diff options
author | sg481n <sg481n@att.com> | 2017-08-03 17:27:34 -0400 |
---|---|---|
committer | sg481n <sg481n@att.com> | 2017-08-03 17:27:34 -0400 |
commit | 43854a9e3310ff7a92257d16c4fc0a8321eaec68 (patch) | |
tree | 46af936c5da4f9c60d7d63dade5c61a8fd5ef9f4 /authz-test/TestSuite | |
parent | f691a8b8dfc9eea4c6b3bfa45ea60f07ad347e69 (diff) |
[AAF-21] Initial code import
Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a
Signed-off-by: sg481n <sg481n@att.com>
Diffstat (limited to 'authz-test/TestSuite')
183 files changed, 10174 insertions, 0 deletions
diff --git a/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt b/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt new file mode 100644 index 00000000..058508a7 --- /dev/null +++ b/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt @@ -0,0 +1,102 @@ +#-------------------------------------------------------------------------------
+# ============LICENSE_START====================================================
+# * org.onap.aai
+# * ===========================================================================
+# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# * Copyright © 2017 Amdocs
+# * ===========================================================================
+# * Licensed under the Apache License, Version 2.0 (the "License");
+# * you may not use this file except in compliance with the License.
+# * You may obtain a copy of the License at
+# *
+# * http://www.apache.org/licenses/LICENSE-2.0
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS,
+# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# * See the License for the specific language governing permissions and
+# * limitations under the License.
+# * ============LICENSE_END====================================================
+# *
+# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+# *
+#-------------------------------------------------------------------------------
+NOTE: You may find slight differences between this readme doc and your actual output in places such as <YOUR_ATTUID>, times, or other such fields that vary for each run.
+
+Do NOT replace anything inside square brackets such as [user.name] Some commands listed here use this notation, but they are set up to work by just copying & pasting the entire command.
+
+run command: sh ./tc MTC_Appr1
+you should see: MTC_Appr1
+ SUCCESS! [MTC_Appr1.2014-11-03_11-26-26]
+
+
+open a broswer and goto the gui for the machine you're on. For example, this is the home page on test machine zltv1492:
+https://zltv1492.vci.att.com:8085/gui/home
+
+click on My Approvals
+
+click the submit button at the bottom of the form with no approve or deny buttons selected
+
+you should see: No Approvals have been sent. Try again
+
+click "Try again" link
+
+you should see: The Approval Request page
+
+NOTE: a radio button is a (filled or unfilled) circle under approve or deny
+click the select all link for approve
+
+you should see: all radio buttons under approve should be selected
+
+click the select all link for deny
+
+you should see: all radio buttons under deny should be selected
+
+click the reset button at the bottom of the form
+
+you should see: NO radio buttons should be selected
+
+Try to select both approve and deny for a single entry
+
+you should: not be able to
+
+approve or deny entries as you like, then click submit
+
+after you have submitted all approvals, go back to My Approvals page
+
+you should see: No Approvals to process at this time
+
+in your command line,
+run command: aafcli ns list name com.test.appr.@[user.name].myProject
+
+NOTE: what you see here will depend on which entries you approved and denied. Included are 2 examples of what you can see:
+
+1) If you approve everything
+
+List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]
+--------------------------------------------------------------------------------
+com.test.appr.<YOUR_ATTUID>.myProject
+ Administrators
+ <YOUR_ATTUID>@csp.att.com
+ Responsible Parties
+ <YOUR_ATTUID>@csp.att.com
+
+
+2) If you deny everything
+
+List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]
+--------------------------------------------------------------------------------
+
+
+run command: sh ./tc MTC_Appr2 dryrun
+you should see: a lot of output. It's fine if you see errors for this command.
+
+run command: aafcli ns list name com.test.appr
+you should see: List Namespaces by Name[com.test.appr]
+--------------------------------------------------------------------------------
+
+
+run command: aafcli ns list name com.test.appr.@[user.name]
+you should see: List Namespaces by Name[com.test.appr.<YOUR_ATTUID>]
+--------------------------------------------------------------------------------
+
diff --git a/authz-test/TestSuite/JU_Lur2_0/10_init b/authz-test/TestSuite/JU_Lur2_0/10_init new file mode 100644 index 00000000..a38e94bf --- /dev/null +++ b/authz-test/TestSuite/JU_Lur2_0/10_init @@ -0,0 +1,34 @@ +as testid@aaf.att.com:<pass> +# JU_Lur2_0.10.0.POS List NS to prove ok +expect 201,409 +ns create com.test.JU_Lur2_0Call @[user.name] testid@aaf.att.com + +# JU_Lur2_0.10.2.POS Create Role in Namespace +role create com.test.JU_Lur2_0Call.role + +# JU_Lur2_0.10.10.POS Create MyInstance Perms +perm create com.test.JU_Lur2_0Call.service myInstance write +perm create com.test.JU_Lur2_0Call.service myInstance read +perm create com.test.JU_Lur2_0Call.service myInstance * + +# JU_Lur2_0.10.11.POS Create kumquat Perms +perm create com.test.JU_Lur2_0Call.service kumquat write +perm create com.test.JU_Lur2_0Call.service kumquat read +perm create com.test.JU_Lur2_0Call.service kumquat * +perm create com.test.JU_Lur2_0Call.service kum.quat read + +# JU_Lur2_0.10.11.POS Create key delimited Perms +perm create com.test.JU_Lur2_0Call.service :myCluster write +perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace write +perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:myCF write +perm create com.test.JU_Lur2_0Call.service :myCluster:*:myCF write +perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:* write + +# JU_Lur2_0.10.20.POS Grant Some Perms to Role +perm grant com.test.JU_Lur2_0Call.service myInstance * com.test.JU_Lur2_0Call.role +perm grant com.test.JU_Lur2_0Call.service kumquat read com.test.JU_Lur2_0Call.role +perm grant com.test.JU_Lur2_0Call.service kum.quat read com.test.JU_Lur2_0Call.role +perm grant com.test.JU_Lur2_0Call.service :myCluster:*:myCF write com.test.JU_Lur2_0Call.role + +# JU_Lur2_0.30.1.POS Add User to ROle +user role add testid@aaf.att.com com.test.JU_Lur2_0Call.role diff --git a/authz-test/TestSuite/JU_Lur2_0/Description b/authz-test/TestSuite/JU_Lur2_0/Description new file mode 100644 index 00000000..748dc675 --- /dev/null +++ b/authz-test/TestSuite/JU_Lur2_0/Description @@ -0,0 +1,2 @@ +Load Data for CADI Test: JU_Lur2_0Call.java + diff --git a/authz-test/TestSuite/MTC_Appr1/00_ids b/authz-test/TestSuite/MTC_Appr1/00_ids new file mode 100644 index 00000000..e5c040ea --- /dev/null +++ b/authz-test/TestSuite/MTC_Appr1/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set XX@NS=<pass> +set testunused@aaf.att.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/MTC_Appr1/10_init b/authz-test/TestSuite/MTC_Appr1/10_init new file mode 100644 index 00000000..f1c61cec --- /dev/null +++ b/authz-test/TestSuite/MTC_Appr1/10_init @@ -0,0 +1,29 @@ + +as testid@aaf.att.com + +# TC_Appr1.10.0.POS List NS to prove ok +expect 200 +ns list name com.test.appr +ns list name com.test.appr.@[user.name] + +# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals +expect 201 +ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Appr1.10.2.POS Create General Namespace to add Approvals +ns create com.test.appr @[user.name] testid@aaf.att.com + +# TC_Appr1.10.10.POS Create Roles in Namespace +role create com.test.appr.@[user.name].addToUserRole +role create com.test.appr.@[user.name].grantToPerm +role create com.test.appr.@[user.name].ungrantFromPerm +role create com.test.appr.@[user.name].grantFirstPerm +role create com.test.appr.@[user.name].grantSecondPerm + +# TC_Appr1.10.12.POS Create Permissions in Namespace +perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm +perm create com.test.appr.@[user.name].grantToRole myInstance myAction +force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole +perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction +perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm + diff --git a/authz-test/TestSuite/MTC_Appr1/15_create b/authz-test/TestSuite/MTC_Appr1/15_create new file mode 100644 index 00000000..8791a3b5 --- /dev/null +++ b/authz-test/TestSuite/MTC_Appr1/15_create @@ -0,0 +1,40 @@ +expect 403 +as testunused@aaf.att.com + +# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request +user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole + +# TC_Appr1.15.02.NEG Create Approval for NS create +ns create com.test.appr.@[user.name].myProject @[user.name] + +# TC_Appr1.15.03.NEG Generate Approval for granting permission to role +perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm + +# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role +perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm + +# TC_Appr1.15.05.NEG Generate Approval for granting permission to role +perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm + +# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role +perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm + +expect 202 +# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request +set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole + +# TC_Appr1.15.52.POS Create Approval for NS create +set request=true ns create com.test.appr.@[user.name].myProject @[user.name] + +# TC_Appr1.15.53.POS Generate Approval for granting permission to role +set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm + +# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role +request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm + +# TC_Appr1.15.55.POS Generate Approval for granting permission to role +request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm + +# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role +request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm + diff --git a/authz-test/TestSuite/MTC_Appr1/Description b/authz-test/TestSuite/MTC_Appr1/Description new file mode 100644 index 00000000..59af5e1d --- /dev/null +++ b/authz-test/TestSuite/MTC_Appr1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of User Credentials + +APIs: + POST /auth/cred + PUT /auth/cred + DELETE /auth/cred + + +CLI: + Target + user addCred :user :password + user delCred :user + Ancillary + ns create + ns delete + diff --git a/authz-test/TestSuite/MTC_Appr2/00_ids b/authz-test/TestSuite/MTC_Appr2/00_ids new file mode 100644 index 00000000..e5c040ea --- /dev/null +++ b/authz-test/TestSuite/MTC_Appr2/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set XX@NS=<pass> +set testunused@aaf.att.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/MTC_Appr2/99_cleanup b/authz-test/TestSuite/MTC_Appr2/99_cleanup new file mode 100644 index 00000000..4d6fa758 --- /dev/null +++ b/authz-test/TestSuite/MTC_Appr2/99_cleanup @@ -0,0 +1,35 @@ + +as testid@aaf.att.com + +expect 200,404 + +# TC_Appr2.99.10.POS Delete UserRoles if exists +user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].deleteThisRole +user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole + +# TC_Appr2.10.11.POS Delete Roles if exists +set force=true role delete com.test.appr.@[user.name].addToUserRole +set force=true role delete com.test.appr.@[user.name].grantToPerm +set force=true role delete com.test.appr.@[user.name].ungrantFromPerm +role delete com.test.appr.@[user.name].grantedRole +role delete com.test.appr.@[user.name].approvedRole +role delete com.test.appr.@[user.name].approvedRole2 +role delete com.test.appr.@[user.name].grantFirstPerm +role delete com.test.appr.@[user.name].grantSecondPerm + +# TC_Appr2.10.12.POS Delete Permissions if exists +perm delete com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].grantedRole +perm delete com.test.appr.@[user.name].grantToRole myInstance myAction +perm delete com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole +perm delete com.test.appr.@[user.name].approvedPerm myInstance myAction +perm delete com.test.appr.@[user.name].approvedPerm * * +perm delete com.test.appr.@[user.name].approvedPerm2 myInstance myAction +perm delete com.test.appr.@[user.name].grantTwoRoles myInstance myAction +perm delete com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction + + +# TC_Appr2.99.80.POS Delete Namespaces for TestSuite if exists +ns delete com.test.appr.@[user.name].myProject +set force=true ns delete com.test.appr.@[user.name] +set force=true ns delete com.test.appr + diff --git a/authz-test/TestSuite/MTC_Appr2/Description b/authz-test/TestSuite/MTC_Appr2/Description new file mode 100644 index 00000000..59af5e1d --- /dev/null +++ b/authz-test/TestSuite/MTC_Appr2/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of User Credentials + +APIs: + POST /auth/cred + PUT /auth/cred + DELETE /auth/cred + + +CLI: + Target + user addCred :user :password + user delCred :user + Ancillary + ns create + ns delete + diff --git a/authz-test/TestSuite/TC_Cred1/00_ids b/authz-test/TestSuite/TC_Cred1/00_ids new file mode 100644 index 00000000..9f6ad902 --- /dev/null +++ b/authz-test/TestSuite/TC_Cred1/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus=boguspass +set XX@NS=<pass> + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Cred1/10_init b/authz-test/TestSuite/TC_Cred1/10_init new file mode 100644 index 00000000..18231c0d --- /dev/null +++ b/authz-test/TestSuite/TC_Cred1/10_init @@ -0,0 +1,36 @@ +as testid@aaf.att.com +# TC_Cred1.10.0.POS List NS to prove ok +expect 200 +ns list name com.test.TC_Cred1.@[user.name] + +# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials +expect 201 +ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Cred1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com +role create com.test.TC_Cred1.@[user.name].pw_reset + +# TC_Cred1.10.11.POS Assign roles to perms +as XX@NS +expect 201 +perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset +perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin +perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_Cred1.10.30.POS Assign user for creating creds +expect 201 +user cred add m99999@@[user.name].TC_Cred1.test.com password123 +set m99999@@[user.name].TC_Cred1.test.com=password123 + + +# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions +expect 201 +user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin + +# TC_Cred1.10.32.POS Remove create rights for testing +expect 200 +user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin + diff --git a/authz-test/TestSuite/TC_Cred1/15_create b/authz-test/TestSuite/TC_Cred1/15_create new file mode 100644 index 00000000..c862d980 --- /dev/null +++ b/authz-test/TestSuite/TC_Cred1/15_create @@ -0,0 +1,33 @@ +# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID +as testunused@aaf.att.com +expect 403 +user cred add m99990@@[user.name].TC_Cred1.test.com password123 + +# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID +as m99999@@[user.name].TC_Cred1.test.com +expect 201 +user cred add m99990@@[user.name].TC_Cred1.test.com password123 + +# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID +as testunused@aaf.att.com +expect 403 +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 + +# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID +as m99999@@[user.name].TC_Cred1.test.com:password123 +expect 200 +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 + +# TC_Cred1.15.12.POS Admin, without reset permission can reset Password +as testid@aaf.att.com +expect 200 +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 + +# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID +expect 200 +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 + +# TC_Cred1.15.20.POS Admin, delete +expect 200 +user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 + diff --git a/authz-test/TestSuite/TC_Cred1/30_multiple_creds b/authz-test/TestSuite/TC_Cred1/30_multiple_creds new file mode 100644 index 00000000..689225e2 --- /dev/null +++ b/authz-test/TestSuite/TC_Cred1/30_multiple_creds @@ -0,0 +1,69 @@ +# TC_Cred1.30.1.NEG Multiple options available to delete +as XX@NS +expect 201 +user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word + +as testid@aaf.att.com +expect 201 +user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD + +# TC_Cred1.30.2.POS Succeeds when we choose last option +expect 200 +user cred del m99990@@[user.name].TC_Cred1.test.com 2 + +# TC_Cred1.30.10.POS Add another credential +expect 201 +user cred add m99990@@[user.name].TC_Cred1.test.com password123 + +# TC_Cred1.30.11.NEG Multiple options available to reset +expect 300 +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 + +# TC_Cred1.30.12.NEG Fails when we choose a bad option +expect 406 +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 + +# TC_Cred1.30.13.POS Succeeds when we choose last option +expect 200 +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 + +#TC_Cred1.30.30.NEG Fails when we don't have specific property +expect 403 +user cred extend m99990@@[user.name].TC_Cred1.test.com + +#### EXTENDS behavior #### +#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission +expect 201 +as XX@NS +role create com.test.TC_Cred1.@[user.name].extendTemp + +#TC_Cred1.30.33.POS Grant Extends Permission to Role +expect 201 +perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp + +#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission +expect 201 +role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS + +#TC_Cred1.30.36.POS Extend Password, expecting Single Response +expect 200 +user cred extend m99990@@[user.name].TC_Cred1.test.com 1 + +#TC_Cred1.30.39.POS Remove Role +expect 200 +set force=true +role delete com.test.TC_Cred1.@[user.name].extendTemp + +#### MULTI CLEANUP ##### +expect 200 +role list user m99990@@[user.name].TC_Cred1.test.com + +# TC_Cred1.30.80.POS Delete all entries for this cred +expect 200 +set force=true +user cred del m99990@@[user.name].TC_Cred1.test.com + +# TC_Cred1.30.99.POS List ns shows no creds attached +expect 200 +ns list name com.test.TC_Cred1.@[user.name] + diff --git a/authz-test/TestSuite/TC_Cred1/99_cleanup b/authz-test/TestSuite/TC_Cred1/99_cleanup new file mode 100644 index 00000000..3af41749 --- /dev/null +++ b/authz-test/TestSuite/TC_Cred1/99_cleanup @@ -0,0 +1,29 @@ +as testid@aaf.att.com +# TC_Cred1.99.1.POS Delete credentials +expect 200,404 +force user cred del m99990@@[user.name].TC_Cred1.test.com + +#TC_Cred1.99.2.POS Ensure Remove Role +expect 200,404 +set force=true +role delete com.test.TC_Cred1.@[user.name].extendTemp + +# TC_Cred1.99.10.POS Remove ability to create creds +force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin +force perm delete com.att.aaf.password com.test reset +force perm delete com.att.aaf.mechid com.test create + +as testid@aaf.att.com +force role delete com.test.TC_Cred1.@[user.name].cred_admin +force role delete com.test.TC_Cred1.@[user.name].pw_reset + +# TC_Cred1.99.99.POS Delete Namespace for TestSuite +set force=true ns delete com.test.TC_Cred1.@[user.name] + +as XX@NS +force ns delete com.test.TC_Cred1.@[user.name] +force ns delete com.test.TC_Cred1 + diff --git a/authz-test/TestSuite/TC_Cred1/Description b/authz-test/TestSuite/TC_Cred1/Description new file mode 100644 index 00000000..59af5e1d --- /dev/null +++ b/authz-test/TestSuite/TC_Cred1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of User Credentials + +APIs: + POST /auth/cred + PUT /auth/cred + DELETE /auth/cred + + +CLI: + Target + user addCred :user :password + user delCred :user + Ancillary + ns create + ns delete + diff --git a/authz-test/TestSuite/TC_DELG1/00_ids b/authz-test/TestSuite/TC_DELG1/00_ids new file mode 100644 index 00000000..0f77e593 --- /dev/null +++ b/authz-test/TestSuite/TC_DELG1/00_ids @@ -0,0 +1,10 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set XX@NS=<pass> +set m99999@@[user.name].delg.test.com=password123 +set bogus@aaf.att.com=boguspass + +#delay 10 +set NFR=0 + diff --git a/authz-test/TestSuite/TC_DELG1/10_init b/authz-test/TestSuite/TC_DELG1/10_init new file mode 100644 index 00000000..558effe0 --- /dev/null +++ b/authz-test/TestSuite/TC_DELG1/10_init @@ -0,0 +1,55 @@ +# TC_DELG1.10.1.POS Check For Existing Data +as testid@aaf.att.com +expect 200 +ns list name com.test.delg.@[user.name] + +as XX@NS +expect 201,409 +perm create com.att.aaf.delg com.att * com.att.admin + +expect 404 +user list delegates delegate @[user.name]@csp.att.com + +as testid@aaf.att.com +# TC_DELG1.10.2.POS Create Namespace to add IDs +expect 201 +ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com + +as XX@NS +# TC_DELG1.10.10.POS Grant ability to change delegates +expect 404 +force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg + +# TC_DELG1.10.11.POS Grant ability to change delegates +expect 201 +role create com.test.delg.@[user.name].change_delg + +# TC_DELG1.10.12.POS Grant ability to change delegates +expect 201 +force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg + +# TC_DELG1.10.14.POS Create user role to change delegates +expect 201 +user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg + +# TC_DELG1.10.15.POS Grant ability to create cred +expect 201 +perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg + +as testid@aaf.att.com +# TC_DELG1.10.30.POS Create cred that will change his own delg +expect 201 +user cred add m99999@@[user.name].delg.test.com password123 + +as XX@NS + TC_DELG1.10.31.POS ungrant ability to create cred +expect 200 +perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg + +as testid@aaf.att.com +# TC_DELG1.10.99.POS Check for Data as Correct +expect 200 +ns list name com.test.delg.@[user.name] + + + diff --git a/authz-test/TestSuite/TC_DELG1/20_create b/authz-test/TestSuite/TC_DELG1/20_create new file mode 100644 index 00000000..2dec8bf3 --- /dev/null +++ b/authz-test/TestSuite/TC_DELG1/20_create @@ -0,0 +1,55 @@ +# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID +expect 404 +user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' + +# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate +expect 404 +user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00' + +# TC_DELG1.20.20.NEG May not change user, no delegate permission +as m99999@@[user.name].delg.test.com +expect 403 +force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' + +as testid@aaf.att.com +# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist +expect 404 +user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' + +# TC_DELG1.20.22.NEG May not create delegate for self. +expect 406 +user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' + +# TC_DELG1.20.23.POS May create delegate for self for tests by forcing. +expect 201 +force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' + +as XX@NS +# TC_DELG1.20.30.POS Expect Delegates for User +expect 200 +user list delegates user @[user.name]@csp.att.com + +as testid@aaf.att.com +# TC_DELG1.20.35.NEG Fail Create when exists +expect 409 +user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' + +as XX@NS +# TC_DELG1.20.40.POS Expect Delegates for User +expect 200 +user list delegates user @[user.name]@csp.att.com + +as testid@aaf.att.com +# TC_DELG1.20.46.POS Update Delegate with new Date +expect 200 +user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00' + +as XX@NS +# TC_DELG1.20.82.POS Expect Delegates for User +expect 200 +user list delegates user @[user.name]@csp.att.com + +# TC_DELG1.20.83.POS Expect Delegate to show up in list +expect 200 +user list delegates delegate @[user.name]@csp.att.com + diff --git a/authz-test/TestSuite/TC_DELG1/99_cleanup b/authz-test/TestSuite/TC_DELG1/99_cleanup new file mode 100644 index 00000000..81dfd74e --- /dev/null +++ b/authz-test/TestSuite/TC_DELG1/99_cleanup @@ -0,0 +1,17 @@ +expect 200,404 +as XX@NS +# TC_DELG1.99.0.POS Check for Data as Correct +ns list name com.test.delg.@[user.name] + +# TC_DELG1.99.10.POS Delete Delegates +user delegate del @[user.name]@csp.att.com + +# TC_DELG1.99.30.POS Delete Namespace com.att.test.id +force ns delete com.test.delg.@[user.name] + +# TC_DELG1.99.98.POS Check for Delegate Data as Correct +user list delegates user @[user.name]@csp.att.com + +# TC_DELG1.99.99.POS Check for NS Data as Correct +ns list name com.test.delg.@[user.name] + diff --git a/authz-test/TestSuite/TC_DELG1/Description b/authz-test/TestSuite/TC_DELG1/Description new file mode 100644 index 00000000..59af5e1d --- /dev/null +++ b/authz-test/TestSuite/TC_DELG1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of User Credentials + +APIs: + POST /auth/cred + PUT /auth/cred + DELETE /auth/cred + + +CLI: + Target + user addCred :user :password + user delCred :user + Ancillary + ns create + ns delete + diff --git a/authz-test/TestSuite/TC_Link/00_ids b/authz-test/TestSuite/TC_Link/00_ids new file mode 100644 index 00000000..0e7a40aa --- /dev/null +++ b/authz-test/TestSuite/TC_Link/00_ids @@ -0,0 +1,9 @@ +expect 0 +set testid=<pass> +set testid@aaf.att.com=<pass> +set XX@NS=<pass> +set testunused=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Link/05_print b/authz-test/TestSuite/TC_Link/05_print new file mode 100644 index 00000000..62d8e256 --- /dev/null +++ b/authz-test/TestSuite/TC_Link/05_print @@ -0,0 +1,6 @@ +expect 200,404 +# TC_05 +ns list name com.test.TC_Link_1.@[user.name] +ns list name com.test.TC_Link_2.@[user.name] +perm list role com.test.TC_Link_1.@[user.name].myRole +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/10_init b/authz-test/TestSuite/TC_Link/10_init new file mode 100644 index 00000000..0f8a4431 --- /dev/null +++ b/authz-test/TestSuite/TC_Link/10_init @@ -0,0 +1,13 @@ +expect 201 +# TC_10 +as XX@NS +ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS +ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS + +role create com.test.TC_Link_1.@[user.name].myRole + +perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction + +perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole + + diff --git a/authz-test/TestSuite/TC_Link/15_print b/authz-test/TestSuite/TC_Link/15_print new file mode 100644 index 00000000..ac60ddcc --- /dev/null +++ b/authz-test/TestSuite/TC_Link/15_print @@ -0,0 +1,6 @@ +# 15_print +expect 200 +ns list name com.test.TC_Link_1.@[user.name] +ns list name com.test.TC_Link_2.@[user.name] +perm list role com.test.TC_Link_1.@[user.name].myRole +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/20_del b/authz-test/TestSuite/TC_Link/20_del new file mode 100644 index 00000000..35a01d39 --- /dev/null +++ b/authz-test/TestSuite/TC_Link/20_del @@ -0,0 +1,3 @@ +expect 200 +role delete com.test.TC_Link_1.@[user.name].myRole + diff --git a/authz-test/TestSuite/TC_Link/25_print b/authz-test/TestSuite/TC_Link/25_print new file mode 100644 index 00000000..ac60ddcc --- /dev/null +++ b/authz-test/TestSuite/TC_Link/25_print @@ -0,0 +1,6 @@ +# 15_print +expect 200 +ns list name com.test.TC_Link_1.@[user.name] +ns list name com.test.TC_Link_2.@[user.name] +perm list role com.test.TC_Link_1.@[user.name].myRole +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/30_readd b/authz-test/TestSuite/TC_Link/30_readd new file mode 100644 index 00000000..69bfb22a --- /dev/null +++ b/authz-test/TestSuite/TC_Link/30_readd @@ -0,0 +1,5 @@ +expect 201 +role create com.test.TC_Link_1.@[user.name].myRole + +perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole + diff --git a/authz-test/TestSuite/TC_Link/35_print b/authz-test/TestSuite/TC_Link/35_print new file mode 100644 index 00000000..ac60ddcc --- /dev/null +++ b/authz-test/TestSuite/TC_Link/35_print @@ -0,0 +1,6 @@ +# 15_print +expect 200 +ns list name com.test.TC_Link_1.@[user.name] +ns list name com.test.TC_Link_2.@[user.name] +perm list role com.test.TC_Link_1.@[user.name].myRole +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/99_delete b/authz-test/TestSuite/TC_Link/99_delete new file mode 100644 index 00000000..8dfcd17b --- /dev/null +++ b/authz-test/TestSuite/TC_Link/99_delete @@ -0,0 +1,5 @@ +as XX@NS:<pass> + +expect 200,404 +force ns delete com.test.TC_Link_2.@[user.name] +force ns delete com.test.TC_Link_1.@[user.name] diff --git a/authz-test/TestSuite/TC_Link/Description b/authz-test/TestSuite/TC_Link/Description new file mode 100644 index 00000000..3abdcad3 --- /dev/null +++ b/authz-test/TestSuite/TC_Link/Description @@ -0,0 +1,9 @@ +This Testcase Tests the essentials of Grants + +APIs: + + +CLI: + Target + Ancillary + diff --git a/authz-test/TestSuite/TC_NS1/00_ids b/authz-test/TestSuite/TC_NS1/00_ids new file mode 100644 index 00000000..26c5db24 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/00_ids @@ -0,0 +1,9 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus@aaf.att.com=boguspass + +#delay 10 +set NFR=0 + + diff --git a/authz-test/TestSuite/TC_NS1/01_ERR_BadData b/authz-test/TestSuite/TC_NS1/01_ERR_BadData new file mode 100644 index 00000000..09b3b949 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/01_ERR_BadData @@ -0,0 +1,14 @@ + +as testid@aaf.att.com +# TC_NS1.01.0.POS Expect Clean Namespace to start +expect 200 +ns list name com.test.TC_NS1.@[user.name] + +# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party +expect 403 +ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS + +# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin +expect 403 +ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS + diff --git a/authz-test/TestSuite/TC_NS1/10_init b/authz-test/TestSuite/TC_NS1/10_init new file mode 100644 index 00000000..b05be769 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/10_init @@ -0,0 +1,30 @@ + +as testid@aaf.att.com +# TC_NS1.10.0.POS Check for Existing Data +expect 200 +ns list name com.test.TC_NS1.@[user.name] + +# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_NS1.10.40.POS Expect Namespace to be created +expect 200 +ns list name com.test.TC_NS1.@[user.name] + +# TC_NS1.10.41.POS Expect Namespace to be created +expect 200 +perm list role com.test.TC_NS1.@[user.name].admin + +# TC_NS1.10.42.POS Expect Namespace to be created +expect 200 +perm list role com.test.TC_NS1.@[user.name].owner + +# TC_NS1.10.43.POS Expect Namespace to be created +expect 200 +role list perm com.test.TC_NS1.@[user.name].access * * + +# TC_NS1.10.44.POS Expect Namespace to be created +expect 200 +role list perm com.test.TC_NS1.@[user.name].access * read + diff --git a/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists b/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists new file mode 100644 index 00000000..b6aa5080 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists @@ -0,0 +1,4 @@ +# TC_NS1.11.1.NEG Create Namespace when exists +expect 409 +ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com + diff --git a/authz-test/TestSuite/TC_NS1/20_Commands b/authz-test/TestSuite/TC_NS1/20_Commands new file mode 100644 index 00000000..b53750a1 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/20_Commands @@ -0,0 +1,7 @@ +# TC_NS1.20.1.NEG Too Few Args for Create 1 +expect Exception +ns create + +# TC_NS1.20.2.NEG Too Few Args for Create 2 +expect Exception +ns create bogus diff --git a/authz-test/TestSuite/TC_NS1/30_add_data b/authz-test/TestSuite/TC_NS1/30_add_data new file mode 100644 index 00000000..830b9658 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/30_add_data @@ -0,0 +1,14 @@ +# TC_NS1.30.10.NEG Non-admins can't change description +expect 403 +as testunused@aaf.att.com +ns describe com.test.TC_NS1.@[user.name] Description for my Namespace + +# TC_NS1.30.11.NEG Namespace must exist to change description +expect 404 +as testid@aaf.att.com +ns describe com.test.TC_NS1.@[user.name].project1 Description for my project + +# TC_NS1.30.12.POS Admin can change description +expect 200 +ns describe com.test.TC_NS1.@[user.name] Description for my Namespace + diff --git a/authz-test/TestSuite/TC_NS1/50_Admin b/authz-test/TestSuite/TC_NS1/50_Admin new file mode 100644 index 00000000..78df9cc8 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/50_Admin @@ -0,0 +1,49 @@ +# TC_NS1.50.1.NEG Adding a Bogus ID +expect 403 +ns admin add com.test.TC_NS1.@[user.name] bogus + +# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain +expect 403 +ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com + +# TC_NS1.50.3.NEG Adding an OK ID, bad domain +expect 403 +ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com + +# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin +expect 404 +ns admin del com.test.TC_NS1.@[user.name] XX@NS + +sleep @[NFR] +# TC_NS1.50.10.POS Adding an OK ID +expect 201 +ns admin add com.test.TC_NS1.@[user.name] XX@NS + +# TC_NS1.50.11.POS Deleting One of Two +expect 200 +ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com + +# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin +expect 404 +ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com + +# TC_NS1.50.13.POS Add ID back in +expect 201 +ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com + +# TC_NS1.50.14.POS Deleting original +expect 200 +ns admin del com.test.TC_NS1.@[user.name] XX@NS + +# TC_NS1.50.15.NEG Can't remove twice +expect 404 +ns admin del com.test.TC_NS1.@[user.name] XX@NS + +# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions +expect 403 +role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain + +# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions +expect 403 +user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin + diff --git a/authz-test/TestSuite/TC_NS1/60_Responsible b/authz-test/TestSuite/TC_NS1/60_Responsible new file mode 100644 index 00000000..c6fc0261 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/60_Responsible @@ -0,0 +1,43 @@ +# TC_NS1.60.1.NEG Adding a Bogus ID +expect 403 +ns responsible add com.test.TC_NS1.@[user.name] bogus + +# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain +expect 403 +ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com + +# TC_NS1.60.3.NEG Adding an OK ID, bad domain +expect 403 +ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com + +# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent +expect 404 +ns responsible del com.test.TC_NS1.@[user.name] testid + +# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent +expect 404 +ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com + +sleep @[NFR] +# TC_NS1.60.10.POS Adding an OK ID +# Note: mw9749 used because we must have employee as responsible +expect 201 +ns responsible add com.test.TC_NS1.@[user.name] mw9749 + +# TC_NS1.60.11.POS Deleting One of Two +expect 200 +ns responsible del com.test.TC_NS1.@[user.name] mw9749 + +# TC_NS1.60.12.NEG mw9749 no longer Admin +expect 404 +ns responsible del com.test.TC_NS1.@[user.name] mw9749 + +# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions +expect 403 +role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain + +# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions +expect 403 +user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner + + diff --git a/authz-test/TestSuite/TC_NS1/80_CheckData b/authz-test/TestSuite/TC_NS1/80_CheckData new file mode 100644 index 00000000..207c75f0 --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/80_CheckData @@ -0,0 +1,15 @@ +sleep @[NFR] +# TC_NS1.80.1.POS List Data on Empty NS +as testid@aaf.att.com + +expect 200 +ns list name com.test.TC_NS1.@[user.name] + +# TC_NS1.80.2.POS Add Roles to NS for Listing +expect 201 +role create com.test.TC_NS1.@[user.name].r.A +role create com.test.TC_NS1.@[user.name].r.B + +# TC_NS1.80.3.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_NS1.@[user.name] diff --git a/authz-test/TestSuite/TC_NS1/90_ERR_Delete b/authz-test/TestSuite/TC_NS1/90_ERR_Delete new file mode 100644 index 00000000..324e829d --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/90_ERR_Delete @@ -0,0 +1,7 @@ +# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace +expect 403 +as testunused@aaf.att.com +ns delete com.test.TC_NS1.@[user.name] + +sleep @[NFR] + diff --git a/authz-test/TestSuite/TC_NS1/99_cleanup b/authz-test/TestSuite/TC_NS1/99_cleanup new file mode 100644 index 00000000..36d5512d --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/99_cleanup @@ -0,0 +1,15 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles +role delete com.test.TC_NS1.@[user.name].r.A +role delete com.test.TC_NS1.@[user.name].r.B + +# TC_NS1.99.2.POS Namespace Admin can delete Namespace +ns delete com.test.TC_NS1.@[user.name] + +sleep @[NFR] + +# TC_NS1.99.99.POS Check Clean Namespace +ns list name com.test.TC_NS1.@[user.name] + diff --git a/authz-test/TestSuite/TC_NS1/Description b/authz-test/TestSuite/TC_NS1/Description new file mode 100644 index 00000000..0cde49ed --- /dev/null +++ b/authz-test/TestSuite/TC_NS1/Description @@ -0,0 +1,15 @@ +This Testcase Tests the essentials of the Namespace, and the NS Commands + +APIs: POST /authz/ns + DELETE /authz/ns/:ns + GET /authz/roles/:role (where Role is NS + "*") + +CLI: + Target + ns create :ns :responsibleParty :admins + ns delete :ns + ns list :ns + Ancillary + role create :role + role list name :role.* + diff --git a/authz-test/TestSuite/TC_NS2/00_ids b/authz-test/TestSuite/TC_NS2/00_ids new file mode 100644 index 00000000..450818e0 --- /dev/null +++ b/authz-test/TestSuite/TC_NS2/00_ids @@ -0,0 +1,10 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus@aaf.att.com=boguspass + +#delay 10 +set NFR=0 + + diff --git a/authz-test/TestSuite/TC_NS2/10_init b/authz-test/TestSuite/TC_NS2/10_init new file mode 100644 index 00000000..73b2cc78 --- /dev/null +++ b/authz-test/TestSuite/TC_NS2/10_init @@ -0,0 +1,71 @@ + +as testid@aaf.att.com +# TC_NS2.10.0.POS Check for Existing Data +expect 200 +ns list name com.test.TC_NS2.@[user.name] + +# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com +ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com + +# TC_NS2.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com + +as XX@NS:<pass> +# TC_NS2.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin + + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +expect 200 +ns list name com.test.TC_NS2.@[user.name] + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +expect 200 +perm list role com.test.TC_NS2.@[user.name].admin + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +expect 200 +perm list role com.test.TC_NS2.@[user.name].owner + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +expect 200 +role list perm com.test.TC_NS2.@[user.name].access * * + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +expect 200 +role list perm com.test.TC_NS2.@[user.name].access * read + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +expect 200 +ns list name com.test.TC_NS2.@[user.name].project + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +expect 200 +perm list role com.test.TC_NS2.@[user.name].project.admin + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +expect 200 +perm list role com.test.TC_NS2.@[user.name].project.owner + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +expect 200 +role list perm com.test.TC_NS2.@[user.name].project.access * * + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +expect 200 +role list perm com.test.TC_NS2.@[user.name].project.access * read + diff --git a/authz-test/TestSuite/TC_NS2/20_add_data b/authz-test/TestSuite/TC_NS2/20_add_data new file mode 100644 index 00000000..ef5e11ea --- /dev/null +++ b/authz-test/TestSuite/TC_NS2/20_add_data @@ -0,0 +1,18 @@ +as testid@aaf.att.com +# TC_NS2.20.1.POS Create roles +expect 201 +role create com.test.TC_NS2.@[user.name].watcher +role create com.test.TC_NS2.@[user.name].myRole + +# TC_NS2.20.2.POS Create permissions +perm create com.test.TC_NS2.@[user.name].myType myInstance myAction +perm create com.test.TC_NS2.@[user.name].myType * * + +# TC_NS2.20.3.POS Create mechid +user cred add m99990@@[user.name].TC_NS2.test.com password123 + +as XX@NS +# TC_NS2.20.10.POS Grant view perms to watcher role +expect 201 +perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher + diff --git a/authz-test/TestSuite/TC_NS2/40_viewByName b/authz-test/TestSuite/TC_NS2/40_viewByName new file mode 100644 index 00000000..6539acc7 --- /dev/null +++ b/authz-test/TestSuite/TC_NS2/40_viewByName @@ -0,0 +1,31 @@ + +as testunused@aaf.att.com +# TC_NS2.40.1.NEG Non-admin, not granted user should not view +expect 403 +ns list name com.test.TC_NS2.@[user.name] + +as testid@aaf.att.com +# Tens test user granted to permission +# TC_NS2.40.10.POS Add user to watcher role +expect 201 +user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher + +as testunused@aaf.att.com +# TC_NS2.40.11.POS Non-admin, granted user should view +expect 200 +ns list name com.test.TC_NS2.@[user.name] + +as testid@aaf.att.com +# TC_NS2.40.19.POS Remove user from watcher role +expect 200 +user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher + +# Thirties test admin user +# TC_NS2.40.20.POS Admin should be able to view +expect 200 +ns list name com.test.TC_NS2.@[user.name] + +# TC_NS2.40.21.POS Admin of parent NS should be able to view +expect 200 +ns list name com.test.TC_NS2.@[user.name].project + diff --git a/authz-test/TestSuite/TC_NS2/41_viewByAdmin b/authz-test/TestSuite/TC_NS2/41_viewByAdmin new file mode 100644 index 00000000..ad15e9d9 --- /dev/null +++ b/authz-test/TestSuite/TC_NS2/41_viewByAdmin @@ -0,0 +1,20 @@ +# TC_NS2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +expect 200 +ns list admin testunused@aaf.att.com + +# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +expect 200 +ns list admin testunused@aaf.att.com + +# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace +as XX@NS +expect 200 +ns list admin testunused@aaf.att.com + +# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace +as testunused@aaf.att.com +expect 200 +ns list admin XX@NS + diff --git a/authz-test/TestSuite/TC_NS2/99_cleanup b/authz-test/TestSuite/TC_NS2/99_cleanup new file mode 100644 index 00000000..24d16d3a --- /dev/null +++ b/authz-test/TestSuite/TC_NS2/99_cleanup @@ -0,0 +1,27 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms +role delete com.test.TC_NS2.@[user.name].myRole +role delete com.test.TC_NS2.@[user.name].watcher +perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction +perm delete com.test.TC_NS2.@[user.name].myType * * +user cred del m99990@@[user.name].TC_NS2.test.com + +as XX@NS +force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read + +# TC_NS2.99.15.POS Remove ability to create creds +perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin + +as testid@aaf.att.com:<pass> +force role delete com.test.TC_NS2.@[user.name].cred_admin + +# TC_NS2.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_NS2.@[user.name].project +force ns delete com.test.TC_NS2.@[user.name] +sleep @[NFR] + +# TC_NS2.99.99.POS Check Clean Namespace +ns list name com.test.TC_NS2.@[user.name] + diff --git a/authz-test/TestSuite/TC_NS2/Description b/authz-test/TestSuite/TC_NS2/Description new file mode 100644 index 00000000..40f2b6c4 --- /dev/null +++ b/authz-test/TestSuite/TC_NS2/Description @@ -0,0 +1,7 @@ +This Testcase Tests the viewability of different ns commands + +APIs: + +CLI: + + diff --git a/authz-test/TestSuite/TC_NS3/00_ids b/authz-test/TestSuite/TC_NS3/00_ids new file mode 100644 index 00000000..ad09d774 --- /dev/null +++ b/authz-test/TestSuite/TC_NS3/00_ids @@ -0,0 +1,10 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set testid_1@test.com=<pass> +set testid_2@test.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_NS3/10_init b/authz-test/TestSuite/TC_NS3/10_init new file mode 100644 index 00000000..b13dcefa --- /dev/null +++ b/authz-test/TestSuite/TC_NS3/10_init @@ -0,0 +1,8 @@ +as XX@NS +expect 200 +ns list name com.test.TC_NS3.@[user.name] + +# TC_NS3.10.1.POS Create Namespace with User ID +expect 201 +ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com + diff --git a/authz-test/TestSuite/TC_NS3/20_add b/authz-test/TestSuite/TC_NS3/20_add new file mode 100644 index 00000000..46ca091e --- /dev/null +++ b/authz-test/TestSuite/TC_NS3/20_add @@ -0,0 +1,56 @@ +as testid_1@test.com +expect Exception +# TC_NS3.20.0.NEG Too short +ns attrib + +# TC_NS3.20.1.NEG Wrong command +ns attrib xyz + +# TC_NS3.20.2.NEG Too Short after Command +ns attrib add + +# TC_NS3.20.3.NEG Too Short after Namespace +ns attrib add com.test.TC_NS3.@[user.name] + +# TC_NS3.20.4.NEG Too Short after Key +ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm + +# TC_NS3.20.5.NEG No Permission +expect 403 +ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 + +# TC_NS3.20.6.POS Create Permission to write Attrib +expect 201 +as XX@NS +perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin + +# TC_NS3.20.6.POS Create Permission +expect 201 +perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin + +# TC_NS3.20.10.POS Attribute added +as testid_1@test.com +expect 201 +ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 + +# TC_NS3.20.30.POS List NS by Attrib +expect 200 +ns list keys TC_NS3_swm + +# TC_NS3.20.40.POS List NS (shows Attrib) +ns list name com.test.TC_NS3.@[user.name]_1 + +# TC_NS3.20.42.POS Change Attrib +ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1 + +# TC_NS3.20.49.POS List NS (shows new Attrib) +ns list name com.test.TC_NS3.@[user.name]_1 + +# TC_NS3.20.80.POS Remove write Permission +expect 200 +perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin + +# TC_NS3.20.83.POS Remove read Permission +expect 200 +perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin + diff --git a/authz-test/TestSuite/TC_NS3/50_delete b/authz-test/TestSuite/TC_NS3/50_delete new file mode 100644 index 00000000..9612a1d3 --- /dev/null +++ b/authz-test/TestSuite/TC_NS3/50_delete @@ -0,0 +1,27 @@ +as testid_1@test.com +expect Exception +# TC_NS3.50.2.NEG Too Short after Command +ns attrib del + +# TC_NS3.50.3.NEG Too Short after Namespace +ns attrib del com.test.TC_NS3.@[user.name] + +# TC_NS3.50.5.NEG No Permission +expect 403 +ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm + +# TC_NS3.50.6.POS Create Permission +as XX@NS +expect 201 +perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin + +# TC_NS3.50.7.POS Attribute added +as testid_1@test.com +expect 200 +ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm + +# TC_NS3.50.8.POS Remove Permission +as XX@NS +expect 200 +perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin + diff --git a/authz-test/TestSuite/TC_NS3/99_cleanup b/authz-test/TestSuite/TC_NS3/99_cleanup new file mode 100644 index 00000000..104831d7 --- /dev/null +++ b/authz-test/TestSuite/TC_NS3/99_cleanup @@ -0,0 +1,14 @@ +expect 200,404 +as testid_1@test.com +# TC_NS3.