[Freeipa-devel] [TEST PLAN] User lifecycle plugin

thierry bordaz tbordaz at redhat.com
Tue May 19 15:54:01 UTC 2015 

On 05/13/2015 05:54 PM, Martin Basti wrote:
> On 13/05/15 17:44, David Kupka wrote:
>> On 05/13/2015 02:57 PM, Lenka Ryznarova wrote:
>>> Hi,
>>>
>>> I've prepared test plan design for User Lifecycle Plugin - [1]. Please
>>> review and let me know if you have any comments on that.
>>>
>>> Thanks,
>>> Lenka
>>>
>>> [1] http://www.freeipa.org/page/V4/User_Life-Cycle_Management/Test_Plan
>>>
>>>
>> Hi,
>> thanks for sharing the test plan. I've quickly looked at it and have 
>> just 2 notes:
>>
>> 1) please add "Verify that specific GID number of a staged entry is 
>> preserved after activation"
>>
>> 2) In a block of tests "Try activating staged entry with 
>> <every-possible-attribute>" please add a activation tests. It should 
>> be possible to add/modify the attributes in staging are freely all 
>> the check must be applied when the user is activated.
>>
> Hello, following tests are out of scope of API tests, but would be 
> nice to have:
> * test to make sure the staged/deleted user is unable to kinit
> * opposite case the reactivated user is able to kinit (if this case is 
> valid)
> * ACI tests: to make sure only proper roles can manipulate with staged 
> users.
>
Hello Lenka,

This is looking as a very good set of tests. If you have time, you may 
also add those tests:

  * try do a simple bind with a stage/delete user
  * option only-delete, also-delete and --deleted are deprecated.. sorry
    the design is not up-to-date, now it is --preserved flag
  * Run the tests as admin
  * Run the tests as a stageadm (member of 'User administrator')
  * Try to update a stageuser with invalid uid/gidnumber (<0 , or string)
  * Check that activated and undelete users are member of ipausers
  * Being authenticated with a newly activated user, check you have
    limited access to entries (only modify yourself)
  * Try to add (ldapadd) an entry directly in delete container, should
    not be allowed even for admin.
  * Create a user that is member of a 'system provisioning' role.
    'system provisioning' role has the 'Stage user provisioning' priviledge.
    This user should only be allow to add 'stage' user (no read, delete,
    mod)

Thanks
thierry

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150519/be64b0d8/attachment.htm>

More information about the Freeipa-devel mailing list