🥒 CCC.VM Test: finos-ccc-integration-vm-main

Test Parameters

ServiceTypevirtual-machines
ProviderServiceTypecompute.googleapis.com/Instance
CatalogTypesCCC.VM
TagFilter@Behavioural, @virtual-machines, @Behavioural
UIDfinos-ccc-integration-vm-main
ResourceNamefinos-ccc-integration-vm-main
Config
{}
allowed-source-cidr10.0.0.0/8
catalog-versions
{
  "CCC.Core": "v2025.10",
  "CCC.VM": "DEV"
}
gcp-project-idnodal-time-474015-p5
host-namefinos-ccc-integration-vm-main
permitted-regions
[
  "us-central1"
]
port-number22
providergcp
regionus-central1
resourcefinos-ccc-integration-vm-main
servicevirtual-machines
service-typevirtual-machines
tags@Behavioural @virtual-machines
test-listener-port22

Summary

Generated: 2026-06-22 17:52:47

Total Run Time: 32s

Features: 16

Scenarios: 27 (✅ 11 | ❌ 16)

Steps: 140 (✅ 113 | ❌ 16 | ⏭️ 11 | ❓ 0)

Feature: CCC.Core.CN02.AR01 - Encrypt Data For Storage
Scenario: VM attached volumes report encryption enabled @CCC.Core @CCC.Core.CN02 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @virtual-machines
Given a cloud api for "{config}" in "api"45µs
Given I call "{api}" with "GetServiceAPI" using argument "virtual-machines"98µs
And I refer to "{result}" as "vmService"12µs
When I call "{vmService}" with "GetVolumeEncryptionStatus" using argument "{uid}"35µs
Then "{result}" is not an error14µs
And I refer to "{result}" as "encryption"12µs
And I attach "{encryption}" to the test output as "Volume Encryption Status"58µs
Then "{encryption.Volumes}" is an array of objects with at least the following contents34µs
Encrypted
true
📎 Attachments:
Volume Encryption Status
View JSON (118 bytes)
{"Volumes":[{"VolumeID":"gcp-persistent-disk","Encrypted":true,"EncryptionAlgorithm":"google-managed","KMSKeyID":""}]}
Feature: CCC.Core.CN12.AR01 - Deny Unauthorized IP Connection
Scenario: Unauthorized inbound connection attempt is denied @CCC.Core @CCC.Core.CN12 @PerService @tlp-amber @tlp-red @Behavioural @virtual-machines
Given a cloud api for "{config}" in "api"36µs
Given I call "{api}" with "GetServiceAPI" using argument "virtual-machines"20µs
And I refer to "{result}" as "vmService"11µs
When I call "{vmService}" with "AttemptInboundConnection" using arguments "{uid}" and "{test-listener-port}"31ms
Then "{result}" is not an error20µs
And I refer to "{result}" as "probe"17µs
And I attach "{probe}" to the test output as "Inbound Connection Probe"49µs
Then "{probe.Connected}" is "false"34µs
📎 Attachments:
Inbound Connection Probe
View JSON (129 bytes)
{"Connected":false,"Error":"dial tcp: lookup finos-ccc-integration-vm-main on 127.0.0.53:53: server misbehaving","RemoteAddr":""}
Feature: CCC.Core.CN01.AR01
Scenario: Service accepts TLS 1.3 encrypted traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"32µs
Given an openssl s_client request using "tls1_3" to "{port-number}" on "{host-name}" protocol "{protocol}"478µs
And I refer to "{result}" as "connection"25µs
And "{connection}" state is open33µs
And "{connection.State}" is "open"29µs
And I close connection "{connection}"33µs
Then "{connection}" state is closed43µs
Scenario: Service rejects TLS 1.2 traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"59µs
Given an openssl s_client request using "tls1_2" to "{port-number}" on "{host-name}" protocol "{protocol}"719µs
And I refer to "{result}" as "connection"38µs
And we wait for a period of "40" ms40ms
Then "{connection.State}" is "closed"22µs
Scenario: Service rejects TLS 1.1 traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"51µs
Given an openssl s_client request using "tls1_1" to "{port-number}" on "{host-name}" protocol "{protocol}"380µs
And I refer to "{result}" as "connection"19µs
And we wait for a period of "40" ms41ms
Then "{connection.State}" is "closed"22µs
Scenario: Service rejects TLS 1.0 traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"38µs
Given an openssl s_client request using "tls1" to "{port-number}" on "{host-name}" protocol "{protocol}"386µs
And I refer to "{result}" as "connection"27µs
And we wait for a period of "40" ms41ms
Then "{connection.State}" is "closed"29µs
Scenario: Verify SSL/TLS protocol support @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"27µs
Given "report" contains details of SSL Support type "protocols" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_protocols_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects which doesn't contain any of14µs
idfinding
SSLv2offered
SSLv3offered
TLS1offered
TLS1_1offered
TLS1_2offered
And "{report}" is an array of objects with at least the following contents12µs
idfinding
TLS1_3offered with final
Scenario: Verify no known SSL/TLS vulnerabilities @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"37µs
Given "report" contains details of SSL Support type "vulnerable" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_vulnerable_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents13µs
idseverity
heartbleedOK
CCSOK
ticketbleedOK
ROBOTOK
secure_renegoOK
