🥒 CCC.VM Test: finos-ccc-integration-vm-main

Test Parameters

ServiceTypevirtual-machines
ProviderServiceTypecompute.googleapis.com/Instance
CatalogTypesCCC.VM
TagFilter@Behavioural, @virtual-machines, @Behavioural
UIDfinos-ccc-integration-vm-main
ResourceNamefinos-ccc-integration-vm-main
Config
{}
allowed-source-cidr10.0.0.0/8
catalog-versions
{
  "CCC.Core": "v2025.10",
  "CCC.VM": "DEV"
}
gcp-project-idnodal-time-474015-p5
host-namefinos-ccc-integration-vm-main
permitted-regions
[
  "us-central1"
]
port-number22
providergcp
regionus-central1
resourcefinos-ccc-integration-vm-main
servicevirtual-machines
service-typevirtual-machines
tags@Behavioural @virtual-machines
test-listener-port22

Summary

Generated: 2026-06-22 17:15:05

Total Run Time: 32s

Features: 16

Scenarios: 27 (✅ 11 | ❌ 16)

Steps: 140 (✅ 113 | ❌ 16 | ⏭️ 11 | ❓ 0)

Feature: CCC.Core.CN02.AR01 - Encrypt Data For Storage
Scenario: VM attached volumes report encryption enabled @CCC.Core @CCC.Core.CN02 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @virtual-machines
Given a cloud api for "{config}" in "api"45µs
Given I call "{api}" with "GetServiceAPI" using argument "virtual-machines"100µs
And I refer to "{result}" as "vmService"20µs
When I call "{vmService}" with "GetVolumeEncryptionStatus" using argument "{uid}"56µs
Then "{result}" is not an error26µs
And I refer to "{result}" as "encryption"20µs
And I attach "{encryption}" to the test output as "Volume Encryption Status"69µs
Then "{encryption.Volumes}" is an array of objects with at least the following contents65µs
Encrypted
true
📎 Attachments:
Volume Encryption Status
View JSON (118 bytes)
{"Volumes":[{"VolumeID":"gcp-persistent-disk","Encrypted":true,"EncryptionAlgorithm":"google-managed","KMSKeyID":""}]}
Feature: CCC.Core.CN12.AR01 - Deny Unauthorized IP Connection
Scenario: Unauthorized inbound connection attempt is denied @CCC.Core @CCC.Core.CN12 @PerService @tlp-amber @tlp-red @Behavioural @virtual-machines
Given a cloud api for "{config}" in "api"33µs
Given I call "{api}" with "GetServiceAPI" using argument "virtual-machines"29µs
And I refer to "{result}" as "vmService"21µs
When I call "{vmService}" with "AttemptInboundConnection" using arguments "{uid}" and "{test-listener-port}"4ms
Then "{result}" is not an error19µs
And I refer to "{result}" as "probe"18µs
And I attach "{probe}" to the test output as "Inbound Connection Probe"40µs
Then "{probe.Connected}" is "false"22µs
📎 Attachments:
Inbound Connection Probe
View JSON (129 bytes)
{"Connected":false,"Error":"dial tcp: lookup finos-ccc-integration-vm-main on 127.0.0.53:53: server misbehaving","RemoteAddr":""}
Feature: CCC.Core.CN01.AR01
Scenario: Service accepts TLS 1.3 encrypted traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"44µs
Given an openssl s_client request using "tls1_3" to "{port-number}" on "{host-name}" protocol "{protocol}"541µs
And I refer to "{result}" as "connection"26µs
And "{connection}" state is open31µs
And "{connection.State}" is "open"30µs
And I close connection "{connection}"37µs
Then "{connection}" state is closed37µs
Scenario: Service rejects TLS 1.2 traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"68µs
Given an openssl s_client request using "tls1_2" to "{port-number}" on "{host-name}" protocol "{protocol}"594µs
And I refer to "{result}" as "connection"28µs
And we wait for a period of "40" ms40ms
Then "{connection.State}" is "closed"28µs
Scenario: Service rejects TLS 1.1 traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"42µs
Given an openssl s_client request using "tls1_1" to "{port-number}" on "{host-name}" protocol "{protocol}"473µs
And I refer to "{result}" as "connection"25µs
And we wait for a period of "40" ms40ms
Then "{connection.State}" is "closed"39µs
Scenario: Service rejects TLS 1.0 traffic @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"45µs
Given an openssl s_client request using "tls1" to "{port-number}" on "{host-name}" protocol "{protocol}"520µs
And I refer to "{result}" as "connection"32µs
And we wait for a period of "40" ms40ms
Then "{connection.State}" is "closed"35µs
Scenario: Verify SSL/TLS protocol support @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"54µs
Given "report" contains details of SSL Support type "protocols" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_protocols_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects which doesn't contain any of16µs
idfinding
SSLv2offered
SSLv3offered
TLS1offered
TLS1_1offered
TLS1_2offered
And "{report}" is an array of objects with at least the following contents17µs
idfinding
TLS1_3offered with final
Scenario: Verify no known SSL/TLS vulnerabilities @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"63µs
Given "report" contains details of SSL Support type "vulnerable" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_vulnerable_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents42µs
idseverity
heartbleedOK
CCSOK
ticketbleedOK
ROBOTOK
secure_renegoOK
Scenario: Verify TLS 1.3 only certificate validity @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @Behavioural @PerPort @tls @object-storage @virtual-machines
