HCL OneTest API and the v10 Tech Preview

Starting from 9.5, you can access and view the trial features deployed on the v10 Tech Preview. You can create secrets collections for your project and store them securely on the v10 Tech Preview. The secrets collections in the v10 Tech Preview project have a separate access control list managed by the project owner. Earlier to 9.5, the secrets were stored in tags as an environment property in HCL OneTest™ API and they were visible to anybody who could see the project.

v10 Tech Preview

The v10 Tech Preview is a new combined server that includes capabilities such as Docker-based distribution, installation, and execution of test cases. With the introduction of secrets (under secrets collections) for a project in the v10 Tech Preview, managing access to separate environments is simplified. If a member of a project does not have access to a secret (server credential), then the member cannot accidentally or maliciously run tests against that server. For example, tests that require accessing the database server by using the server credentials to retrieve stored data can be executed by a member if the access to the secrets is enabled.

If the secrets are not stored on the v10 Tech Preview, you must then store secrets as plain text as an environment property in HCL OneTest API. This means that a user can accidentally run a test against the wrong environment.

You can perform the following tasks for your project that you want to test using HCL OneTest API after you have set up the v10 Tech Preview:
  • As a project owner, you can configure the project in the v10 Tech Preview for creating secrets collections. Secrets are key-value pairs that are created for your project in the v10 Tech Preview under a secrets collection.
  • You can decide to grant or restrict access to members in your organization to the secrets collections. Controlling access to secrets means controlling access to applications and systems under test. Members with access can access the secrets collection in the v10 Tech Preview and use the secrets in test runs in HCL OneTest API.
  • Members of the v10 Tech Preview project must generate offline tokens from the v10 Tech Preview and use the token for gaining access to the v10 Tech Preview. See Using the v10 Tech Preview offline tokens.
  • Members can access the v10 Tech Preview from HCL OneTest API. See Accessing the v10 Tech Preview from HCL OneTest API.
  • Members across the organization can retrieve the stored secrets from v10 Tech Preview for using the secrets in test runs in HCL OneTest API without the necessity to store the secrets as visible environment tags in their project in HCL OneTest API. See Retrieving secrets from the v10 Tech Preview.
Feedback