-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Hardware Key unit test interactive #32235
Conversation
7472be0
to
54e5ac1
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that having an "interactive test' as a part of our test suite helps testing and I think it will be more confusing when you run the test suite, and something fails without any explanation.
IMO the benefitial would be:
- Fully automate the test by simulating the touch (if possible)
- create something similar to
tsh bench
that is part oftsh
and allows you to test this feature manually. We could even ask our users to run this test when they have some issues with PIV.
54e5ac1
to
4af9782
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🙈
4af9782
to
a12afe7
Compare
@rudream should be a quick review when you get a chance, thanks! |
* Make yubikey unit test interactive and add to test plan. * Move yubikey hardware signer method tests to interactive yubikey test. * Remove hardware key interactive unit test from testplan
* Refactor PIV metadata certificate logic (#32250) * Change PIV metadata cert to be self signed by an ephemeral key so it can be signed without touch/pin. * Refactor touch prompt logic. * Prompt user before overwriting non-teleport certificates instead of just returning an error. * Update RFD and Docs. * Address CR. * Export some methods and variables for use in tests. * Address comments. * Make Hardware Key unit test interactive (#32235) * Make yubikey unit test interactive and add to test plan. * Move yubikey hardware signer method tests to interactive yubikey test. * Remove hardware key interactive unit test from testplan * Client check for YubiKey private key touch/pin policies (#32264) * Preemptively check yubikey private key touch/pin policies on the client side. * Replace hardware key signer functions with private key methods. * Refactor overwrite/generate key logic. * Have hardware_key_touch count towards MFA verification instead of replacing the normal MFA verification flow. (#31663)
This PR updates some Hardware Key unit tests tests to also cover
hardware_key_touch
. This makes the test interactive as we don't currently have a way to mock PIV touch.These tests aren't run by CI, but I use them when developing new PIV features like #31743. In the future we can adapt these tests to mock touch (if possible) or replace it with a tool similar to
tsh bench
to troubleshoot PIV issues.