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_NS3.@[user.name]_1 + +# TC_NS3.99.3.POS Print Namespaces +ns list name com.test.TC_NS3.@[user.name]_1 + +# TC_NS3.99.10.POS Remove Special Permissions +as XX@NS +force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write + +force perm delete com.att.aaf.attrib :com.att.*:* read + diff --git a/authz-test/TestSuite/TC_NS3/Description b/authz-test/TestSuite/TC_NS3/Description new file mode 100644 index 00000000..2283774d --- /dev/null +++ b/authz-test/TestSuite/TC_NS3/Description @@ -0,0 +1,10 @@ +This is a TEMPLATE testcase, to make creating new Test Cases easier. + +APIs: + + +CLI: +ns create +ns delete +as + diff --git a/authz-test/TestSuite/TC_NSdelete1/00_ids b/authz-test/TestSuite/TC_NSdelete1/00_ids new file mode 100644 index 00000000..450818e0 --- /dev/null +++ b/authz-test/TestSuite/TC_NSdelete1/00_ids @@ -0,0 +1,10 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus@aaf.att.com=boguspass + +#delay 10 +set NFR=0 + + diff --git a/authz-test/TestSuite/TC_NSdelete1/10_init b/authz-test/TestSuite/TC_NSdelete1/10_init new file mode 100644 index 00000000..7be6981c --- /dev/null +++ b/authz-test/TestSuite/TC_NSdelete1/10_init @@ -0,0 +1,35 @@ +as testid@aaf.att.com +# TC_NSdelete1.10.0.POS Check for Existing Data +expect 200 +ns list name com.test.TC_NSdelete1.@[user.name].app +ns list name com.test.force.@[user.name] +ns list name com.@[user.name] + +as XX@NS +# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com +ns create com.@[user.name] @[user.name] testid@aaf.att.com +ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com +ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_NSdelete1.10.2.POS Expect Namespace to be created +expect 200 +ns list name com.test.TC_NSdelete1.@[user.name].app +ns list name com.test.TC_NSdelete1.@[user.name] +ns list name com.@[user.name] +ns list name com.test.force.@[user.name] + +# TC_NSdelete1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_NSdelete1.@[user.name].cred_admin + +# TC_NSdelete1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_NSdelete1.10.12.POS Assign user for creating creds +expect 201 +user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin + diff --git a/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp b/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp new file mode 100644 index 00000000..519e135f --- /dev/null +++ b/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp @@ -0,0 +1,30 @@ +as testid@aaf.att.com +# TC_NSdelete1.20.1.POS Create valid Role in my Namespace +expect 201 +role create com.test.TC_NSdelete1.@[user.name].app.r.A + +# TC_NSdelete1.20.2.POS Create valid permission +expect 201 +perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction + +# TC_NSdelete1.20.3.POS Add credential to my namespace +expect 201 +user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123 + +# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential +expect 424 +ns delete com.test.TC_NSdelete1.@[user.name].app + +# TC_NSdelete1.20.11.POS Delete Credential +expect 200 +set force=true +user cred del m99990@app.@[user.name].TC_NSdelete1.test.com + +# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached +expect 424 +ns delete com.test.TC_NSdelete1.@[user.name].app + +# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns +expect 200 +set force=move ns list name com.test.TC_NSdelete1.@[user.name] + diff --git a/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany b/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany new file mode 100644 index 00000000..6c69bb20 --- /dev/null +++ b/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany @@ -0,0 +1,42 @@ +as testid@aaf.att.com +# TC_NSdelete1.30.1.POS Create valid Role in my Namespace +expect 201 +role create com.@[user.name].r.A + +# TC_NSdelete1.30.2.NEG Delete Company with role attached +expect 424 +ns delete com.@[user.name] + +# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles +expect 200 +role delete com.@[user.name].r.A + +# TC_NSdelete1.30.10.POS Create valid permission +expect 201 +perm create com.@[user.name].p.A myInstance myAction + +# TC_NSdelete1.30.11.NEG Delete Company with permission attached +expect 424 +ns delete com.@[user.name] + +# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms +expect 200 +perm delete com.@[user.name].p.A myInstance myAction + +# TC_NSdelete1.30.20.POS Create valid Credential in my namespace +expect 201 +user cred add m99990@@[user.name].com password123 + +# TC_NSdelete1.30.21.NEG Delete Company with credential attached +expect 424 +ns delete com.@[user.name] + +# TC_NSdelete1.30.22.POS Namespace admin can remove Cred +expect 200 +set force=true +user cred del m99990@@[user.name].com + +# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached +expect 200 +ns delete com.@[user.name] + diff --git a/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete b/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete new file mode 100644 index 00000000..c4ae2bb7 --- /dev/null +++ b/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete @@ -0,0 +1,26 @@ +# TC_NSdelete1.40.1.POS Create valid Role in my Namespace
+expect 201
+role create com.test.force.@[user.name].r.A
+
+# TC_NSdelete1.40.2.POS Create valid permission in my Namespace
+expect 201
+perm create com.test.force.@[user.name].p.A myInstance myAction
+
+# TC_NSdelete1.40.3.POS Add credential to my namespace
+expect 201
+user cred add m99990@@[user.name].force.test.com password123
+
+# TC_NSdelete1.40.10.POS Delete Program in my Namespace
+expect 200
+set force=true ns delete com.test.force.@[user.name]
+
+sleep @[NFR]
+# TC_NSdelete1.40.20.NEG Role and permission should not exist
+expect 200,404
+ns list name com.test.force.@[user.name]
+
+# TC_NSdelete1.40.22.NEG Credential should not exist
+expect 404
+set force=true
+user cred del m99990@@[user.name].force.test.com
+
diff --git a/authz-test/TestSuite/TC_NSdelete1/99_cleanup b/authz-test/TestSuite/TC_NSdelete1/99_cleanup new file mode 100644 index 00000000..cb97bc03 --- /dev/null +++ b/authz-test/TestSuite/TC_NSdelete1/99_cleanup @@ -0,0 +1,36 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles +role delete com.test.TC_NSdelete1.@[user.name].app.r.A + +# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles +perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction + +# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials +set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com + +# TC_NSdelete1.99.10.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin + +as testid@aaf.att.com +set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin + +# TC_NSdelete1.99.97.POS Clean Namespace +set force=true ns delete com.test.TC_NSdelete1.@[user.name].app +set force=true ns delete com.test.TC_NSdelete1.@[user.name] +set force=true ns delete com.test.force.@[user.name] + +# TC_NSdelete1.99.98.POS Check Clean Namespace +ns list name com.test.TC_NSdelete1.@[user.name].app +ns list name com.test.TC_NSdelete1.@[user.name] +ns list name com.test.force.@[user.name] + +# TC_NSdelete1.99.99.POS Clean and check Company Namespace +as XX@NS +set force=true ns delete com.@[user.name] +ns list name com.@[user.name] + diff --git a/authz-test/TestSuite/TC_NSdelete1/Description b/authz-test/TestSuite/TC_NSdelete1/Description new file mode 100644 index 00000000..be99e94f --- /dev/null +++ b/authz-test/TestSuite/TC_NSdelete1/Description @@ -0,0 +1,15 @@ +This Testcase Tests the deletion of a Namespace with attached roles and permissions + +APIs: POST /authz/ns + DELETE /authz/ns/:ns + GET /authz/roles/:role (where Role is NS + "*") + +CLI: + Target + ns create :ns :responsibleParty :admins + ns delete :ns + ns list :ns + Ancillary + role create :role + role list name :role.* + diff --git a/authz-test/TestSuite/TC_PW1/00_ids b/authz-test/TestSuite/TC_PW1/00_ids new file mode 100644 index 00000000..7fb0e054 --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set XX@NS=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_PW1/10_init b/authz-test/TestSuite/TC_PW1/10_init new file mode 100644 index 00000000..7614fc4a --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/10_init @@ -0,0 +1,24 @@ + +as testid@aaf.att.com + +# TC_PW1.10.0.POS Validate no NS +expect 200,404 +ns list name com.test.TC_PW1.@[user.name] + +# TC_PW1.10.1.POS Create Namespace to add IDs +expect 201 +ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_PW1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_PW1.@[user.name].cred_admin + +as XX@NS +# TC_PW1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_PW1.10.12.POS Assign user for creating creds +expect 201 +user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin diff --git a/authz-test/TestSuite/TC_PW1/20_length b/authz-test/TestSuite/TC_PW1/20_length new file mode 100644 index 00000000..233683a8 --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/20_length @@ -0,0 +1,10 @@ +# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length +expect 406 +user cred add m12345@TC_PW1.test.com 12 + +# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length +user cred add m12345@TC_PW1.test.com 1 + +# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length +user cred add m12345@TC_PW1.test.com 1234567 + diff --git a/authz-test/TestSuite/TC_PW1/21_groups b/authz-test/TestSuite/TC_PW1/21_groups new file mode 100644 index 00000000..0d853484 --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/21_groups @@ -0,0 +1,40 @@ +# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +expect 406 +user cred add m12345@@[user.name].TC_PW1.test.com 12345678 + +# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +expect 406 +user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh + +# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +expect 406 +user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*" + +# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +expect 201 +user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*" + +sleep @[NFR] +expect 200 +user cred del m12345@@[user.name].TC_PW1.test.com + +# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +expect 201 +user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*" + +sleep @[NFR] +expect 200 +user cred del m12345@@[user.name].TC_PW1.test.com + +# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +expect 201 +user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" + +sleep @[NFR] +expect 200 +user cred del m12345@@[user.name].TC_PW1.test.com + +# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID +expect 406 +user cred add m12345@@[user.name].TC_PW1.test.com m12345 + diff --git a/authz-test/TestSuite/TC_PW1/23_commands b/authz-test/TestSuite/TC_PW1/23_commands new file mode 100644 index 00000000..91502251 --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/23_commands @@ -0,0 +1,6 @@ +# TC_PW1.23.1.NEG Too Few Args for User Cred 1 +expect Exception +user cred + +# TC_PW1.23.2.NEG Too Few Args for User Cred add +user cred add diff --git a/authz-test/TestSuite/TC_PW1/30_reset b/authz-test/TestSuite/TC_PW1/30_reset new file mode 100644 index 00000000..ac058eba --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/30_reset @@ -0,0 +1,15 @@ +# TC_PW1.30.1.POS Create a Credential, with Temporary Time +expect 201 +user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" + +# TC_PW1.30.3.NEG Credential Exists +expect 409 +user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf" + +# TC_PW1.30.8.POS Reset this Password +expect 200 +user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1 + +# TC_PW1.30.9.POS Delete a Credential +user cred del m12345@@[user.name].TC_PW1.test.com 1 + diff --git a/authz-test/TestSuite/TC_PW1/99_cleanup b/authz-test/TestSuite/TC_PW1/99_cleanup new file mode 100644 index 00000000..9de26368 --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/99_cleanup @@ -0,0 +1,21 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com +set force=true +user cred del m12345@@[user.name].TC_PW1.test.com + +# TC_PW1.99.2.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin + +as testid@aaf.att.com +role delete com.test.TC_PW1.@[user.name].cred_admin + +# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1 +ns delete com.test.TC_PW1.@[user.name] + +# TC_PW1.99.99.POS Verify Cleaned NS +ns list name com.test.TC_PW1.@[user.name] diff --git a/authz-test/TestSuite/TC_PW1/Description b/authz-test/TestSuite/TC_PW1/Description new file mode 100644 index 00000000..24180f49 --- /dev/null +++ b/authz-test/TestSuite/TC_PW1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of User Credentials + +APIs: + POST /auth/cred + PUT /auth/cred + DELETE /auth/cred + + +CLI: + Target + user cred add :user :password + user cred del :user + Ancillary + ns create + ns delete + diff --git a/authz-test/TestSuite/TC_Perm1/00_ids b/authz-test/TestSuite/TC_Perm1/00_ids new file mode 100644 index 00000000..0e7a40aa --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/00_ids @@ -0,0 +1,9 @@ +expect 0 +set testid=<pass> +set testid@aaf.att.com=<pass> +set XX@NS=<pass> +set testunused=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm1/10_init b/authz-test/TestSuite/TC_Perm1/10_init new file mode 100644 index 00000000..08a9d171 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/10_init @@ -0,0 +1,23 @@ +# TC_Perm1.10.0.POS Validate Namespace is empty first +as testid@aaf.att.com +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Perm1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_Perm1.@[user.name].cred_admin + +as XX@NS +# TC_Perm1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_Perm1.10.12.POS Assign user for creating creds +expect 201 +user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin + diff --git a/authz-test/TestSuite/TC_Perm1/20_add_data b/authz-test/TestSuite/TC_Perm1/20_add_data new file mode 100644 index 00000000..308170f8 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/20_add_data @@ -0,0 +1,38 @@ +# TC_Perm1.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.20.2.POS Add Perm +expect 201 +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction + +# TC_Perm1.20.3.NEG Already Added Perm +expect 409 +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction + +# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well +expect 201 +force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B + +# TC_Perm1.20.8.POS Print Info for Validation +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well +expect 409 +perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B + +# TC_Perm1.20.10.NEG Non-admins can't change description +expect 403 +as testunused +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A + +# TC_Perm1.20.11.NEG Permission must exist to change description +expect 404 +as testid +perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C + +# TC_Perm1.20.12.POS Admin can change description +expect 200 +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A + diff --git a/authz-test/TestSuite/TC_Perm1/22_rename b/authz-test/TestSuite/TC_Perm1/22_rename new file mode 100644 index 00000000..e2495608 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/22_rename @@ -0,0 +1,52 @@ +# TC_Perm1.22.1.NEG Try to rename permission without changing anything
+expect 409
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.2.NEG Try to rename parent ns
+expect 403
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.22.10.POS View permission in original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.11.POS Rename permission instance
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
+
+# TC_Perm1.22.12.POS Verify change in permission instance
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.13.POS Rename permission action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
+
+# TC_Perm1.22.14.POS Verify change in permission action
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.15.POS Rename permission type
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.16.POS Verify change in permission type
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.20.POS See permission is attached to this role
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.21.POS Rename permission type, instance and action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.22.POS See permission stays attached after rename
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.23.POS Verify permission is back to original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/25_grant_owned b/authz-test/TestSuite/TC_Perm1/25_grant_owned new file mode 100644 index 00000000..3085ace7 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/25_grant_owned @@ -0,0 +1,40 @@ +# TC_Perm1.25.1.POS Create another Role in This namespace +expect 201 +role create com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.2.POS Create another Perm in This namespace +expect 201 +perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction + +# TC_Perm1.25.3.NEG Permission must Exist to Add to Role +expect 404 +perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.4.POS Grant individual new Perm to new Role +expect 201 +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.5.NEG Already Granted Perm +expect 409 +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.6.POS Print Info for Validation +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role +expect 200 +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.11.NEG Already UnGranted Perm +expect 404 +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.20.POS Reset roles attached to permision with setTo +expect 200 +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.25.21.POS Owner of permission can reset roles +expect 200 +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction + diff --git a/authz-test/TestSuite/TC_Perm1/26_grant_unowned b/authz-test/TestSuite/TC_Perm1/26_grant_unowned new file mode 100644 index 00000000..4449624f --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/26_grant_unowned @@ -0,0 +1,175 @@ +# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
+as XX@NS
+expect 201
+ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
+ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
+
+# TC_Perm1.26.2.POS Create ID in other Namespace
+expect 201
+user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
+
+# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
+expect 201
+role create com.test2.TC_Perm1.@[user.name].r.C
+role create com.test2.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 202
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
+as testid@aaf.att.com
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+as testid@aaf.att.com
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.14.POS Create Role
+as testid@aaf.att.com
+expect 201
+role create com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.16.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.17.POS Grant individual new Perm to new Role
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.18.NEG Already Granted Perm
+expect 409
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 202
+set request=true
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+
+# TC_Perm1.26.30.POS Add ID to Role
+as XX@NS:<pass>
+expect 201
+ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+sleep @[NFR]
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+
+# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
+expect 201
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.34.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+as XX@NS
+# TC_Perm1.26.35.POS Print Info for Validation
+expect 200
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
+as testid@aaf.att.com
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.37.NEG Already UnGranted Perm
+expect 404
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
+expect 403
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
+expect 403
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.45.POS Owner of permission can reset roles
+as testid@aaf.att.com
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+as XX@NS
+# TC_Perm1.26.97.POS List the Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.98.POS Cleanup
+expect 200
+role delete com.test.TC_Perm1.@[user.name].r.A
+role delete com.test.TC_Perm1.@[user.name].r.B
+role delete com.test.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+as XX@NS
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+role delete com.test2.TC_Perm1.@[user.name].r.C
+as testid@aaf.att.com
+perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+force ns delete com.test.TC_Perm1.@[user.name]_2
+as XX@NS
+set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