Given a cloud api for "{config}" in "api"41µs
Given "report" contains details of SSL Support type "server-defaults" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_server-defaults_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents13µs
idseverity
cert_expirationStatusOK
cert_chain_of_trustOK
Feature: CCC.Core.CN01.AR02
Scenario: Verify SSH protocol version @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @tls @Behavioural @PerPort @ssh @virtual-machines
Given an openssl s_client request to "{port-number}" on "{host-name}" protocol "ssh"417µs
And I refer to "{result}" as "connection"26µs
And "{connection}" state is open31µs
And I close connection "{connection}"34µs
Then "{connection}" state is closed56µs
Scenario: Verify SSH uses strong ciphers @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @tls @Behavioural @PerPort @ssh @virtual-machines
Given "report" contains details of SSL Support type "each-cipher" for "{host-name}" on port "{port-number}"1ms
failed to read testssl.sh output: open /tmp/testssl_each-cipher_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects which doesn't contain any of16µs
idfinding
3DES-CBCoffered
RC4offered
DES-CBC3-SHAoffered
Scenario: Verify SSH server configuration @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @tls @Behavioural @PerPort @ssh @virtual-machines
Given "report" contains details of SSL Support type "server-defaults" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_server-defaults_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents16µs
idfinding
cert_expirationStatusok
cert_chain_of_trustpassed.
Feature: CCC.Core.CN01.AR03
Scenario: HTTP redirects to HTTPS @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @http @tls @object-storage @virtual-machines
Given a client connects to "{host-name}" with protocol "http" on port "80"732µs
And I refer to "{result}" as "connection"20µs
And "{connection}" is not an error39µs
And I transmit "GET / HTTP/1.1\r\nHost: {host-name}\r\n\r\n" to "{connection}"500ms
And I attach "{connection}" to the test output as "HTTP response"72µs
And "{connection.Output}" contains "301"84µs
expected {connection.Output} to contain '301', but got ''
And I call "{connection}" with "Close"30µs
Then "{connection.State}" is "closed"37µs
📎 Attachments:
HTTP response
View JSON (41 bytes)
{"State":"closed","Input":{},"Output":""}
Scenario: FTP traffic is blocked or not exposed @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @ftp @tls @object-storage @virtual-machines
Given a client connects to "{host-name}" with protocol "ftp" on port "21"541µs
And I attach "{connection}" to the test output as "FTP response"61µs
And I refer to "{result}" as "connection"27µs
Then "{connection}" is an error37µs
expected {connection} to be an error, got *cloud.Connection
📎 Attachments:
FTP response
View JSON (4 bytes)
null
Scenario: Telnet traffic is blocked or not exposed @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @telnet @tls @object-storage @virtual-machines
Given a client connects to "{host-name}" with protocol "telnet" on port "23"488µs
And I attach "{connection}" to the test output as "Telnet response"56µs
And I refer to "{result}" as "connection"26µs
Then "{connection}" is an error38µs
expected {connection} to be an error, got *cloud.Connection
📎 Attachments:
Telnet response
View JSON (4 bytes)
null
Scenario: Only secure protocols are exposed @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-green @tlp-red @PerPort @Behavioural @tls @object-storage @virtual-machines
Given "report" contains details of SSL Support type "protocols" for "{host-name}" on port "{port-number}"2ms
failed to read testssl.sh output: open /tmp/testssl_protocols_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents14µs
idseverity
TLS1_2OK
TLS1_3OK
Feature: CCC.Core.CN01.AR07
Scenario: Verify HTTPS uses IANA-assigned port 443 @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @PerPort @http @tls @object-storage @virtual-machines
Then "{port-number}" is "443"27µs
expected {port-number} to equal '443', got '22'
Feature: CCC.Core.CN01.AR08
Scenario: Verify mTLS requires client certificate authentication @CCC.Core @CCC.Core.CN01 @tlp-amber @tlp-red @tls @Behavioural @PerPort @tls @object-storage @virtual-machines
Given "report" contains details of SSL Support type "server-defaults" for "{host-name}" on port "{port-number}"1ms
failed to read testssl.sh output: open /tmp/testssl_server-defaults_finos-ccc-integration-vm-main_22.json: no such file or directory
Then "{report}" is an array of objects with at least the following contents15µs
idfinding
clientAuthrequired
Feature: CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations
Scenario: MFA requirement for destructive operations cannot be tested automatically @CCC.Core @CCC.Core.CN03 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage @load-balancer @virtual-machines @serverless-computing @NotTestable
Given a cloud api for "{config}" in "api"32µs
Then no-op required31µs
Feature: CCC.Core.CN04.AR01 - Log Administrative Access Attempts
