TWiki>
EMI Web>EmiProjectStructure>EmiProductTeams>VOMS>EMIVomsDocumentation>EMIVomsAdminTestPlan (2011-04-20, unknown)
EditAttachPDF
EMI Web>EmiProjectStructure>EmiProductTeams>VOMS>EMIVomsDocumentation>EMIVomsAdminTestPlan (2011-04-20, unknown) EditAttachPDFVOMS Admin test plan
Unit tests
N/ADeployment tests
YUM clean installation test
MySQL Backend
yum install emi-voms-mysqlinstalls cleanly on a SL5 X86_64 machine configured as described here.
Oracle Backend
yum install emi-voms-oracleinstalls cleanly on a SL5 X86_64 machine configured as described here.
YUM upgrade test
Not available for the first EMI release.YAIM configuration test
Check that YAIM configuration template as found in the VOMS system administrator guide configures the service succesfully for theemi-voms-mysql and emi-voms-oracle metapackages.
System tests
Basic functionality tests
Administrative registration of a VO member
Normal workflow
Use "create-user" to register a new VO member by- using a certificate file (PEM format)
- specifying the user DN, issuer DN, email and name on the command line (--nousercert option)
Pass/Fail Criteria
voms-admin create-user exits with code 0 and list-users returns its DN as a registered member.Erroneous workflow
- Wrong location of the certificate file or not a valid PEM file.
- Missing parameter when --nousercert is used ( userDN/issuerDN/email/name ).
- Issuer not trusted by the VOMS server
- User already registered
Pass/Fail Criteria
Test succeeds if an appropriate error message is printed and the exit code is 1.Groups and role creation
Normal workflow
Use create-group and create-role to register new VO groups/roles.Pass/Fail Criteria
voms-admin should exit with code 0. list-groups/list-subgroups and list-roles should display the newly created entities.Erroneous workflow
Try to create a role/group that already exists or subgroup that full name does not start with "/vo_name/".Pass/Fail Criteria
An error should be displayed to the user and voms-admin should exit with code 1.Attribute class registration
Normal workflow and Pass/Fail Criteria
use create-attribute-class to register a new one. Verify both the creation of classes with UNIQUE enforcement and without. The test succeeds if voms-admin exits with code 0 and list-attribute-classes contains the new ones.Erroneous workflow and Pass/Fail Criteria
If the class already exists or the name contains illegal characters, voms-admin should print an error and exit with code 1.Users/groups/roles/classes deletion.
Usedelete-user, delete-group, delete-role, delete-attribute-class to test deletion of VOMS entities. The test succeeds if voms-admin exits with code 0 and subsequent calls to the list command does not show the erased objects.
Group membership operations
Tests for adding/removing/listing of group members usingadd-member, remove-member, list-members
Normal workflow and Pass/Fail Criteria
- the add operations exits with code 0, and list-members shows the newly added member for the context in question. The user should become a member of all of the group's predecessors as well (if not already). This has to be verified with list-members as well.
- the delete operation exits with code 0 and the user is no longer member of the context in question. Group membership removal is not propagated back to the predecessors.
Erroneous workflow and Pass/Fail Criteria
voms-admin should print an error message and exit with code 1 if any of the following events occur:- the location of the user certificate file is not valid or the file is not in PEM format
- adding a member that already exists
- removing a non-existent member
Role assignments/dismissals
Normal workflow and Pass/Fail Criteria
Use the assign-role and dismiss-role commands to verify the role management operations. assign-role should be tested with multiple roles for a single context.Erroneous workflow and Pass/Fail Criteria
- assigning a role which is already granted
- dismissing a non-assigned role
- assigning a role for a context the user is not member of
Setting/Deleting attribute class values for users, groups, role/group
Test of the voms-admin commands- set-user-attribute, delete-user-attribute
- set-group-attribute, delete-group-attribute
- set-role-attribute, delete-role-attribute
Erroneous workflow and Pass/Fail Criteria
voms-admin should exit with code 1 and print an error message if the commands are- called with wrong number of arguments
- the user is not a VO member
- group/role does not exist
- a duplicate value for an attribute with unique constraint enabled
- the attribute is not set for the specified entity
Managing VOMS-ADMIN access control lists
The commandsadd-ACL-entry and remove-ACL-entry should be tested to modify the ACL for the top VO group and group hierarchy. The test passes if subsequent call to get-ACL for that contexts lists the new ACE.
Access control entries for the following subjects should be checked:
- registered vo user
- user which is not a VO member
- user possessing a role in a context
- all members of a group
- any authenticated user (anyone who has a valid certificate issued by the authorities the VOMS-ADMIN server trusts)
Managing VOMS-ADMIN default access control lists
Normal workflow and Pass/Fail Criteria
Access control entries are added in the default ACL for a context. Then a subgroup is created and the contents of its ACL is inspected with the get-ACL command. It should correspond to the contents of the default ACL of the parent. In this case the test is considered successful.Web interface
VO registration service
Testing the VOMS-ADMIN web interface as a regular user.Normal workflow and Pass/Fail Criteria
- VO registration request
- Confirmation email verification
- Request timeout
- VO information page
Regression tests
[VOMS Admin] VOMS Admin CA update functionality fails with EGI-trustanchors CA 1.38 (https://savannah.cern.ch/bugs/?78349
)
Check that VOMS Admin installation and configuration works as expected with EGI trust anchors >= 1.38.
