Feature #8920: Have and use a repo shared between core developers for storing test suite secrets

Feature #8920

Have and use a repo shared between core developers for storing test suite secrets

Added by intrigeri 2015-02-19 15:30:55 . Updated 2015-05-12 18:43:54 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Test suite

Target version:

Tails_1.4

Start date:

2015-04-10

Due date:

% Done:

100%

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Now that we have solved ~~Feature #6301~~ and ~~Feature #8188~~, one can add any secrets they want to features/config/local.yml. However, this doesn’t solve the following use cases yet:

our automatic build robots will need to be fed with the secrets they need
core developers may want to share a set of secrets, for ease of maintenance and test reproducibility

Ideas and possible requirements:

Something that supports a “—additional-config-directory DIR” option would be nice, so that one can point it to the checkout of the secrets repo. E.g. command-line > features/config/local.yml > ADDITIONAL_CONFIG_DIR/*.yml > features/config/defaults.yml.
features/config/local.d/*.yml but then people need to create symlinks from there to the checkout of the secrets repo.

Subtasks

Feature #9220: Read test suite configuration files from the local.d directory

Resolved

100

Feature #9221: Set up private Git repo for sharing test suite secrets

Resolved

100

Feature #9222: Document how to use shared test suite secrets for release testing

Resolved

100

Related issues

Related to Tails - ~~Feature #6301~~: Securely store secrets needed by the automated test suite	Resolved	2013-09-26
Related to Tails - ~~Bug #9142~~: SSH tests are missing the corresponding infrastructure	Resolved	2015-03-31
Blocks Tails - ~~Feature #6304~~: Automate the most important bits of the Icedove tests	Resolved	2013-09-26

History

#1 Updated by intrigeri 2015-02-19 15:31:08

related to ~~Feature #6301~~: Securely store secrets needed by the automated test suite added

#2 Updated by intrigeri 2015-02-19 15:31:37

blocks #8538 added

#3 Updated by intrigeri 2015-02-19 15:31:47

blocks ~~Feature #6304~~: Automate the most important bits of the Icedove tests added

#4 Updated by intrigeri 2015-02-19 15:32:00

blocks ~~Feature #6308~~: Write tests for SSH added

#5 Updated by anonym 2015-03-01 23:21:43

I’ve just realized that there is a slight problem with having a shared repo for this, or, more in general, that it is problematic to run the test suite in parallel using the same secrets. Take the Pidgin XMPP and OTR tests (~~Feature #8001~~, ~~Feature #8002~~) for instance; if two (or more) parallel test suite runs use the same secrets, these tests will make the same XMPP account log in twice in Tails in parallel, and start the same account on two bot instance in parallel — chaos will ensue. Probably even more in the OTR scenarui since each Tails instance will use a different OTR key and the sessions will become crazy.

So, in this shared repo we’ll need one set of secrets (in separate sub dirs) for each instance we expect to run at the same time, i.e. one for each robot, and one for the RM. Parts of it can be shared (in a common dir, to which each other “user” dir have symlinks into), which is another argument for the features/config/local.d/*.yml feature.

#6 Updated by intrigeri 2015-03-03 11:48:27

> So, in this shared repo we’ll need one set of secrets (in separate sub dirs) for each instance we expect to run at the same time, i.e. one for each robot, and one for the RM. Parts of it can be shared (in a common dir, to which each other “user” dir have symlinks into), which is another argument for the features/config/local.d/*.yml feature.

How about we simply do not share secrets that are expected to be used in parallel?
And then we can deal with the special case of robots in another way, on the infrastructure side of things.

#7 Updated by intrigeri 2015-03-31 09:59:17

related to ~~Bug #9142~~: SSH tests are missing the corresponding infrastructure added

#8 Updated by intrigeri 2015-03-31 10:00:08

intrigeri wrote:
> How about we simply do not share secrets that are expected to be used in parallel?

I mean: whenever using the same secrets could break tests running in parallel, which is the case for XMPP, but not e.g. for SSH.

#9 Updated by anonym 2015-03-31 19:09:48

blocked by deleted (~~~~Feature #6308~~: Write tests for SSH~~)

#10 Updated by anonym 2015-03-31 19:14:33

Redmine refuses to add a “related to ~~Feature #8920~~” relationship, but think of it as it is! :)

#11 Updated by anonym 2015-04-01 13:30:03

Target version changed from Tails_1.3.2 to Tails_1.4

#12 Updated by anonym 2015-04-10 12:07:42

intrigeri wrote:
> intrigeri wrote:
> > How about we simply do not share secrets that are expected to be used in parallel?
>
> I mean: whenever using the same secrets could break tests running in parallel, which is the case for XMPP, but not e.g. for SSH.

Yeah, sure. That makes sense. :)

#13 Updated by intrigeri 2015-05-09 03:09:08

QA Check set to Ready for QA

The only bit left to do is ready for QA, so let’s propagate this to the parent ticket.

#14 Updated by intrigeri 2015-05-09 04:14:34

Status changed from Confirmed to In Progress

#15 Updated by anonym 2015-05-11 05:38:26

Status changed from In Progress to Fix committed
% Done changed from 83 to 100

Applied in changeset commit:5a83baa6a030583227b78722769e6b0f2716e8fa.

#16 Updated by anonym 2015-05-11 05:40:14

Assignee deleted (~~anonym~~)
QA Check changed from Ready for QA to Pass

#17 Updated by BitingBird 2015-05-12 18:43:54

Status changed from Fix committed to Resolved