 to dc51504 Compare March 30, 2026 14:05

madhuriupadhye requested a review from thalman March 31, 2026 10:19

thalman reviewed Apr 1, 2026

View reviewed changes

madhuriupadhye force-pushed the ldap_krb1 branch from dc51504 to 59a0f4e Compare April 1, 2026 15:35

danlavu requested changes Apr 1, 2026

View reviewed changes

madhuriupadhye force-pushed the ldap_krb1 branch from 59a0f4e to 91331cd Compare April 6, 2026 15:19

madhuriupadhye requested review from danlavu and thalman April 6, 2026 15:23

madhuriupadhye force-pushed the ldap_krb1 branch from 91331cd to 94dc5f3 Compare April 6, 2026 15:25

danlavu approved these changes Apr 7, 2026

View reviewed changes

madhuriupadhye force-pushed the ldap_krb1 branch from 94dc5f3 to a897ed9 Compare April 7, 2026 11:30

madhuriupadhye requested a review from danlavu April 7, 2026 11:59

madhuriupadhye force-pushed the ldap_krb1 branch from a897ed9 to dc410cd Compare April 8, 2026 15:42

danlavu requested changes Apr 8, 2026

View reviewed changes

Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated

Comment thread src/tests/system/tests/test_ldap_krb5.py

madhuriupadhye force-pushed the ldap_krb1 branch from dc410cd to b666dc6 Compare April 9, 2026 11:45

madhuriupadhye requested a review from danlavu April 9, 2026 11:46

danlavu approved these changes Apr 13, 2026

View reviewed changes

Comment thread src/tests/system/tests/test_ldap_krb5.py

danlavu added Waiting for review Tests backport-to-sssd-2-11 backport-to-sssd-2-12 labels Apr 13, 2026

thalman requested changes Apr 14, 2026

View reviewed changes

madhuriupadhye force-pushed the ldap_krb1 branch from b666dc6 to 6b30c07 Compare April 14, 2026 15:55

madhuriupadhye requested a review from thalman April 14, 2026 15:57

thalman approved these changes Apr 15, 2026

View reviewed changes

madhuriupadhye added Accepted and removed Waiting for review labels Apr 15, 2026

sssd-bot force-pushed the ldap_krb1 branch from 6b30c07 to f6a7e15 Compare April 15, 2026 10:16

alexey-tikhonov merged commit 80e6482 into SSSD:master Apr 15, 2026
15 checks passed

This was referenced Apr 15, 2026

[autobackport: sssd-2-11] tests: port LDAP+Kerberos tests to pytest #8606

Open

[autobackport: sssd-2-12] tests: port LDAP+Kerberos tests to pytest #8607

Open

Conversation

madhuriupadhye commented Mar 23, 2026

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

madhuriupadhye commented Mar 23, 2026

Uh oh!

gemini-code-assist bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

thalman left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

madhuriupadhye commented Apr 6, 2026

Uh oh!

danlavu left a comment

Choose a reason for hiding this comment

Uh oh!

madhuriupadhye commented Apr 7, 2026

Uh oh!

madhuriupadhye commented Apr 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

danlavu left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

thalman left a comment

Choose a reason for hiding this comment

Uh oh!

thalman left a comment

Choose a reason for hiding this comment

Uh oh!

sssd-bot commented Apr 15, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

madhuriupadhye commented Apr 7, 2026 •

edited

Loading