Update project structure to org.onap.aaf

Update project structure of authz module in aaf from com.att to org.onap.aaf and add distribution management and repositories. Issue-id: AAF-21 Change-Id: Ia2486954e99f2bd60f18122ed60d32d5590781e9 Signed-off-by: sg481n <sg481n@att.com>
author: sg481n <sg481n@att.com> 2017-08-28 12:11:35 -0400
committer: sg481n <sg481n@att.com> 2017-08-28 12:11:47 -0400
commit: bd890c575163e4d87ac24198b9c68a39cf4bbc4d (patch)
tree: 2d6c5baa66d1df8f8c841d39646e93020ed203bc /authz-test/TestSuite/TC_User1
parent: 72b21f2ac109b0d95fef3ef608c0c343337d4ce2 (diff)
9 files changed, 197 insertions, 0 deletions
diff --git a/authz-test/TestSuite/TC_User1/00_ids b/authz-test/TestSuite/TC_User1/00_ids
new file mode 100644
index 00000000..b989aa3b
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/00_ids
@@ -0,0 +1,12 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus@aaf.att.com=boguspass
+set m99990@@[user.name].TC_User1.test.com=password123
+set m99995@@[user.name].TC_User1.test.com=password123
+
+#delay 10
+set NFR=0
+
+
diff --git a/authz-test/TestSuite/TC_User1/10_init b/authz-test/TestSuite/TC_User1/10_init
new file mode 100644
index 00000000..0cad5595
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/10_init
@@ -0,0 +1,25 @@
+
+as testid@aaf.att.com
+# TC_User1.10.0.POS Check for Existing Data
+expect 200
+ns list name com.test.TC_User1.@[user.name]
+
+# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_User1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
+
+as XX@NS:<pass>
+# TC_User1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_User1.01.99.POS Expect Namespace to be created
+expect 200
+ns list name com.test.TC_User1.@[user.name] 
+
diff --git a/authz-test/TestSuite/TC_User1/20_add_data b/authz-test/TestSuite/TC_User1/20_add_data
new file mode 100644
index 00000000..9a9acec5
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/20_add_data
@@ -0,0 +1,26 @@
+as testid@aaf.att.com
+# TC_User1.20.1.POS Create roles
+expect 201
+role create com.test.TC_User1.@[user.name].manager
+role create com.test.TC_User1.@[user.name].worker
+
+# TC_User1.20.2.POS Create permissions
+perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
+perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
+perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
+perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
+
+# TC_User1.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_User1.test.com password123
+user cred add m99995@@[user.name].TC_User1.test.com password123
+
+as XX@NS
+# TC_User1.20.10.POS Add users to roles
+expect 201
+user role add @[user.name] com.test.TC_User1.@[user.name].manager
+user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+# TC_User1.20.20.POS Add Delegate
+as XX@NS
+# TC_User1.20.20.POS Create delegates
+force user delegate add @[user.name] @[user.name]
diff --git a/authz-test/TestSuite/TC_User1/40_viewByRole b/authz-test/TestSuite/TC_User1/40_viewByRole
new file mode 100644
index 00000000..824f01e2
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/40_viewByRole
@@ -0,0 +1,23 @@
+
+# TC_User1.40.1.NEG Non-admin, user not in role should not view
+expect 403
+as testunused@aaf.att.com
+user list role com.test.TC_User1.@[user.name].manager
+user list role com.test.TC_User1.@[user.name].worker
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.40.2.NEG Non-admin, user in role should not view
+expect 403
+user list role com.test.TC_User1.@[user.name].manager
+
+sleep @[NFR]
+# TC_User1.40.3.POS Non-admin, user in role can view himself
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+
+as testid@aaf.att.com
+# TC_User1.40.10.POS admin should view
+expect 200
+user list role com.test.TC_User1.@[user.name].manager
+user list role com.test.TC_User1.@[user.name].worker
+
diff --git a/authz-test/TestSuite/TC_User1/41_viewByPerm b/authz-test/TestSuite/TC_User1/41_viewByPerm
new file mode 100644
index 00000000..6813cb15
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/41_viewByPerm
@@ -0,0 +1,29 @@