[VOMS Admin] VOMS-admin AUP signing request behaviour broken for user with no AUP acceptance record (https://savannah.cern.ch/bugs/?78350)
Create two users without AUP record, have one user sign the AUP and check that the other still receive a Sign AUP email
[VOMS Admin] "Add to group" dialog broken (https://savannah.cern.ch/bugs/?78881)
Create 2 groups in the VO. Create a user. Check the add to group dialog in the user page allows the administrator to select any of the newly created groups
[VOMS Admin] "more info" link in group search users tab broken (https://savannah.cern.ch/bugs/?79087)
Create a user in the VO. Search the VO root group and check that the "more info" referring to the cretead user is not broken.
[YAIM VOMS] Adaptive setting of MaxPermSize according to the number of configured VOs (https://savannah.cern.ch/bugs/?80172)
Configure a large number of VOs with YAIM (> 10) and check that the MaxPermSize Java VM parameter is set in a way that is proportional to the number of VOs
[VOMS Admin] Database upgrade fails when usr table contains duplicated entry (https://savannah.cern.ch/bugs/?80308)
Starting from a VOMS Admin 2.0.x database, insert a duplicated entry in the usr table and try the upgrade of the database. The upgrade script should warn of the presence of a duplicated entry and succed.
[VOMS Admin] Confirmed pending VO membership requests are incorrectly deleted from database (https://savannah.cern.ch/bugs/?80685)
Configure the expired request purger thread to excecute every 10 sec. Request membership to the VO. As a VO admin accept the membership request. Check that the expired request purger does not delete the just confirmed request from the database.
[VOMS Admin] Uncaught exception shown in group membership search pane (https://savannah.cern.ch/bugs/?80892)
Using the voms-admin CLI create two users with the same ceritificate subject and different CAs. Check that the root VO group membership search pane shows the two users as expected and no exception is thrown.
[VOMS Admin] VOMS Admin does not resolve correctly email addresses for role an group administrators (https://savannah.cern.ch/bugs/?80945)
Create a user, assign him the VO-Admin role. Check that the user receives VOMS Admin notifications for incoming user requests.
Performance and scalability tests
N/AStandard compliance and conformance tests
N/AInter-component tests
MkGridmap
Check that mkgridmap script work as expected against VOMS Admin service -- AndreaCeccanti - 20-Apr-2011 Edit | Attach | 
EMI Web
News
Events
Procedures and Tools
Mailing Lists
Documents
Project Structure
Create New Topic
Index
Search
Changes
Statistics
- ABATBEA
- ACPP
- ADCgroup
- AEGIS
- AfricaMap
- AgileInfrastructure
- ALICE
- AliceEbyE
- AliceSPD
- AliceSSD
- AliceTOF
- AliFemto
- ALPHA
- Altair
- ArdaGrid
- ASACUSA
- AthenaFCalTBAna
- Atlas
- AtlasLBNL
- AXIALPET
- CAE
- CALICE
- CDS
- CENF
- CERNSearch
- CLIC
- Cloud
- CloudServices
- CMS
- Controls
- CTA
- CvmFS
- DB
- DefaultWeb
- DESgroup
- DPHEP
- DM-LHC
- DSSGroup
- EGEE
- EgeePtf
- ELFms
- EMI
- ETICS
- FIOgroup
- FlukaTeam
- Frontier
- Gaudi
- GeneratorServices
- GuidesInfo
- HardwareLabs
- HCC
- HEPIX
- ILCBDSColl
- ILCTPC
- IMWG
- Inspire
- IPv6
- IT
- ItCommTeam
- ITCoord
- ITdeptTechForum
- ITDRP
- ITGT
- ITSDC
- LAr
- LCG
- LCGAAWorkbook
- Leade
- LHCAccess
- LHCAtHome
- LHCb
- LHCgas
- LHCONE
- LHCOPN
- LinuxSupport
- Main
- Medipix
- Messaging
- MPGD
- NA49
- NA61
- NA62
- NTOF
- Openlab
- PDBService
- Persistency
- PESgroup
- Plugins
- PSAccess
- PSBUpgrade
- R2Eproject
- RCTF
- RD42
- RFCond12
- RFLowLevel
- ROXIE
- Sandbox
- SocialActivities
- SPI
- SRMDev
- SSM
- Student
- SuperComputing
- Support
- SwfCatalogue
- TMVA
- TOTEM
- TWiki
- UNOSAT
- Virtualization
- VOBox
- WITCH
- XTCA
 |
|
Copyright &© 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback