diff --git a/.github/ISSUE_TEMPLATE/testplan.md b/.github/ISSUE_TEMPLATE/testplan.md index 9699edc3cb46a..a08494d98b52a 100644 --- a/.github/ISSUE_TEMPLATE/testplan.md +++ b/.github/ISSUE_TEMPLATE/testplan.md @@ -1187,21 +1187,20 @@ manualy testing. ## Desktop Access - Direct mode (set `listen_addr`): - - [ ] Can connect to AD desktop defined in static `hosts` section. - [ ] Can connect to AD desktop defined in static `static_hosts` section. - [ ] Can connect to non-AD desktop defined in static `static_hosts` section. - - [ ] Can connect to non-AD desktop defined in static `non_ad_hosts` section. - [ ] Can connect to desktop discovered via LDAP - IoT mode (reverse tunnel through proxy): - - [ ] Can connect to AD desktop defined in static `hosts` section. - [ ] Can connect to AD desktop defined in static `static_hosts` section. - [ ] Can connect to non-AD desktop defined in static `static_hosts` section. - - [ ] Can connect to non-AD desktop defined in static `non_ad_hosts` section. - [ ] Can connect to desktop discovered via LDAP - [ ] Connect multiple `windows_desktop_service`s to the same Teleport cluster, verify that connections to desktops on different AD domains works. (Attempt to connect several times to verify that you are routed to the correct `windows_desktop_service`) +- [ ] Set `client_idle_timeout` to a small value and verify that idle sessions + are terminated (the session should end and an audit event will confirm it + was due to idle connection) - Verify user input - [ ] Download [Keyboard Key Info](https://dennisbabkin.com/kbdkeyinfo/) and verify all keys are processed correctly in each supported browser. Known @@ -1217,11 +1216,8 @@ manualy testing. - [ ] Verify that placing a desktop lock terminates an active desktop session. - [ ] Verify that placing a role lock terminates an active desktop session. - Labeling - - [ ] Set `client_idle_timeout` to a small value and verify that idle sessions - are terminated (the session should end and an audit event will confirm it - was due to idle connection) - [ ] All desktops have `teleport.dev/origin` label. - - [ ] Dynamic desktops have additional `teleport.dev` labels for OS, OS + - [ ] Desktops discovered via LDAP have additional `teleport.dev` labels for OS, OS Version, DNS hostname. - [ ] Regexp-based host labeling applies across all desktops, regardless of origin. @@ -1279,12 +1275,14 @@ manualy testing. - [ ] A file from inside the shared directory can be copy-pasted to another folder inside the shared directory - [ ] A folder from inside the shared directory can be copy-pasted to another folder inside shared directory (and its contents retained) - RBAC - - [ ] Give the user one role that explicitly disables directory sharing (`desktop_directory_sharing: false`) and confirm that the option to share a directory doesn't appear in the menu + - [ ] Give the user one role that explicitly disables directory sharing (`desktop_directory_sharing: false`) + and confirm that the option to share a directory doesn't appear in the menu and that the directory sharing + icon is in a disabled state. - Per-Session MFA - - [ ] Attempting to start a session no keys registered shows an error message - - [ ] Attempting to start a session with a webauthn registered pops up the "Verify Your Identity" dialog - - [ ] Hitting "Cancel" shows an error message - - [ ] Hitting "Verify" causes your browser to prompt you for MFA + - [ ] Attempting to start a session with no keys registered shows an error message + - [ ] Attempting to start a session with a webauthn registered pops up the MFA dialog + - [ ] Canceling this dialog (clicking the X in the corner) shows an error + - [ ] Hitting "Passkey or MFA Device" causes your browser to prompt you for MFA - [ ] Cancelling that browser MFA prompt shows an error - [ ] Successful MFA verification allows you to connect - Session Recording @@ -1293,8 +1291,8 @@ manualy testing. - [ ] Verify async recording (`mode: node` or `mode: proxy`) - [ ] Sessions show up in session recordings UI with desktop icon - [ ] Sessions can be played back, including play/pause functionality - - [ ] Sessions playback speed can be toggled while its playing - - [ ] Sessions playback speed can be toggled while its paused + - [ ] Sessions playback speed can be toggled while it's playing + - [ ] Sessions playback speed can be toggled while it's paused - [ ] A session that ends with a TDP error message can be played back, ends by displaying the error message, and the progress bar progresses to the end. - [ ] Attempting to play back a session that doesn't exist (i.e. by entering a non-existing session id in the url) shows @@ -1339,8 +1337,6 @@ manualy testing. - Non-AD setup - [ ] Installer in GUI mode finishes successfully on instance that is not part of domain - [ ] Installer works correctly invoked from command line - - [ ] Non-AD instance can be added to `non_ad_hosts` section in config file and is visible in UI - - [ ] Non-AD can be added as dynamic resource and is visible in UI - [ ] Non-AD instance has label `teleport.dev/ad: false` - [ ] Connecting to non-AD instance works with OSS if there are no more than 5 non-AD desktops - [ ] Connecting to non-AD instance fails with OSS if there are more than 5 non-AD desktops @@ -1354,7 +1350,7 @@ manualy testing. - [ ] `tctl get dynamic_windows_desktop` works with all supported formats - [ ] Adding dynamic Windows desktop that doesn't match labels for any Windows Desktop Service does not create any Windows desktop - - [ ] Adding dynamic Windows desktop that matches some `windows_desktop_services`s creates Windows desktops for each + - [ ] Adding dynamic Windows desktop that matches some `windows_desktop_service`s creates Windows desktops for each matching WDS - [ ] Updating dynamic Windows desktop updates corresponding Windows desktops - [ ] Updating dynamic Windows desktop's labels so it no longer matches `windows_desktop_services` deletes