[Openstack-security] Fuzzy test framework in Tempest

Bryan D. Payne bdpayne at acm.org
Fri Feb 14 05:35:37 UTC 2014


We left it with Marc needing to take the next step, which will be to put
together a blueprint for this.  Once he has that in place, he'll let OSSG
know and we can help him drive it forward.

Marc, please let us know if I missed something.

Cheers,
-bryan



On Thu, Feb 13, 2014 at 8:08 PM, Sriram Subramanian
<sriram at sriramhere.com>wrote:

> Bryan/ Marc,
>
> Apologies I missed the OSSG meeting. Looks like this was discussed last
> week, but I didn't see any action items or updates in the logs. Could one
> of you update please?
>
> thanks,
> -Sriram
>
>
> On Wed, Feb 5, 2014 at 9:57 AM, Bryan D. Payne <bdpayne at acm.org> wrote:
>
>> Marc,
>>
>> This is certainly of interest to OSSG.  There were some people talking
>> about doing security testing before the last summit, but I haven't heard
>> much about that recently.  Please do join us for the meeting tomorrow and
>> we can discuss in some more detail.  I'll see if I can encourage the other
>> parties to participate as well.
>>
>> Cheers,
>> -bryan
>>
>>
>>
>>
>> On Wed, Feb 5, 2014 at 6:54 AM, Koderer, Marc <m.koderer at telekom.de>wrote:
>>
>>> Hello Security Team,
>>>
>>> David and I are currently working on an automated framework for negative
>>> testing in Tempest. This frameworks generates tests out of json schema
>>> definitions (see https://review.openstack.org/#/c/64733/ and
>>> https://blueprints.launchpad.net/tempest/+spec/negative-tests).
>>>
>>> During discussion we came to the idea that it would be quite easy to
>>> build a
>>> security fuzzy test framework out of existing pieces in Tempest. If we'd
>>> run
>>> the negative tests in our stress test framework that launches a certain
>>> number
>>> of concurrent worker processes. At the end of a run we could use Tempest
>>> again
>>> to validate that all services are up and running.
>>>
>>> Is this topic potentially interesting for this group?
>>> I saw on your launchpad task board that your are planning something
>>> similar:
>>>  "Develop stress tests that can be integrated with current testing"
>>> Did somebody already spend some effort in that area?
>>>
>>> I'd like to join your meeting tomorrow and discuss about it.
>>>
>>> Regards
>>> Marc
>>>
>>> DEUTSCHE TELEKOM AG
>>> Digital Business Unit, Cloud Services (P&I)
>>> Marc Koderer
>>> Cloud Technology Software Developer
>>> T-Online-Allee 1, 64211 Darmstadt
>>> E-Mail: m.koderer at telekom.de
>>> www.telekom.com
>>>
>>> LIFE IS FOR SHARING.
>>>
>>> DEUTSCHE TELEKOM AG
>>> Supervisory Board: Prof. Dr. Ulrich Lehner (Chairman)
>>> Board of Management: René Obermann (Chairman),
>>> Reinhard Clemens, Niek Jan van Damme, Timotheus Höttges,
>>> Dr. Thomas Kremer, Claudia Nemat, Prof. Dr. Marion Schick
>>> Commercial register: Amtsgericht Bonn HRB 6794
>>> Registered office: Bonn
>>>
>>> BIG CHANGES START SMALL - CONSERVE RESOURCES BY NOT PRINTING EVERY
>>> E-MAIL.
>>> _______________________________________________
>>> Openstack-security mailing list
>>> Openstack-security at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>>
>>
>>
>> _______________________________________________
>> Openstack-security mailing list
>> Openstack-security at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>
>>
>
>
> --
> Thanks,
> -Sriram
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140213/44ba784b/attachment.html>


More information about the Openstack-security mailing list