Make Hardware Key unit test interactive #32235
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Sep 20, 2023
Joerger
force-pushed
the
joerger/interactive-piv-tests
branch
from
7472be0
to
54e5ac1
Compare
jakule
reviewed
Sep 25, 2023
There was a problem hiding this comment.
I don't think that having an "interactive test' as a part of our test suite helps testing and I think it will be more confusing when you run the test suite, and something fails without any explanation.
IMO the benefitial would be:
- Fully automate the test by simulating the touch (if possible)
- create something similar to
tsh benchthat is part oftshand allows you to test this feature manually. We could even ask our users to run this test when they have some issues with PIV.
Joerger
force-pushed
the
joerger/interactive-piv-tests
branch
from
54e5ac1
to
4af9782
Compare
Joerger
changed the title
Joerger
force-pushed
the
joerger/interactive-piv-tests
branch
from
4af9782
to
a12afe7
Compare
|
@rudream should be a quick review when you get a chance, thanks! |
rudream
approved these changes
Sep 27, 2023
Joerger
added a commit
that referenced
this pull request
Oct 12, 2023
* Make yubikey unit test interactive and add to test plan. * Move yubikey hardware signer method tests to interactive yubikey test. * Remove hardware key interactive unit test from testplan
Merged
github-merge-queue bot
pushed a commit
that referenced
this pull request
Oct 12, 2023
* Refactor PIV metadata certificate logic (#32250) * Change PIV metadata cert to be self signed by an ephemeral key so it can be signed without touch/pin. * Refactor touch prompt logic. * Prompt user before overwriting non-teleport certificates instead of just returning an error. * Update RFD and Docs. * Address CR. * Export some methods and variables for use in tests. * Address comments. * Make Hardware Key unit test interactive (#32235) * Make yubikey unit test interactive and add to test plan. * Move yubikey hardware signer method tests to interactive yubikey test. * Remove hardware key interactive unit test from testplan * Client check for YubiKey private key touch/pin policies (#32264) * Preemptively check yubikey private key touch/pin policies on the client side. * Replace hardware key signer functions with private key methods. * Refactor overwrite/generate key logic. * Have hardware_key_touch count towards MFA verification instead of replacing the normal MFA verification flow. (#31663)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates some Hardware Key unit tests tests to also cover
hardware_key_touch. This makes the test interactive as we don't currently have a way to mock PIV touch.These tests aren't run by CI, but I use them when developing new PIV features like #31743. In the future we can adapt these tests to mock touch (if possible) or replace it with a tool similar to
tsh benchto troubleshoot PIV issues.