summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite/TC_Role2
diff options
context:
space:
mode:
authorsg481n <sg481n@att.com>2017-08-03 17:27:34 -0400
committersg481n <sg481n@att.com>2017-08-03 17:27:34 -0400
commit43854a9e3310ff7a92257d16c4fc0a8321eaec68 (patch)
tree46af936c5da4f9c60d7d63dade5c61a8fd5ef9f4 /authz-test/TestSuite/TC_Role2
parentf691a8b8dfc9eea4c6b3bfa45ea60f07ad347e69 (diff)
 [AAF-21] Initial code import
Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a Signed-off-by: sg481n <sg481n@att.com>
Diffstat (limited to 'authz-test/TestSuite/TC_Role2')
-rw-r--r--authz-test/TestSuite/TC_Role2/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Role2/10_init8
-rw-r--r--authz-test/TestSuite/TC_Role2/20_add_data39
-rw-r--r--authz-test/TestSuite/TC_Role2/40_viewByName45
-rw-r--r--authz-test/TestSuite/TC_Role2/41_viewByUser20
-rw-r--r--authz-test/TestSuite/TC_Role2/42_viewByNS10
-rw-r--r--authz-test/TestSuite/TC_Role2/43_viewByPerm15
-rw-r--r--authz-test/TestSuite/TC_Role2/99_cleanup22
-rw-r--r--authz-test/TestSuite/TC_Role2/Description9
9 files changed, 176 insertions, 0 deletions
diff --git a/authz-test/TestSuite/TC_Role2/00_ids b/authz-test/TestSuite/TC_Role2/00_ids
new file mode 100644
index 00000000..f7196fc8
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Role2/10_init b/authz-test/TestSuite/TC_Role2/10_init
new file mode 100644
index 00000000..dbe7b858
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/10_init
@@ -0,0 +1,8 @@
+as testid@aaf.att.com
+# TC_Role2.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Role2.@[user.name]
+
+# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
diff --git a/authz-test/TestSuite/TC_Role2/20_add_data b/authz-test/TestSuite/TC_Role2/20_add_data
new file mode 100644
index 00000000..6b85dea1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/20_add_data
@@ -0,0 +1,39 @@
+##############
+# Testing Model
+# We are making a Testing model based loosely on George Orwell's Animal Farm
+# In Animal Farm, Animals did all the work but didn't get any priviledges.
+# In our test, the animals can't see anything but their own role, etc
+# Dogs were supervisors, and ostensibly did something, though mostly laid around
+# In our test, they have Implicit Permissions by being Admins
+# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
+# In our test, they have Explicit Permissions to see everything they want
+##############
+as testid@aaf.att.com:<pass>
+# TC_Role2.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role2.@[user.name]
+
+# TC_Role2.20.10.POS Create Orwellian Roles
+expect 201
+role create com.test.TC_Role2.@[user.name].r.animals
+role create com.test.TC_Role2.@[user.name].r.dogs
+role create com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
+expect 201
+perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
+perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
+perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
+perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
+
+# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
+expect 201
+as XX@NS:<pass>
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.20.60.POS List Data on non-Empty NS
+expect 200
+as testid@aaf.att.com:<pass>
+ns list name com.test.TC_Role2.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role2/40_viewByName b/authz-test/TestSuite/TC_Role2/40_viewByName
new file mode 100644
index 00000000..a6ec33c5
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/40_viewByName
@@ -0,0 +1,45 @@
+as XX@NS
+# TC_Role2.40.1.POS List Data on Role
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.10.POS Add testunused to animals
+expect 201
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+
+# TC_Role2.40.11.POS List by Name when part of role
+as testunused@aaf.att.com
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+
+# TC_Role2.40.12.NEG List by Name when not part of Role
+expect 403
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+
+# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
+as testid@aaf.att.com
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.50.POS Change testunused to Pigs
+as testid@aaf.att.com
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
+as testunused@aaf.att.com
+expect 403
+role list role com.test.TC_Role2.@[user.name].r.animals
+role list role com.test.TC_Role2.@[user.name].r.dogs
+expect 200
+role list role com.test.TC_Role2.@[user.name].r.pigs
+
diff --git a/authz-test/TestSuite/TC_Role2/41_viewByUser b/authz-test/TestSuite/TC_Role2/41_viewByUser
new file mode 100644
index 00000000..684d9ba1
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/41_viewByUser
@@ -0,0 +1,20 @@
+# TC_Role2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+expect 200
+role list user testunused@aaf.att.com
+
+# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+expect 200
+role list user XX@NS
+
diff --git a/authz-test/TestSuite/TC_Role2/42_viewByNS b/authz-test/TestSuite/TC_Role2/42_viewByNS
new file mode 100644
index 00000000..8f184943
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/42_viewByNS
@@ -0,0 +1,10 @@
+# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+expect 200
+role list ns com.test.TC_Role2.@[user.name]
+
+# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+expect 403
+role list ns com.test.TC_Role2.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role2/43_viewByPerm b/authz-test/TestSuite/TC_Role2/43_viewByPerm
new file mode 100644
index 00000000..53a1e3d4
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/43_viewByPerm
@@ -0,0 +1,15 @@
+# TC_Role2.43.10.POS List Roles when allowed to see Perm
+as testid@aaf.att.com
+expect 200
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+
+# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
+as testunused@aaf.att.com
+expect 403
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+
+
diff --git a/authz-test/TestSuite/TC_Role2/99_cleanup b/authz-test/TestSuite/TC_Role2/99_cleanup
new file mode 100644
index 00000000..df344b2d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/99_cleanup
@@ -0,0 +1,22 @@
+as XX@NS
+expect 200,404
+
+# TC_Role2.99.1.POS Delete Roles
+force role delete com.test.TC_Role2.@[user.name].r.animals
+force role delete com.test.TC_Role2.@[user.name].r.dogs
+force role delete com.test.TC_Role2.@[user.name].r.pigs
+
+# TC_Role2.99.2.POS Delete Perms
+force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
+force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
+force perm delete com.test.TC_Role2.@[user.name].r.A grain *
+force perm delete com.test.TC_Role2.@[user.name].r.A * *
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
+
+
+# TC_Role2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role2.@[user.name]
+
+# TC_Role2.99.3.POS Print Namespaces
+ns list name com.test.TC_Role2.@[user.name]
diff --git a/authz-test/TestSuite/TC_Role2/Description b/authz-test/TestSuite/TC_Role2/Description
new file mode 100644
index 00000000..ea741a81
--- /dev/null
+++ b/authz-test/TestSuite/TC_Role2/Description
@@ -0,0 +1,9 @@
+This Testcase Tests the viewability of different role commands
+
+APIs:
+
+
+
+CLI:
+
+