# NAC Test Day Phase -1 (Dec 4th, 2024)
## Pre-Test Day Planning:
- Openshift Clusters (Preferably AWS, can use IBM Cloud for Admin scenarios)
- Configure Non-Admin user with admin level access to a particular namespace
- Also deploy a sample application in that namespace
- We will all use our own clusters to go over the tests first and then we will go over the non-admin scenarios in a shared cluser
### Test day flow
We have 2 test sections - Admin and Non-Admin. We will go through these test scenarios in 2 ways:
- First is using BYOC(Bring your own cluster).
- For this case, you will go through both the Admin as well as the Non-Admin scenarios individually
- Second is a shared cluster between each of us.
- For this case we will go through the installation via admin user case together and go through all the non-admin test scenarios individually.
- Each of us will have a ns with admin privileges
- Install a stateful app of your choice and go though the test scenarios
- In total we have 23 test scenarios to gothrough, you can create your own edge cases
- Please document results for all the test scenarios individually and in a detailed manner so that we can discuss in the end and create/fix issues.
- Please use this spreadsheet to document results/insights (Each user has a named spreadsheet tab): https://docs.google.com/spreadsheets/d/1tqxcX6fXDFaWhkWifO08a4qXnUBxL0x4tWtoc3zxUdg/edit?usp=sharing
**Notes:**
- Enure you go through mandatory cleanup steps before performing any kind of tests
- Check for cosmetic and UX improvements things along the way. Do we need more data in object status ? Does short name of NAB and NAR objects work ? and so on.
- Always check the context of your shell/terminal/login session. PLEASE DO NOT PERFORM NON-ADMIN TESTS UNDER ADMIN SESSION. THIS TEST DAY WONT BE BENEFICIAL FOR US IN SUCH CASES.
- Install OADP Operator from master using `make deploy-olm` command
## Mandatory cleanup:
- Delete OADP Operator install NS if any
- Remove OADP/NAC/Velero CRDs from the cluster if any;
- `oc delete crd $(oc get crds | grep oadp | awk -F ' ' '{print $1}')`
- `oc delete crd $(oc get crds | grep velero.io | awk -F ' ' '{print $1}')`
## NAC Test day shared cluster details
Console url: https://console-openshift-console.apps.nac-test.migration.redhat.com
Admin Creds: user: `kubeadmin`, and password: `IuWkh-BimrB-B4B5c-ggUDB`
Non-Admin creds are as follows:
1. Michal: michal-user/password for michal-ns
3. Mateus: mateus-user/password for mateus-ns
3. Wes: wes-user/password for wes-ns
4. Shubham: shubham-user/password for shubham-ns
## Test Scenarios:
## For Admin
### OADP - NAC integration/Deployment tests:
1. Installation via OADP Operator, check if NAC controller is running and CRDs are installed successfully
- DPA spec must have these 2 things:
```
nonAdmin:
enable: true
unsupportedOverrides:
tech-preview-ack: "true"
```
- check whether the nac controller pod is running in oadp install ns
2. Creating NAC objects when NAC controller is not deployed
3. Try another install of OADP operator with NAC enabled in the same cluster
Hint: `make deploy-olm OADP_TEST_NAMESPACE=openshift-adp-2`
## For Non-Admin
### Non-Admin Backup tests
1. Create a NAB object with valid backup spec, VB should be sucessfully created and NAB status should be updated successfully
2. Invalid NAB spec scenarios, check if NAB is updated with correct status
3. Valid NAB spec with wrong Velero Backup config, VB will fail and check if status is cascaded back to NAB.
4. Create Backup of namespace the user has no access to
5. Check the status of the backup queue, when there are multiple NABs in the cluster
6. Create multiple NAB of the same NS, multiple times even if earlier NAB object exsits, each NAB should be mapped to one VB
### Non-Admin Restore tests
1. Create a NAR object with valid restore spec, VR should be successfully created and NAR status should be updated successfully
2. Invalid NAR spec scenarios, check if NAR is updated with correct status
3. Valid NAR spec with wrong Velero Restore config, VR will fail and check if status is cascaded back to NAR.
4. Create Restore of namespace the user has no access to
5. Check the status of the backup queue, when there are multiple NARs in the cluster
6. Create multiple NAR of the same NS, multiple times even if earlier NAR object exsits, each NAR should be mapped to one VR
### Enforce NAB and NAR spec tests
1. NAC Backup Spec Enforce via DPA
- Refer example workflows from here: https://github.com/migtools/oadp-non-admin/blob/master/docs/design/admin_control_over_spec.md#example-workflows
2. Similarly, NAC Restore Spec Enforce via DPA
### Destructive tests
(Assuming a completed VB exists for the NAB object)
1. Delete NAB object using oc cli
2. Delete NAB object via NAB spec (`spec.deleteBackup` to true)
3. ForceDelete via NAB spec (`spec.forceDeleteBackup` to true)
(More wild scenarios)
4. Delete specific NAR object using oc cli
5. Delete app NS when only NAB exists
6. Delete app NS when both NAR and NAB exists
Sign in with Wallet
Connect another wallet