More recent SCS standards which go beyond simple user-facing aspects of an SCS infrastructure create an increasing demand for a standardized approach for executing internal and/or manual conformance tests and audits in the infrastructure directly.
This is necessary for test and audit scenarios where the information is not accessible from the outside (e.g. via API) and/or requires admin privileges.
This issue should serve as a starting point to establish such a process as well as keeping track of applicable standards.
The exact implementation is up for debate. So far there have been some ideas about test scripts that can be executed by a CSP admin and generate a report file which can be submitted to some SCS service. Challenges arise when the tests need to go deep into the infrastructure (e.g. checking the config file entries of every Neutron agent) and infrastructures may differ greatly in their architecture between CSPs making it hard to create a one-size-fits-all script for verification.
Applicable Standards
The standards which currently have limited conformance test capabilities due to the lack of CSP-side audit possibilites will be tracked here:
edit text (mainly) by @markus-hentsch:
More recent SCS standards which go beyond simple user-facing aspects of an SCS infrastructure create an increasing demand for a standardized approach for executing internal and/or manual conformance tests and audits in the infrastructure directly. This is necessary for test and audit scenarios where the information is not accessible from the outside (e.g. via API) and/or requires admin privileges.
This issue should serve as a starting point to establish such a process as well as keeping track of applicable standards.
The exact implementation is up for debate. So far there have been some ideas about test scripts that can be executed by a CSP admin and generate a report file which can be submitted to some SCS service. Challenges arise when the tests need to go deep into the infrastructure (e.g. checking the config file entries of every Neutron agent) and infrastructures may differ greatly in their architecture between CSPs making it hard to create a one-size-fits-all script for verification.
Applicable Standards
The standards which currently have limited conformance test capabilities due to the lack of CSP-side audit possibilites will be tracked here: