summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite/TC_Role1
diff options
context:
space:
mode:
authorsg481n <sg481n@att.com>2017-08-03 17:27:34 -0400
committersg481n <sg481n@att.com>2017-08-03 17:27:34 -0400
commit43854a9e3310ff7a92257d16c4fc0a8321eaec68 (patch)
tree46af936c5da4f9c60d7d63dade5c61a8fd5ef9f4 /authz-test/TestSuite/TC_Role1
parentf691a8b8dfc9eea4c6b3bfa45ea60f07ad347e69 (diff)
 [AAF-21] Initial code import
Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a Signed-off-by: sg481n <sg481n@att.com>
Diffstat (limited to 'authz-test/TestSuite/TC_Role1')
-rw-r--r--authz-test/TestSuite/TC_Role1/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Role1/10_init23
-rw-r--r--authz-test/TestSuite/TC_Role1/20_add_data40
-rw-r--r--authz-test/TestSuite/TC_Role1/30_change_ns14
-rw-r--r--authz-test/TestSuite/TC_Role1/40_reports24
-rw-r--r--authz-test/TestSuite/TC_Role1/50_force_delete28
-rw-r--r--authz-test/TestSuite/TC_Role1/90_wait2
-rw-r--r--authz-test/TestSuite/TC_Role1/99_cleanup34
-rw-r--r--authz-test/TestSuite/TC_Role1/Description16
9 files changed, 189 insertions, 0 deletions
diff --git a/authz-test/TestSuite/TC_Role1/00_ids b/authz-test/TestSuite/TC_Role1/00_ids
new file mode 100644
index 00000000..7fb0e054
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set XX@NS=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Role1/10_init b/authz-test/TestSuite/TC_Role1/10_init
new file mode 100644
index 00000000..4af50879
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/10_init
@@ -0,0 +1,23 @@
+as testid@aaf.att.com
+
+# TC_Role1.10.0.POS Validate NS ok
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Role1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+expect 201
+user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
diff --git a/authz-test/TestSuite/TC_Role1/20_add_data b/authz-test/TestSuite/TC_Role1/20_add_data
new file mode 100644
index 00000000..43c97d92
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/20_add_data
@@ -0,0 +1,40 @@
+# TC_Role1.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.20.2.POS Add Roles
+expect 201
+role create com.test.TC_Role1.@[user.name].r.A
+role create com.test.TC_Role1.@[user.name].r.B
+
+# TC_Role1.20.3.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.20.4.NEG Don't write over Role
+expect 409
+role create com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.20.5.NEG Don't allow non-user to create
+expect 401
+as bogus
+role create com.test.TC_Role1.@[user.name].r.No
+
+# TC_Role1.20.6.NEG Don't allow non-user to create without Approval
+expect 403
+as testunused@aaf.att.com
+role create com.test.TC_Role1.@[user.name].r.No
+
+# TC_Role1.20.10.NEG Non-admins can't change description
+expect 403
+as testunused@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.A Description A
+
+# TC_Role1.20.11.NEG Role must exist to change description
+expect 404
+as testid@aaf.att.com
+role describe com.test.TC_Role1.@[user.name].r.C Description C
+
+# TC_Role1.20.12.POS Admin can change description
+expect 200
+role describe com.test.TC_Role1.@[user.name].r.A Description A
diff --git a/authz-test/TestSuite/TC_Role1/30_change_ns b/authz-test/TestSuite/TC_Role1/30_change_ns
new file mode 100644
index 00000000..4d32f656
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/30_change_ns
@@ -0,0 +1,14 @@
+# TC_Role1.30.1.POS List Data on non-Empty NS
+as testid@aaf.att.com
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
+# TC_Role1.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com
+
+# TC_Role1.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+ns list name com.test.TC_Role1.@[user.name].r
+
diff --git a/authz-test/TestSuite/TC_Role1/40_reports b/authz-test/TestSuite/TC_Role1/40_reports
new file mode 100644
index 00000000..657d1c7c
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/40_reports
@@ -0,0 +1,24 @@
+# TC_Role1.40.01.POS List Data on non-Empty NS
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.20.POS Create a Perm, and add to Role
+expect 201
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.25.POS List
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.30.POS Create a Perm
+expect 201
+perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.40.32.POS Separately Grant Perm
+expect 201
+perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A
+
+# TC_Role1.40.35.POS List
+expect 200
+role list role com.test.TC_Role1.@[user.name].r.A
+
diff --git a/authz-test/TestSuite/TC_Role1/50_force_delete b/authz-test/TestSuite/TC_Role1/50_force_delete
new file mode 100644
index 00000000..ef334b24
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/50_force_delete
@@ -0,0 +1,28 @@
+# TC_Role1.50.1.POS Create user to attach to role
+expect 201
+user cred add m00001@@[user.name].TC_Role1.test.com password123
+
+# TC_Role1.50.2.POS Create new role
+expect 201
+role create com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.3.POS Attach user to role
+expect 201
+user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.4.POS Create permission and attach to role
+expect 201
+perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.20.NEG Delete role with permission and user attached should fail
+expect 424
+role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.21.POS Force delete role should work
+expect 200
+set force=true role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.30.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role1/90_wait b/authz-test/TestSuite/TC_Role1/90_wait
new file mode 100644
index 00000000..91d890f0
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/90_wait
@@ -0,0 +1,2 @@
+# Need to let DB catch up on deletes
+sleep @[NFR]
diff --git a/authz-test/TestSuite/TC_Role1/99_cleanup b/authz-test/TestSuite/TC_Role1/99_cleanup
new file mode 100644
index 00000000..63e240eb
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/99_cleanup
@@ -0,0 +1,34 @@
+as testid@aaf.att.com
+expect 200,404
+
+# TC_Role1.99.05.POS Remove Permissions from "40_reports"
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT
+set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
+
+# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles
+force role delete com.test.TC_Role1.@[user.name].r.A
+force role delete com.test.TC_Role1.@[user.name].r.B
+force role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.99.15.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+role delete com.test.TC_Role1.@[user.name].cred_admin
+
+# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials
+perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction
+set force=true
+user cred del m00001@@[user.name].TC_Role1.test.com
+
+# TC_Role1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role1.@[user.name].r
+force ns delete com.test.TC_Role1.@[user.name]
+
+# TC_Role1.99.99.POS List to prove clean Namespaces
+ns list name com.test.TC_Role1.@[user.name].r
+ns list name com.test.TC_Role1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role1/Description b/authz-test/TestSuite/TC_Role1/Description
new file mode 100644
index 00000000..012a12b1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+