On 05/13/2015 05:54 PM, Martin Basti wrote:
On 13/05/15 17:44, David Kupka wrote:
On 05/13/2015 02:57 PM, Lenka Ryznarova wrote:
Hi,

I've prepared test plan design for User Lifecycle Plugin - [1]. Please
review and let me know if you have any comments on that.

Thanks,
Lenka

[1] http://www.freeipa.org/page/V4/User_Life-Cycle_Management/Test_Plan


Hi,
thanks for sharing the test plan. I've quickly looked at it and have just 2 notes:

1) please add "Verify that specific GID number of a staged entry is preserved after activation"

2) In a block of tests "Try activating staged entry with <every-possible-attribute>" please add a activation tests. It should be possible to add/modify the attributes in staging are freely all the check must be applied when the user is activated.

Hello, following tests are out of scope of API tests, but would be nice to have:
* test to make sure the staged/deleted user is unable to kinit
* opposite case the reactivated user is able to kinit (if this case is valid) * ACI tests: to make sure only proper roles can manipulate with staged users.

Hello Lenka,

This is looking as a very good set of tests. If you have time, you may also add those tests:

 * try do a simple bind with a stage/delete user
 * option only-delete, also-delete and --deleted are deprecated.. sorry
   the design is not up-to-date, now it is --preserved flag
 * Run the tests as admin
 * Run the tests as a stageadm (member of 'User administrator')
 * Try to update a stageuser with invalid uid/gidnumber (<0 , or string)
 * Check that activated and undelete users are member of ipausers
 * Being authenticated with a newly activated user, check you have
   limited access to entries (only modify yourself)
 * Try to add (ldapadd) an entry directly in delete container, should
   not be allowed even for admin.
 * Create a user that is member of a 'system provisioning' role.
   'system provisioning' role has the 'Stage user provisioning' priviledge.
   This user should only be allow to add 'stage' user (no read, delete,
   mod)

Thanks
thierry

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to