Project

General

Profile

Story #804

Integration testing: Testing access control

Added by Roger Dahl over 13 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
d1_integration
Start date:
2012-01-23
Due date:
% Done:

100%

Story Points:
Sprint:

Description

Design & implement a strategy for testing access control on MNs and CNs.

  1. Need to ensure that: a) READ operations (MNRead & Tier1 CN methods, Tier2 CN 'GET' methods) b) WRITE operations (MNStorage, Tier2 & 4 CN methods) c) CHANGEPERMISSION operations (MNAuthorization, MNStorage,MNReplication & Tier2-4 CN methods)

respect accessControlPolicies on the given object.

  1. accessControl is consistent for all replicas

Need to test for:
a. anonymous / public users
b. expired certificates
c. bogus (self-signed) certificates
c. an authenticated user
d. a verified-authenticated user

trying to read / write/ changepermission on object whose accessPolicy is set by:
a. individual permissions
b.group permissions
c. symbolic principals:
- 'public'
- 'authenticatedUser'
- 'verifiedUser'


Subtasks

Task #2271: refactor test object procurement methods to work with pre-populated test objects.ClosedRob Nahf

Task #2328: refactor authorization tests according to testing designClosedRob Nahf

Task #2063: add expired certificate "testUser"ClosedRob Nahf

Task #2258: add test certificates to represent MNodes and CNodesClosedRob Nahf

Task #2062: test acccess via group membershipClosedRob Nahf

Task #2256: test access via mapped identityClosedRob Nahf


Related issues

Related to Infrastructure - Story #2625: generate test certificates under the new dataone (test) CA Closed 2012-05-19

History

#1 Updated by Matthew Jones over 13 years ago

  • Parent task set to #907

#2 Updated by Dave Vieglais over 13 years ago

  • Start date set to 2010-10-07
  • Tracker changed from Bug to Task

#3 Updated by Rob Nahf over 12 years ago

  • Category changed from d1_common_java to d1_integration
  • Assignee changed from Dave Vieglais to Rob Nahf
  • Milestone set to None
  • Parent task deleted (#907)
  • Tracker changed from Task to Story
  • Subject changed from Integration testing: Test access control to Integration testing: Testing access control
  • Status changed from New to In Progress

Integration Tests for MNAuthorization methods written to include

#4 Updated by Dave Vieglais over 12 years ago

  • Target version changed from Sprint-2011.43-Block.6 to Sprint-2011.44-Block.6
  • Position set to 1
  • Position changed from 1 to 301

#5 Updated by Rob Nahf over 12 years ago

  • Target version changed from Sprint-2011.44-Block.6 to Sprint-2011.45-Block.6
  • Position deleted (300)
  • Position set to 2

#6 Updated by Dave Vieglais over 12 years ago

  • Position deleted (7)
  • Position set to 9

#7 Updated by Dave Vieglais over 12 years ago

  • Target version changed from Sprint-2011.45-Block.6 to Sprint-2011.46-Block.6
  • Milestone changed from None to CCI-1.0.0

Need to verify that these integration tests are implemented.

#8 Updated by Dave Vieglais over 12 years ago

  • Target version changed from Sprint-2011.46-Block.6 to Sprint-2011.48-Block.6
  • Position deleted (23)
  • Position set to 1

#9 Updated by Dave Vieglais over 12 years ago

  • Position deleted (25)
  • Position set to 3
  • Target version changed from Sprint-2011.48-Block.6 to Sprint-2011.49-Block.6

#10 Updated by Dave Vieglais over 12 years ago

  • Position deleted (7)
  • Position set to 2
  • Target version changed from Sprint-2011.49-Block.6 to Sprint-2011.51-Block.6

#11 Updated by Dave Vieglais about 12 years ago

  • Target version changed from Sprint-2011.51-Block.6 to Sprint-2012.01-Block.1.1
  • Position deleted (11)
  • Position set to 1
  • Position changed from 1 to 330

#12 Updated by Dave Vieglais about 12 years ago

  • Target version changed from Sprint-2012.01-Block.1.1 to Sprint-2012.03-Block.1.2
  • Position deleted (344)
  • Position set to 1
  • Position changed from 1 to 352

#13 Updated by Dave Vieglais about 12 years ago

  • Target version changed from Sprint-2012.03-Block.1.2 to Sprint-2012.05-Block.1.3
  • Position deleted (354)
  • Position set to 27

#14 Updated by Rob Nahf about 12 years ago

  • Position set to 1
  • Position deleted (33)

#15 Updated by Rob Nahf about 12 years ago

  • Position set to 4
  • Position deleted (23)

#16 Updated by Rob Nahf about 12 years ago

  • Position set to 1
  • Position deleted (4)
  • Target version changed from Sprint-2012.05-Block.1.3 to Sprint-2012.07-Block.1.4

#18 Updated by Dave Vieglais about 12 years ago

  • Position deleted (10)
  • Position set to 20
  • Target version changed from Sprint-2012.07-Block.1.4 to Sprint-2012.09-Block.2.1

#19 Updated by Dave Vieglais about 12 years ago

  • Position deleted (65)
  • Target version changed from Sprint-2012.09-Block.2.1 to Sprint-2012.11-Block.2.2
  • Position set to 23

#20 Updated by Dave Vieglais almost 12 years ago

  • Position deleted (41)
  • Position set to 5
  • Target version changed from Sprint-2012.11-Block.2.2 to Sprint-2012.17-Block.3.1

#21 Updated by Rob Nahf almost 12 years ago

  • Status changed from In Progress to Closed

#22 Updated by Rob Nahf almost 12 years ago

Completed the implementation of the authorization testing design, such that: all 3 permissions are tested against a set of test objects with varying accessPolicies that cover the full set of options for a single-rule accessPolicy. (including a null AccessPolicy). The tests were put in a common abstract base class so that CN's and MN's share the same tests. The tests check for transitivity of access for equivalent identities.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)