To ensure that the implemented Role-Based Access Control (RBAC) system meets the functional and non-functional requirements specified in the project scope and meets the expectations of stakeholders, we are outlining this test plan.
This project adds the following functionality to Sourcegraph:
- Role management for Users
- Permissions assignment for Roles
- Access Control polcies for features (e.g Batch Changes)
The RBAC project is in Beta and currently only supported by the Batch Changes functionality. Part of the test plan will be targeted towards the Batch Changes functionality.
The test plan covers the RBAC system implemented in the project, which includes the following components:
- Role management
- Permissions management
- Access Control based on permissions
Functional testing:
The introduction of RBAC hasn't affected a lot regarding how Sourcegraph works. The major introduction is permission checks which can be done at the resolver level or DB level.
With the introduction of RBAC, we now have permissions seeded automatically into all Sourcegraph instances that can be queried when needed. The permissions a user has is dependent on the roles they've been assigned.
We've used the feature ourselves a bunch while developing it, and found and fixed a number of bugs.
[ ] User (System) role can be modified.
[ ] Site Administrator role cannot be modified.
[ ] Roles can be created via the Site Admin Roles page.
[ ] Created roles can be modified.
[ ] Roles can be assigned to users via the User Management page.
[ ] When a user doesn't have the BATCH_CHANGES#WRITE permission, the Create Batch Change button in the Batch Changes
page is disbaled.
[ ] When a user doesn't have the BATCH_CHANGES#WRITE permission, the Create Batch Change option from the search action
menu should be disabled.
[ ] System roles cannot be assigned or unassigned via the Manage Role option.
[ ] Site Administrator role can only be assigned/unassigned by clicking the Promote to side admin or Revoke site admin option.
Integration testing:
Covered by functional testing, these tests are end-to-end.
Performance testing:
The initial work done so far is to support the Batch Changes functionality, we haven't tested with a much larger scale yet as we only support Batch Changes, however, we have improvement tickets filed to handle scaling in the future.
Security testing:
We've added unit tests for auth-related changes.
Usability testing:
We've had a couple of UX feedback but we will share this test plan with #ask-design once it's done so we can get more detailed feedback on things to improve.
Compatibility testing:
No code is deployment specific, so this doesn't apply.
-
Have you made any infra related changes to environment variables, new services, or deployment methods that could affect customers?
- Yes - I've informed #team-cloud and #team-delivery of the changes.
- Yes - Changelog or documentation has been updated, this includes changes to defaults and site config flags.
- No
If your change is non-trivial, please review the Cloud Launch process.
If you've made changes to documentation, please link them in the comments below.
Comments:
-
Which environments have the changes been tested on?
- rctest.sourcegraph.com
- sourcegraph.sourcegraph.com
- sourcegraph.com
- k8s.sgdev.org
- scaletesting.sgdev.org
- other
If other, please specify:
-
Experimental features have been marked and behind a feature flag?
- Yes
- No
- N/A
If no, please specify why:
-
Completed entry to release post.
- Yes
- No
- N/A
Tech Lead/DRI sign off: @kalanchan