Kiwi TCMS has applied for GSoC 2021

here are some project ideas

Posted by Kiwi TCMS Team on Sat 30 January 2021 under community

"GSoC banner"

Dear open source hackers, we are happy to share that Kiwi TCMS has applied to Google Summer of Code 2021 as a mentoring organization!

While we're very early in the program timeline and we still don't know whether Kiwi TCMS will be accepted or not we'd like to use this opportunity and outline several areas which are good candidates for GSoC fellows to work on. Some of the tasks are also eligible for our open source bounty program. The majority of them require some knowledge of Python and Django.

Let's Encrypt SSL integration

By default Kiwi TCMS' container image comes with a self-signed SSL certificate! This is irritating because all modern browsers issue warnings for that and the majority of deployments do not have the infrastructure to distribute the self-signing Certificate Authority certificate files, e.g. make the browser trust the provided certificate.

This issue is compounded by the fact that production SSL certificates, issues by a well-known authority must be introduced from the outside. While this is documented there are fair amount of testers who do not have sufficient proficiency with Docker to do so.

The result is that we see many Kiwi TCMS deployments in the wild which completely disable HTTPS and users struggling to configure their SSL certificates.

An integration with Let's Encrypt would be a good choice. We've tried a proof of concept but had troubles running their official client on our container image.

The challenge will be to use a Let's Encrypt client that is supported on the CentOS Linux distribution (that's what we use) or a frequently maintained distribution independent package. Another challenge will be that the ACME protocol used needs to be able to talk back to the system asking for a new certificate. In most cases Kiwi TCMS will be deployed behind a firewall and initial certificate request/renewal requests may be able to go one way only.

Securing 3rd party dependencies

Kiwi TCMS itself uses services and tools like Snyk, npm audit, Coverity and Bandit against our own and against 3rd party source code. On the other hand some of our components (e.g. PatternFly) do not perform any kind of security testing. The starting point to unravel this is Issue #871.

As a minimum all issues reported by bandit & coverity against 3rd party dependencies must be sorted out:

All of this will ultimately benefit a broader community than Kiwi TCMS alone.

Integration with GitHub Actions and GitLab pipelines

As part of our continuing integration with GitHub we need to have an action which would report the results to Kiwi TCMS similar to how our automation framework plugins do!

You should start with GitHub because this is what Kiwi TCMS uses and we can immediately eat our own dog food. Originally proposed in Issue #817 then moved to github-app #10 with a slightly different focus.

Next (or in parallel) would be similar functionality for GitLab pipelines, proposed in Issue #1421

Java hacking

Kiwi TCMS does have a native junit-plugin but we are no experts in Java. In the testing world however Java is a very popular language and we need help building on top of the existing library and developing several other tools:

C# and Objective-C hacking

Migration to Patternfly v4, possibly with React JS

The visual component library that Kiwi TCMS uses is called PatternFly. First it is a standard describing visual design, widget behavior and development hints for enterprise applications. Then it provides an actual implementation of their standards.

Kiwi TCMS is built with PatternFly v3 using raw HTML + CSS. This approach allowed us to get started quickly and gradually migrate from our legacy UI. It also works very well with Django which is structured around rendering HTML templates.

A major task is switching over to PatternFly v4 where there could be some differences in component syntax.

Since Kiwi TCMS v8.8 and v8.9 we have completely redesigned the TestPlan and TestRun pages. As they are the ones with the most possible interactivity and functionality we have hit the need to keep internal state on the front-end. This is rather cumbersome to manage by hand and calls for a more modern solution using React. There is PatternFly implementation as React components too.

The starting point is Issue #1323.

The volume of work is a challenge because all pages need to be migrated and we're not sure if this can be done and released in steps or all pages should be migrated and released together. In other words we don't know if shipping UI based on both PatternFly v3 and v4 will work.

The next challenge is refactoring the TestRun and TestPlan pages with React, keeping all existing functionality intact. A challenge here will also be the transactional nature of Django where it receives a browser request and sends a response, usually rendered HTML content! Lots of functionality happens both on the backend as well as in the HTML templates themselves - for example translations and permission checks.

JavaScript hacking

Remaining telemetry

Testing Telemetry is one of our cool features and since we've started to redesign the legacy report feature testers are very happy with it. There are still some bits and pieces that are missing: Issue #616, Issue #1923, Issue #1924, Issue #1925, Issue #1926, Issue #1927, Issue #1928, Issue #1929, Issue #1940.

These generally depend on having the ability to record execution times in our database and afterwards the features are similar but relatively independent of one another.

Web hooks

Kiwi TCMS should be able to better integrate with 3rd party systems. This feature will allow users to configure custom URL to which Kiwi TCMS will send HTTP POST requests on certain events. It looks like we can base the implementation on top of django-rest-hooks and pair it up with RestrictedPython for further flexibility.

This feature is being tracked in Issue #1080 and Issue #913 but needs a more detailed definition.

Anything else

All of the proposals above are items which we have in our backlog and need help with. However participation in the Google Summer of Code program is not limited only to them. You are free to propose any other ideas/projects on which you would like to work during the summer. We would be happy to accept your contributions if we make it into the program.

Happy Testing!

If you like what we're doing and how Kiwi TCMS supports various communities please help us!