Chris, Let me try to describe the general model/requirements first
1) There is autotest server with shared hosts/users/tests/recurring jobs etc, there is a requirement of user being registered to use the service 2) special user is a registered user of that setup and wants to find a way to run secret test using that autotest server (with its hosts, install server etc) - as long as only he can initiate secret test, CLI is OK - nobody will see the secret code, okay to see autotest wrapper (control file) - test results don't need to be hidden Based on that: * What does "see" mean, does it include file/directory names as well as contents? I believe the code that does the actual testing should not be visible to anyone outside of predefined set of users; Visibility of file/directory or control file would be ok. * How is the test being run, it this a stand-alone client running the secret test or is it being controlled by an autotest or other server? Autotest CLI, but there is some freedom here as long as above req are met * Can unprivileged users run tests on the client? No, only predefined set of user should be able to initiate them. * What level of access to users of each type have to a shell or other interface on the server and/or clients? (i.e. root, sudo, read/execute autotest client tests manually, etc.) Hopefully answered above * If clients are controlled from a server, do all users (secret-privileged and not) have access to schedule/run tests from the server? The autotest server is general purpose, there are bunch of hosts, tests and users and recurring jobs being run on the same server. * How are test-results to be secured, should all users be able to view them? Do 'secret' test results need to be filtered/obfuscated? I believe that the test results and any droppings that it produced should be only visible to user that initiated it (I am double check with users right now) Julius -----Original Message----- From: Chris Evich [mailto:[email protected]] Sent: Wednesday, May 15, 2013 9:57 AM To: Gawlas, Julius Cc: [email protected] Subject: Re: [Autotest] Running secret tests On 05/15/2013 11:52 AM, Gawlas, Julius wrote: > One of our users is interested in running a secret test, which is a > test that has legal restrictions on who can run it. > > Let's say we are given some test covered by NDA and it was agreed that > only limited set of people can see it and run the code. How would we > go about hooking such test to autotest instance? > > Any ideas or pointers? > > > Thanks Julius I think we we need more details to help narrow the option list down: * What does "see" mean, does it include file/directory names as well as contents? * How is the test being run, it this a stand-alone client running the secret test or is it being controlled by an autotest or other server? Can unprivileged users run tests on the client? * What level of access to users of each type have to a shell or other interface on the server and/or clients? (i.e. root, sudo, read/execute autotest client tests manually, etc.) * If clients are controlled from a server, do all users (secret-privileged and not) have access to schedule/run tests from the server? * How are test-results to be secured, should all users be able to view them? Do 'secret' test results need to be filtered/obfuscated? * What other specific conditions/aspects should be restricted? -- Chris Evich, RHCA, RHCE, RHCDS, RHCSS Quality Assurance Engineer e-mail: cevich + `@' + redhat.com o: 1-888-RED-HAT1 x44214 _______________________________________________ Autotest-kernel mailing list [email protected] https://www.redhat.com/mailman/listinfo/autotest-kernel