+ns delete com.test2.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.99.POS List the Now Empty Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/27_grant_force b/authz-test/TestSuite/TC_Perm1/27_grant_force new file mode 100644 index 00000000..12ee9839 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/27_grant_force @@ -0,0 +1,29 @@ +# TC_Perm1.27.1.POS Create Permission +expect 201 +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction + +# TC_Perm1.27.2.POS Create Role +expect 201 +role create com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force +expect 404 +perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown + +# TC_Perm1.27.11.POS Role is created with force +expect 201 +force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown + +# TC_Perm1.27.12.NEG Perm must Exist to Grant without force +expect 404 +perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.27.13.POS Perm is created with force +expect 201 +force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.27.14.POS Role and perm are created with force +expect 201 +force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 + + diff --git a/authz-test/TestSuite/TC_Perm1/30_change_ns b/authz-test/TestSuite/TC_Perm1/30_change_ns new file mode 100644 index 00000000..a92562a6 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/30_change_ns @@ -0,0 +1,14 @@ +# TC_Perm1.30.1.POS List Data on non-Empty NS +as testid +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist +expect 201 +ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com + +# TC_Perm1.30.3.POS List Data on NS with sub-roles +expect 200 +ns list name com.test.TC_Perm1.@[user.name] +ns list name com.test.TC_Perm1.@[user.name].r + diff --git a/authz-test/TestSuite/TC_Perm1/99_cleanup b/authz-test/TestSuite/TC_Perm1/99_cleanup new file mode 100644 index 00000000..222e2a4c --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/99_cleanup @@ -0,0 +1,42 @@ +as XX@NS:<pass> +expect 200,404 + +# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles +set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction +role delete com.test.TC_Perm1.@[user.name].r.A +role delete com.test.TC_Perm1.@[user.name].r.B +role delete com.test.TC_Perm1.@[user.name].r.C +role delete com.test.TC_Perm1.@[user.name].r.unknown +role delete com.test.TC_Perm1.@[user.name].r.unknown2 +role delete com.test2.TC_Perm1.@[user.name].r.C +role delete com.test.TC_Perm1.@[user.name]_2.r.C +role delete com.test2.TC_Perm1.@[user.name]_2.r.C + +# TC_Perm1.99.2.POS Remove ability to create creds +user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin + +as XX@NS:<pass> +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin + +as testid@aaf.att.com:<pass> +role delete com.test.TC_Perm1.@[user.name].cred_admin + +sleep @[NFR] +as XX@NS:<pass> +# TC_Perm1.99.98.POS Namespace Admin can delete Namespace +set force=true ns delete com.test2.TC_Perm1.@[user.name] +as testid:<pass> +force ns delete com.test.TC_Perm1.@[user.name].r +force ns delete com.test.TC_Perm1.@[user.name]_2 +force ns delete com.test.TC_Perm1.@[user.name] +force ns delete com.test2.TC_Perm1.@[user.name] + +# TC_Perm1.99.99.POS List to prove removed +ns list name com.test.TC_Perm1.@[user.name] +ns list name com.test.TC_Perm1.@[user.name].r +ns list name com.test.TC_Perm1.@[user.name]_2 +ns list name com.test2.TC_Perm1.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm1/Description b/authz-test/TestSuite/TC_Perm1/Description new file mode 100644 index 00000000..012a12b1 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of the Namespace, and the NS Commands + +APIs: + + + +CLI: + Target + role create :role + role delete + ns delete :ns + ns list :ns + Ancillary + role create :role + role list name :role.* + diff --git a/authz-test/TestSuite/TC_Perm2/00_ids b/authz-test/TestSuite/TC_Perm2/00_ids new file mode 100644 index 00000000..f7196fc8 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/00_ids @@ -0,0 +1,8 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm2/10_init b/authz-test/TestSuite/TC_Perm2/10_init new file mode 100644 index 00000000..dbda5edc --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/10_init @@ -0,0 +1,8 @@ +as testid@aaf.att.com +# TC_Perm2.10.0.POS Print NS to prove ok +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com diff --git a/authz-test/TestSuite/TC_Perm2/20_add_data b/authz-test/TestSuite/TC_Perm2/20_add_data new file mode 100644 index 00000000..dfcff2fc --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/20_add_data @@ -0,0 +1,44 @@ +as testid@aaf.att.com:<pass> +# TC_Perm2.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.20.10.POS Add Perms with specific Instance and Action +expect 201 +perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction + +# TC_Perm2.20.11.POS Add Perms with specific Instance and Star +expect 201 +perm create com.test.TC_Perm2.@[user.name].p.A myInstance * + +# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action +expect 201 +perm create com.test.TC_Perm2.@[user.name].p.A * * +perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy + +# TC_Perm2.20.20.POS Create role +expect 201 +role create com.test.TC_Perm2.@[user.name].p.superUser +role create com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.20.21.POS Grant sub-NS perms to role +expect 201 +perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser +perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser +perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser +perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.20.30.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.20.40.POS Create role +expect 201 +role create com.test.TC_Perm2.@[user.name].p.watcher + +as XX@NS +# TC_Perm2.20.50.POS Grant view perms to watcher role +expect 201 +perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher +perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher + diff --git a/authz-test/TestSuite/TC_Perm2/30_change_ns b/authz-test/TestSuite/TC_Perm2/30_change_ns new file mode 100644 index 00000000..b69f9e8d --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/30_change_ns @@ -0,0 +1,14 @@ +as testid@aaf.att.com +# TC_Perm2.30.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist +expect 201 +ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com + +# TC_Perm2.30.3.POS List Data on NS with sub-roles +expect 200 +ns list name com.test.TC_Perm2.@[user.name] +ns list name com.test.TC_Perm2.@[user.name].p + diff --git a/authz-test/TestSuite/TC_Perm2/40_viewByType b/authz-test/TestSuite/TC_Perm2/40_viewByType new file mode 100644 index 00000000..cef41b05 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/40_viewByType @@ -0,0 +1,82 @@ + +as testunused@aaf.att.com +# TC_Perm2.40.1.NEG Non-admin, not granted user should not view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# Tens test user granted to permission +# TC_Perm2.40.10.POS Add user to superUser role +expect 201 +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser + +as testunused@aaf.att.com +# TC_Perm2.40.11.POS Non-admin, granted user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# TC_Perm2.40.12.POS Ungrant perm with wildcards +expect 200 +perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser + +as testunused@aaf.att.com +# TC_Perm2.40.13.POS Non-admin, granted user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# TC_Perm2.40.19.POS Remove user from superUser role +expect 200 +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser + +# Twenties test user granted explicit view permission +# TC_Perm2.40.20.POS Add user to watcher role +expect 201 +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher + +as testunused@aaf.att.com +# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as XX@NS +# TC_Perm2.40.22.POS Ungrant perm with wildcards +expect 200 +perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher + +as testunused@aaf.att.com +# TC_Perm2.40.23.POS Non-admin, granted user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# TC_Perm2.40.29.POS Remove user from watcher role +expect 200 +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher + +# Thirties test admin user +# TC_Perm2.40.30.POS Admin should be able to view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +# TC_Perm2.40.31.POS Add new admin for sub-NS +expect 201 +ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com + +# TC_Perm2.40.32.POS Remove admin from sub-NS +expect 200 +ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com + +# TC_Perm2.40.34.POS Admin of parent NS should be able to view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +# TC_Perm2.40.80.POS Add new admin for sub-NS +expect 201 +ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com + +# TC_Perm2.40.81.POS Remove admin from sub-NS +expect 200 +ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com + diff --git a/authz-test/TestSuite/TC_Perm2/41_viewByUser b/authz-test/TestSuite/TC_Perm2/41_viewByUser new file mode 100644 index 00000000..51c2ecb4 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/41_viewByUser @@ -0,0 +1,34 @@ +# TC_Perm2.41.1.POS Add user to some roles with perms attached +as testid@aaf.att.com +expect 201 +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +expect 200 +perm list user testunused@aaf.att.com + +# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +expect 200 +perm list user testunused@aaf.att.com + +# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace +as XX@NS +expect 200 +perm list user testunused@aaf.att.com + +# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) +as testunused@aaf.att.com +expect 200 +perm list user XX@NS + +# TC_Perm2.41.99.POS Remove users from roles for later test +as testid@aaf.att.com +expect 200 +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret + diff --git a/authz-test/TestSuite/TC_Perm2/42_viewByNS b/authz-test/TestSuite/TC_Perm2/42_viewByNS new file mode 100644 index 00000000..69f4ed63 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/42_viewByNS @@ -0,0 +1,10 @@ +# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS +as testid@aaf.att.com +expect 200 +perm list ns com.test.TC_Perm2.@[user.name].p + +# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS +as testunused@aaf.att.com +expect 403 +perm list ns com.test.TC_Perm2.@[user.name].p + diff --git a/authz-test/TestSuite/TC_Perm2/43_viewByRole b/authz-test/TestSuite/TC_Perm2/43_viewByRole new file mode 100644 index 00000000..29585b47 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/43_viewByRole @@ -0,0 +1,15 @@ +# TC_Perm2.43.10.POS List perms when allowed to see Role +as testid@aaf.att.com +expect 200 +perm list role com.test.TC_Perm2.@[user.name].p.superUser +perm list role com.test.TC_Perm2.@[user.name].p.watcher +perm list role com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role +as testunused@aaf.att.com +expect 403 +perm list role com.test.TC_Perm2.@[user.name].p.superUser +perm list role com.test.TC_Perm2.@[user.name].p.watcher +perm list role com.test.TC_Perm2.@[user.name].p.secret + + diff --git a/authz-test/TestSuite/TC_Perm2/99_cleanup b/authz-test/TestSuite/TC_Perm2/99_cleanup new file mode 100644 index 00000000..2d853869 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/99_cleanup @@ -0,0 +1,24 @@ +as testid@aaf.att.com +# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles +expect 200,404 + +force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction +force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance * +force perm delete com.test.TC_Perm2.@[user.name].p.A * * +force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy +force role delete com.test.TC_Perm2.@[user.name].p.watcher +force role delete com.test.TC_Perm2.@[user.name].p.superUser +force role delete com.test.TC_Perm2.@[user.name].p.secret + +as XX@NS +force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view +force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view + +# TC_Perm2.99.2.POS Namespace Admin can delete Namespace +expect 200,404 +force ns delete com.test.TC_Perm2.@[user.name].p +force ns delete com.test.TC_Perm2.@[user.name] + +# TC_Perm2.99.3.POS Print Namespaces +ns list name com.test.TC_Perm2.@[user.name].p +ns list name com.test.TC_Perm2.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm2/Description b/authz-test/TestSuite/TC_Perm2/Description new file mode 100644 index 00000000..96cb3708 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/Description @@ -0,0 +1,9 @@ +This Testcase Tests the viewability of different perm commands + +APIs: + + + +CLI: + + diff --git a/authz-test/TestSuite/TC_Perm3/00_ids b/authz-test/TestSuite/TC_Perm3/00_ids new file mode 100644 index 00000000..ad09d774 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm3/00_ids @@ -0,0 +1,10 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set testid_1@test.com=<pass> +set testid_2@test.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm3/10_init b/authz-test/TestSuite/TC_Perm3/10_init new file mode 100644 index 00000000..f8e2ebf1 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm3/10_init @@ -0,0 +1,16 @@ +as XX@NS +# TC_Perm3.10.0.POS Print NS to prove ok +expect 200 +ns list name com.test.TC_Perm3.@[user.name] + +# TC_Perm3.10.1.POS Create Namespace with User ID +expect 201 +ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com + +# TC_Perm3.10.2.POS Create Namespace with Different ID +expect 201 +ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com + +# TC_Perm3.10.3.POS Create Namespace in Different Company +expect 201 +ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com diff --git a/authz-test/TestSuite/TC_Perm3/20_innerGrants b/authz-test/TestSuite/TC_Perm3/20_innerGrants new file mode 100644 index 00000000..4f6482cd --- /dev/null +++ b/authz-test/TestSuite/TC_Perm3/20_innerGrants @@ -0,0 +1,29 @@ +as testid_1@test.com + +# TC_Perm3.20.0.POS User1 Create a Perm +expect 201 +perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction + +# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group +expect 403 +role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a + +# TC_Perm3.20.6.POS User2 should be able to create Role in own group +as testid_2@test.com +expect 201 +role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a + +# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role +expect 403 +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a + +# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2 +as testid_2@test.com +expect 403 +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a + +# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1 +expect 201 +as testid_1@test.com +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a + diff --git a/authz-test/TestSuite/TC_Perm3/30_outerGrants b/authz-test/TestSuite/TC_Perm3/30_outerGrants new file mode 100644 index 00000000..ca2f7c53 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm3/30_outerGrants @@ -0,0 +1,23 @@ +# TC_Perm3.30.0.POS User1 Create a Perm +as testid_1@test.com +expect 201 +perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction + +# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group +expect 403 +role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b + +# TC_Perm3.30.6.POS User2 should be able to create Role in own group +as testunused@aaf.att.com +expect 201 +role create com.att.TC_Perm3.@[user.name].dev.myRole_b + +# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role +expect 403 +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b + +# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm +as testid_1@test.com +expect 403 +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b + diff --git a/authz-test/TestSuite/TC_Perm3/99_cleanup b/authz-test/TestSuite/TC_Perm3/99_cleanup new file mode 100644 index 00000000..89b20783 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm3/99_cleanup @@ -0,0 +1,22 @@ +expect 200,404 +as testid_1@test.com +# TC_Perm3.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Perm3.@[user.name]_1 + +# TC_Perm3.99.3.POS Print Namespaces +ns list name com.test.TC_Perm3.@[user.name]_1 + +as testid_2@test.com +# TC_Perm3.99.4.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Perm3.@[user.name]_2 + +# TC_Perm3.99.5.POS Print Namespaces +ns list name com.test.TC_Perm3.@[user.name]_2 + + +as testunused@aaf.att.com +# TC_Perm3.99.6.POS Remove Namespace from other company +force ns delete com.att.TC_Perm3.@[user.name] + +# TC_Perm3.99.7.POS Print Namespace from other company +ns list name com.att.TC_Perm3.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm3/Description b/authz-test/TestSuite/TC_Perm3/Description new file mode 100644 index 00000000..9f572aa2 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm3/Description @@ -0,0 +1,13 @@ +This is a targeted Test Case specifically to cover Inner and Outer Granting. + +APIs: + + +CLI: +ns create +ns delete +perm create +perm grant +role create +as + diff --git a/authz-test/TestSuite/TC_Realm1/00_ids b/authz-test/TestSuite/TC_Realm1/00_ids new file mode 100644 index 00000000..7fb0e054 --- /dev/null +++ b/authz-test/TestSuite/TC_Realm1/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set XX@NS=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Realm1/10_init b/authz-test/TestSuite/TC_Realm1/10_init new file mode 100644 index 00000000..6fee8d9f --- /dev/null +++ b/authz-test/TestSuite/TC_Realm1/10_init @@ -0,0 +1,20 @@ + +as testid@aaf.att.com + +# TC_Realm1.10.0.POS Validate no NS +expect 200,404 +ns list name com.test.TC_Realm1.@[user.name] + +# TC_Realm1.10.1.POS Create Namespace to add IDs +expect 201 +ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com + +as XX@NS +# TC_Realm1.10.10.POS Grant ability to change delegates +expect 201 +force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg + +# TC_Realm1.10.11.POS Create user role to change delegates +expect 201 +user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg + diff --git a/authz-test/TestSuite/TC_Realm1/20_ns b/authz-test/TestSuite/TC_Realm1/20_ns new file mode 100644 index 00000000..b090d96d --- /dev/null +++ b/authz-test/TestSuite/TC_Realm1/20_ns @@ -0,0 +1,26 @@ + +as testid@aaf.att.com +# TC_Realm1.20.1.NEG Fail to create - default domain wrong +expect 403 +ns create com.test.TC_Realm1.@[user.name].project1 testunused + +# TC_Realm1.20.2.POS Create - default domain appended +expect 201 +ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name] + +# TC_Realm1.20.3.NEG Fail to create - default domain wrong +expect 403 +ns admin add com.test.TC_Realm1.@[user.name].project1 testunused + +# TC_Realm1.20.4.POS Create - full domain given +expect 201 +ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com + +# TC_Realm1.20.5.POS Delete - default domain appended +expect 200 +ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name] + +# TC_Realm1.20.6.POS Add admin - default domain appended +expect 201 +ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name] + diff --git a/authz-test/TestSuite/TC_Realm1/30_role b/authz-test/TestSuite/TC_Realm1/30_role new file mode 100644 index 00000000..ea99bc25 --- /dev/null +++ b/authz-test/TestSuite/TC_Realm1/30_role @@ -0,0 +1,20 @@ +# TC_Realm1.30.1.POS Create role to add to users +expect 201 +role create com.test.TC_Realm1.@[user.name].role1 + +# TC_Realm1.30.2.NEG Add user, but default domain wrong +expect 403 +role user add com.test.TC_Realm1.@[user.name].role1 testunused + +# TC_Realm1.30.3.POS Add user, with default domain appended +expect 201 +role user add com.test.TC_Realm1.@[user.name].role1 @[user.name] + +# TC_Realm1.30.10.POS Role list, with default domain added +expect 200 +role list user testunused + +# TC_Realm1.30.80.POS Delete user, with default domain appended +expect 200 +role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] + diff --git a/authz-test/TestSuite/TC_Realm1/40_user b/authz-test/TestSuite/TC_Realm1/40_user new file mode 100644 index 00000000..629251ea --- /dev/null +++ b/authz-test/TestSuite/TC_Realm1/40_user @@ -0,0 +1,42 @@ +# TC_Realm1.40.1.POS Create role to add to users +expect 201 +role create com.test.TC_Realm1.@[user.name].role2 + +# TC_Realm1.40.2.NEG Add user, but default domain wrong +expect 403 +user role add testunused com.test.TC_Realm1.@[user.name].role2 + +# TC_Realm1.40.3.POS Add user, with default domain appended +expect 201 +user role add @[user.name] com.test.TC_Realm1.@[user.name].role2 + +# TC_Realm1.40.10.NEG Add delegate, but default domain wrong +expect 404 +user delegate add testunused testid 2099-01-01 + +# TC_Realm1.40.11.POS Add delegate, with default domain appended +expect 201 +force user delegate add @[user.name] @[user.name] 2099-01-01 + +# TC_Realm1.40.12.POS Update delegate, with default domain appended +expect 200 +user delegate upd @[user.name] @[user.name] 2099-01-01 + +as XX@NS +# TC_Realm1.40.20.POS List delegate, with default domain appended +expect 200 +user list delegates user @[user.name] + +# TC_Realm1.40.21.POS List delegate, with default domain appended +expect 200 +user list delegates delegate @[user.name] + +as testid@aaf.att.com +# TC_Realm1.40.80.POS Delete user, with default domain appended +expect 200 +user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 + +# TC_Realm1.40.81.POS Delete delegate, with default domain appended +expect 200 +user delegate del @[user.name] + diff --git a/authz-test/TestSuite/TC_Realm1/99_cleanup b/authz-test/TestSuite/TC_Realm1/99_cleanup new file mode 100644 index 00000000..cf8c3a90 --- /dev/null +++ b/authz-test/TestSuite/TC_Realm1/99_cleanup @@ -0,0 +1,28 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_Realm1.99.1.POS Delete delgates +user delegate del @[user.name] + +# TC_Realm1.99.2.POS Delete user roles +role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] +user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 + +# TC_Realm1.99.3.POS Delete roles +role delete com.test.TC_Realm1.@[user.name].role1 +role delete com.test.TC_Realm1.@[user.name].role2 + +as XX@NS +# TC_Realm1.99.10.POS UnGrant ability to change delegates +perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg + +as testid@aaf.att.com +# TC_Realm1.99.11.POS Delete role to change delegates +set force=true role delete com.test.TC_Realm1.@[user.name].change_delg + +# TC_Realm1.99.98.POS Delete Namespaces +ns delete com.test.TC_Realm1.@[user.name] +ns delete com.test.TC_Realm1.@[user.name].project1 + +# TC_Realm1.99.99.POS Verify Cleaned NS +ns list name com.test.TC_Realm1.@[user.name] diff --git a/authz-test/TestSuite/TC_Realm1/Description b/authz-test/TestSuite/TC_Realm1/Description new file mode 100644 index 00000000..edd16859 --- /dev/null +++ b/authz-test/TestSuite/TC_Realm1/Description @@ -0,0 +1,2 @@ +This Testcase tests that the default domain is appended before being sent to the server + diff --git a/authz-test/TestSuite/TC_Role1/00_ids b/authz-test/TestSuite/TC_Role1/00_ids new file mode 100644 index 00000000..7fb0e054 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set XX@NS=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Role1/10_init b/authz-test/TestSuite/TC_Role1/10_init new file mode 100644 index 00000000..4af50879 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/10_init @@ -0,0 +1,23 @@ +as testid@aaf.att.com + +# TC_Role1.10.0.POS Validate NS ok +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Role1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_Role1.@[user.name].cred_admin + +as XX@NS +# TC_Role1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_Role1.10.12.POS Assign user for creating creds +expect 201 +user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin diff --git a/authz-test/TestSuite/TC_Role1/20_add_data b/authz-test/TestSuite/TC_Role1/20_add_data new file mode 100644 index 00000000..43c97d92 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/20_add_data @@ -0,0 +1,40 @@ +# TC_Role1.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.20.2.POS Add Roles +expect 201 +role create com.test.TC_Role1.@[user.name].r.A +role create com.test.TC_Role1.@[user.name].r.B + +# TC_Role1.20.3.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.20.4.NEG Don't write over Role +expect 409 +role create com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.20.5.NEG Don't allow non-user to create +expect 401 +as bogus +role create com.test.TC_Role1.@[user.name].r.No + +# TC_Role1.20.6.NEG Don't allow non-user to create without Approval +expect 403 +as testunused@aaf.att.com +role create com.test.TC_Role1.@[user.name].r.No + +# TC_Role1.20.10.NEG Non-admins can't change description +expect 403 +as testunused@aaf.att.com +role describe com.test.TC_Role1.@[user.name].r.A Description A + +# TC_Role1.20.11.NEG Role must exist to change description +expect 404 +as testid@aaf.att.com +role describe com.test.TC_Role1.@[user.name].r.C Description C + +# TC_Role1.20.12.POS Admin can change description +expect 200 +role describe com.test.TC_Role1.@[user.name].r.A Description A diff --git a/authz-test/TestSuite/TC_Role1/30_change_ns b/authz-test/TestSuite/TC_Role1/30_change_ns new file mode 100644 index 00000000..4d32f656 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/30_change_ns @@ -0,0 +1,14 @@ +# TC_Role1.30.1.POS List Data on non-Empty NS +as testid@aaf.att.com +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.30.2.POS Create Sub-ns when Roles that exist +expect 201 +ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com + +# TC_Role1.30.3.POS List Data on NS with sub-roles +expect 200 +ns list name com.test.TC_Role1.@[user.name] +ns list name com.test.TC_Role1.@[user.name].r + diff --git a/authz-test/TestSuite/TC_Role1/40_reports b/authz-test/TestSuite/TC_Role1/40_reports new file mode 100644 index 00000000..657d1c7c --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/40_reports @@ -0,0 +1,24 @@ +# TC_Role1.40.01.POS List Data on non-Empty NS +expect 200 +role list role com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.20.POS Create a Perm, and add to Role +expect 201 +perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.25.POS List +expect 200 +role list role com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.30.POS Create a Perm +expect 201 +perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case + +# TC_Role1.40.32.POS Separately Grant Perm +expect 201 +perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.35.POS List +expect 200 +role list role com.test.TC_Role1.@[user.name].r.A + diff --git a/authz-test/TestSuite/TC_Role1/50_force_delete b/authz-test/TestSuite/TC_Role1/50_force_delete new file mode 100644 index 00000000..ef334b24 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/50_force_delete @@ -0,0 +1,28 @@ +# TC_Role1.50.1.POS Create user to attach to role
