Testplan for GDPR (General Data Protection Regulation) feature

Let's figure out the test script for https://gitlab.com/gitlab-com/support/services/services-meta/issues/18.

How to test in staging?
How to verify data collected?
Do we need to reset data? Clear out dbs?
How to verify in production?

Test plan

The following scenarios will be covered

Scenario 1: Existing user (not logged in)
- ~~Workflow 1.1: After Login => Accept TOS => check we can create an issue and a merge request~~ | Covered by a system test at https://gitlab.com/gitlab-org/gitlab-ce/blob/35ed9adfa16143469244b8aad48256f61e5c6447/spec/features/users/login_spec.rb#L412
- Workflow 1.2: After Login => Decline TOS => verify user is signed out => Logging in again shows the TOS page => @reprazent
Scenario 2: Existing logged in user (logged in during roll out)
- ~~Workflow 2.1: On next interaction => verify we are present with TOS page => Accept TOS => verify we are taken to the intended destination => check we can create an issue and a merge request~~ | Covered by a system test at https://gitlab.com/gitlab-org/gitlab-ce/blob/35ed9adfa16143469244b8aad48256f61e5c6447/spec/features/users/terms_spec.rb#L42 Without creating a new issue & merge request
- Workflow 2.2: On next interaction => verify we are present with TOS page => Decline TOS => verify we are then logged out => @victorwu
Scenario 3: User who has already accepted TOS
- ~~Workflow 3.1: Use user in 1.1 (log out and log back in) => check we can still create an issue and a merge request~~ | Covered by a system test at https://gitlab.com/gitlab-org/gitlab-ce/blob/35ed9adfa16143469244b8aad48256f61e5c6447/spec/features/users/login_spec.rb#L427 Without creating a new issue & merge request
Scenario 4: New user signs up
- ~~Workflow 4.1: Accept TOS => check we can create an issue and a merge request~~ | Covered by a system test at https://gitlab.com/gitlab-org/gitlab-ce/blob/35ed9adfa16143469244b8aad48256f61e5c6447/spec/features/users/signup_spec.rb#L138 Without creating a new issue & merge request
- Workflow 4.2: Decline TOS => check we are logged out => verify we are then logged out => @meks
Scenario 5: RSS Token
- Workflow 5.1: Accept TOS to enable RSS feed
  - Check https://staging.gitlab.com/gitlab-org.atom?rss_token=TOKEN => loads
  - Enforce the terms
  - https://staging.gitlab.com/gitlab-org.atom?rss_token=TOKEN => returns 403
  - Owner of the rss token accepts the terms
  - Check https://staging.gitlab.com/gitlab-org.atom?rss_token=TOKEN => loads Declining the ToS (Workflow x.2) is also covered by a system test, but not within one of the mentioned flows.
Scenario 6: API access
- Workflow 6.1: Accept TOS to enable API access
  - Make an API call => verify success 200/201 response
  - Enforce the terms
  - Make an API call => verify returns 403
  - Accept terms
  - Make an API call => verify success 200/201 response
Scenario 7: Git operations
- Workflow 7.1: Accept TOS to enable GIT operations
  - Do git operation => verify success
  - Enforce the terms
  - Do git operation => verify error message
  - Accept terms
  - Do git operation => verify success

For Scenario 1 and Scenario 2 and Scenario 3 we can just use our existing accounts. For Scenario 4 we need to create new accounts

Edited May 15, 2018 by Rémy Coutable