Scenario: Verify TLS 1.3 only certificate validity @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"36µs
Given "report" contains details of SSL Support type "server-defaults" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_server-defaults_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents13µs
idseverity
cert_expirationStatusOK
cert_chain_of_trustOK
Feature: CCC.Core.CN01.AR02
Scenario: Verify SSH protocol version @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @tls @Behavioural @PerPort @ssh @virtual-machines
Given an openssl s_client request to "{port-number}" on "{host-name}" protocol "ssh"363µs
And I refer to "{result}" as "connection"25µs
And "{connection}" state is open39µs
And I close connection "{connection}"32µs
Then "{connection}" state is closed49µs
Scenario: Verify SSH uses strong ciphers @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @tls @Behavioural @PerPort @ssh @virtual-machines
Given "report" contains details of SSL Support type "each-cipher" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_each-cipher_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects which doesn't contain any of13µs
idfinding
3DES-CBCoffered
RC4offered
DES-CBC3-SHAoffered
Scenario: Verify SSH server configuration @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @tls @Behavioural @PerPort @ssh @virtual-machines
Given "report" contains details of SSL Support type "server-defaults" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_server-defaults_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents14µs
idfinding
cert_expirationStatusok
cert_chain_of_trustpassed.
Feature: CCC.Core.CN01.AR03
Scenario: HTTP redirects to HTTPS @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @http @tls @object-storage @virtual-machines
Given a client connects to "{host-name}" with protocol "http" on port "80"770µs
And I refer to "{result}" as "connection"17µs
And "{connection}" is not an error17µs
And I transmit "GET / HTTP/1.1\r\nHost: {host-name}\r\n\r\n" to "{connection}"501ms
And I attach "{connection}" to the test output as "HTTP response"105µs
And "{connection.Output}" contains "301"57µs
expected {connection.Output} to contain '301', but got ''
And I call "{connection}" with "Close"29µs
Then "{connection.State}" is "closed"35µs
📎 Attachments:
HTTP response
View JSON (41 bytes)
{"State":"closed","Input":{},"Output":""}
Scenario: FTP traffic is blocked or not exposed @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @ftp @tls @object-storage @virtual-machines
Given a client connects to "{host-name}" with protocol "ftp" on port "21"476µs
And I attach "{connection}" to the test output as "FTP response"82µs
And I refer to "{result}" as "connection"25µs
Then "{connection}" is an error29µs
expected {connection} to be an error, got *cloud.Connection
📎 Attachments:
FTP response
View JSON (4 bytes)
null
Scenario: Telnet traffic is blocked or not exposed @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @telnet @tls @object-storage @virtual-machines
Given a client connects to "{host-name}" with protocol "telnet" on port "23"401µs
And I attach "{connection}" to the test output as "Telnet response"28µs
And I refer to "{result}" as "connection"14µs
Then "{connection}" is an error22µs
expected {connection} to be an error, got *cloud.Connection
📎 Attachments:
Telnet response
View JSON (4 bytes)
null
Scenario: Only secure protocols are exposed @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @tls @object-storage @virtual-machines
Given "report" contains details of SSL Support type "protocols" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_protocols_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents29µs
idseverity
TLS1_2OK
TLS1_3OK
Feature: CCC.Core.CN01.AR07
Scenario: Verify HTTPS uses IANA-assigned port 443 @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @PerPort @http @tls @object-storage @virtual-machines
Then "{port-number}" is "443"21µs
expected {port-number} to equal '443', got '22'
Feature: CCC.Core.CN01.AR08
Scenario: Verify mTLS requires client certificate authentication @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-red @tls @Behavioural @PerPort @tls @object-storage @virtual-machines
Given "report" contains details of SSL Support type "server-defaults" for "{host-name}" on port "{port-number}"1ms
failed to read testssl.sh output: open /tmp/testssl_server-defaults_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents14µs
idfinding
clientAuthrequired
Feature: CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations
Scenario: MFA requirement for destructive operations cannot be tested automatically @CCC.Core @CCC.Core.CN03 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage @load-balancer @virtual-machines @serverless-computing @NotTestable
Given a cloud api for "{config}" in "api"38µs
Then no-op required22µs
Feature: CCC.Core.CN04.AR01 - Log Administrative Access Attempts
Scenario: Verify admin actions are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"122µs