+expect 201
+user cred add m00001@@[user.name].TC_Role1.test.com password123
+
+# TC_Role1.50.2.POS Create new role
+expect 201
+role create com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.3.POS Attach user to role
+expect 201
+user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.4.POS Create permission and attach to role
+expect 201
+perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.20.NEG Delete role with permission and user attached should fail
+expect 424
+role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.21.POS Force delete role should work
+expect 200
+set force=true role delete com.test.TC_Role1.@[user.name].r.C
+
+# TC_Role1.50.30.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Role1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Role1/90_wait b/authz-test/TestSuite/TC_Role1/90_wait new file mode 100644 index 00000000..91d890f0 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/90_wait @@ -0,0 +1,2 @@ +# Need to let DB catch up on deletes +sleep @[NFR] diff --git a/authz-test/TestSuite/TC_Role1/99_cleanup b/authz-test/TestSuite/TC_Role1/99_cleanup new file mode 100644 index 00000000..63e240eb --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/99_cleanup @@ -0,0 +1,34 @@ +as testid@aaf.att.com +expect 200,404 + +# TC_Role1.99.05.POS Remove Permissions from "40_reports" +set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT +set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case + +# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles +force role delete com.test.TC_Role1.@[user.name].r.A +force role delete com.test.TC_Role1.@[user.name].r.B +force role delete com.test.TC_Role1.@[user.name].r.C + +# TC_Role1.99.15.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin + +as testid@aaf.att.com +role delete com.test.TC_Role1.@[user.name].cred_admin + +# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials +perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction +set force=true +user cred del m00001@@[user.name].TC_Role1.test.com + +# TC_Role1.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Role1.@[user.name].r +force ns delete com.test.TC_Role1.@[user.name] + +# TC_Role1.99.99.POS List to prove clean Namespaces +ns list name com.test.TC_Role1.@[user.name].r +ns list name com.test.TC_Role1.@[user.name] + diff --git a/authz-test/TestSuite/TC_Role1/Description b/authz-test/TestSuite/TC_Role1/Description new file mode 100644 index 00000000..012a12b1 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of the Namespace, and the NS Commands + +APIs: + + + +CLI: + Target + role create :role + role delete + ns delete :ns + ns list :ns + Ancillary + role create :role + role list name :role.* + diff --git a/authz-test/TestSuite/TC_Role2/00_ids b/authz-test/TestSuite/TC_Role2/00_ids new file mode 100644 index 00000000..f7196fc8 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/00_ids @@ -0,0 +1,8 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Role2/10_init b/authz-test/TestSuite/TC_Role2/10_init new file mode 100644 index 00000000..dbe7b858 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/10_init @@ -0,0 +1,8 @@ +as testid@aaf.att.com +# TC_Role2.10.0.POS Print NS to prove ok +expect 200 +ns list name com.test.TC_Role2.@[user.name] + +# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com diff --git a/authz-test/TestSuite/TC_Role2/20_add_data b/authz-test/TestSuite/TC_Role2/20_add_data new file mode 100644 index 00000000..6b85dea1 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/20_add_data @@ -0,0 +1,39 @@ +############## +# Testing Model +# We are making a Testing model based loosely on George Orwell's Animal Farm +# In Animal Farm, Animals did all the work but didn't get any priviledges. +# In our test, the animals can't see anything but their own role, etc +# Dogs were supervisors, and ostensibly did something, though mostly laid around +# In our test, they have Implicit Permissions by being Admins +# Pigs were the Elite. They did nothing, but watch everyone and eat the produce +# In our test, they have Explicit Permissions to see everything they want +############## +as testid@aaf.att.com:<pass> +# TC_Role2.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Role2.@[user.name] + +# TC_Role2.20.10.POS Create Orwellian Roles +expect 201 +role create com.test.TC_Role2.@[user.name].r.animals +role create com.test.TC_Role2.@[user.name].r.dogs +role create com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles +expect 201 +perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals +perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs +perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs +perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs + +# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs +expect 201 +as XX@NS:<pass> +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.20.60.POS List Data on non-Empty NS +expect 200 +as testid@aaf.att.com:<pass> +ns list name com.test.TC_Role2.@[user.name] + diff --git a/authz-test/TestSuite/TC_Role2/40_viewByName b/authz-test/TestSuite/TC_Role2/40_viewByName new file mode 100644 index 00000000..a6ec33c5 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/40_viewByName @@ -0,0 +1,45 @@ +as XX@NS +# TC_Role2.40.1.POS List Data on Role +expect 200 +role list role com.test.TC_Role2.@[user.name].r.animals +role list role com.test.TC_Role2.@[user.name].r.dogs +role list role com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.40.10.POS Add testunused to animals +expect 201 +as testid@aaf.att.com +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals + +# TC_Role2.40.11.POS List by Name when part of role +as testunused@aaf.att.com +expect 200 +role list role com.test.TC_Role2.@[user.name].r.animals + +# TC_Role2.40.12.NEG List by Name when not part of Role +expect 403 +role list role com.test.TC_Role2.@[user.name].r.dogs +role list role com.test.TC_Role2.@[user.name].r.pigs + + +# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace +as testid@aaf.att.com +expect 200 +role list role com.test.TC_Role2.@[user.name].r.animals +role list role com.test.TC_Role2.@[user.name].r.dogs +role list role com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.40.50.POS Change testunused to Pigs +as testid@aaf.att.com +expect 200 +user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals +expect 201 +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions +as testunused@aaf.att.com +expect 403 +role list role com.test.TC_Role2.@[user.name].r.animals +role list role com.test.TC_Role2.@[user.name].r.dogs +expect 200 +role list role com.test.TC_Role2.@[user.name].r.pigs + diff --git a/authz-test/TestSuite/TC_Role2/41_viewByUser b/authz-test/TestSuite/TC_Role2/41_viewByUser new file mode 100644 index 00000000..684d9ba1 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/41_viewByUser @@ -0,0 +1,20 @@ +# TC_Role2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +expect 200 +role list user testunused@aaf.att.com + +# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +expect 200 +role list user testunused@aaf.att.com + +# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace +as XX@NS +expect 200 +role list user testunused@aaf.att.com + +# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) +as testunused@aaf.att.com +expect 200 +role list user XX@NS + diff --git a/authz-test/TestSuite/TC_Role2/42_viewByNS b/authz-test/TestSuite/TC_Role2/42_viewByNS new file mode 100644 index 00000000..8f184943 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/42_viewByNS @@ -0,0 +1,10 @@ +# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS +as testid@aaf.att.com +expect 200 +role list ns com.test.TC_Role2.@[user.name] + +# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS +as testunused@aaf.att.com +expect 403 +role list ns com.test.TC_Role2.@[user.name] + diff --git a/authz-test/TestSuite/TC_Role2/43_viewByPerm b/authz-test/TestSuite/TC_Role2/43_viewByPerm new file mode 100644 index 00000000..53a1e3d4 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/43_viewByPerm @@ -0,0 +1,15 @@ +# TC_Role2.43.10.POS List Roles when allowed to see Perm +as testid@aaf.att.com +expect 200 +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +role list perm com.test.TC_Role2.@[user.name].r.A grain * +role list perm com.test.TC_Role2.@[user.name].r.A * * + +# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm +as testunused@aaf.att.com +expect 403 +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +role list perm com.test.TC_Role2.@[user.name].r.A grain * +role list perm com.test.TC_Role2.@[user.name].r.A * * + + diff --git a/authz-test/TestSuite/TC_Role2/99_cleanup b/authz-test/TestSuite/TC_Role2/99_cleanup new file mode 100644 index 00000000..df344b2d --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/99_cleanup @@ -0,0 +1,22 @@ +as XX@NS +expect 200,404 + +# TC_Role2.99.1.POS Delete Roles +force role delete com.test.TC_Role2.@[user.name].r.animals +force role delete com.test.TC_Role2.@[user.name].r.dogs +force role delete com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.99.2.POS Delete Perms +force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat +force perm delete com.test.TC_Role2.@[user.name].r.A grain eat +force perm delete com.test.TC_Role2.@[user.name].r.A grain * +force perm delete com.test.TC_Role2.@[user.name].r.A * * +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view + + +# TC_Role2.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Role2.@[user.name] + +# TC_Role2.99.3.POS Print Namespaces +ns list name com.test.TC_Role2.@[user.name] diff --git a/authz-test/TestSuite/TC_Role2/Description b/authz-test/TestSuite/TC_Role2/Description new file mode 100644 index 00000000..ea741a81 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/Description @@ -0,0 +1,9 @@ +This Testcase Tests the viewability of different role commands + +APIs: + + + +CLI: + + diff --git a/authz-test/TestSuite/TC_UR1/00_ids b/authz-test/TestSuite/TC_UR1/00_ids new file mode 100644 index 00000000..7fb0e054 --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set XX@NS=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_UR1/10_init b/authz-test/TestSuite/TC_UR1/10_init new file mode 100644 index 00000000..3709b5be --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/10_init @@ -0,0 +1,31 @@ +as testid@aaf.att.com +# TC_UR1.10.0.POS Validate no NS +expect 200 +ns list name com.test.TC_UR1.@[user.name] + +# TC_UR1.10.1.POS Create Namespace to add IDs +expect 201 +ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Role1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_UR1.@[user.name].cred_admin + +as XX@NS +# TC_Role1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_Role1.10.12.POS Assign user for creating creds +expect 201 +user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin + +# TC_UR1.10.20.POS Create two Credentials +user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd" +user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd" + +# TC_UR1.10.21.POS Create two Roles +role create com.test.TC_UR1.@[user.name].r1 +role create com.test.TC_UR1.@[user.name].r2 + diff --git a/authz-test/TestSuite/TC_UR1/23_commands b/authz-test/TestSuite/TC_UR1/23_commands new file mode 100644 index 00000000..b5345714 --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/23_commands @@ -0,0 +1,10 @@ +# TC_UR1.23.1.NEG Too Few Args for User Role 1 +expect 0 +user + +# TC_UR1.23.2.NEG Too Few Args for user role +expect Exception +user role + +# TC_UR1.23.3.NEG Too Few Args for user role add +user role add diff --git a/authz-test/TestSuite/TC_UR1/30_userrole b/authz-test/TestSuite/TC_UR1/30_userrole new file mode 100644 index 00000000..f4c514e5 --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/30_userrole @@ -0,0 +1,53 @@ +# TC_UR1.30.10.POS Create a UserRole +expect 201 +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 + +# TC_UR1.30.11.NEG Created UserRole Exists +expect 409 +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 + +# TC_UR1.30.13.POS Delete UserRole +sleep @[NFR] +expect 200 +user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 + + +# TC_UR1.30.20.POS Create multiple UserRoles +expect 201 +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 + +# TC_UR1.30.21.NEG Created UserRole Exists +expect 409 +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 + +# TC_UR1.30.23.POS Delete UserRole +sleep @[NFR] +expect 200 +user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 + +# TC_UR1.30.30.POS Create a Role User +expect 201 +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com + +# TC_UR1.30.31.NEG Created Role User Exists +expect 409 +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com + +# TC_UR1.30.33.POS Delete Role User +sleep @[NFR] +expect 200 +role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com + +# TC_UR1.30.40.POS Create multiple Role Users +expect 201 +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com + +# TC_UR1.30.41.NEG Created Role User Exists +expect 409 +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com + +# TC_UR1.30.43.POS Delete Role Users +sleep @[NFR] +expect 200 +role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com + diff --git a/authz-test/TestSuite/TC_UR1/40_reset b/authz-test/TestSuite/TC_UR1/40_reset new file mode 100644 index 00000000..66f8c172 --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/40_reset @@ -0,0 +1,40 @@ +# TC_UR1.40.10.POS Create multiple UserRoles
+expect 200
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+
+# TC_UR1.40.11.POS Reset userrole for a user
+expect 200
+user role setTo m00001@@[user.name].TC_UR1.test.com
+
+# TC_UR1.40.12.NEG Create userrole where Role doesn't exist
+expect 404
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5
+
+# TC_UR1.40.13.NEG Create userrole where User doesn't exist
+expect 403
+user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+as testunused@aaf.att.com
+# TC_UR1.40.19.NEG User without permission tries to add userrole
+expect 403
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+
+# TC_UR1.40.20.NEG User without permission tries to add userrole
+expect 403
+role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+
+as testid@aaf.att.com
+# TC_UR1.40.22.POS Reset userrole for a user
+expect 200
+role user setTo com.test.TC_UR1.@[user.name].r1
+
+sleep @[NFR]
+# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist
+expect 404
+role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com
+
+sleep @[NFR]
+# TC_UR1.40.24.NEG Create UserRole where User doesn't exist
+expect 403
+role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com
+
diff --git a/authz-test/TestSuite/TC_UR1/90_wait b/authz-test/TestSuite/TC_UR1/90_wait new file mode 100644 index 00000000..91d890f0 --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/90_wait @@ -0,0 +1,2 @@ +# Need to let DB catch up on deletes +sleep @[NFR] diff --git a/authz-test/TestSuite/TC_UR1/99_cleanup b/authz-test/TestSuite/TC_UR1/99_cleanup new file mode 100644 index 00000000..c5e1caf5 --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/99_cleanup @@ -0,0 +1,32 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_UR1.99.1.POS Remove User from Role +role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com +role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com +role user setTo com.test.TC_UR1.@[user.name].r1 + +# TC_UR1.99.2.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin + +as testid@aaf.att.com +role delete com.test.TC_UR1.@[user.name].cred_admin + +# TC_UR1.99.3.POS Delete Creds +set force=true +user cred del m00001@@[user.name].TC_UR1.test.com +set force=true +user cred del m00002@@[user.name].TC_UR1.test.com + +# TC_UR1.99.4.POS Delete Roles +set force=true role delete com.test.TC_UR1.@[user.name].r1 +set force=true role delete com.test.TC_UR1.@[user.name].r2 + +# TC_UR1.99.5.POS Delete Namespace +set force=true ns delete com.test.TC_UR1.@[user.name] + +# TC_UR1.99.99.POS Verify Cleaned NS +ns list name com.test.TC_UR1.@[user.name] diff --git a/authz-test/TestSuite/TC_UR1/Description b/authz-test/TestSuite/TC_UR1/Description new file mode 100644 index 00000000..24180f49 --- /dev/null +++ b/authz-test/TestSuite/TC_UR1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of User Credentials + +APIs: + POST /auth/cred + PUT /auth/cred + DELETE /auth/cred + + +CLI: + Target + user cred add :user :password + user cred del :user + Ancillary + ns create + ns delete + diff --git a/authz-test/TestSuite/TC_User1/00_ids b/authz-test/TestSuite/TC_User1/00_ids new file mode 100644 index 00000000..b989aa3b --- /dev/null +++ b/authz-test/TestSuite/TC_User1/00_ids @@ -0,0 +1,12 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus@aaf.att.com=boguspass +set m99990@@[user.name].TC_User1.test.com=password123 +set m99995@@[user.name].TC_User1.test.com=password123 + +#delay 10 +set NFR=0 + + diff --git a/authz-test/TestSuite/TC_User1/10_init b/authz-test/TestSuite/TC_User1/10_init new file mode 100644 index 00000000..0cad5595 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/10_init @@ -0,0 +1,25 @@ + +as testid@aaf.att.com +# TC_User1.10.0.POS Check for Existing Data +expect 200 +ns list name com.test.TC_User1.@[user.name] + +# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_User1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com + +as XX@NS:<pass> +# TC_User1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_User1.01.99.POS Expect Namespace to be created +expect 200 +ns list name com.test.TC_User1.@[user.name] + diff --git a/authz-test/TestSuite/TC_User1/20_add_data b/authz-test/TestSuite/TC_User1/20_add_data new file mode 100644 index 00000000..9a9acec5 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/20_add_data @@ -0,0 +1,26 @@ +as testid@aaf.att.com +# TC_User1.20.1.POS Create roles +expect 201 +role create com.test.TC_User1.@[user.name].manager +role create com.test.TC_User1.@[user.name].worker + +# TC_User1.20.2.POS Create permissions +perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker +perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker +perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager +perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager + +# TC_User1.20.3.POS Create mechid +user cred add m99990@@[user.name].TC_User1.test.com password123 +user cred add m99995@@[user.name].TC_User1.test.com password123 + +as XX@NS +# TC_User1.20.10.POS Add users to roles +expect 201 +user role add @[user.name] com.test.TC_User1.@[user.name].manager +user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker + +# TC_User1.20.20.POS Add Delegate +as XX@NS +# TC_User1.20.20.POS Create delegates +force user delegate add @[user.name] @[user.name] diff --git a/authz-test/TestSuite/TC_User1/40_viewByRole b/authz-test/TestSuite/TC_User1/40_viewByRole new file mode 100644 index 00000000..824f01e2 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/40_viewByRole @@ -0,0 +1,23 @@ + +# TC_User1.40.1.NEG Non-admin, user not in role should not view +expect 403 +as testunused@aaf.att.com +user list role com.test.TC_User1.@[user.name].manager +user list role com.test.TC_User1.@[user.name].worker + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.40.2.NEG Non-admin, user in role should not view +expect 403 +user list role com.test.TC_User1.@[user.name].manager + +sleep @[NFR] +# TC_User1.40.3.POS Non-admin, user in role can view himself +expect 200 +user list role com.test.TC_User1.@[user.name].worker + +as testid@aaf.att.com +# TC_User1.40.10.POS admin should view +expect 200 +user list role com.test.TC_User1.@[user.name].manager +user list role com.test.TC_User1.@[user.name].worker + diff --git a/authz-test/TestSuite/TC_User1/41_viewByPerm b/authz-test/TestSuite/TC_User1/41_viewByPerm new file mode 100644 index 00000000..6813cb15 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/41_viewByPerm @@ -0,0 +1,29 @@ +as testunused@aaf.att.com +# TC_User1.41.1.NEG Non-admin, user not in perm should not view +expect 200 +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock +user list perm com.test.TC_User1.@[user.name].schedule worker create +user list perm com.test.TC_User1.@[user.name].worker * annoy + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.41.2.POS Non-admin, user in perm can view himself +expect 200 +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.41.3.NEG Non-admin, user in perm should not view +expect 200 +user list perm com.test.TC_User1.@[user.name].schedule worker create +user list perm com.test.TC_User1.@[user.name].worker * annoy + +as testid@aaf.att.com +# TC_User1.41.10.POS admin should view +expect 200 +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock +user list perm com.test.TC_User1.@[user.name].schedule worker create +user list perm com.test.TC_User1.@[user.name].worker * annoy + + diff --git a/authz-test/TestSuite/TC_User1/42_viewByDelegates b/authz-test/TestSuite/TC_User1/42_viewByDelegates new file mode 100644 index 00000000..7d16cb3c --- /dev/null +++ b/authz-test/TestSuite/TC_User1/42_viewByDelegates @@ -0,0 +1,12 @@ +as testunused@aaf.att.com +# TC_User1.42.1.NEG Unrelated user can't view delegates +expect 403 +user list delegates user m99990@@[user.name].TC_User1.test.com +user list delegates delegate m99995@@[user.name].TC_User1.test.com + +as XX@NS +# TC_User1.42.10.POS Admin of domain NS can view +expect 200 +user list delegates user @[user.name] +user list delegates delegate @[user.name] + diff --git a/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm new file mode 100644 index 00000000..8f4ffd05 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm @@ -0,0 +1,27 @@ + +as testid@aaf.att.com +# TC_User1.43.1.POS Add another user to worker role +expect 201 +user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker + + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.43.2.POS User should only see himself here +expect 200 +user list role com.test.TC_User1.@[user.name].worker +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock + + +as XX@NS +# TC_User1.43.10.POS Grant explicit user perm to user +expect 201 +perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.43.11.POS User should see all users of test domain now +expect 200 +user list role com.test.TC_User1.