Page MenuHomePhabricator
Create Task
Maniphest T365432

Automate testing CentralAuth patches with heterogenous deployment
Closed, DeclinedPublic
Actions

Description

CentralAuth uses a central wiki for logins the wiki where the login is started and the central login wiki communicate via the DB and other stores. Some of the hardest-to-catch errors happen when (in Wikimedia heterogeneous deployment) a change is deployed to some wikis but not to the central login wiki, or is deployed to the central login wiki but not to some other wikis, so that communication breaks. The effect of a partially-deployed patch is hard to reason about, and hard to test locally. Some sort of CI automation for it would be great.

The shape it would have to take would be something like this:

  • have two MediaWiki installs, one for a normal wiki, one for the central login wiki
  • check out CentralAuth master to the normal wiki and master + the patch to be tested to the central login wiki
  • run some basic Selenium tests (login, signup)
  • check out CentralAuth master + the patch to the normal wiki and master to the central login wiki
  • run the tests again

Related Objects
Search...

Event Timeline

Tgr created this task.May 21 2024, 7:47 AM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptMay 21 2024, 7:47 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Tgr added a parent task: T348206: Improve logging, monitoring and test coverage for MediaWiki Platform team authentication extensions.May 21 2024, 7:48 AM
Tgr added a comment.May 21 2024, 9:20 AM

I guess we could also just run smoke tests in production and time them to happen after the train. Obviously less ideal (and we probably wouldn't want to test signups that way) but might be easier to set up.

larissagaulia moved this task from Inbox, needs triage to Within 2 Qs on the MediaWiki-Platform-Team board.May 27 2024, 2:35 PM
ArielGlenn subscribed.Oct 15 2024, 7:20 AM
JTweed-WMF edited projects, added: MediaWiki-Platform-Team (Roadmap); removed: MediaWiki-Platform-Team.Jan 22 2025, 3:51 PM
JTweed-WMF moved this task from Now => Move to Inbox to Later => Move to Inbox on the MediaWiki-Platform-Team (Roadmap) board.
OWresch-WMF edited projects, added: MediaWiki-Platform-Team; removed: MediaWiki-Platform-Team (Roadmap).Jan 16 2026, 1:56 PM
A_smart_kitten moved this task from Within 2 Qs to Inbox, needs triage on the MediaWiki-Platform-Team board.Apr 28 2026, 8:19 PM
Tgr closed this task as Declined.Tue, May 19, 7:50 PM

CentralAuth uses a central wiki for logins the wiki where the login is started and the central login wiki communicate via the DB and other stores.

Since the introduction of SUL3, this is not the case anymore. Login-related redirect chains bounce between the origin wiki and auth.wikimedia.org, but auth.wikimedia.org resolves to the same wiki. The only flow which still involves going to a different wiki is edge login, which is an "add-on" to normal login and broken on Firefox and Safari already; it breaking further by accident is not a big enough deal to justify the investment into multi-install Selenium tests, IMO.

(A cross-wiki Selenium test in production, rather than CI, would probably be fairly easy. That can be done under T376562: Improve CentralAuth authentication browser tests.)

Jdforrester-WMF subscribed.Tue, May 19, 7:57 PM

I understood this task to be principally aimed at the need to actually test CA before code ships to production. (See also T406582 for the more general wish.) Does the Declining of this task mean that that is no longer something the MW group cares about?

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits