Skip to content

Replace umockdev with vfido for passkey testing#237

Open
ikerexxe wants to merge 6 commits into
SSSD:masterfrom
ikerexxe:test-passkey-vfido
Open

Replace umockdev with vfido for passkey testing#237
ikerexxe wants to merge 6 commits into
SSSD:masterfrom
ikerexxe:test-passkey-vfido

Conversation

@ikerexxe
Copy link
Copy Markdown
Contributor

@ikerexxe ikerexxe commented Mar 10, 2026
edited
Loading

Migrate the passkey testing infrastructure from umockdev to vfido, providing a more robust and reliable solution for passkey authentication testing. The migration includes updating client feature detection to support vfido's requirements, refactoring authentication utilities for improved integration, and updating the documentation to reflect the new vfido usage patterns. These changes enhance the overall passkey testing experience while maintaining backward compatibility where applicable.

SSSD PRCI run for these changes is available in SSSD/sssd#8510

@ikerexxe ikerexxe mentioned this pull request Mar 10, 2026
Draft
@gemini-code-assist
Copy link
Copy Markdown

gemini-code-assist Bot commented Mar 10, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request migrates the passkey testing infrastructure to use vfido instead of umockdev. This change provides a more reliable and maintainable solution for testing passkey authentication. The update includes necessary code modifications and documentation updates to ensure a smooth transition and maintain backward compatibility where possible.

Highlights

  • Migration: Migrated passkey testing infrastructure from umockdev to vfido for a more robust solution.
  • Feature Detection: Updated client feature detection to support vfido requirements.
  • Refactoring: Refactored authentication utilities for improved integration with vfido.
  • Documentation: Updated documentation to reflect the new vfido usage patterns.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • docs/guides/testing-passkey.rst
    • Updated documentation to reflect the migration from umockdev to vfido for passkey testing, including system requirements and usage examples.
  • sssd_test_framework/hosts/client.py
    • Modified client feature detection to accurately identify vfido support by checking for the vhci_hcd kernel module and the vfido.py executable.
  • sssd_test_framework/roles/ipa.py
    • Corrected the return value processing in run_expect to retrieve the correct output line.
  • sssd_test_framework/utils/authentication.py
    • Refactored passkey authentication utilities to use vfido instead of umockdev, including updates to handle PIN prompts and device touch simulation.
Activity
  • Migration of passkey testing infrastructure from umockdev to vfido.
  • Updating client feature detection to support vfido requirements.
  • Refactoring authentication utilities for improved integration.
  • Updating documentation to reflect the new vfido usage patterns.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Mar 10, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request migrates the passkey testing infrastructure from umockdev to vfido, which is a more modern and robust solution. The changes are well-structured, covering documentation, feature detection, and the authentication utilities themselves. I've identified a few areas for improvement, mainly around documentation consistency and simplifying some of the expect scripts for better readability and maintenance.

Comment thread sssd_test_framework/roles/ipa.py Outdated
Comment thread sssd_test_framework/utils/authentication.py
Comment thread sssd_test_framework/utils/authentication.py
Comment thread sssd_test_framework/utils/authentication.py
Comment thread docs/guides/testing-passkey.rst Outdated
Comment thread sssd_test_framework/utils/authentication.py
@ikerexxe ikerexxe force-pushed the test-passkey-vfido branch 2 times, most recently from 49c7701 to fb4f3b8 Compare May 14, 2026 06:43
@ikerexxe ikerexxe marked this pull request as ready for review May 14, 2026 08:40
ikerexxe added 6 commits May 14, 2026 12:16
@ikerexxe
roles/ipa.py: vfido_passkey_add_register() returns passkey mapping
fc6e0b5 
Update `vfido_passkey_add_register()` to return the passkey mapping,
just as `umockdev_passkey_add_register()` does

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@ikerexxe
authentication.py: fix authentication routing
07b21a8 
Fix authentication routing bug that prevented vfido from being used
correctly

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@ikerexxe
authentication.py: passkey fallback validation
b5ce2d5 
PASSKEY_FALLBACK_TO_PASSWORD requires a PIN, even though this might be
an empty or wrong PIN. Fix this by grouping PASSKEY_FALLBACK_TO_PASSWORD
with PIN requiring auth methods.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@ikerexxe
authentication.py: refactor vfido_passkey_with_output()
bfaa049 
Previous implementation for the bash code was a little bit confusing and
didn't make much sense from the high-level perspective.

Refactored the function to follow phases, some of them are mandatory for
all methods, other are only required for some of the methods.

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@ikerexxe
client.py: include vhci_hcd detection for vfido
8065c0e 
`vfido` feature needs `vhci_hcd` kernel module to be loaded to work,
thus adding a check there

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@ikerexxe
testing-passkey.rst: replace umockdev by vfido
31ca605 
The virtual FIDO2 authenticator has been replaced by vfido, thus update
the documentation

Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
@ikerexxe ikerexxe force-pushed the test-passkey-vfido branch from fb4f3b8 to 31ca605 Compare May 14, 2026 10:16
@alexey-tikhonov alexey-tikhonov self-assigned this May 14, 2026
@alexey-tikhonov alexey-tikhonov self-requested a review May 14, 2026 11:55
@madhuriupadhye madhuriupadhye self-requested a review May 14, 2026 12:03
@madhuriupadhye madhuriupadhye self-assigned this May 14, 2026
@alexey-tikhonov alexey-tikhonov requested a review from spoore1 May 14, 2026 12:29
madhuriupadhye
madhuriupadhye reviewed May 15, 2026
View reviewed changes
Comment thread sssd_test_framework/utils/authentication.py
case (
PasskeyAuthenticationUseCases.PASSKEY_PIN
| PasskeyAuthenticationUseCases.PASSKEY_PIN_AND_PROMPTS
| PasskeyAuthenticationUseCases.PASSKEY_FALLBACK_TO_PASSWORD
Copy link
Copy Markdown
Contributor

@madhuriupadhye madhuriupadhye May 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the fallback-to-password scenario always require a PIN?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@madhuriupadhye madhuriupadhye madhuriupadhye left review comments

@alexey-tikhonov alexey-tikhonov Awaiting requested review from alexey-tikhonov

@spoore1 spoore1 Awaiting requested review from spoore1

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@spoore1 spoore1

@madhuriupadhye madhuriupadhye

@alexey-tikhonov alexey-tikhonov

Labels

Waiting for review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ikerexxe @madhuriupadhye @spoore1 @alexey-tikhonov