[Openstack-security] Fuzzy test framework in Tempest

Sriram Subramanian sriram at sriramhere.com
Fri Feb 14 08:38:06 UTC 2014 

Thanks Marc, great start! Pattern based generator might be more effective
than random, but having it configurable is great. Thanks!


On Fri, Feb 14, 2014 at 12:29 AM, Koderer, Marc <m.koderer at telekom.de>wrote:

> Hi folks,
>
>
>
> I wanted to discuss the blueprint in the QA meeting before opening it.
>
>
>
> Here it is:
>
>
>
> https://blueprints.launchpad.net/tempest/+spec/fuzzy-test
>
>
>
> I will collect work items in Etherpad during the day:
>
> https://etherpad.openstack.org/p/bp_fuzzy_test
>
>
>
> GSoC sound awesome, pls keep me updated on that.
>
> Don't hesitate to contact me directly on IRC (freenode / mkoderer)
>
>
>
> I am already working on the first patch that allows multiple record
> generators. My plan is to allow make it configurable whether it's simply a
> random generator or a pattern based generator.
>
>
>
> Regards
>
> Marc
>
>
>
>
>
> *Von:* Sriram Subramanian [mailto:sriram at sriramhere.com]
> *Gesendet:* Freitag, 14. Februar 2014 08:51
> *An:* Bryan D. Payne
> *Cc:* Koderer, Marc; openstack-security at lists.openstack.org;
> dkranz at redhat.com
> *Betreff:* Re: [Openstack-security] Fuzzy test framework in Tempest
>
>
>
> FYI: I felt fuzzing could be an interesting project for GSoC<https://wiki.openstack.org/wiki/GSoC2014#Mentors>,
> so proposed it as one of the project ideas. I am not sure how many of those
> projects would get selected; in case it gets selected, hey, we get an
> intern!
>
>
>
> Marc - would look for your bp!
>
>
>
> Thanks!
>
>
>
> On Thu, Feb 13, 2014 at 11:43 PM, Sriram Subramanian <
> sriram at sriramhere.com> wrote:
>
> Thanks Bryan!
>
>
>
> On Thu, Feb 13, 2014 at 9:35 PM, Bryan D. Payne <bdpayne at acm.org> wrote:
>
> We left it with Marc needing to take the next step, which will be to put
> together a blueprint for this.  Once he has that in place, he'll let OSSG
> know and we can help him drive it forward.
>
>
>
> Marc, please let us know if I missed something.
>
>
>
> Cheers,
>
> -bryan
>
>
>
>
>
> On Thu, Feb 13, 2014 at 8:08 PM, Sriram Subramanian <sriram at sriramhere.com>
> wrote:
>
> Bryan/ Marc,
>
>
>
> Apologies I missed the OSSG meeting. Looks like this was discussed last
> week, but I didn't see any action items or updates in the logs. Could one
> of you update please?
>
>
>
> thanks,
>
> -Sriram
>
>
>
> On Wed, Feb 5, 2014 at 9:57 AM, Bryan D. Payne <bdpayne at acm.org> wrote:
>
> Marc,
>
>
>
> This is certainly of interest to OSSG.  There were some people talking
> about doing security testing before the last summit, but I haven't heard
> much about that recently.  Please do join us for the meeting tomorrow and
> we can discuss in some more detail.  I'll see if I can encourage the other
> parties to participate as well.
>
>
>
> Cheers,
>
> -bryan
>
>
>
>
>
>
>
> On Wed, Feb 5, 2014 at 6:54 AM, Koderer, Marc <m.koderer at telekom.de>
> wrote:
>
> Hello Security Team,
>
> David and I are currently working on an automated framework for negative
> testing in Tempest. This frameworks generates tests out of json schema
> definitions (see https://review.openstack.org/#/c/64733/ and
> https://blueprints.launchpad.net/tempest/+spec/negative-tests).
>
> During discussion we came to the idea that it would be quite easy to build
> a
> security fuzzy test framework out of existing pieces in Tempest. If we'd
> run
> the negative tests in our stress test framework that launches a certain
> number
> of concurrent worker processes. At the end of a run we could use Tempest
> again
> to validate that all services are up and running.
>
> Is this topic potentially interesting for this group?
> I saw on your launchpad task board that your are planning something
> similar:
>  "Develop stress tests that can be integrated with current testing"
> Did somebody already spend some effort in that area?
>
> I'd like to join your meeting tomorrow and discuss about it.
>
> Regards
> Marc
>
> DEUTSCHE TELEKOM AG
> Digital Business Unit, Cloud Services (P&I)
> Marc Koderer
> Cloud Technology Software Developer
> T-Online-Allee 1, 64211 Darmstadt
> E-Mail: m.koderer at telekom.de
> www.telekom.com
>
> LIFE IS FOR SHARING.
>
> DEUTSCHE TELEKOM AG
> Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
> Board of Management: René Obermann (Chairman),
> Reinhard Clemens, Niek Jan van Damme, Timotheus Höttges,
> Dr. Thomas Kremer, Claudia Nemat, Prof. Dr. Marion Schick
> Commercial register: Amtsgericht Bonn HRB 6794
> Registered office: Bonn
>
> BIG CHANGES START SMALL - CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
>
>
> --
>
> Thanks,
>
> -Sriram
>
>
>
>
>
>
>
> --
>
> Thanks,
>
> -Sriram
>
>
>
>
>
> --
>
> Thanks,
>
> -Sriram
>



-- 
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140214/efa079d8/attachment.html>

More information about the Openstack-security mailing list