tests: migrate passkey tests from umockdev to vfido

[ikerexxe]

Migrate all passkey system tests from umockdev based hardware mocking to vfido virtual FIDO2 device. The change involves converting around 20 passkey test cases to use the new vfido approach, removing approximately 100 umockdev recording files that are no longer needed and updating the test infrastructure to work with virtual FIDO2 devices. Additionally, unused passkey fixtures and references have been cleaned up.

[ikerexxe]

This PR depends on SSSD/sssd-ci-containers#167 and SSSD/sssd-test-framework#237

[gemini-code-assist]

Code Review

This pull request successfully migrates the passkey system tests from umockdev to the more dynamic vfido framework. This is a significant improvement, making the tests more robust and self-contained by removing a large number of static test data files. However, there are two critical points to address before merging. The requirements.txt file has been updated to point to a personal fork, which must be reverted to an official repository. Additionally, a test case for FIPS-compliant keys appears to have lost its FIPS-specific validation, which could be a regression in test coverage.

[gemini-code-assist]

The sssd-test-framework dependency points to a personal fork (ikerexxe/sssd-test-framework). For merging, this should be changed to point to the official repository. Please ensure the necessary changes from the test-passkey-vfido branch are merged into the official sssd-test-framework repository and update this dependency accordingly.

[ikerexxe]

This is for testing purposes only. Keeping it open until SSSD/sssd-test-framework#237 is merged

[jakub-vavra-cz]

While refactoring, please make sure that this is gone:

$ ruff check src/tests/system/tests/
E713 [*] Test for membership should be not in
--> src/tests/system/tests/test_passkey.py:738:13
|
736 | assert "Ticket cache" in output, "Failed to get the TGT"
737 | assert (
738 | not (
| _____________^
739 | | "No Kerberos TGT granted as the server does not support this method. "
740 | | "Your single-sign on(SSO) experience will be affected"
741 | | )
742 | | in output
| |_________________^
743 | ), "Get the console message about TGT"
|
help: Convert to not in

E713 [*] Test for membership should be not in
--> src/tests/system/tests/test_passkey.py:785:9
|
783 | assert "Ticket cache" in output, "Failed to get the TGT"
784 | assert not (
785 | / (
786 | | "No Kerberos TGT granted as the server does not support this method. "
787 | | "Your single-sign on(SSO) experience will be affected"
788 | | )
789 | | in output
| |_________________^
790 | ), "Got the console message about No Kerberos TGT granted"
|
help: Convert to not in

E713 [*] Test for membership should be not in
--> src/tests/system/tests/test_passkey.py:838:13
|
836 | assert "Ticket cache" in output, "Failed to get the TGT"
837 | assert (
838 | not (
| _____________^
839 | | "No Kerberos TGT granted as the server does not support this method."
840 | | "Your single-sign on(SSO) experience will be affected"
841 | | )
842 | | in output
| |_________________^
843 | ), "Got the console message about No Kerberos TGT granted"
|
help: Convert to not in

E713 [*] Test for membership should be not in
--> src/tests/system/tests/test_passkey.py:884:13
|
882 | assert "Ticket cache" in output, "Failed to get the TGT"
883 | assert (
884 | not (
| _____________^
885 | | "No Kerberos TGT granted as the server does not support this method."
886 | | " Your single-sign on(SSO) experience will be affected"
887 | | )
888 | | in output
| |_________________^
889 | ), "Got the console message about No Kerberos TGT granted"
|
help: Convert to not in

Found 4 errors.
[*] 4 fixable with the --fix option.

[spoore1]

First quick review. I think you need to restore the data/test_ipa directory to fix the failing system tests.

[spoore1]

I think this is still needed for other tests.

[spoore1]

I think this is needed as well still.