@[user.name].worker +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock + diff --git a/authz-test/TestSuite/TC_User1/99_cleanup b/authz-test/TestSuite/TC_User1/99_cleanup new file mode 100644 index 00000000..f6e9724e --- /dev/null +++ b/authz-test/TestSuite/TC_User1/99_cleanup @@ -0,0 +1,37 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_User1.99.0.POS Remove user roles +user role del @[user.name] com.test.TC_User1.@[user.name].manager +user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker + +# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms +force perm delete com.test.TC_User1.@[user.name].supplies * move +force perm delete com.test.TC_User1.@[user.name].supplies * stock +force perm delete com.test.TC_User1.@[user.name].schedule worker create +force perm delete com.test.TC_User1.@[user.name].worker * annoy +force role delete com.test.TC_User1.@[user.name].manager +force role delete com.test.TC_User1.@[user.name].worker + +# TC_User1.99.10.POS Creds and delegate +user delegate del @[user.name] +user cred del m99990@@[user.name].TC_User1.test.com +user cred del m99995@@[user.name].TC_User1.test.com + +as XX@NS +# TC_User1.99.15.POS Remove ability to create creds +perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin +perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view + +as testid@aaf.att.com:<pass> +force role delete com.test.TC_User1.@[user.name].cred_admin + +# TC_User1.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_User1.@[user.name] +sleep @[NFR] + +# TC_User1.99.99.POS Check Clean Namespace +ns list name com.test.TC_User1.@[user.name] + diff --git a/authz-test/TestSuite/TC_User1/Description b/authz-test/TestSuite/TC_User1/Description new file mode 100644 index 00000000..9f74081d --- /dev/null +++ b/authz-test/TestSuite/TC_User1/Description @@ -0,0 +1,6 @@ +This Testcase Tests the viewability of different user commands + +APIs: + +CLI: + diff --git a/authz-test/TestSuite/TC_Wild/00_ids b/authz-test/TestSuite/TC_Wild/00_ids new file mode 100644 index 00000000..7fb0e054 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set XX@NS=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Wild/10_init b/authz-test/TestSuite/TC_Wild/10_init new file mode 100644 index 00000000..c411f930 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/10_init @@ -0,0 +1,18 @@ +as XX@NS +# TC_Wild.10.0.POS Validate NS ok +expect 200 +ns list name com.att.test.TC_Wild.@[user.name] + +# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Wild.10.10.POS Create a clean MechID +expect 201 +user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8 +set m99999@@[user.name].TC_Wild.att.com=aNewPass8 + +as XX@NS +# TC_Wild.10.11.POS Create role and assign MechID to +expect 201 +role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com diff --git a/authz-test/TestSuite/TC_Wild/20_perm b/authz-test/TestSuite/TC_Wild/20_perm new file mode 100644 index 00000000..2110cbe5 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/20_perm @@ -0,0 +1,33 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.20.1.NEG Fail to create a perm in NS +expect 403 +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction + + +# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service + +# TC_Wild.20.5.POS Print Perms +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + + +# TC_Wild.20.7.POS Now able to create a perm in NS +as m99999@@[user.name].TC_Wild.att.com +expect 201 +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction + + +# TC_Wild.20.8.POS Print Perms +as XX@NS +expect 200 +perm list ns com.att.TC_Wild.@[user.name] + +# TC_Wild.20.10.POS Delete Perms Created +expect 200 +force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write +force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction + diff --git a/authz-test/TestSuite/TC_Wild/21_perm b/authz-test/TestSuite/TC_Wild/21_perm new file mode 100644 index 00000000..772eea9d --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/21_perm @@ -0,0 +1,33 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.21.1.NEG Fail to create a perm in NS +expect 403 +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction + + +# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service + +# TC_Wild.21.5.POS Print Perms +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + + +# TC_Wild.21.7.POS Now able to create a perm in NS +as m99999@@[user.name].TC_Wild.att.com +expect 201 +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction + + +# TC_Wild.21.8.POS Print Perms +as XX@NS +expect 200 +perm list ns com.att.TC_Wild.@[user.name] + +# TC_Wild.21.10.POS Delete Perms Created +expect 200 +force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write +force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction + diff --git a/authz-test/TestSuite/TC_Wild/30_role b/authz-test/TestSuite/TC_Wild/30_role new file mode 100644 index 00000000..6d680c7e --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/30_role @@ -0,0 +1,33 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.30.1.NEG Fail to create a role in NS +expect 403 +role create com.att.TC_Wild.@[user.name].tool.myRole + + +# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service + +# TC_Wild.30.5.POS Print Perms +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + + +# TC_Wild.30.7.POS Now able to create a role in NS +as m99999@@[user.name].TC_Wild.att.com +expect 201 +role create com.att.TC_Wild.@[user.name].tool.myRole + + +# TC_Wild.30.8.POS Print Perms +as XX@NS +expect 200 +role list ns com.att.TC_Wild.@[user.name] + +# TC_Wild.30.10.POS Delete Perms Created +expect 200 +force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write +force role delete com.att.TC_Wild.@[user.name].tool.myRole + diff --git a/authz-test/TestSuite/TC_Wild/31_role b/authz-test/TestSuite/TC_Wild/31_role new file mode 100644 index 00000000..e29f308c --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/31_role @@ -0,0 +1,33 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.31.1.NEG Fail to create a role in NS +expect 403 +role create com.att.TC_Wild.@[user.name].tool.myRole + + +# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service + +# TC_Wild.31.5.POS Print Perms +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + + +# TC_Wild.31.7.POS Now able to create a role in NS +as m99999@@[user.name].TC_Wild.att.com +expect 201 +role create com.att.TC_Wild.@[user.name].tool.myRole + + +# TC_Wild.31.8.POS Print Perms +as XX@NS +expect 200 +role list ns com.att.TC_Wild.@[user.name] + +# TC_Wild.31.10.POS Delete Perms Created +expect 200 +force perm delete com.att.TC_Wild.@[user.name].access :role:* write +force role delete com.att.TC_Wild.@[user.name].tool.myRole + diff --git a/authz-test/TestSuite/TC_Wild/32_role b/authz-test/TestSuite/TC_Wild/32_role new file mode 100644 index 00000000..ccbe866a --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/32_role @@ -0,0 +1,30 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.32.1.NEG Fail to create a role in NS +expect 403 +role create com.att.TC_Wild.@[user.name].tool.myRole + +# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service + +# TC_Wild.32.5.POS Print Perms +as m99999@@[user.name].TC_Wild.att.com +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.32.7.POS Now able to create a role in NS +expect 201 +role create com.att.TC_Wild.@[user.name].tool.myRole + +# TC_Wild.32.8.POS May Print Role +expect 200 +role list role com.att.TC_Wild.@[user.name].tool.myRole + +as XX@NS +# TC_Wild.32.10.POS Delete Perms Created +expect 200 +force perm delete com.att.TC_Wild.@[user.name].access :role:* * +force role delete com.att.TC_Wild.@[user.name].tool.myRole + diff --git a/authz-test/TestSuite/TC_Wild/50_global_perm b/authz-test/TestSuite/TC_Wild/50_global_perm new file mode 100644 index 00000000..df5f5426 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/50_global_perm @@ -0,0 +1,33 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.50.1.NEG Fail to create a perm in NS +expect 403 +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction + + +# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service + +# TC_Wild.50.5.POS Print Perms +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + + +# TC_Wild.50.7.POS Now able to create a perm in NS +as m99999@@[user.name].TC_Wild.att.com +expect 201 +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction + + +# TC_Wild.50.8.POS Print Perms +as XX@NS +expect 200 +perm list ns com.att.TC_Wild.@[user.name] + +# TC_Wild.50.10.POS Delete Perms Created +expect 200 +force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write +force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction + diff --git a/authz-test/TestSuite/TC_Wild/51_global_role b/authz-test/TestSuite/TC_Wild/51_global_role new file mode 100644 index 00000000..1e86e916 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/51_global_role @@ -0,0 +1,33 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.51.1.NEG Fail to create a role in NS +expect 403 +role create com.att.TC_Wild.@[user.name].tool.myRole + + +# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service + +# TC_Wild.51.5.POS Print Perms +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + + +# TC_Wild.51.7.POS Now able to create a role in NS +as m99999@@[user.name].TC_Wild.att.com +expect 201 +role create com.att.TC_Wild.@[user.name].tool.myRole + + +# TC_Wild.51.8.POS Print Perms +as XX@NS +expect 200 +role list ns com.att.TC_Wild.@[user.name] + +# TC_Wild.51.10.POS Delete Perms Created +expect 200 +force perm delete com.att.aaf.ns :com.att.*:role:tool.* write +force role delete com.att.TC_Wild.@[user.name].tool.myRole + diff --git a/authz-test/TestSuite/TC_Wild/52_global_ns b/authz-test/TestSuite/TC_Wild/52_global_ns new file mode 100644 index 00000000..b1e45ad3 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/52_global_ns @@ -0,0 +1,33 @@ +as m99999@@[user.name].TC_Wild.att.com + +# TC_Wild.52.1.NEG Fail to create a NS +expect 403 +ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com + + +# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +expect 201 +perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service + +# TC_Wild.52.5.POS Print Perms +expect 200 +perm list user m99999@@[user.name].TC_Wild.att.com + + +# TC_Wild.52.7.POS Now able to create an NS +as m99999@@[user.name].TC_Wild.att.com +expect 201 +ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com + + +# TC_Wild.52.8.POS Print Perms +as XX@NS +expect 200 +ns list name com.test.TC_Wild.@[user.name] + +# TC_Wild.52.10.POS Delete Perms Created +expect 200 +force perm delete com.att.aaf.ns :com.test:ns write +force ns delete com.test.TC_Wild.@[user.name] + diff --git a/authz-test/TestSuite/TC_Wild/99_cleanup b/authz-test/TestSuite/TC_Wild/99_cleanup new file mode 100644 index 00000000..d6abfd90 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/99_cleanup @@ -0,0 +1,25 @@ +as XX@NS +expect 200,404 + +# TC_Wild.99.80.POS Cleanup +force perm delete com.att.aaf.ns :com.att.*:perm:*:* write + +# TC_Wild.99.81.POS Cleanup +force perm delete com.att.aaf.ns :com.att.*:perm:*:* * + +# TC_Wild.99.82.POS Cleanup +force perm delete com.att.aaf.ns :com.att.*:role:* write + +# TC_Wild.99.83.POS Cleanup +force perm delete com.att.aaf.ns :com.test:ns write + +# TC_Wild.99.90.POS Cleanup +force ns delete com.test.TC_Wild.@[user.name] + +# TC_Wild.99.91.POS Cleanup +force ns delete com.att.TC_Wild.@[user.name] + +# TC_Wild.99.99.POS List to prove clean Namespaces +ns list name com.att.TC_Wild.@[user.name] +ns list name com.test.TC_Wild.@[user.name] + diff --git a/authz-test/TestSuite/TC_Wild/Description b/authz-test/TestSuite/TC_Wild/Description new file mode 100644 index 00000000..012a12b1 --- /dev/null +++ b/authz-test/TestSuite/TC_Wild/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of the Namespace, and the NS Commands + +APIs: + + + +CLI: + Target + role create :role + role delete + ns delete :ns + ns list :ns + Ancillary + role create :role + role list name :role.* + diff --git a/authz-test/TestSuite/TEMPLATE_TC/00_ids b/authz-test/TestSuite/TEMPLATE_TC/00_ids new file mode 100644 index 00000000..ad09d774 --- /dev/null +++ b/authz-test/TestSuite/TEMPLATE_TC/00_ids @@ -0,0 +1,10 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set testid_1@test.com=<pass> +set testid_2@test.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TEMPLATE_TC/10_init b/authz-test/TestSuite/TEMPLATE_TC/10_init new file mode 100644 index 00000000..ebdaaae5 --- /dev/null +++ b/authz-test/TestSuite/TEMPLATE_TC/10_init @@ -0,0 +1,24 @@ +as XX@NS +# TEMPLATE_TC.10.0.POS Print NS to prove ok +expect 200 +ns list name com.test.TEMPLATE_TC.@[user.name] + +# TEMPLATE_TC.10.1.POS Create Namespace with User ID +expect 201 +ns create com.test.TEMPLATE_TC.@[user.name]_1 @[user.name] testid_1@test.com + +# TEMPLATE_TC.10.4.POS Print NS to prove ok +expect 200 +ns list name com.test.TEMPLATE_TC.@[user.name]_2 + +# TEMPLATE_TC.10.5.POS Create Namespace with Different ID +expect 201 +ns create com.test.TEMPLATE_TC.@[user.name]_2 @[user.name] testid_2@test.com + +# TEMPLATE_TC.10.8.POS Print NS to prove ok +expect 200 +ns list name com.att.TEMPLATE_TC.@[user.name] + +# TEMPLATE_TC.10.9.POS Create Namespace in Different Company +expect 201 +ns create com.att.TEMPLATE_TC.@[user.name] @[user.name] testunused@aaf.att.com diff --git a/authz-test/TestSuite/TEMPLATE_TC/99_cleanup b/authz-test/TestSuite/TEMPLATE_TC/99_cleanup new file mode 100644 index 00000000..a2080461 --- /dev/null +++ b/authz-test/TestSuite/TEMPLATE_TC/99_cleanup @@ -0,0 +1,22 @@ +expect 200,404 +as testid_1@test.com +# TEMPLATE_TC.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TEMPLATE_TC.@[user.name]_1 + +# TEMPLATE_TC.99.3.POS Print Namespaces +ns list name com.test.TEMPLATE_TC.@[user.name]_1 + +as testid_2@test.com +# TEMPLATE_TC.99.4.POS Namespace Admin can delete Namespace +force ns delete com.test.TEMPLATE_TC.@[user.name]_2 + +# TEMPLATE_TC.99.5.POS Print Namespaces +ns list name com.test.TEMPLATE_TC.@[user.name]_2 + + +as testunused@aaf.att.com +# TEMPLATE_TC.99.6.POS Remove Namespace from other company +force ns delete com.att.TEMPLATE_TC.@[user.name] + +# TEMPLATE_TC.99.7.POS Print Namespace from other company +ns list name com.att.TEMPLATE_TC.@[user.name] diff --git a/authz-test/TestSuite/TEMPLATE_TC/Description b/authz-test/TestSuite/TEMPLATE_TC/Description new file mode 100644 index 00000000..2283774d --- /dev/null +++ b/authz-test/TestSuite/TEMPLATE_TC/Description @@ -0,0 +1,10 @@ +This is a TEMPLATE testcase, to make creating new Test Cases easier. + +APIs: + + +CLI: +ns create +ns delete +as + diff --git a/authz-test/TestSuite/cmds b/authz-test/TestSuite/cmds new file mode 100644 index 00000000..4d3c6ab4 --- /dev/null +++ b/authz-test/TestSuite/cmds @@ -0,0 +1,21 @@ +# /bin/bash +. ~/.bashrc +function failed { + echo "FAILED TEST! " $* + exit 1 +} + +if [ "$1" == "" ] ; then + DIRS=`find . -name "TC_*" -maxdepth 1`" "`find . -name "MTC_*" -maxdepth 1` +else + DIRS="$1" +fi + + for DIR in $DIRS; do + for FILE in $DIR/[0-9]*; do + echo "*** "$FILE" ***" + cat $FILE + echo + done + done +exit 0 diff --git a/authz-test/TestSuite/copy b/authz-test/TestSuite/copy new file mode 100644 index 00000000..27d57cb6 --- /dev/null +++ b/authz-test/TestSuite/copy @@ -0,0 +1,17 @@ +# /bin/bash +if [ "$2" != "" ] ; then + if [ -e $2 ]; then + echo "$2 exists, copy aborted" + exit 1 + fi + mkdir -p $2 + for FILE in $1/*; do + FILE2=`echo $FILE | sed -e "s/$1/$2/"` + echo $FILE2 + sed -e "s/$1/$2/g" $FILE > $FILE2 + done +else + echo 'Usage: copy <Source TestCase> <Target TestCase>' +fi + +exit 0 diff --git a/authz-test/TestSuite/csv b/authz-test/TestSuite/csv new file mode 100644 index 00000000..a6a0b305 --- /dev/null +++ b/authz-test/TestSuite/csv @@ -0,0 +1,13 @@ +# /bin/bash +if [ "$1" == "" ]; then + DIRS=`ls -d TC*` +else + DIRS=$1 +fi + +echo '"Test Case","Description"' +for DIR in $DIRS; do + grep -h "^# $DIR" $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ /,"/' -e 's/$/"/' +done +cd .. +exit 0 diff --git a/authz-test/TestSuite/expected/MTC_Appr1.expected b/authz-test/TestSuite/expected/MTC_Appr1.expected new file mode 100644 index 00000000..269f7317 --- /dev/null +++ b/authz-test/TestSuite/expected/MTC_Appr1.expected @@ -0,0 +1,144 @@ +set testid@aaf.att.com <pass> +set XX@NS <pass> +set testunused@aaf.att.com <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Appr1.10.0.POS List NS to prove ok +ns list name com.test.appr +** Expect 200 ** + +List Namespaces by Name[com.test.appr] +-------------------------------------------------------------------------------- + +ns list name com.test.appr.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.appr.@[THE_USER]] +-------------------------------------------------------------------------------- + +# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals +ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Appr1.10.2.POS Create General Namespace to add Approvals +ns create com.test.appr @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Appr1.10.10.POS Create Roles in Namespace +role create com.test.appr.@[user.name].addToUserRole +** Expect 201 ** +Created Role + +role create com.test.appr.@[user.name].grantToPerm +** Expect 201 ** +Created Role + +role create com.test.appr.@[user.name].ungrantFromPerm +** Expect 201 ** +Created Role + +role create com.test.appr.@[user.name].grantFirstPerm +** Expect 201 ** +Created Role + +role create com.test.appr.@[user.name].grantSecondPerm +** Expect 201 ** +Created Role + +# TC_Appr1.10.12.POS Create Permissions in Namespace +perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm +** Expect 201 ** +Created Permission +Granted Permission [com.test.appr.@[THE_USER].ungrantFromRole|myInstance|myAction] to Role [com.test.appr.@[THE_USER].ungrantFromPerm] + +perm create com.test.appr.@[user.name].grantToRole myInstance myAction +** Expect 201 ** +Created Permission + +force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole +** Expect 201 ** +Created Permission +Granted Permission [com.test.appr.@[THE_USER].deleteThisPerm|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantedRole] (Created) + +perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction +** Expect 201 ** +Created Permission + +perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm +** Expect 201 ** +Created Permission +Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantFirstPerm] +Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantSecondPerm] + +as testunused@aaf.att.com +# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request +user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole +** Expect 403 ** +Failed [SVC2403]: Approvals required, but not requested by Client + +# TC_Appr1.15.02.NEG Create Approval for NS create +ns create com.test.appr.@[user.name].myProject @[user.name] +** Expect 403 ** +Failed [SVC2403]: Approvals required, but not requested by Client + +# TC_Appr1.15.03.NEG Generate Approval for granting permission to role +perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm +** Expect 403 ** +Failed [SVC2403]: Approvals required, but not requested by Client + +# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role +perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm +** Expect 403 ** +Failed [SVC2403]: Approvals required, but not requested by Client + +# TC_Appr1.15.05.NEG Generate Approval for granting permission to role +perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm +** Expect 403 ** +Failed [SVC2403]: Approvals required, but not requested by Client +Failed [SVC2403]: Approvals required, but not requested by Client + +# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role +perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm +** Expect 403 ** +Failed [SVC2403]: Approvals required, but not requested by Client +Failed [SVC2403]: Approvals required, but not requested by Client + +# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request +set request true +set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole +** Expect 202 ** +UserRole Creation Accepted, but requires Approvals before actualizing + +# TC_Appr1.15.52.POS Create Approval for NS create +set request true +set request=true ns create com.test.appr.@[user.name].myProject @[user.name] +** Expect 202 ** +Namespace Creation Accepted, but requires Approvals before actualizing + +# TC_Appr1.15.53.POS Generate Approval for granting permission to role +set request true +set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role +request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm +** Expect 202 ** +Permission Role Ungranted Accepted, but requires Approvals before actualizing + +# TC_Appr1.15.55.POS Generate Approval for granting permission to role +request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role +request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm +** Expect 202 ** +Permission Role Ungranted Accepted, but requires Approvals before actualizing +Permission Role Ungranted Accepted, but requires Approvals before actualizing + diff --git a/authz-test/TestSuite/expected/MTC_Appr2.expected b/authz-test/TestSuite/expected/MTC_Appr2.expected new file mode 100644 index 00000000..7191a044 --- /dev/null +++ b/authz-test/TestSuite/expected/MTC_Appr2.expected @@ -0,0 +1,24 @@ +# TC_Appr2.99.1.POS Delete User Role, if exists +user role del testunused@aaf.att.com com.test.appr.@[user.name].myRole +** Expect 200,404 ** +Failed [SVC1404]: Cannot delete non-existent User Role + +# TC_Appr2.99.79.POS Delete Role +role delete com.test.appr.@[user.name].myRole +** Expect 200,404 ** +Deleted Role + +# TC_Appr2.99.80.POS Delete Namespaces for TestSuite +ns delete com.test.appr +** Expect 200,404 ** +Deleted Namespace + +ns delete com.test.appr.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_Appr2.99.81.POS Delete Credential used to generate approvals +as XX@NS:<pass> user cred del testbatch@aaf.att.com +** Expect 200,404 ** +Deleted Credential [testbatch@aaf.att.com] + diff --git a/authz-test/TestSuite/expected/TC_Cred1.expected b/authz-test/TestSuite/expected/TC_Cred1.expected new file mode 100644 index 00000000..8d310d91 --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Cred1.expected @@ -0,0 +1,269 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus boguspass +set XX@NS <pass> +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Cred1.10.0.POS List NS to prove ok +ns list name com.test.TC_Cred1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials +ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Cred1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com +** Expect 201 ** +Created Role +Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +role create com.test.TC_Cred1.