Update test plan for reason.mode feature (#49493)

gravitational · Nov 27, 2024 · 00d85b5 · 00d85b5
1 parent b207bb7
commit 00d85b5
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 10 deletions.
diff --git a/.github/ISSUE_TEMPLATE/testplan.md b/.github/ISSUE_TEMPLATE/testplan.md
@@ -1586,12 +1586,22 @@ Docs: [IP Pinning](https://goteleport.com/docs/access-controls/guides/ip-pinning
   - [ ] Verify that users can run custom audit queries.
   - [ ] Verify that the Privileged Access Report is generated and periodically refreshed.
 
+- [ ] Access Requests
+  - [ ] Verify when role.spec.allow.request.reason.mode: "required":
+    - [ ] CLI fails to create Access Request displaying a message that reason is required.
+    - [ ] Web UI fails to create Access Request displaying a message that reason is required.
+    - [ ] Other roles allowing requesting the same resources/roles without reason.mode set or with reason.mode: "optional" don't affect the behaviour.
+    - [ ] Non-affected resources/roles don't require reason.
+    - [ ] When there is a role with spec.options.request_access: always it effectively becomes role.spec.options.request_access: reason (i.e.) requires reason:
+      - [ ] For CLI.
+      - [ ] For Web UI.
+
 - [ ] Access Lists
   - [ ] Verify Access List membership/ownership/expiration date.
   - [ ] Verify permissions granted by Access List membership.
   - [ ] Verify permissions granted by Access List ownership.
   - [ ] Verify Access List Review.
-  - [ ] verify Access LIst Promotion.
+  - [ ] Verify Access List Promotion.
   - [ ] Verify that owners can only add/remove members and not change other properties.
   - [ ] Nested Access Lists
     - [ ] Verify that Access Lists can be added as members or owners of other Access Lists.

diff --git a/rfd/0186-optionally-require-reason-for-access-request.md b/rfd/0186-optionally-require-reason-for-access-request.md
@@ -334,15 +334,14 @@ reason` in any of the roles.
 The IGS section of the test plan needs to be extended with these items:
 
 - [ ] Access Requests
-    - [ ] Verify when `role.spec.allow.request.reason.mode: "rquired"`:
-        - [ ] Web UI displays user-friendly error when reason is not provided
-        - [ ] CLI fails to create an access request when reason is not provided
-        - [ ] Other roles allowing requesting the same resources/roles without
-          `reason.required` set or with `reason.required: false` don't affect
-          the behaviour.
-        - [ ] Non-affected resources/roles don't require reason.
-        - [ ] When there is a role with `spec.options.request_access: always`
-          it effectively becomes `role.spec.options.request_access: reason`
+  - [ ] Verify when role.spec.allow.request.reason.mode: "required":
+    - [ ] CLI fails to create Access Request displaying a message that reason is required.
+    - [ ] Web UI fails to create Access Request displaying a message that reason is required.
+    - [ ] Other roles allowing requesting the same resources/roles without reason.mode set or with reason.mode: "optional" don't affect the behaviour.
+    - [ ] Non-affected resources/roles don't require reason.
+    - [ ] When there is a role with spec.options.request_access: always it effectively becomes role.spec.options.request_access: reason (i.e.) requires reason:
+      - [ ] For CLI.
+      - [ ] For Web UI.
 
 
 ### References