Skip to content

Update test plan with Access Request custom reason prompts #61022

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
kshi36 merged 1 commit into from
Nov 6, 2025
Merged

Update test plan with Access Request custom reason prompts #61022

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions .github/ISSUE_TEMPLATE/testplan.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2172,14 +2172,20 @@ Docs: [IP Pinning](https://goteleport.com/docs/admin-guides/access-controls/guid
- [ ] Verify that the Privileged Access Report is generated and periodically refreshed.

- [ ] Access Requests
- [ ] Verify when role.spec.allow.request.reason.mode: "required":
- [ ] Verify when `role.spec.allow.request.reason.mode: "required"`:
- [ ] CLI fails to create Access Request displaying a message that reason is required.
- [ ] Web UI fails to create Access Request displaying a message that reason is required.
- [ ] Other roles allowing requesting the same resources/roles without reason.mode set or with reason.mode: "optional" don't affect the behaviour.
- [ ] Other roles allowing requesting the same resources/roles without `reason.mode` set or with `reason.mode: "optional"` don't affect the behaviour.
- [ ] Non-affected resources/roles don't require reason.
- [ ] When there is a role with spec.options.request_access: always it effectively becomes role.spec.options.request_access: reason (i.e.) requires reason:
- [ ] For CLI.
- [ ] For Web UI.
- [ ] When `spec.allow.request.reason.prompt` is set on one of the user's roles:
- [ ] Verify this prompt is displayed in the Web UI when user makes an Access Request containing a resource/role requestable from this role.
- [ ] Verify non-affected resources/roles don't display this prompt.
- [ ] When both `spec.options.request_prompt` and `spec.allow.request.reason.prompt` are set on separate roles assigned to a user:
- [ ] Verify both prompts are displayed in the Web UI when user makes an Access Request containing requestable resource with `spec.allow.request.reason.prompt` set.
- [ ] Verify prompts are deduplicated and sorted.

- [ ] [Automatic Review Rules](https://goteleport.com/docs/ver/18.x/admin-guides/access-controls/access-requests/automatic-reviews/)
- [ ] Create automatic review rule with `desired_state` and `automatic_review` spec.
Expand Down
Loading