Security tests
Describes the tests needed to validate the Security functionality.
As the integration test collections are setup to work, some changes are needed to the configuration of one or more components.
The security tests relates to two different topics:
- Per component permission loading
- Certificate use restrictions
Per component permission loading
To verify per component permission loading, the CollectionSettings of a single component (a pillar for instance) is modified to not allow an operation. The operation is then attempted, resulting in:
- The component, which configuration was modified, refuses the operation
- There is sent an alarm describing the illegal operation attempt.
Certificate use restrictions
A components RepositorySettings are modified to only allow a certain named set of components to use a certificate.
- A component using the certificate, but which ID is not on the allowed list, attempts an operation.
- The component with the modified configuration refuses the operation.
- There is sent an alarm describing the illegal operation attempt.
- Another component using the certificate, but which ID is on the list, attempts an operation
- The operation is allowed
- No alarm is sent.