[openstack-dev] [Keystone] SQLite support (migrations, work-arounds, and more), is it worth it?

David Stanek dstanek at dstanek.com
Mon Apr 6 19:36:02 UTC 2015

On Mon, Apr 6, 2015 at 2:41 PM, Mike Bayer <mbayer at redhat.com> wrote:

> On 4/6/15 12:49 PM, David Stanek wrote:
> Exactly. This is the direction I have been going. Functional tests are
> written using the public APIs using the client.
> I would also add that I don't like that the Keystone unit tests are so
> database heavy. I would not want MySQL or ant RDBMS to be a requirement for
> running the tests.
> is that because you'd prefer that the unit tests were more isolated, or
> just that an external service is being used?

There are two types of testing that I'm interested in really promoting in
Keystone. I want to see functional tests that only use the published APIs
to trigger and observe behavior. I also want to see unit tests that are
small, fast and that test the business logic of the system.

I started working[1] on functional testing in the Kilo cycle. The spec[2]
talks about standing up Keystone in different configurations (MySQL, LDAP,
Federated, etc.) and then running a set of tests against that instance.
This will allow us the test any backend we want and confirm it works the
way we expect Keystone to work.

On the other hand I want the unit tests to be smaller and faster. The job
of the unit tests should be to test small isolated bits of code and help
guide/evaluate the code design. Except to test the SQL backends I don't see
a need for using a database and even then I'd like to get by without it.

> I've done some work with extensive mocking of SQL databases; specifically
> mocking at the ORM level.  It is nice when you get it to run, but it's also
> a much bigger job to write fine-grained mocks like that, the mocks can be
> brittle in relation to the code they're targeting, and you also need to
> come up with some solution to actually functional test your database access
> code.
> I tend to think that having a mysqld service running is the lesser of two
> evils and you get a lot more code coverage by going all the way out to the
> DB.

The simplicity of the Keystone design is actually very good for dealing
with this (controller -> manager -> backend). Since backends are where the
actually query work happens we can easily provide a fake for each subsystem
that we want to test. This would allow us the test the business rules in
the manager without a database. The reason that is good is that we'd
probably be better off requiring LDAP (if anything) for some of the
subsystems since that is what they are typically configured to use. I would
rather just leave that level of detail to the functional tests.

2. https://review.openstack.org/#/c/153300/l

blog: http://www.traceback.org
twitter: http://twitter.com/dstanek
www: http://dstanek.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150406/75a1e022/attachment.html>

More information about the OpenStack-dev mailing list