Scenario: Verify admin actions are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"85µs
And I call "{api}" with "GetServiceAPI" using argument "{service-type}"64µs
And I refer to "{result}" as "theService"60µs
Given I call "{api}" with "GetServiceAPI" using argument "logging"1ms
And I refer to "{result}" as "loggingService"72µs
When I call "{theService}" with "UpdateResourcePolicy"74µs
Then "{result}" is not an error110µs
And I attach "{result}" to the test output as "Policy Update Result"39µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "admin", and "{20}"933ms
Then "{result}" is not an error29µs
And I refer to "{result}" as "adminLogs"21µs
And I attach "{adminLogs}" to the test output as "Admin Activity Logs"64µs
Then "{adminLogs}" is an array of objects with at least the following contents32µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Policy Update Result
View JSON (4 bytes)
null
Admin Activity Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR02 - Log Data Modification Attempts
Scenario: Verify data modifications are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"42µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"48µs
And I refer to "{result}" as "theService"28µs
And I call "{api}" with "GetServiceAPI" using argument "logging"27µs
And I refer to "{result}" as "loggingService"20µs
When I call "{theService}" with "TriggerDataWrite" using argument "{resource-name}"12ms
And I attach "{result}" to the test output as "Data Write Trigger Result"45µs
And we wait for a period of "10000" ms10s
Then I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-write", and "{20}"425ms
And I refer to "{result}" as "dataLogs"41µs
And I attach "{dataLogs}" to the test output as "Data Write Logs"46µs
Then "{dataLogs}" is an array of objects with at least the following contents43µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Write Trigger Result
View JSON (4 bytes)
null
Data Write Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR03 - Log Data Read Attempts
Scenario: Verify data read operations are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"85µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"54µs
And I refer to "{result}" as "theService"42µs
And I call "{api}" with "GetServiceAPI" using argument "logging"44µs
And I refer to "{result}" as "loggingService"29µs
When I call "{theService}" with "TriggerDataRead" using argument "{resource-name}"6ms
And I attach "{result}" to the test output as "Data Read Trigger Result"41µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-read", and "{20}"238ms
Then "{result}" is not an error30µs
And I refer to "{result}" as "readLogs"37µs
And I attach "{readLogs}" to the test output as "Data Read Logs"42µs
Then "{readLogs}" is an array of objects with at least the following contents38µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Read Trigger Result
View JSON (4 bytes)
null
Data Read Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN05.AR06 - Block All Unauthorized Requests
Scenario: Service prevents data read by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-green @tlp-red @Destructive @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"47µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "{service-type}" and "test-user-no-access"88µs
And "{result}" is not an error69µs
And I refer to "{result}" as "userReadableService"29µs
When I call "{userReadableService}" with "TriggerDataRead" using argument "{resource-name}"22ms
Then "{result}" is an error33µs
expected {result} to be an error, got
And I attach "{result}" to the test output as "no-access-trigger-data-read-error.txt"31µs
Feature: CCC.Core.CN07.AR01 - Publish Enumeration Activity Events
Scenario: Enumeration event publishing cannot be tested automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"42µs
Then no-op required17µs
Feature: CCC.Core.CN07.AR02 - Log Enumeration Activities
Scenario: Enumeration logging cannot be verified automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"34µs
Then no-op required26µs
Feature: CCC.Core.CN10.AR01 - Replication Destination Trust
Scenario: Replication destination trust cannot be verified automatically @CCC.Core @CCC.Core.CN10 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"47µs
Then no-op required28µs
Feature: CCC.Core.CN06.AR01 - Resource Location Compliance
Scenario: Resource region can be retrieved for compliance verification @CCC.Core @CCC.Core.CN06 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage @vpc @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"85µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"67µs
And I refer to "{result}" as "theService"75µs
When I call "{theService}" with "GetResourceRegion" using argument "{resource-name}"110µs
Then "{result}" is not an error61µs
And I refer to "{result}" as "region"57µs
And I attach "{region}" to the test output as "Resource Region"76µs
Then "{permitted-regions}" is an array of objects with at least the following contents95µs
value
{region}
expected row not found: map[value:{region}]
📎 Attachments:
Resource Region
View Content (11 bytes)
us-central1