5.17 Test Suites

Command control test suites allow you to test your rules by running specified commands, submit users and other input values through your rule configuration, and check to make sure the result is as expected. Each test suite can contain a number of test cases where you specify the expected outcome for one or more input values.

5.17.1 Adding a Test Suite

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Click Add Test Suite in the task pane.

  4. Specify a name for the test suite.

  5. Specify a description for the test suite.

  6. Click Finish.

  7. Continue with Adding or Modifying a Test Case to add test cases to your test suite.

5.17.2 Adding or Modifying a Test Case

A test case allows you to emulate an end user running a command through the Command Control system.

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Select the test suite for which you want to add a test case, or modify an existing test case.

  4. Click View Test Suite in the task pane.

  5. Do one of the following:

    • To add a new test case, click Add Test Case in the task pane.

    • To modify a test case, select the test case, then click Modify Test Case.

  6. Specify the values and the expected results that you want to run through the rule configuration. (To review the rule configuration you want to test with this case, see Section 5.6.2, Modifying a Rule.)

    Enter a single value in each field. The purpose of the test case is emulate the user performing a usrun command from the command line.

    • To create a test case that can be used for general testing and could possible match multiple rules, supply only submit information for the test case.

    • To create a test case that matches only one rule, use the expected fields to specify values that match a single rule.

    Command: (Required) Specify the command the user would run.

    For example, if the user would enter the following on the command line:

    usrun passwd user1

    Specify the following as the command:

    passwd user1

    Submit User: (Required) Specify the name of the user who is entering the privileged command.

    Submit Host: (Required) Specify the name of the host that the submit user is logged in to.

    Run User: (Optional) When the submit user is requesting to run the command as a specific user with the usrun command, specify the username that is being requested. For example, if the user would enter the following on the command line:

    usrun -u root ksh

    Specify the following as the run user:

    root

    Run Host: (Optional) When the submit user is requesting to run the command on a specific host, specify the hostname that is being requested. For example, if the user would enter the following on the command line:

    usrun -h hosta ksh

    Specify the following as the run host:

    hosta

    User Input: (Optional) Use this field to specify the information that a script, associated with the Command Control policy, expects the user to enter.

    Expected command: (Optional) Use this field to confirm that the command being executed is the correct command. If the command specified in this field does not match the results, the test case fails.

    Expected authorized: (Optional) Use this field to confirm that the request was authorised. If value in this field does not match the results, the test case fails.

    Expected capture: (Optional) This field is compared with the result of the authorization request to confirm the capture mode is correct. If this field does not match the results, the test case fails.

    Expected run user: (Optional) Use this field to confirm that the user context used to execute the command is correct. If this field does not match the results, the test case fails.

    Expected run host: (Optional) Use this field to confirm that the host on which the command is being executed is correct. If this field does not match the results, the test case fails.

    Expected risk: (Optional) This field is compared with the result of the authorization request in order to confirm the risk associated with the command being executed is correct. If this field does not match the results, the test case fails.

    Submit Time: (Optional) Specify the time that the request should appear to be made. This is useful for testing access time restrictions in the policy.

    Custom Input: (Optional) Use this field to add attributes within the request object. These XML definitions are inserted into the privileged request. For example, you could use this field to configure the group memberships for a user in order to test policies that perform tests on the user’s group membership:

    <Groups>
      <Group name='grpa'/> 
      <Group name='grpb'/>
    </Groups>
    
  7. Click Finish. The input values are shown in the Test Cases table.

  8. Repeat Step 5 through Step 7 for any additional test cases you want to include or modify in this test suite.

You can now run the test suite as explained in Running a Test Suite.

5.17.3 Running a Test Suite

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Select the test suite you want to run.

    To select multiple test suites, press the Ctrl key and select the required test suites one at a time, or press the Shift key to select a consecutive list of test suites. Use Ctrl+A to select all test suites.

  4. Click Run Test Suites in the task pane. The results are displayed for each test case as Success or as Failure, along with the reason for the failure.

  5. Use the buttons on the left and right of the table to find previous successes and failures, and the next successes and failures.

  6. To view further details on a specific entry, select the entry and click Details.

    The configuration for the test case is shown, and a list of rules that have been tested, with configuration settings for each rule. The Matched column shows true if the rule conditions were met, and false if the rule conditions were not met.

  7. Click Back to return to the main Run Test Suite page.

  8. Click Cancel to return to the list of test suites.

To use a command line option to run a test suite or to run a specific test case, see Section 10.2.3, Running Test Suites.

5.17.4 Viewing a Test Suite

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Select the test suite you want to view, then click View Test Suite.

    From here you can modify the test suite; add, modify and delete test cases; and run the test suite.

5.17.5 Modifying a Test Suite

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Select the test suite you want to modify.

  4. Click View Test Suite in the task pane.

  5. Click Modify Test Suite in the task pane.

  6. Modify the test suite as desired:

    • Change the name of the test suite.

    • Add or change the description.

    • Use the Up and Down buttons to change the order in which the test cases are run.

  7. Click Finish.

5.17.6 Deleting a Test Case

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Select the test suite from which you want to delete a test case.

  4. Click View Test Suite in the task pane.

  5. Select the test case you want to delete.

  6. Click Delete Test Case in the task pane.

  7. Click Yes to confirm the deletion. The test case is deleted.

5.17.7 Deleting a Test Suite

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Select the test suite you want to delete.

    To select multiple test suites, press the Ctrl key and select the required test suites one at a time, or press the Shift key to select a consecutive list of test suites.

  4. Click Delete Test Suite in the task pane.

  5. Click Yes to confirm the deletion. The test suite is deleted.

5.17.8 Importing a Test Suite

You use the Import Test Suites option to restores a previously backed-up test suite, or to test suites from another Framework. You then use the Export Test Suites option to obtain configuration details so you can then paste them into a text document for backup or for use on another Framework.

NOTE:When you import test suites, they are added to your existing configuration and do not overwrite your existing test suites. However, if you import a Command Control database by using the Import Settings option, your existing test suites are overwritten.

  1. Access the test suite data you require and copy it.

  2. Click Command Control on the home page of the console.

  3. Click Test Suites in the task pane.

  4. Click Import Test Suites in the task pane.

  5. Click in the text area, then paste the copied settings by using Ctrl+V, or right-click in the text area and click Paste.

  6. Click Finish.

5.17.9 Exporting a Test Suite

You can export your Command Control test suites to a text file for backup purposes, or for use in another Framework. You can then use the Import Test Suites option to restore the backed-up test suites, or to import the test suites into another Framework.

  1. Click Command Control on the home page of the console.

  2. Click Test Suites in the task pane.

  3. Select the test suite you want to export.

    To select multiple test suites, press the Ctrl key and select the required test suites one at a time, or press the Shift key to select a consecutive list of test suites. To select all test suites, use Ctrl+A.

  4. Click Export Test Suites in the task pane.

  5. Select the test suite data by using Ctrl+A, or right-click in the text window and click Select All.

  6. Copy the test suite data by using Ctrl+C, or right-click in the text window and click Copy.

  7. Paste the text into a text document.

  8. Click Finish.