REVIEW-36: SDIACT-187/SDIACT-216 Improve XDCDB security and read/update access with a new RESTfull API - Test Readiness Review

Overview

SDIACT-216 delivers a new REST API that provides more secure access to the XSEDE Central Database (XDCDB) . Two software tools that previously accessed the XDCDB through direct database connections have been updated to use the new XDCDB REST API. One of these software tools is xdusage (also delivered in SDIACT-216), which reports allocation information for a given user. The second tool is gateway_submit_attributes (delivered in SDIACT-187) which allows science gateways to report the gateway user submitting a job under a science gateway community user account. Because SDIACT-187 and SDIACT-216 are tightly coupled with one another, we will be testing them together. This review assesses the test readiness of both SDIACT-187 and SDIACT-216.

Review Summary

XCDCDB API/xdusage

  • (Jim) SSL Labs shows C rating for the SSL configuration on xsede-xdcdb-api.xsede.org
    • Developer fixed SSL configuration so that it has an A+ rating
  • (Galen) Invalid references to xdusage-1.2-0
    • Developer fixed to 2.0-1
  • (Venkat) Test plan should include tests for TLS and rejection/redirection of http connections to https
    • Tested by JP
  • (Susan) Typo "uses" in deployment plan
    • Fixed in version 1.1 of deployment plan
  • (Susan) Outdated links in design document
    • Fixed in version 0.2 design doc
  • (Shava) Some out of date references in test plan
    • Fixed by developer

gateway_submit_attributes

  • (Galen) Perl dependencies are a mess
    • Developer clarified yum install instructions for Perl
  • (Galen) "Generate API key" page is confusing because it looks static
    • Solution proposed – needs to be fixed by end of testing
  • (Galen) Clarify that resource_name is the xdcdb resource name is NOT a hostname
    • Instructions have been clarified
  • (Galen/Susan) values for gateway_submit_attributes.conf are unclear
    • Developer added more detailed instructions
  • (Shava) Duplicate step number in install guide
    • Duplicates fixed.
  • (Shava) Why re-use xdusage account for gateway_submit_attributes?
    • Developer changed to gwsubmit account

Review Input Documents

Software (use the latest revision below)

Documentation

Review Criteria

Package information: All software packages (e.g., server and client packages) for this CI are listed.

Documentation and Installation instructions: The deployment plan for this CI on XSEDE is clearly described as well as the installation instructions and any XSEDE specific configuration instructions.

Test environment and facilities: The test environment needed to adequately to validate this component is described. Should indicate also whether testing can be performed within a VM and if not, the reasons for it.

Assumptions: Lists any assumptions needed before testing can begin (e.g., accounts needed).

Test procedures, cases, and scenarios: Lists the tests that should be run or an associated test suite and expected performance metrics if applicable.

Defect, issue, and risk reporting: Deployment plans should include defect and issue reporting information. The testing plan could reference that same information from the deployment plan, or provide alternate information if defects and issues need to be reported differently during testing. Risks, as well as defects and issues, should be part of the testing report.

Schedule

Current Date: 2023-05-29
Current Status: Closed (Test Readiness Review)
Target Date Actual Date Activity Milestone
  2016-11-18 Review launch date
2016-11-30 Written feedback due (Reviewers)
2016-12-02 2016-12-14 Written response date (Review Material Developers)
2016-12-05 2016-12-14 Final approval due and completion date (Reviewers)
Review Created: 2016-11-18 2:59 pm
Review Last Updated: 2016-12-14 3:13 pm

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • Galen Arnold
    SIGNED: 2016-11-28 15:27
  • Susan Litzinger
    SIGNED: 2016-11-29 11:42
  • Shava Smallen
    SIGNED: 2016-12-14 18:08

Optional

  • Jim Basney
    VIEWED: 2019-10-03 15:02
  • Victor Hazlewood
  • Richard Knepper
  • Gary Rogers
  • Venkatesh Yekkirala

Review Material Developers

Michael Shapiro
Scott Sakai
John-Paul Navarro

Review Facilitator

Shava Smallen

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum(s) below.

There are 2 discussion boards in this review. Please scroll down and post comments in the most appropriate board.