CloudRoast

Implementing test coverage for Glance v2 Property Protection

Registered by Luke Wollney

This is a blueprint for implementing test coverage for the glance v2 API Property Protection.

API Doc: Not available

Blueprints to be referred to:

In scope: smoke, functional, system integration, whitebox tests

Out of scope: performance, stress, scale

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
Luke Wollney
Direction:
Needs approval
Assignee:
None
Definition:
Drafting
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Notes about the tasks/tests below:
  - All tests determined to be "INVALID" have been removed
  - All tasks/tests are currently assigned to luke-wollney, but will be changed as tasks are picked up

(?)

Work Items

Work items:
[nandhini-kaliaperumal] Essential - Verify omitting config "property_protection_file" in glance-api.conf, turns off property protections  and requests are successful: TODO
[nandhini-kaliaperumal] High - Verify omitting value for config "property_protection_file" in glance-api.conf, turns off property protections and requests are successful: TODO
[nandhini-kaliaperumal] High - Verify invalid file path value for config "property_protection_file" in glance-api.conf, turns on property protections and throws 500 - internal server error: TODO
[nandhini-kaliaperumal] High - Verify blank file for config "property_protection_file" in glance-api.conf, turns on property protections and disable property access to all operations for all roles: TODO
[luke-wollney] Verify invalid section header(missing []) throws 500 - Internal server error: TODO
[luke-wollney] Verify duplicate section header throws 500 - Internal server error: TODO
[luke-wollney] Verify invalid key (valid keys: create, read, update, delete) under a section disables property access to missing/invalid operation(s) for all roles: TODO
[luke-wollney] Verify duplicate key under a section throws 500 - Internal server error: TODO
[nandhini-kaliaperumal] High - Verify invalid regular expression for section headers throws 500 - Internal server error: TODO
[nandhini-kaliaperumal] Essential - Verify first matching regular expression is considered for access to the operations and remaining sections are ignored: TODO
[nandhini-kaliaperumal] High - Try few different regular expressions and make sure they are working as expected: Exact match, No match, Subset, Prefix match, Post match: TODO
[nandhini-kaliaperumal] High - Verify access to the roles is working only for additional properties and not for core properties matching in the reg expression: TODO
[nandhini-kaliaperumal] Essential - Verify only admin has CRUD access on core properties: TODO
[nandhini-kaliaperumal] High - Verify that additional properties not matching in the reg expression disables access to all operations for all roles: TODO
[nandhini-kaliaperumal] Essential - Verify single role assignment allow access only for that role and not for others: TODO
[nandhini-kaliaperumal] High - Verify multiple role assignment allow access only for assigned roles and not for others: TODO
[nandhini-kaliaperumal] High - Verify assigning '@' allow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify assigning '!' disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify misspelling of create operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify omitting of create operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] Essential - Verify single role assignment allow access only for that role and not for others: TODO
[nandhini-kaliaperumal] High - Verify multiple role assignment allow access only for assigned roles and not for others: TODO
[nandhini-kaliaperumal] High - Verify assigning '@' allow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify assigning '!' disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify assigning '!' disallow update and delete access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify misspelling of read operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify omitting of read operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] Essential - Verify single role assignment allow access only for that role and not for others: TODO
[nandhini-kaliaperumal] High - Verify multiple role assignment allow access only for assigned roles and not for others: TODO
[nandhini-kaliaperumal] High - Verify assigning '@' allow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify assigning '!' disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify misspelling of update operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify omitting of update operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] Essential - Verify single role assignment allow access only for that role and not for others: TODO
[nandhini-kaliaperumal] High - Verify multiple role assignment allow access only for assigned roles and not for others: TODO
[nandhini-kaliaperumal] High - Verify assigning '@' allow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify assigning '!' disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify misspelling of delete operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Verify omitting of delete operation disallow access for all the roles: TODO
[nandhini-kaliaperumal] High - Make sure deleting an image deletes all additional properties associated with it and property protection config file has no effect on this action: TODO

This blueprint contains Public information 
Everyone can see this information.