[Carbon-dev] [QA] Use Jmeter heavily in test automation
Apache Jmeter is a very useful tool for both functional and performance testing. At the moment, we use Jmeter in HB checker app to test console level login for all Stratos services as well as Jmeter is used to test concurrent login to management console, webapp uploads etc. Similarly, Jmeter can be used for trivial functional testing in our products/stratos services. The attached Jmeter test has been written to test AAR services which does the following automatically. 1. Log in to AS management console 2. Upload an AAR service 3. Assert to check whether the service appears in service list 4. Invoke the service by sending both POST and GET requests 5. Sign out Jmeter does all these things very nicely. The beauty of Jmeter is, the same test can be converted to a load test by increasing the thread count. The possiblity of breaking tests due to UI changes is also minimum. Krishantha and automation team, please look at the attached test script and modify/add to relevant svn location and invoke this automatically through test framework. Similarly, we can produce tests for other services too. /Charitha as-functional-test-plan.jmx Description: Binary data ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
[Carbon-dev] How Data Correlation based on Activity works?
hi, I read this link[1] about the feature. But I could not get what type of use case it try to address and how the client going to see the results. Are there any other document on this? As I understood in order to make this works, client suppose to add a soap header as given and BAM publisher copy that activity id to published message. Otherwise BAM publisher generates an id for each and every request without making any correlation between them. How practical asking clients to set a special soap header which is most probably not given in wsdl? [1] http://wso2.org/project/bam/1.3.0/docs/activity.html ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] How Data Correlation based on Activity works?
The problem statement says like this, We use correlation to keep track of related messages in a sequence of message exchanges. For example, the purchase order and the sales will have the same order number. To ensure that the purchase order and the corresponding sales operations are correlated, we can assign a correlation using the purchase order number. In finding correlation we have to define the elements that are relevant to the messages to be correlated with. For me this can be implemented like this, 1. First let users to engage activity monitoring service based. 2. Then in each service let users to define an xpath to extract the correlation id. That depends on the message format. 3. Since now BAM publisher can send the same activity id for related messages relate them and show in the BAM admin console. thanks, Amila. On Sun, Oct 9, 2011 at 8:43 AM, Amila Suriarachchi am...@wso2.com wrote: hi, I read this link[1] about the feature. But I could not get what type of use case it try to address and how the client going to see the results. Are there any other document on this? As I understood in order to make this works, client suppose to add a soap header as given and BAM publisher copy that activity id to published message. Otherwise BAM publisher generates an id for each and every request without making any correlation between them. How practical asking clients to set a special soap header which is most probably not given in wsdl? [1] http://wso2.org/project/bam/1.3.0/docs/activity.html ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] [QA] Use Jmeter heavily in test automation
On Sat, Oct 8, 2011 at 2:06 PM, Charitha Kankanamge chari...@wso2.comwrote: Apache Jmeter is a very useful tool for both functional and performance testing. At the moment, we use Jmeter in HB checker app to test console level login for all Stratos services as well as Jmeter is used to test concurrent login to management console, webapp uploads etc. Similarly, Jmeter can be used for trivial functional testing in our products/stratos services. The attached Jmeter test has been written to test AAR services which does the following automatically. 1. Log in to AS management console 2. Upload an AAR service 3. Assert to check whether the service appears in service list 4. Invoke the service by sending both POST and GET requests 5. Sign out Jmeter does all these things very nicely. The beauty of Jmeter is, the same test can be converted to a load test by increasing the thread count. The possiblity of breaking tests due to UI changes is also minimum. Krishantha and automation team, please look at the attached test script and modify/add to relevant svn location and invoke this automatically through test framework. Similarly, we can produce tests for other services too. Great stuff Charitha, We will work on adding this to our automation framework. Thanks, Krishantha. /Charitha ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] Carbon 3.2.0 RC7 for Testing