@[user.name].pw_reset +** Expect 201 ** +Created Role + +# TC_Cred1.10.11.POS Assign roles to perms +as XX@NS +perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset] + +perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_Cred1.10.30.POS Assign user for creating creds +user cred add m99999@@[user.name].TC_Cred1.test.com password123 +** Expect 201 ** +Added Credential [m99999@@[THE_USER].TC_Cred1.test.com] + +set m99999@@[THE_USER].TC_Cred1.test.com password123 +# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions +user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com] +Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.10.32.POS Remove create rights for testing +user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200 ** +Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] + +# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID +as testunused@aaf.att.com +user cred add m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 403 ** +Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T + +# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID +as m99999@@[THE_USER].TC_Cred1.test.com +user cred add m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID +as testunused@aaf.att.com +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 403 ** +Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER] + +# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID +as m99999@@[THE_USER].TC_Cred1.test.com +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.12.POS Admin, without reset permission can reset Password +as testid@aaf.att.com +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.20.POS Admin, delete +user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.1.NEG Multiple options available to delete +as XX@NS +user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +as testid@aaf.att.com +user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.2.POS Succeeds when we choose last option +user cred del m99990@@[user.name].TC_Cred1.test.com 2 +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.10.POS Add another credential +user cred add m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.11.NEG Multiple options available to reset +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 300 ** +Failed [SVC1300]: Choice - Select which cred to update: + Id Type Expires + 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] + 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] +Run same command again with chosen entry as last parameter + +# TC_Cred1.30.12.NEG Fails when we choose a bad option +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - User chose invalid credential selection + +# TC_Cred1.30.13.POS Succeeds when we choose last option +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +#TC_Cred1.30.30.NEG Fails when we don't have specific property +user cred extend m99990@@[user.name].TC_Cred1.test.com +** Expect 403 ** +Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T + +#### EXTENDS behavior #### +#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission +as XX@NS +role create com.test.TC_Cred1.@[user.name].extendTemp +** Expect 201 ** +Created Role + +#TC_Cred1.30.33.POS Grant Extends Permission to Role +perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp +** Expect 201 ** +Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] + +#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission +role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS +** Expect 201 ** +Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] + +#TC_Cred1.30.36.POS Extend Password, expecting Single Response +user cred extend m99990@@[user.name].TC_Cred1.test.com 1 +** Expect 200 ** +Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +#TC_Cred1.30.39.POS Remove Role +set force true +role delete com.test.TC_Cred1.@[user.name].extendTemp +** Expect 200 ** +Deleted Role + +#### MULTI CLEANUP ##### +role list user m99990@@[user.name].TC_Cred1.test.com +** Expect 200 ** + +List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- + +# TC_Cred1.30.80.POS Delete all entries for this cred +set force true +user cred del m99990@@[user.name].TC_Cred1.test.com +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.99.POS List ns shows no creds attached +ns list name com.test.TC_Cred1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Cred1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Cred1.@[THE_USER].admin + com.test.TC_Cred1.@[THE_USER].cred_admin + com.test.TC_Cred1.@[THE_USER].owner + com.test.TC_Cred1.@[THE_USER].pw_reset + Permissions + com.test.TC_Cred1.@[THE_USER].access * * + com.test.TC_Cred1.@[THE_USER].access * read + Credentials + m99999@@[THE_USER].TC_Cred1.test.com + +as testid@aaf.att.com +# TC_Cred1.99.1.POS Delete credentials +force user cred del m99990@@[user.name].TC_Cred1.test.com +** Expect 200,404 ** +Failed [SVC5404]: Not Found - Credential does not exist + +#TC_Cred1.99.2.POS Ensure Remove Role +set force true +role delete com.test.TC_Cred1.@[user.name].extendTemp +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist + +# TC_Cred1.99.10.POS Remove ability to create creds +force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200,404 ** +Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +force perm delete com.att.aaf.password com.test reset +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.mechid com.test create +** Expect 200,404 ** +Deleted Permission + +as testid@aaf.att.com +force role delete com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Cred1.@[user.name].pw_reset +** Expect 200,404 ** +Deleted Role + +# TC_Cred1.99.99.POS Delete Namespace for TestSuite +set force true +set force=true ns delete com.test.TC_Cred1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +as XX@NS +force ns delete com.test.TC_Cred1.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist + +force ns delete com.test.TC_Cred1 +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist + diff --git a/authz-test/TestSuite/expected/TC_DELG1.expected b/authz-test/TestSuite/expected/TC_DELG1.expected new file mode 100644 index 00000000..962caf6a --- /dev/null +++ b/authz-test/TestSuite/expected/TC_DELG1.expected @@ -0,0 +1,223 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set XX@NS <pass> +set m99999@@[THE_USER].delg.test.com password123 +set bogus@aaf.att.com boguspass +#delay 10 +set NFR 0 +# TC_DELG1.10.1.POS Check For Existing Data +as testid@aaf.att.com +ns list name com.test.delg.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.delg.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +as XX@NS +perm create com.att.aaf.delg com.att * com.att.admin +** Expect 201,409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.att.aaf.delg|com.att|*] already exists. + +user list delegates delegate @[user.name]@csp.att.com +** Expect 404 ** +Failed [SVC7404]: Not Found - Delegate [@[THE_USER]@csp.att.com] is not delegating for anyone. + +as testid@aaf.att.com +# TC_DELG1.10.2.POS Create Namespace to add IDs +ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +as XX@NS +# TC_DELG1.10.10.POS Grant ability to change delegates +force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg +** Expect 404 ** +Failed [SVC3404]: Not Found - Role [com.test.delg.@[THE_USER].change_delg] does not exist + +# TC_DELG1.10.11.POS Grant ability to change delegates +role create com.test.delg.@[user.name].change_delg +** Expect 201 ** +Created Role + +# TC_DELG1.10.12.POS Grant ability to change delegates +force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg] + +# TC_DELG1.10.14.POS Create user role to change delegates +user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg +** Expect 201 ** +Added Role [com.test.delg.@[THE_USER].change_delg] to User [testid@aaf.att.com] + +# TC_DELG1.10.15.POS Grant ability to create cred +perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg +** Expect 201 ** +Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg] + +as testid@aaf.att.com +# TC_DELG1.10.30.POS Create cred that will change his own delg +user cred add m99999@@[user.name].delg.test.com password123 +** Expect 201 ** +Added Credential [m99999@@[THE_USER].delg.test.com] + +as XX@NS +Unknown Instruction "TC_DELG1.10.31.POS" +perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg +** Expect 200 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.delg.@[THE_USER].change_delg] + +as testid@aaf.att.com +# TC_DELG1.10.99.POS Check for Data as Correct +ns list name com.test.delg.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.delg.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.delg.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.delg.@[THE_USER].admin + com.test.delg.@[THE_USER].change_delg + com.test.delg.@[THE_USER].owner + Permissions + com.test.delg.@[THE_USER].access * * + com.test.delg.@[THE_USER].access * read + Credentials + m99999@@[THE_USER].delg.test.com + +# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID +user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' +** Expect 404 ** +Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database. + +# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate +user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00' +** Expect 404 ** +Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database. + +# TC_DELG1.20.20.NEG May not change user, no delegate permission +as m99999@@[THE_USER].delg.test.com +force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].delg.test.com] may not create a delegate for [@[THE_USER]@csp.att.com] + +as testid@aaf.att.com +# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist +user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' +** Expect 404 ** +Failed [SVC1404]: Not Found - [@[THE_USER]@csp.att.com] does not have a Delegate Record to [write]. + +# TC_DELG1.20.22.NEG May not create delegate for self. +user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - [@[THE_USER]@csp.att.com] cannot be a delegate for self + +# TC_DELG1.20.23.POS May create delegate for self for tests by forcing. +force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' +** Expect 201 ** +Delegate Added + +as XX@NS +# TC_DELG1.20.30.POS Expect Delegates for User +user list delegates user @[user.name]@csp.att.com +** Expect 200 ** + +List Delegates by user[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +as testid@aaf.att.com +# TC_DELG1.20.35.NEG Fail Create when exists +user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - [@[THE_USER]@csp.att.com] already delegates to [@[THE_USER]@csp.att.com] + +as XX@NS +# TC_DELG1.20.40.POS Expect Delegates for User +user list delegates user @[user.name]@csp.att.com +** Expect 200 ** + +List Delegates by user[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +as testid@aaf.att.com +# TC_DELG1.20.46.POS Update Delegate with new Date +user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00' +** Expect 200 ** +Delegate Updated + +as XX@NS +# TC_DELG1.20.82.POS Expect Delegates for User +user list delegates user @[user.name]@csp.att.com +** Expect 200 ** + +List Delegates by user[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +# TC_DELG1.20.83.POS Expect Delegate to show up in list +user list delegates delegate @[user.name]@csp.att.com +** Expect 200 ** + +List Delegates by delegate[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +as XX@NS +# TC_DELG1.99.0.POS Check for Data as Correct +ns list name com.test.delg.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.delg.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.delg.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.delg.@[THE_USER].admin + com.test.delg.@[THE_USER].change_delg + com.test.delg.@[THE_USER].owner + Permissions + com.test.delg.@[THE_USER].access * * + com.test.delg.@[THE_USER].access * read + Credentials + m99999@@[THE_USER].delg.test.com + +# TC_DELG1.99.10.POS Delete Delegates +user delegate del @[user.name]@csp.att.com +** Expect 200,404 ** +Delegate Deleted + +# TC_DELG1.99.30.POS Delete Namespace com.att.test.id +force ns delete com.test.delg.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_DELG1.99.98.POS Check for Delegate Data as Correct +user list delegates user @[user.name]@csp.att.com +** Expect 200,404 ** +Failed [SVC7404]: Not Found - No Delegate found for [@[THE_USER]@csp.att.com] + +# TC_DELG1.99.99.POS Check for NS Data as Correct +ns list name com.test.delg.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.delg.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Link.expected b/authz-test/TestSuite/expected/TC_Link.expected new file mode 100644 index 00000000..3c58002e --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Link.expected @@ -0,0 +1,253 @@ +set testid <pass> +set testid@aaf.att.com <pass> +set XX@NS <pass> +set testunused <pass> +set bogus boguspass +#delay 10 +set NFR 0 +# TC_05 +ns list name com.test.TC_Link_1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Link_2.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +perm list role com.test.TC_Link_1.@[user.name].myRole +** Expect 200,404 ** + +List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- + + +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction +** Expect 200,404 ** + +List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- + +# TC_10 +as XX@NS +ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS +** Expect 201 ** +Created Namespace + +ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS +** Expect 201 ** +Created Namespace + +role create com.test.TC_Link_1.@[user.name].myRole +** Expect 201 ** +Created Role + +perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction +** Expect 201 ** +Created Permission + +perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole +** Expect 201 ** +Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole] + +# 15_print +ns list name com.test.TC_Link_1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Link_1.@[THE_USER] + Administrators + XX@NS + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Link_1.@[THE_USER].admin + com.test.TC_Link_1.@[THE_USER].myRole + com.test.TC_Link_1.@[THE_USER].owner + Permissions + com.test.TC_Link_1.@[THE_USER].access * * + com.test.TC_Link_1.@[THE_USER].access * read + +ns list name com.test.TC_Link_2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Link_2.@[THE_USER] + Administrators + XX@NS + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Link_2.@[THE_USER].admin + com.test.TC_Link_2.@[THE_USER].owner + Permissions + com.test.TC_Link_2.@[THE_USER].access * * + com.test.TC_Link_2.@[THE_USER].access * read + com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction + +perm list role com.test.TC_Link_1.@[user.name].myRole +** Expect 200 ** + +List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction + + +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction +** Expect 200 ** + +List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Link_1.@[THE_USER].myRole + com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction + +role delete com.test.TC_Link_1.@[user.name].myRole +** Expect 200 ** +Deleted Role + +# 15_print +ns list name com.test.TC_Link_1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Link_1.@[THE_USER] + Administrators + XX@NS + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Link_1.@[THE_USER].admin + com.test.TC_Link_1.@[THE_USER].owner + Permissions + com.test.TC_Link_1.@[THE_USER].access * * + com.test.TC_Link_1.@[THE_USER].access * read + +ns list name com.test.TC_Link_2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Link_2.@[THE_USER] + Administrators + XX@NS + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Link_2.@[THE_USER].admin + com.test.TC_Link_2.@[THE_USER].owner + Permissions + com.test.TC_Link_2.@[THE_USER].access * * + com.test.TC_Link_2.@[THE_USER].access * read + com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction + +perm list role com.test.TC_Link_1.@[user.name].myRole +** Expect 200 ** + +List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- + + +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction +** Expect 200 ** + +List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- + +role create com.test.TC_Link_1.@[user.name].myRole +** Expect 201 ** +Created Role + +perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole +** Expect 201 ** +Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole] + +# 15_print +ns list name com.test.TC_Link_1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Link_1.@[THE_USER] + Administrators + XX@NS + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Link_1.@[THE_USER].admin + com.test.TC_Link_1.@[THE_USER].myRole + com.test.TC_Link_1.@[THE_USER].owner + Permissions + com.test.TC_Link_1.@[THE_USER].access * * + com.test.TC_Link_1.@[THE_USER].access * read + +ns list name com.test.TC_Link_2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Link_2.@[THE_USER] + Administrators + XX@NS + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Link_2.@[THE_USER].admin + com.test.TC_Link_2.@[THE_USER].owner + Permissions + com.test.TC_Link_2.@[THE_USER].access * * + com.test.TC_Link_2.@[THE_USER].access * read + com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction + +perm list role com.test.TC_Link_1.@[user.name].myRole +** Expect 200 ** + +List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction + + +role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction +** Expect 200 ** + +List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Link_1.@[THE_USER].myRole + com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction + +as XX@NS +force ns delete com.test.TC_Link_2.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test.TC_Link_1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + diff --git a/authz-test/TestSuite/expected/TC_NS1.expected b/authz-test/TestSuite/expected/TC_NS1.expected new file mode 100644 index 00000000..6c5a89ec --- /dev/null +++ b/authz-test/TestSuite/expected/TC_NS1.expected @@ -0,0 +1,327 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus@aaf.att.com boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_NS1.01.0.POS Expect Clean Namespace to start +ns list name com.test.TC_NS1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party +ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS +** Expect 403 ** +Failed [SVC3403]: Forbidden - testunused@aaf.att.com does not have permission to assume test status at AT&T + +# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin +ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS +** Expect 403 ** +Failed [SVC2403]: Forbidden - bogus@aaf.att.com is not a valid AAF Credential + +as testid@aaf.att.com +# TC_NS1.10.0.POS Check for Existing Data +ns list name com.test.TC_NS1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_NS1.10.40.POS Expect Namespace to be created +ns list name com.test.TC_NS1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NS1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS1.@[THE_USER].admin + com.test.TC_NS1.@[THE_USER].owner + Permissions + com.test.TC_NS1.@[THE_USER].access * * + com.test.TC_NS1.@[THE_USER].access * read + +# TC_NS1.10.41.POS Expect Namespace to be created +perm list role com.test.TC_NS1.@[user.name].admin +** Expect 200 ** + +List Perms by Role [com.test.TC_NS1.@[THE_USER].admin] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS1.@[THE_USER].access * * + + +# TC_NS1.10.42.POS Expect Namespace to be created +perm list role com.test.TC_NS1.@[user.name].owner +** Expect 200 ** + +List Perms by Role [com.test.TC_NS1.@[THE_USER].owner] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS1.@[THE_USER].access * read + + +# TC_NS1.10.43.POS Expect Namespace to be created +role list perm com.test.TC_NS1.@[user.name].access * * +** Expect 200 ** + +List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|* +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS1.@[THE_USER].admin + com.test.TC_NS1.@[THE_USER].access * * + +# TC_NS1.10.44.POS Expect Namespace to be created +role list perm com.test.TC_NS1.@[user.name].access * read +** Expect 200 ** + +List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|read +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS1.@[THE_USER].owner + com.test.TC_NS1.@[THE_USER].access * read + +# TC_NS1.11.1.NEG Create Namespace when exists +ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Target Namespace already exists + +# TC_NS1.20.1.NEG Too Few Args for Create 1 +ns create +** Expect -1 ** +Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)] + +# TC_NS1.20.2.NEG Too Few Args for Create 2 +ns create bogus +** Expect -1 ** +Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)] + +# TC_NS1.30.10.NEG Non-admins can't change description +as testunused@aaf.att.com +ns describe com.test.TC_NS1.@[user.name] Description for my Namespace +** Expect 403 ** +Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_NS1.@[THE_USER] + +# TC_NS1.30.11.NEG Namespace must exist to change description +as testid@aaf.att.com +ns describe com.test.TC_NS1.@[user.name].project1 Description for my project +** Expect 404 ** +Failed [SVC1404]: Not Found - Namespace [com.test.TC_NS1.@[THE_USER].project1] does not exist + +# TC_NS1.30.12.POS Admin can change description +ns describe com.test.TC_NS1.@[user.name] Description for my Namespace +** Expect 200 ** +Description added to Namespace + +# TC_NS1.50.1.NEG Adding a Bogus ID +ns admin add com.test.TC_NS1.@[user.name] bogus +** Expect 403 ** +Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID + +# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain +ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com +** Expect 403 ** +Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID + +# TC_NS1.50.3.NEG Adding an OK ID, bad domain +ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com +** Expect 403 ** +Failed [SVC2403]: Forbidden - xz9914@bogus.test.com is not a valid AAF Credential + +# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin +ns admin del com.test.TC_NS1.@[user.name] XX@NS +** Expect 404 ** +Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin] + +sleep 0 +# TC_NS1.50.10.POS Adding an OK ID +ns admin add com.test.TC_NS1.@[user.name] XX@NS +** Expect 201 ** +Admin XX@NS added to com.test.TC_NS1.@[THE_USER] + +# TC_NS1.50.11.POS Deleting One of Two +ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com +** Expect 200 ** +Admin testid@aaf.att.com deleted from com.test.TC_NS1.@[THE_USER] + +# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin +ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com +** Expect 404 ** +Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].admin] + +# TC_NS1.50.13.POS Add ID back in +ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com +** Expect 201 ** +Admin testid@aaf.att.com added to com.test.TC_NS1.@[THE_USER] + +# TC_NS1.50.14.POS Deleting original +ns admin del com.test.TC_NS1.@[user.name] XX@NS +** Expect 200 ** +Admin XX@NS deleted from com.test.TC_NS1.@[THE_USER] + +# TC_NS1.50.15.NEG Can't remove twice +ns admin del com.test.TC_NS1.@[user.name] XX@NS +** Expect 404 ** +Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin] + +# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions +role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain +** Expect 403 ** +Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential + +# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions +user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin +** Expect 403 ** +Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential + +# TC_NS1.60.1.NEG Adding a Bogus ID +ns responsible add com.test.TC_NS1.