...
- Preconditions: none
- Test steps:
ndslabsctl
ndslabsctl -h
ndslabsctl --help
- Expected results
- Any of these commands should display the help/usage information
...
Account administration
Add
...
account (admin only)
- Test steps
- ndslabsctl add project account <name> <password>
- ndslabsctl add project account -f <project<account.json>
- ndslabsctl add project account --file <project<account.json>
- Expected results
- Prompted for admin password
- Project Account is added. User can login with specified name and password
- Alternate flows
- Project Account exists with same name (409 conflict)
- Incorrect admin password (401 unauthorized)
- Sample Data:
Code Block language js { "id": "demo", "name": "testdemo account", "description": "testacctdemo account description", "namespace": "testdemo", "password": "password"12345", "storageQuota": "12345610", "resourceLimits": { "cpuMax": "2", "cpuDefault": "1", "memMax": "8Gi", "memDefault": "100Mi", "storageQuota": "10" } }
- Test steps
Delete
...
account (admin only)
- Test steps
- ndslabsctl delete account project <project><account>
- Expected results
- Prompted for admin password
- Project Account is deleted
- Alternate flows:
- Project Account does not exist (404 not found)
Incorrect admin password (401 unauthorized)
- Test steps
Get
...
account details (admin or current project only)
- Preconditions
- Admin is logged in or current project account user is logged in
- Test steps
- ndslabsctl get project <project>account <account>
- Expected results
- Displays project details account details (as json)
- Password is redacted
- Alternate flows:
- Project Account does not exist (404)
- Project is Account is not current project (401 unauthorized)
- Preconditions
List
...
accounts
- Test steps
- ndslabsctl list projectsaccounts
- Expected results
- Prompted for admin password
- Projects Accounts are listed
- Alternate flows:
- Incorrect admin password (401 unauthorized)
Authentication/authorization
Login
Preconditions:
Project Account has been created
- Test steps:
- ndslabsctl login <user>
- Prompted for password
- Expected results:
- Login succeeded
- Alternative flows
- Invalid username / password (401 unauthorized)
- Notes:
- Login information is stored in ~/.apictl/.passwd. This files contains the currently logged in user and an authentication token. Removing this file is the equivalent of logging out
- Possible Issues:
- It is possible to execute login while already logged in.
- This may be intentional to allow you to easily switch namespaces.
- Won't fix, for now
- It is possible to execute login while already logged in.
...
- Preconditions
- User is logged in
- Test steps
- ndslabsctl get service <key>
- Expected results
- Displays service spec (as json). Defaults to user catalog
- Alternate flows:
- Service does not exist (404)
- Service does not exist (404)
- Preconditions
List services
- Preconditions
- User is logged in
- Test steps
- ndslabsctl list services
- ndslabsctl list services -c system
- ndslabsctl list services -c user
- ndslabsctl list services -c all
- Expected results
- Services are listed for the specified catalog (Default: user)
- Alternate flows:
- User not logged in (401 unauthorized)
Add
...
service
- Test steps
- ndslabsctl add service -f <service.json> ndslabsctl add service --file <service.json>-c <catalog>
- Expected results
- Prompted for admin password
- Service is added to the specified catalog (default: user). Only admin user can add to system catalog
- "ndslabsctl list services" now shows added service
- Alternate flows
- Service exists with same key (409 conflict)
- Problem: value is replaced in etcd instead of error thrown - this may be intentional
- Should not replace service if being used in a stack
- Prompt for confirmation on replace?
- Problem: value is replaced in etcd instead of error thrown - this may be intentional
- Incorrect admin password (401 unauthorized)
- Service exists with same key (409 conflict)
- Sample Data:
Code Block language js { "key": "whalesay", "label": "Docker Whalesay Example", "image": "ndslabs/cowsay-php", "description": "An example of a custom spec loaded into NDSLabs", "isStack": true, "isService": true, "isPublic": true, "isStandalone": true, "ports": [ { "port": 80, "protocol": "http" } ] }
- Test steps
Delete
...
service
- Test steps
- ndslabsctl delete service <key> -c <catalog>
- Expected results
- Prompted for admin password
- Service is deleted from the specified catalog
- Default catalog is user
- Admin user required to delete from system catalog
- "ndslabsctl list services" no longer shows deleted service
- Alternate flows:
- Incorrect admin password (401 unauthorized)
- Service is in use by projects (409)
- Service required by other services (409)
- No such service (404)
- Test steps
...
- Preconditions
- Kubernetes started with token authentication enabled for kube-apiserver
- Tokens are
- Test case
- Configure apiserver.conf Kubernetes section
- TokenPath=/run/secrets/kubernetes.io/serviceaccount/token
- Start NDS Labs (e.g., ndslabs-up)
- Tail the apiserver log and look for successful startup
- Configure apiserver.conf Kubernetes section
- Expected results
- Successful server startup (i.e., you do not see the error "Kubernertes API not availble"
- Alternative flow
- Invalid token path
- Token authentication not supported by kube-apiserver
- Preconditions
Resource management
Add
...
account with resource limits
- Test steps
- ndslabsctl add project account -f <project<account.json>
- Expected results
- Prompted for admin password
- Project Account is added
- kubectl describe quota --namespace=demo returns specified quotas
- kubectl describe limitranges --namespace=demo returns specified limit ranges
- Sample Data:
Code Block { "id": "demo", "name": "demo project", "description": "demo project description", "namespace": "demo", "password": "12345", "storageQuota": 10, "resourceLimits": { "cpuMax": "2", "cpuDefault": "1", "memMax": "8Gi", "memDefault": "100Mi" } }- 5/19: OK (NDS-205)
- Test steps
...