[Freeipa-devel] [TEST PLAN] User lifecycle plugin
thierry bordaz
tbordaz at redhat.com
Tue May 19 15:54:01 UTC 2015
On 05/13/2015 05:54 PM, Martin Basti wrote:
> On 13/05/15 17:44, David Kupka wrote:
>> On 05/13/2015 02:57 PM, Lenka Ryznarova wrote:
>>> Hi,
>>>
>>> I've prepared test plan design for User Lifecycle Plugin - [1]. Please
>>> review and let me know if you have any comments on that.
>>>
>>> Thanks,
>>> Lenka
>>>
>>> [1] http://www.freeipa.org/page/V4/User_Life-Cycle_Management/Test_Plan
>>>
>>>
>> Hi,
>> thanks for sharing the test plan. I've quickly looked at it and have
>> just 2 notes:
>>
>> 1) please add "Verify that specific GID number of a staged entry is
>> preserved after activation"
>>
>> 2) In a block of tests "Try activating staged entry with
>> <every-possible-attribute>" please add a activation tests. It should
>> be possible to add/modify the attributes in staging are freely all
>> the check must be applied when the user is activated.
>>
> Hello, following tests are out of scope of API tests, but would be
> nice to have:
> * test to make sure the staged/deleted user is unable to kinit
> * opposite case the reactivated user is able to kinit (if this case is
> valid)
> * ACI tests: to make sure only proper roles can manipulate with staged
> users.
>
Hello Lenka,
This is looking as a very good set of tests. If you have time, you may
also add those tests:
* try do a simple bind with a stage/delete user
* option only-delete, also-delete and --deleted are deprecated.. sorry
the design is not up-to-date, now it is --preserved flag
* Run the tests as admin
* Run the tests as a stageadm (member of 'User administrator')
* Try to update a stageuser with invalid uid/gidnumber (<0 , or string)
* Check that activated and undelete users are member of ipausers
* Being authenticated with a newly activated user, check you have
limited access to entries (only modify yourself)
* Try to add (ldapadd) an entry directly in delete container, should
not be allowed even for admin.
* Create a user that is member of a 'system provisioning' role.
'system provisioning' role has the 'Stage user provisioning' priviledge.
This user should only be allow to add 'stage' user (no read, delete,
mod)
Thanks
thierry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150519/be64b0d8/attachment.htm>
More information about the Freeipa-devel
mailing list