compliant-financial-infrastructure icon indicating copy to clipboard operation
compliant-financial-infrastructure copied to clipboard

Published 20 hours ago verified publisher icon finos

Translate Amazon DynamoDB Tests into Gherkin BDD

Open mcleo-d opened this issue 4 years ago • 5 comments

Description

Translate the Cloud Service Certification DynamoDB test cases into Gherkin BDD scripts using the following the DynamoDB Test Cases Documentation for reference.

DynamoDB Test Cases Documentation

  • https://github.com/finos/cloud-service-certification/blob/master/aws/dynamodb/DynamoDB-Test-Cases-Documentation.md

Test Cases to Translate

  • [ ] 2.1 All DynamoDB tables are created with SSE enabled
    • [ ] Scenario – User creates a DynamoDB table with SSE encryption enabled
    • [ ] CloudTrail Event – Create a DynamoDB table with SSE enabled
    • [ ] Scenario – User creates a DynamoDB table without SSE enabled
    • [ ] CloudTrail Event - Create a DynamoDB table without SSE enabled
  • [ ] 2.2 All DynamoDB tables must remain encrypted at rest by SSE
    • [ ] Scenario – DescribeTable with SSE enabled
    • [ ] Scenario – DescribeTable without SSE enabled
  • [ ] 2.3 Users are prohibited from creating DynamoDB tables without SSE enabled
    • [ ] Scenario – User creates a DynamoDB table with SSE encryption enabled
    • [ ] CloudTrail Event – Create a DynamoDB table with SSE enabled
    • [ ] Scenario – User creates a DynamoDB table without SSE enabled
    • [ ] CloudTrail Event - Create a DynamoDB table without SSE enabled
  • [ ] 2.4 Be able to create an SSE protected DynamoDB table
    • [ ] Scenario – User creates a DynamoDB table with SSE encryption enabled
    • [ ] CloudTrail Event – Create a DynamoDB table with SSE enabled
    • [ ] Scenario – User creates a DynamoDB table without SSE enabled
    • [ ] CloudTrail Event - Create a DynamoDB table without SSE enabled
  • [ ] 2.5 Users can only connect to DynamoDB through HTTPS
    • [ ] Scenario – User access DynamoDB over HTTPS endpoint
    • [ ] Scenario – User attempts access DynamoDB over HTTP endpoint
  • [ ] 2.6 Allow AWS Services to inherit an IAM role to access DynamoDB
    • [ ] Scenario – Lambda is granted permission to DynamoDB
  • [ ] 2.7 Update IAM policy to restrict access to a partition key or attribute in a DynamoDB table
    • [ ] Scenario – IAM policy that restricts access to a specific partition key in a DynamoDB table
    • [ ] Scenario – IAM policy that restricts access to a specific attribute in a DynamoDB table
  • [ ] 2.8 DynamoDB is only accessible via a VPC Endpoint
    • [ ] Scenario – A user creates a VPC endpoint
    • [ ] CloudTrail Event – A user makes a request to DynamoDB across a VPC endpoint
    • [ ] CloudTrail Event – A user makes a request to DynamoDB across the public internet
  • [ ] 2.9 All DynamoDB API calls are recorded in CloudTrail
    • [ ] 2.10 Restrict DynamoDB access through IAM roles
    • [ ] Scenario – IAM policy that restricts access to Read-Only on a specific DynamoDB table

mcleo-d avatar Feb 27 '20 16:02 mcleo-d

Hi @git-hub-forwork1,

I've created the story for translating DynamoDB test cases to BDD scripts. Can you review this story and let me know if we're ready for development or whether the story needs more refinement?

Many thanks 🚀

James.

mcleo-d avatar Feb 28 '20 13:02 mcleo-d

Hi @git-hub-forwork1

I've created this Cloud Service Certification story for you to review and provide feedback in the comments.

You'll notice the story has the feature-writing label applied until the content of this story is reviewed and accepted by you.

Please let me know if anything needs to be amended so I can edit the main content and we can take forward with the CSC group.

Speak soon 👍

James

mcleo-d avatar Mar 02 '20 12:03 mcleo-d

@mcleo-d - is there a high demand for the BDD element to tests? I'm currently working on a solution proposal that will have decreased maintenance and contribution overhead compared to Probr, by sacrificing the BDD involvement.

Personally I haven't spoken to any potential users who desired BDD as a core part of the test packs... we just built it that way because it was part of the initial spec, imagining some auditors or admins would want to see the BDD.

I'm curious whether you've heard from users actually wanting that feature.

eddie-knight avatar Oct 24 '22 12:10 eddie-knight

Hi @eddie-knight - There's not been a direct request for BDD providing the features and configuration of each service can be evidenced to meet compliance / policy acceptance criteria.

@AdrianHammond is also speaking to IBM about https://github.com/IBM/compliance-trestle which could provide an additional way of certifying compliance. This is one of the reasons why IBM joined #276.

mcleo-d avatar Oct 24 '22 13:10 mcleo-d

I am meeting with Anca from IBM on 31st October to learn more about https://github.com/IBM/compliance-trestle

AdrianHammond avatar Oct 25 '22 13:10 AdrianHammond

Thanks for the heads up!

I will continue working on the lightweight (non BDD) alternative to Probr so we can explore it as an option once the validation WG is formed.

eddie-knight avatar Oct 25 '22 15:10 eddie-knight

Closing this issue as stale. The intent and subsequent work have been captured by the Runtime Validation Working Group.

eddie-knight avatar Dec 21 '22 17:12 eddie-knight