[uss_qualifier] DSS0210,1b confirm subscription manager is synced #560
Conversation
|
|
||
| ##### Separate subscription | ||
|
|
||
| Note that the subscription (or 'sub' claim, not to be confused with an SCD DSS subscription) of the token that will be obtained for this resource |
There was a problem hiding this comment.
sub is short for "subject" rather than "subscription"
| Checks that the manager of a subscription is properly synchronized across all DSS instances. | ||
|
|
||
| This is done by means of using a separate set of credentials to create a subscription on the primary DSS, | ||
| and then verifying that the main credentials are not able to mutate this subscription via one of the secondary DSS instances |
There was a problem hiding this comment.
I assume this check will be repeated for each instance?
| and then verifying that the main credentials are not able to mutate this subscription via one of the secondary DSS instances | |
| and then verifying that the main credentials are not able to mutate this subscription via any of the secondary DSS instances |
| @@ -63,6 +66,7 @@ def __init__( | |||
| other_instances: DSSInstancesResource, | |||
| id_generator: IDGeneratorResource, | |||
| planning_area: PlanningAreaResource, | |||
| second_utm_auth: Optional[AuthAdapterResource], | |||
There was a problem hiding this comment.
I think this needs a default value (presumably None) to actually be considered optional by the framework
There was a problem hiding this comment.
Ah, I get why certain things confused me now. Thanks.
monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.py
Show resolved
Hide resolved
monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.py
Show resolved
Hide resolved
|
|
||
| Verify that a subscription can be created on the primary DSS. | ||
|
|
||
| #### 🛑 Subscription deletion with different non-managing credentials on secondary DSS fails check |
There was a problem hiding this comment.
If this check fails, doesn't that mean the subscription has been deleted so we should be able to simply proceed with the rest of the test (after skipping the next step since the subscription is already deleted)? If so, this should probably be a Medium-severity issue.
monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.md
Show resolved
Hide resolved
| if deleted_sub.status_code != 403: | ||
| check.record_failed( | ||
| "Subscription deletion with main credentials did not fail", | ||
| details=f"Subscription deletion with main credentials failed with status code {deleted_sub.status_code}", |
There was a problem hiding this comment.
| details=f"Subscription deletion with main credentials failed with status code {deleted_sub.status_code}", | |
| details=f"Subscription deletion with main credentials did not fail with the expected status code of 403; instead returned status code {deleted_sub.status_code}", |
| @@ -87,6 +91,7 @@ def __init__( | |||
| ] | |||
|
|
|||
| self._sub_id = id_generator.id_factory.make_id(self.SUB_TYPE) | |||
| self._acl_sub_id = self._sub_id[:-1] + "1" | |||
There was a problem hiding this comment.
Let's not make ad-hoc IDs; the reason to identify the purpose of the ID when calling make_id is to allow people to reverse-lookup the test that caused a particular object to be added to the DSS.
There was a problem hiding this comment.
Side question for situations where we might want to generate a dynamic (or configurable) number of test IDs: could we update the reverse lookup logic to support derived IDs where we increment the last block of zeroes on the ID?
There was a problem hiding this comment.
Yes, I think that makes sense. And IDs without reverse lookup are not the most important issue to deal with -- I just want to avoid adding more tech debt when practical.
monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.py
Show resolved
Hide resolved
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
2 times, most recently
from
0e0cac3 to
7dbf130
Compare
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
from
9dcb897 to
849b534
Compare
|
|
||
| This second set of credentials is required to validate that the DSS properly synchronizes the manager of a subscription to other DSS instances. | ||
|
|
||
| The participant under test is responsible for providing this second set of credentials along the primary ones used in most other scenarios. |
There was a problem hiding this comment.
The test designer sets up the configuration which provides these resources and is therefore responsible for providing any needed resources; "participants" are the subjects of the test (e.g., USSs under test) and would not provide credentials or any other resource (though they would communicate with the test designer to ensure the test designer specifies the URLs of the USS under test correctly in the environmental resources).
| The participant under test is responsible for providing this second set of credentials along the primary ones used in most other scenarios. | |
| The test designer should provide this second set of credentials when full testing of manager synchronization behavior is desired. |
| For the purpose of this scenario, these credentials must be allowed to create, modify and delete subscriptions on the DSS, | ||
| as well as querying them. |
There was a problem hiding this comment.
This statement is redundant with the "Required scope" section since a scope determines what actions a client is allowed to perform. So, I think these lines can be removed (otherwise, we would need to explain how someone would know if the credentials are allowed to create, modify and delete subscriptions in the DSS as well as querying them)
|
|
||
| * `utm.strategic_coordination` | ||
|
|
||
| ##### Separate subscription |
There was a problem hiding this comment.
Oh my, yes indeed that needs fixing too.
| @@ -145,3 +199,8 @@ If a DSS returns a subscription that was previously successfully deleted from th | |||
| either one of the primary DSS or the DSS that returned the subscription is in violation of **[astm.f3548.v21.DSS0210,1a](../../../../../requirements/astm/f3548/v21.md)**. | |||
|
|
|||
| ## [Cleanup](../clean_workspace.md) | |||
|
|
|||
| This step ensures that no subscriptions with the known test IDs exists in the DSS. | |||
There was a problem hiding this comment.
nit:
| This step ensures that no subscriptions with the known test IDs exists in the DSS. | |
| This step ensures that no subscriptions with the known test IDs remain in the DSS by deleting them at this point if they do exist. |
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
from
849b534 to
2f4de7e
Compare
Thanks! While starting to integrate with the lastest state of I did this in #570. The present PR should probably come after it as it. (Note: the present PR rebases without conflict, but some check names unrelated to this PR need to be changed) |
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
2 times, most recently
from
9df3732 to
db909ca
Compare
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
from
db909ca to
8a8f82b
Compare
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
from
8a8f82b to
0549f93
Compare
monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.md
Show resolved
Hide resolved
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
3 times, most recently
from
6433875 to
9b46e71
Compare
Shastick
force-pushed
the
dss0210-sub-manager-synced
branch
from
3ef83fd to
26c7ed6
Compare
* [uss_qualifier] DSS0210,1b confirm subscription manager is synced * latest PR comments * 2nd round of review 951bf95
Indirectly check that the manager of a subscription is synchronized across a DSS deployment by attempting to delete the a subscription from a DSS to which the subscription was synchronized to, using separate credentials.
Note that this only checks the case where the wrong credentials are used: confirming that deletion through any DSS works will be added with #550
Resolves #548