+as testunused@aaf.att.com
+# TC_User1.41.1.NEG Non-admin, user not in perm should not view
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.41.2.POS Non-admin, user in perm can view himself
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.41.3.NEG Non-admin, user in perm should not view
+expect 200
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+as testid@aaf.att.com
+# TC_User1.41.10.POS admin should view
+expect 200
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+
+
diff --git a/authz-test/TestSuite/TC_User1/42_viewByDelegates b/authz-test/TestSuite/TC_User1/42_viewByDelegates
new file mode 100644
index 00000000..7d16cb3c
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/42_viewByDelegates
@@ -0,0 +1,12 @@
+as testunused@aaf.att.com
+# TC_User1.42.1.NEG Unrelated user can't view delegates
+expect 403
+user list delegates user m99990@@[user.name].TC_User1.test.com
+user list delegates delegate m99995@@[user.name].TC_User1.test.com
+
+as XX@NS
+# TC_User1.42.10.POS Admin of domain NS can view
+expect 200
+user list delegates user @[user.name]
+user list delegates delegate @[user.name]
+
diff --git a/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm
new file mode 100644
index 00000000..8f4ffd05
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm
@@ -0,0 +1,27 @@
+
+as testid@aaf.att.com
+# TC_User1.43.1.POS Add another user to worker role
+expect 201
+user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.43.2.POS User should only see himself here
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
+
+as XX@NS
+# TC_User1.43.10.POS Grant explicit user perm to user
+expect 201
+perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
+
+as m99990@@[user.name].TC_User1.test.com
+# TC_User1.43.11.POS User should see all users of test domain now
+expect 200
+user list role com.test.TC_User1.@[user.name].worker
+user list perm com.test.TC_User1.@[user.name].supplies * move
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+
diff --git a/authz-test/TestSuite/TC_User1/99_cleanup b/authz-test/TestSuite/TC_User1/99_cleanup
new file mode 100644
index 00000000..f6e9724e
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/99_cleanup
@@ -0,0 +1,37 @@
+expect 200,404
+as testid@aaf.att.com
+
+# TC_User1.99.0.POS Remove user roles 
+user role del @[user.name] com.test.TC_User1.@[user.name].manager
+user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+
+# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+force perm delete com.test.TC_User1.@[user.name].supplies * move 
+force perm delete com.test.TC_User1.@[user.name].supplies * stock 
+force perm delete com.test.TC_User1.@[user.name].schedule worker create 
+force perm delete com.test.TC_User1.@[user.name].worker * annoy 
+force role delete com.test.TC_User1.@[user.name].manager
+force role delete com.test.TC_User1.@[user.name].worker
+
+# TC_User1.99.10.POS Creds and delegate
+user delegate del @[user.name]
+user cred del m99990@@[user.name].TC_User1.test.com
+user cred del m99995@@[user.name].TC_User1.test.com
+
+as XX@NS
+# TC_User1.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
+
+as testid@aaf.att.com:<pass>
+force role delete com.test.TC_User1.@[user.name].cred_admin
+
+# TC_User1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_User1.@[user.name]
+sleep @[NFR]
+
+# TC_User1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_User1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_User1/Description b/authz-test/TestSuite/TC_User1/Description
new file mode 100644
index 00000000..9f74081d
--- /dev/null
+++ b/authz-test/TestSuite/TC_User1/Description
@@ -0,0 +1,6 @@
+This Testcase Tests the viewability of different user commands
+
+APIs:	
+
+CLI:
+
author	sg481n <sg481n@att.com>	2017-08-28 12:11:35 -0400
committer	sg481n <sg481n@att.com>	2017-08-28 12:11:47 -0400
commit	bd890c575163e4d87ac24198b9c68a39cf4bbc4d (patch)
tree	2d6c5baa66d1df8f8c841d39646e93020ed203bc /authz-test/TestSuite/TC_User1
parent	72b21f2ac109b0d95fef3ef608c0c343337d4ce2 (diff)