LCAS Test Plan

For now this is only a LCAS test plan, if you are testing LCMAPS, please provide a LCMAPS test plan

Service Description

LCAS is a library which is used to make authorization decisions based on users' credentials and specific rules.

Information of LCAS can be found under site access control documentation and LCAS specific documentation

Since LCAS is relatively deeply integrated in many services, it's not straightforward to test. Here I've described a testplan that should suffice, and test LCAS thoroughly enough.

These descriptions of LCAS tests cover most of the LCAS funtionality. The recommended way to do the testing is to choose one nodetype/service that uses LCAS (WMS, glexec), and run the full set of LCAS tests against that nodetype. If and when LCAS passes the tests, other node types can be tested. The other nodetypes can be tested very simply, basically to check that the integration isn't broken.

Features/Scenarios to be tested

'Userban module tests' (not implemented)

This test should check that LCAS does not allow banned users.

Normal workflow - correct input

LCAS should be tested with an normal working voms proxy.

Pass/Fail Criteria

LCAS should accept this connection.

Error workflow - erroneous input

LCAS should be tested with a proxy certificate, whose DN has been banned using the userban module

Pass/Fail Criteria

LCAS should deny access for this certifcate

'Voms module tests' (not implemented)

This test should check that LCAS handles different voms certificates correctly, and denies the unaccpeted users.

Normal workflow - correct input

LCAS should be tested with an normal voms proxy.

Pass/Fail Criteria

LCAS should accept this connection.

Error workflow - erroneous input

LCAS should be tested with the following false proxy certificates

• A non-voms proxy certificate
• A proxy certificate from an unaccepted vo
• A proxy that is not accepted by the gacl rules

Pass/Fail Criteria

LCAS should deny access for these certifcates

'Timeslots module tests' (not implemented)

This test should check that LCAS handles the timeslots settings correctly.

Normal workflow - correct input

LCAS should be tested with an normal voms proxy in an accepted timeslot.

Pass/Fail Criteria

LCAS should accept this connection.

Error workflow - erroneous input

LCAS should be tested with the same proxy file, but at t time when the user is unauthorized.

Pass/Fail Criteria

LCAS should deny access for these certifcates

Features not to be tested

'Full API tests'

The full api tests will not be done in this certification due to time constraints of the patch. These should be written however, to ensure that the api works as it should and does not break backwards compatibility.

-- KalleHapponen - 13 Jul 2009