Hi Prabath, There is an issue which need to be resolved in tryit[1]. Is it ok to add it to the release branch? [1] https://wso2.org/jira/browse/STRATOS-1795 On Wed, Jun 8, 2011 at 9:37 AM, Prabath Siriwardena prab...@wso2.comwrote: Location : http://10.100.1.43/~carbon/releases/carbon/3.2.0/rc7/ P2 Repo : http://10.100.1.43/~carbon/releases/carbon/3.2.0/rc7/p2-repo/ Revision : 107476 Will also host this in a publicly accessible location shortly.. [you can use VPN if out side the office] -- Thanks Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- Ruchira Wageesha Software Engineer - WSO2 Inc. www.wso2.com Email: ruch...@wso2.com Blog: ruchirawagee...@blogspot.com Mobile: +94775493444 Lean . Enterprise . Middleware ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] Do we have separate registry space for each user
Hi all, We used to have two permission models: 1. Role-based 2. User-based But, the user-based permission model in Carbon was dropped a few releases back, and we no longer have it. Prabath et al, please provide your suggestions and reasons to why we made this decision. And, having said that, be it registry be it rest of carbon, unless we have a user-based permission model, there is no way that this can be properly solved. Please do not attempt hacks but get this sorted, and do not claim to support features around this until this is properly done. Having nothing is better than having something which has privacy/security issues. Thanks, Senaka. On Sat, Oct 8, 2011 at 7:33 AM, Amila Suriarachchi am...@wso2.com wrote: On Fri, Oct 7, 2011 at 3:06 AM, Thilina Buddhika thili...@wso2.comwrote: On Fri, Oct 7, 2011 at 11:09 AM, Tharindu Mathew thari...@wso2.comwrote: On Fri, Oct 7, 2011 at 9:53 AM, Thilina Buddhika thili...@wso2.comwrote: On Fri, Oct 7, 2011 at 1:18 AM, Tharindu Mathew thari...@wso2.comwrote: On Fri, Oct 7, 2011 at 1:07 AM, Nuwan Bandara nu...@wso2.com wrote: Hi Tharindu, If I have explicitly given User-Y read permission for the User-X s resources then its for certain extent fine, but In this case user-Y only have login permission. but anyway if I do a getConfigUserRegistry() I am expecting a registry space which is only accessible for that particular user, else whats the point ? Answer below. Regards, /Nuwan On Fri, Oct 7, 2011 at 1:01 AM, Thilina Buddhika thili...@wso2.comwrote: Then why are we taking an additional parameter username to the method getConfigUserRegistry(String userName, int tenantId) ? Also what is the difference of the registry instances returned from getConfigSystemRegistry(int tenantId) and getConfigUserRegistry(String userName, int tenantId) ? system registry is for system tasks. It has high privileges, just like an admin user or more, which is needed for system tasks. user registry, is for that user's tasks. So, if you get user X's registry, you get the registry with that user's privileges. If he cannot read resource /abc/foo, then you can't get and read that resource, with user X's registry. You are confusing tenant spaces with user spaces. When you pass the tenant id, you get that tenant's registry, which is isolated from other tenants. Tenant spaces and user registry are orthogonal concepts. So this means if we store something in the user registry, it is secured only by the RBAC model. There is no isolation for each user's data, if they do belong to the same role. Yes. I thought this was obvious :) Well, it is not obvious if you look at the method name. For me, getConfigUserRegistry(int tenantId, String username) gives the notion of I am getting a my registry space inside my tenant space. If you think about this way. What is the point of having user isolation? Registry is there to manage artifacts. So artifacts uploaded by one party, can be and should be manipulated by other users. Only if they want these resources to be accessed. This statement is correct, only if you take a look from the G-Reg's angle. But in Carbon, we are using registry for storing almost everything. Only tenant isolation makes sense. Of course, marrying RBAC and CArbon permissions may make sense for some use cases. But, not all the time. I believe this way give the maximum flexibility. Having tenant isolation does not work always. For example, take the usecase Nuwan tries to achieve. That is to maintain individual user's data in the registry separately without allowing each of them to mess with others' data. With this model, it is not possible to do it without creating roles per each user which is not scalable in the case of GS. Not only for GS it is not scalable for SQS and other modules which requires user level permissions. Let me put my thought on this. There are two ways of authorization. 1. Role based 2. User based. The role based authorization is more suitable for giving authorizations for some functionality. For an example we develop Admin console to be used by some set of user we don't know. So at development time we assign permission for a role and when the system is deployed in the real environment real user get imported to the system and they get assigned the roles. Event if we look at the commonly used software engineering processes we analyze the system with roles and assign permissions to the roles. (Even real users are not know at that time). Finally at the deployment time real users get imported and assign to the roles. But when the system is being used, real users come and create the resources for them. Good example is SQS queues. I think same apply for registry resources as well. Now these resources should belong to the user who created it. (hence concept of owner ship). Then they can share it with other real users. Instead of one user it can be done with
