1Feature: Business continuity
2 In order to operate during outages of NCR ID in the cloud, the WAN or LAN network,
3 as a retailer, I want to continue to sign in in my associates with as up-to-date
4 as possible account info, i.e. credentials, permissions (role/location based) and
5 profile claims like date-of-birth, for a configurable duration of time that depends
6 on my store resources and other factors
7 ---
8
9 We need to get the 'latest' version of an account 'locally' so we can be accurate
10 when the cloud service is down or unreachable
11
12 To analyze what we mean by 'latest' version or 'local' accounts we need to look at the
13 types of clients we have and that each get their own type of Edge ID:
14 a) 'thick clients' runs its own instance of Edge ID, at this time only at 'lanes'
15 b) 'floating clients' are thin and run inside cluster, not bound to a node, and must access the store instance
16 c) 'external clients' are thin and run outside of the cluster, but inside the LAN,
17 and must access the external instance
18 We don't have 'thick external' cause Edge ID can't be deployed out of the cluster.
19
20 We created dedicated instances of each type of client:
21 a) http://touchpoint.edge-iam for thick clients, deployed on the thick client
22 b) http://store.edge-iam for floating clients, deployed at this point on the control plane
23 c) https://iam.store.corp.ncr.com for external clients supported with http://external.edge-iam
24 for those with in-cluster BFF, deployed also on control plane
25
26 From there we differentiate 3 locations where accounts can live:
27 a) 'cloud' or 'latest' version which is the SoR for us and as such we consider it 'latest'
28 for a more holistic view however, the cloud could not actually be SoR, but gets its data
29 through sync or federation, what we in store consider 'latest' might not be the actual latest
30 b) 'store' version, i.e. the version of the account we keep in a 'central' location
31 in the store and is effectivly SoR for the thick clients
32 c) 'local' version, i.e. the one we have on thick clients like POS, SCO, tablet or mobile
33
34
35 @happy
36 Scenario: Sign-in during WAN or device service outage on any type of client
37 Given the device service is not available
38 And the associate used device login in the store before the outage
39 And the associate has a refresh token that is not expired
40 When the associate signs in using device login
41 Then they are signed in with the latest account info
42 And their store account is not updated
43
44 @happy
45 Scenario: Sign-in during LAN outage on a thick client
46 Given the device service is not available
47 And the store accounts are not available
48 And the associate cloud account has not changed since their last local sign-in
49 And the associate has a refresh token that is not expired
50 And the associate uses a device that has synced with store since their last cloud sign-in
51 When they sign-in on an edge app using the device login
52 Then they are signed in with the version of the profile available on the device
53
54 @happy
55 Scenario: Sign-in during store accounts outage
56 Given the device service is available
57 And the store accounts are not available
58 And the associate account has not changed since last login
59 And the associate uses a device that has been synced with store accounts
60 When they sign-in on an edge app using the device login
61 Then they are signed in with a cloud account that matches their store account
62 And their store account is not updated
63 And downstream services get the accurate account info
64
65 @sad
66 Scenario: Sign-in during LAN outage on a floating or external client
67 Given the device service is not available
68 When the associate tries to sign in
69 Then they are unable to as they cannot reach any Edge ID server
70
71 @sad
72 Scenario: Associate did not login within the refresh expiration time
73 Given the device service is not available
74 And the refresh expiration is set to 3 days
75 And the associate did not use device login in the last 3 days
76 When they try to sign-in
77 Then they will not be able to
78 And they will be informed that they should reach out to their manager
79 And their manager can print a emergency barcode for them
80
81 @risky
82 Scenario: Permissions revoked after last login
83 Scenario: Thick client did not sync since permissions revoked
84 Scenario: Profile changed after last login
85 Scenario: Thick client did not sync since profile changed
86 Then we have a potential security issue cause they
87 still have permissions that were revoked or
88 permissions granted based on a profile claim
89 like date of birth
90
91 @sad
92 Scenario: Permissions granted after last login
93 Scenario: Thick client did not sync since permissions granted
94 Then its annoying that the person can't do certain
95 things or still needs manager approval, but at least
96 its more restrictive..
97
98 @bad
99 Scenario: Associate never used device login before device service outage
100 Given the device service is not available
101 And the associate never used device login before the outage
102 When they try to sign-in
103 Then they will not be able to
104
105 @bad
106 Scenario: Thick client did not sync after first ever sign-in of associate
107 Given the device service is not available
108 And the associate uses a device that is not synced with store accounts
109 When they try to sign-in
110 Then they will not be able to
111
112
113 # todo: scenarios where the store accounts / control plane is down
114 # todo: scenarios where redis is down or anything else that prevents us from runnningView as plain text