And I call "{api}" with "GetServiceAPI" using argument "{service-type}"58µs
And I refer to "{result}" as "theService"93µs
Given I call "{api}" with "GetServiceAPI" using argument "logging"2ms
And I refer to "{result}" as "loggingService"23µs
When I call "{theService}" with "UpdateResourcePolicy"47µs
Then "{result}" is not an error31µs
And I attach "{result}" to the test output as "Policy Update Result"27µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "admin", and "{20}"621ms
Then "{result}" is not an error28µs
And I refer to "{result}" as "adminLogs"32µs
And I attach "{adminLogs}" to the test output as "Admin Activity Logs"75µs
Then "{adminLogs}" is an array of objects with at least the following contents75µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Policy Update Result
View JSON (4 bytes)
null
Admin Activity Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR02 - Log Data Modification Attempts
Scenario: Verify data modifications are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"35µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"40µs
And I refer to "{result}" as "theService"23µs
And I call "{api}" with "GetServiceAPI" using argument "logging"27µs
And I refer to "{result}" as "loggingService"25µs
When I call "{theService}" with "TriggerDataWrite" using argument "{resource-name}"5ms
And I attach "{result}" to the test output as "Data Write Trigger Result"27µs
And we wait for a period of "10000" ms10s
Then I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-write", and "{20}"255ms
And I refer to "{result}" as "dataLogs"42µs
And I attach "{dataLogs}" to the test output as "Data Write Logs"46µs
Then "{dataLogs}" is an array of objects with at least the following contents50µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Write Trigger Result
View JSON (4 bytes)
null
Data Write Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR03 - Log Data Read Attempts
Scenario: Verify data read operations are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"86µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"66µs
And I refer to "{result}" as "theService"45µs
And I call "{api}" with "GetServiceAPI" using argument "logging"121µs
And I refer to "{result}" as "loggingService"110µs
When I call "{theService}" with "TriggerDataRead" using argument "{resource-name}"12ms
And I attach "{result}" to the test output as "Data Read Trigger Result"28µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-read", and "{20}"462ms
Then "{result}" is not an error32µs
And I refer to "{result}" as "readLogs"23µs
And I attach "{readLogs}" to the test output as "Data Read Logs"39µs
Then "{readLogs}" is an array of objects with at least the following contents32µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Read Trigger Result
View JSON (4 bytes)
null
Data Read Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN05.AR06 - Block All Unauthorized Requests
Scenario: Service prevents data read by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-green @tlp-red @Destructive @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"29µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "{service-type}" and "test-user-no-access"76µs
And "{result}" is not an error49µs
And I refer to "{result}" as "userReadableService"26µs
When I call "{userReadableService}" with "TriggerDataRead" using argument "{resource-name}"6ms
Then "{result}" is an error21µs
expected {result} to be an error, got
And I attach "{result}" to the test output as "no-access-trigger-data-read-error.txt"30µs
Feature: CCC.Core.CN07.AR01 - Publish Enumeration Activity Events
Scenario: Enumeration event publishing cannot be tested automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"30µs
Then no-op required21µs
Feature: CCC.Core.CN07.AR02 - Log Enumeration Activities
Scenario: Enumeration logging cannot be verified automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"41µs
Then no-op required27µs
Feature: CCC.Core.CN10.AR01 - Replication Destination Trust
Scenario: Replication destination trust cannot be verified automatically @CCC.Core @CCC.Core.CN10 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"28µs
Then no-op required25µs
Feature: CCC.Core.CN06.AR01 - Resource Location Compliance
Scenario: Resource region can be retrieved for compliance verification @CCC.Core @CCC.Core.CN06 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage @vpc @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"25µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"35µs
And I refer to "{result}" as "theService"22µs
When I call "{theService}" with "GetResourceRegion" using argument "{resource-name}"45µs
Then "{result}" is not an error25µs
And I refer to "{result}" as "region"21µs
And I attach "{region}" to the test output as "Resource Region"36µs
Then "{permitted-regions}" is an array of objects with at least the following contents50µs
value
{region}
expected row not found: map[value:{region}]
📎 Attachments:
Resource Region
View Content (11 bytes)
us-central1