[Swan-dev] test caes as documentation versus ipsec.conf.common ease of use
Paul Wouters
paul at nohats.ca
Thu Feb 12 02:55:58 EET 2015
On Wed, 11 Feb 2015, Antony Antony wrote:
> The idea is , for example, east.conf and west.conf include modular connections.
> The script, swanprep, call readwriteconf to expand the 'also=' lines and create a simple ipsec.conf file without any "also=" lines.
>
> Swanprep copy this file to the VM as /etc/ipsec.conf
> "make check" or "swantest" will archive the expanded ipsec.conf to the OUTPUT/ directory as the config file used for the testrun.
>
> Later when you browse a testrun you see the expanded one without any "also=" lines.
I do not like this idea. I often run manual tests and tweak config lines
on the VM and then later put those changes back in the test case file. With
this suggestion, i have to "convert back" every time.
Plus it does not actually give endusers moer example configurations. So
I feel this makse life harder on us for no gain at all.
> The main advantages I see are:
> 1. when we depreciate keywords readwriteconf will use the latest one.
We should just update the test cases to use the new keyword or remove
it.
> 2. If we expand all included connection to a concise conn statement it is easy to read and follow. And it becomes documentation for people who are looking for how do I configure X, Y, Z
But this does not live anywhere the non-developer will see it. Because
github will just show the ones with also= and normal usesr would not run
the test cases.
> Yes, Not all testcases are good examples but it is real One could learn from it, if the test case passes it will be up to date. At least that is the idea:)
I agree with this. I would like test cases to be usable as
documentation. But I also agree with Hugh that most test cases
are not suitable as configuration for endusers because we test
corner cases and non-optimal settings on purpose that are never
meant to be real configurations.
> Right now when I try to read /testing/baseconfigs/all/etc/ipsec.d/ipsec.conf.common I get confused:)
Everyone does :)
How about this proposal: We change the "basic" test cases to be "good
eaxmples", and write out the config files. We can then also have "make
check" run in a mode to only test "basic tests". If we allow splitting
test cases into subdirectories, we can point endusers to example configs
in
https://github.com/libreswan/libreswan/tree/master/testing/pluto/bascic/
(we can make an alias at libreswan.org/examples/)
All other tests are still using our also= lines for easy use of us for
copying to create new tests.
Paul
More information about the Swan-dev
mailing list