@[user.name] bogus +** Expect 403 ** +Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential + +# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain +ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com +** Expect 403 ** +Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential + +# TC_NS1.60.3.NEG Adding an OK ID, bad domain +ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com +** Expect 403 ** +Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential + +# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent +ns responsible del com.test.TC_NS1.@[user.name] testid +** Expect 404 ** +Failed [SVC6404]: Not Found - UserRole [testid@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner] + +# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent +ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com +** Expect 404 ** +Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].owner] + +sleep 0 +# TC_NS1.60.10.POS Adding an OK ID +# Note: mw9749 used because we must have employee as responsible +ns responsible add com.test.TC_NS1.@[user.name] mw9749 +** Expect 201 ** +mw9749@csp.att.com is now responsible for com.test.TC_NS1.@[THE_USER] + +# TC_NS1.60.11.POS Deleting One of Two +ns responsible del com.test.TC_NS1.@[user.name] mw9749 +** Expect 200 ** +mw9749@csp.att.com is no longer responsible for com.test.TC_NS1.@[THE_USER] + +# TC_NS1.60.12.NEG mw9749 no longer Admin +ns responsible del com.test.TC_NS1.@[user.name] mw9749 +** Expect 404 ** +Failed [SVC6404]: Not Found - UserRole [mw9749@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner] + +# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions +role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain +** Expect 403 ** +Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential + +# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions +user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner +** Expect 403 ** +Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential + +sleep 0 +# TC_NS1.80.1.POS List Data on Empty NS +as testid@aaf.att.com +ns list name com.test.TC_NS1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NS1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS1.@[THE_USER].admin + com.test.TC_NS1.@[THE_USER].owner + Permissions + com.test.TC_NS1.@[THE_USER].access * * + com.test.TC_NS1.@[THE_USER].access * read + +# TC_NS1.80.2.POS Add Roles to NS for Listing +role create com.test.TC_NS1.@[user.name].r.A +** Expect 201 ** +Created Role + +role create com.test.TC_NS1.@[user.name].r.B +** Expect 201 ** +Created Role + +# TC_NS1.80.3.POS List Data on non-Empty NS +ns list name com.test.TC_NS1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NS1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS1.@[THE_USER].admin + com.test.TC_NS1.@[THE_USER].owner + com.test.TC_NS1.@[THE_USER].r.A + com.test.TC_NS1.@[THE_USER].r.B + Permissions + com.test.TC_NS1.@[THE_USER].access * * + com.test.TC_NS1.@[THE_USER].access * read + +# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace +as testunused@aaf.att.com +ns delete com.test.TC_NS1.@[user.name] +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write in NS [com.test.TC_NS1.@[THE_USER]] + +sleep 0 +as testid@aaf.att.com +# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles +role delete com.test.TC_NS1.@[user.name].r.A +** Expect 200,404 ** +Deleted Role + +role delete com.test.TC_NS1.@[user.name].r.B +** Expect 200,404 ** +Deleted Role + +# TC_NS1.99.2.POS Namespace Admin can delete Namespace +ns delete com.test.TC_NS1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +sleep 0 +# TC_NS1.99.99.POS Check Clean Namespace +ns list name com.test.TC_NS1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_NS2.expected b/authz-test/TestSuite/expected/TC_NS2.expected new file mode 100644 index 00000000..f8de4564 --- /dev/null +++ b/authz-test/TestSuite/expected/TC_NS2.expected @@ -0,0 +1,389 @@ +set XX@NS <pass> +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus@aaf.att.com boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_NS2.10.0.POS Check for Existing Data +ns list name com.test.TC_NS2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_NS2.10.10.POS Create role to assign mechid perm to +role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com +** Expect 201 ** +Created Role +Added User [testid@aaf.att.com] to Role [com.test.TC_NS2.@[THE_USER].cred_admin] + +as XX@NS +# TC_NS2.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NS2.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +ns list name com.test.TC_NS2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS2.@[THE_USER].admin + com.test.TC_NS2.@[THE_USER].cred_admin + com.test.TC_NS2.@[THE_USER].owner + Permissions + com.test.TC_NS2.@[THE_USER].access * * + com.test.TC_NS2.@[THE_USER].access * read + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +perm list role com.test.TC_NS2.@[user.name].admin +** Expect 200 ** + +List Perms by Role [com.test.TC_NS2.@[THE_USER].admin] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].access * * + + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +perm list role com.test.TC_NS2.@[user.name].owner +** Expect 200 ** + +List Perms by Role [com.test.TC_NS2.@[THE_USER].owner] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].access * read + + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +role list perm com.test.TC_NS2.@[user.name].access * * +** Expect 200 ** + +List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|* +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].admin + com.test.TC_NS2.@[THE_USER].access * * + +as testid@aaf.att.com +# TC_NS2.10.70.POS Expect Namespace to be created +role list perm com.test.TC_NS2.@[user.name].access * read +** Expect 200 ** + +List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|read +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].owner + com.test.TC_NS2.@[THE_USER].access * read + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +ns list name com.test.TC_NS2.@[user.name].project +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project + Administrators + testunused@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS2.@[THE_USER].project.admin + com.test.TC_NS2.@[THE_USER].project.owner + Permissions + com.test.TC_NS2.@[THE_USER].project.access * * + com.test.TC_NS2.@[THE_USER].project.access * read + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +perm list role com.test.TC_NS2.@[user.name].project.admin +** Expect 200 ** + +List Perms by Role [com.test.TC_NS2.@[THE_USER].project.admin] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project.access * * + + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +perm list role com.test.TC_NS2.@[user.name].project.owner +** Expect 200 ** + +List Perms by Role [com.test.TC_NS2.@[THE_USER].project.owner] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project.access * read + + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +role list perm com.test.TC_NS2.@[user.name].project.access * * +** Expect 200 ** + +List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|* +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project.admin + com.test.TC_NS2.@[THE_USER].project.access * * + +as testid@aaf.att.com +# TC_NS2.10.80.POS Expect Namespace to be created +role list perm com.test.TC_NS2.@[user.name].project.access * read +** Expect 200 ** + +List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|read +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project.owner + com.test.TC_NS2.@[THE_USER].project.access * read + +as testid@aaf.att.com +# TC_NS2.20.1.POS Create roles +role create com.test.TC_NS2.@[user.name].watcher +** Expect 201 ** +Created Role + +role create com.test.TC_NS2.@[user.name].myRole +** Expect 201 ** +Created Role + +# TC_NS2.20.2.POS Create permissions +perm create com.test.TC_NS2.@[user.name].myType myInstance myAction +** Expect 201 ** +Created Permission + +perm create com.test.TC_NS2.@[user.name].myType * * +** Expect 201 ** +Created Permission + +# TC_NS2.20.3.POS Create mechid +user cred add m99990@@[user.name].TC_NS2.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_NS2.test.com] + +as XX@NS +# TC_NS2.20.10.POS Grant view perms to watcher role +perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.ns|:com.test.TC_NS2.@[THE_USER]:ns|read] to Role [com.test.TC_NS2.@[THE_USER].watcher] + +as testunused@aaf.att.com +# TC_NS2.40.1.NEG Non-admin, not granted user should not view +ns list name com.test.TC_NS2.@[user.name] +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_NS2.@[THE_USER]] + +as testid@aaf.att.com +# Tens test user granted to permission +# TC_NS2.40.10.POS Add user to watcher role +user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher +** Expect 201 ** +Added Role [com.test.TC_NS2.@[THE_USER].watcher] to User [testunused@aaf.att.com] + +as testunused@aaf.att.com +# TC_NS2.40.11.POS Non-admin, granted user should view +ns list name com.test.TC_NS2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS2.@[THE_USER].admin + com.test.TC_NS2.@[THE_USER].cred_admin + com.test.TC_NS2.@[THE_USER].myRole + com.test.TC_NS2.@[THE_USER].owner + com.test.TC_NS2.@[THE_USER].watcher + Permissions + com.test.TC_NS2.@[THE_USER].access * * + com.test.TC_NS2.@[THE_USER].access * read + com.test.TC_NS2.@[THE_USER].myType * * + com.test.TC_NS2.@[THE_USER].myType myInstance myAction + Credentials + m99990@@[THE_USER].TC_NS2.test.com + +as testid@aaf.att.com +# TC_NS2.40.19.POS Remove user from watcher role +user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher +** Expect 200 ** +Removed Role [com.test.TC_NS2.@[THE_USER].watcher] from User [testunused@aaf.att.com] + +# Thirties test admin user +# TC_NS2.40.20.POS Admin should be able to view +ns list name com.test.TC_NS2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS2.@[THE_USER].admin + com.test.TC_NS2.@[THE_USER].cred_admin + com.test.TC_NS2.@[THE_USER].myRole + com.test.TC_NS2.@[THE_USER].owner + com.test.TC_NS2.@[THE_USER].watcher + Permissions + com.test.TC_NS2.@[THE_USER].access * * + com.test.TC_NS2.@[THE_USER].access * read + com.test.TC_NS2.@[THE_USER].myType * * + com.test.TC_NS2.@[THE_USER].myType myInstance myAction + Credentials + m99990@@[THE_USER].TC_NS2.test.com + +# TC_NS2.40.21.POS Admin of parent NS should be able to view +ns list name com.test.TC_NS2.@[user.name].project +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project + Administrators + testunused@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NS2.@[THE_USER].project.admin + com.test.TC_NS2.@[THE_USER].project.owner + Permissions + com.test.TC_NS2.@[THE_USER].project.access * * + com.test.TC_NS2.@[THE_USER].project.access * read + +# TC_NS2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +ns list admin testunused@aaf.att.com +** Expect 200 ** + +List Namespaces with admin privileges for [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project + +# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +ns list admin testunused@aaf.att.com +** Expect 200 ** + +List Namespaces with admin privileges for [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project + +# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace +as XX@NS +ns list admin testunused@aaf.att.com +** Expect 200 ** + +List Namespaces with admin privileges for [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +com.test.TC_NS2.@[THE_USER].project + +# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace +as testunused@aaf.att.com +ns list admin XX@NS +** Expect 200 ** + +List Namespaces with admin privileges for [XX@NS] +-------------------------------------------------------------------------------- +com +com.att +com.att.aaf +com.test + +as testid@aaf.att.com +# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms +role delete com.test.TC_NS2.@[user.name].myRole +** Expect 200,404 ** +Deleted Role + +role delete com.test.TC_NS2.@[user.name].watcher +** Expect 200,404 ** +Deleted Role + +perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction +** Expect 200,404 ** +Deleted Permission + +perm delete com.test.TC_NS2.@[user.name].myType * * +** Expect 200,404 ** +Deleted Permission + +user cred del m99990@@[user.name].TC_NS2.test.com +** Expect 200,404 ** +Deleted Credential [m99990@@[THE_USER].TC_NS2.test.com] + +as XX@NS +force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read +** Expect 200,404 ** +Deleted Permission + +# TC_NS2.99.15.POS Remove ability to create creds +perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NS2.@[THE_USER].cred_admin] + +as testid@aaf.att.com +force role delete com.test.TC_NS2.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +# TC_NS2.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_NS2.@[user.name].project +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test.TC_NS2.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +sleep 0 +# TC_NS2.99.99.POS Check Clean Namespace +ns list name com.test.TC_NS2.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_NS3.expected b/authz-test/TestSuite/expected/TC_NS3.expected new file mode 100644 index 00000000..8ac3afcf --- /dev/null +++ b/authz-test/TestSuite/expected/TC_NS3.expected @@ -0,0 +1,192 @@ +set XX@NS <pass> +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set testid_1@test.com <pass> +set testid_2@test.com <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as XX@NS +ns list name com.test.TC_NS3.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS3.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_NS3.10.1.POS Create Namespace with User ID +ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com +** Expect 201 ** +Created Namespace + +as testid_1@test.com +# TC_NS3.20.0.NEG Too short +ns attrib +** Expect -1 ** +Too few args: attrib <add|upd|del> <ns> <key> [value] + +# TC_NS3.20.1.NEG Wrong command +ns attrib xyz +** Expect -1 ** +Too few args: attrib <add|upd|del> <ns> <key> [value] + +# TC_NS3.20.2.NEG Too Short after Command +ns attrib add +** Expect -1 ** +Too few args: attrib <add|upd|del> <ns> <key> [value] + +# TC_NS3.20.3.NEG Too Short after Namespace +ns attrib add com.test.TC_NS3.@[user.name] +** Expect -1 ** +Too few args: attrib <add|upd|del> <ns> <key> [value] + +# TC_NS3.20.4.NEG Too Short after Key +ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm +** Expect -1 ** +Not added: Need more Data + +# TC_NS3.20.5.NEG No Permission +ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 +** Expect 403 ** +Failed [SVC1403]: Forbidden - testid_1@test.com may not create NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm] + +# TC_NS3.20.6.POS Create Permission to write Attrib +as XX@NS +perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin] + +# TC_NS3.20.6.POS Create Permission +perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.attrib|:com.att.*:*|read] to Role [com.test.TC_NS3.@[THE_USER]_1.admin] + +# TC_NS3.20.10.POS Attribute added +as testid_1@test.com +ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 +** Expect 201 ** +Add Attrib TC_NS3_swm=v1 to com.test.TC_NS3.@[THE_USER]_1 + +# TC_NS3.20.30.POS List NS by Attrib +ns list keys TC_NS3_swm +** Expect 200 ** + +List Namespace Names by Attribute +-------------------------------------------------------------------------------- + com.test.TC_NS3.@[THE_USER]_1 + +# TC_NS3.20.40.POS List NS (shows Attrib) +ns list name com.test.TC_NS3.@[user.name]_1 +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1] +-------------------------------------------------------------------------------- +com.test.TC_NS3.@[THE_USER]_1 + Administrators + testid_1@test.com + Responsible Parties + @[THE_USER]@csp.att.com + Namespace Attributes + TC_NS3_swm=v1 + Roles + com.test.TC_NS3.@[THE_USER]_1.admin + com.test.TC_NS3.@[THE_USER]_1.owner + Permissions + com.test.TC_NS3.@[THE_USER]_1.access * * + com.test.TC_NS3.@[THE_USER]_1.access * read + +# TC_NS3.20.42.POS Change Attrib +ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1 +** Expect 200 ** +Update Attrib TC_NS3_swm=Version1 for com.test.TC_NS3.@[THE_USER]_1 + +# TC_NS3.20.49.POS List NS (shows new Attrib) +ns list name com.test.TC_NS3.@[user.name]_1 +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1] +-------------------------------------------------------------------------------- +com.test.TC_NS3.@[THE_USER]_1 + Administrators + testid_1@test.com + Responsible Parties + @[THE_USER]@csp.att.com + Namespace Attributes + TC_NS3_swm=Version1 + Roles + com.test.TC_NS3.@[THE_USER]_1.admin + com.test.TC_NS3.@[THE_USER]_1.owner + Permissions + com.test.TC_NS3.@[THE_USER]_1.access * * + com.test.TC_NS3.@[THE_USER]_1.access * read + +# TC_NS3.20.80.POS Remove write Permission +perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin +** Expect 200 ** +UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin] + +# TC_NS3.20.83.POS Remove read Permission +perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin +** Expect 200 ** +UnGranted Permission [com.att.aaf.attrib|:com.att.*:*|read] from Role [com.test.TC_NS3.@[THE_USER]_1.admin] + +as testid_1@test.com +# TC_NS3.50.2.NEG Too Short after Command +ns attrib del +** Expect -1 ** +Too few args: attrib <add|upd|del> <ns> <key> [value] + +# TC_NS3.50.3.NEG Too Short after Namespace +ns attrib del com.test.TC_NS3.@[user.name] +** Expect -1 ** +Too few args: attrib <add|upd|del> <ns> <key> [value] + +# TC_NS3.50.5.NEG No Permission +ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm +** Expect 403 ** +Failed [SVC1403]: Forbidden - testid_1@test.com may not delete NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm] + +# TC_NS3.50.6.POS Create Permission +as XX@NS +perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin +** Expect 201 ** +Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin] + +# TC_NS3.50.7.POS Attribute added +as testid_1@test.com +ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm +** Expect 200 ** +Attrib TC_NS3_swm deleted from com.test.TC_NS3.@[THE_USER]_1 + +# TC_NS3.50.8.POS Remove Permission +as XX@NS +perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin +** Expect 200 ** +UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin] + +as testid_1@test.com +# TC_NS3.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_NS3.@[user.name]_1 +** Expect 200,404 ** +Deleted Namespace + +# TC_NS3.99.3.POS Print Namespaces +ns list name com.test.TC_NS3.@[user.name]_1 +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_NS3.99.10.POS Remove Special Permissions +as XX@NS +force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.attrib :com.att.*:* read +** Expect 200,404 ** +Deleted Permission + diff --git a/authz-test/TestSuite/expected/TC_NSdelete1.expected b/authz-test/TestSuite/expected/TC_NSdelete1.expected new file mode 100644 index 00000000..29732c5d --- /dev/null +++ b/authz-test/TestSuite/expected/TC_NSdelete1.expected @@ -0,0 +1,362 @@ +set XX@NS <pass> +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus@aaf.att.com boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_NSdelete1.10.0.POS Check for Existing Data +ns list name com.test.TC_NSdelete1.@[user.name].app +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.force.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.force.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +as XX@NS +# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties +ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +ns create com.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_NSdelete1.10.2.POS Expect Namespace to be created +ns list name com.test.TC_NSdelete1.@[user.name].app +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app] +-------------------------------------------------------------------------------- +com.test.TC_NSdelete1.@[THE_USER].app + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NSdelete1.@[THE_USER].app.admin + com.test.TC_NSdelete1.@[THE_USER].app.owner + Permissions + com.test.TC_NSdelete1.@[THE_USER].app.access * * + com.test.TC_NSdelete1.@[THE_USER].app.access * read + +ns list name com.test.TC_NSdelete1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NSdelete1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NSdelete1.@[THE_USER].admin + com.test.TC_NSdelete1.@[THE_USER].owner + Permissions + com.test.TC_NSdelete1.@[THE_USER].access * * + com.test.TC_NSdelete1.@[THE_USER].access * read + +ns list name com.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.@[THE_USER]] +-------------------------------------------------------------------------------- +com.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.@[THE_USER].admin + com.@[THE_USER].owner + Permissions + com.@[THE_USER].access * * + com.@[THE_USER].access * read + +ns list name com.test.force.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.force.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.force.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.force.@[THE_USER].admin + com.test.force.@[THE_USER].owner + Permissions + com.test.force.@[THE_USER].access * * + com.test.force.@[THE_USER].access * read + +# TC_NSdelete1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_NSdelete1.@[user.name].cred_admin +** Expect 201 ** +Created Role + +# TC_NSdelete1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_NSdelete1.10.12.POS Assign user for creating creds +user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] + +as testid@aaf.att.com +# TC_NSdelete1.20.1.POS Create valid Role in my Namespace +role create com.test.TC_NSdelete1.@[user.name].app.r.A +** Expect 201 ** +Created Role + +# TC_NSdelete1.20.2.POS Create valid permission +perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_NSdelete1.20.3.POS Add credential to my namespace +user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123 +** Expect 201 ** +Added Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com] + +# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential +ns delete com.test.TC_NSdelete1.@[user.name].app +** Expect 424 ** +Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains users, permissions, roles. + Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. + +# TC_NSdelete1.20.11.POS Delete Credential +set force true +user cred del m99990@app.@[user.name].TC_NSdelete1.test.com +** Expect 200 ** +Deleted Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com] + +# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached +ns delete com.test.TC_NSdelete1.@[user.name].app +** Expect 424 ** +Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains permissions, roles. + Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. + +# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns +set force move +set force=move ns list name com.test.TC_NSdelete1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_NSdelete1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_NSdelete1.@[THE_USER].admin + com.test.TC_NSdelete1.@[THE_USER].cred_admin + com.test.TC_NSdelete1.@[THE_USER].owner + Permissions + com.test.TC_NSdelete1.@[THE_USER].access * * + com.test.TC_NSdelete1.@[THE_USER].access * read + +as testid@aaf.att.com +# TC_NSdelete1.30.1.POS Create valid Role in my Namespace +role create com.@[user.name].r.A +** Expect 201 ** +Created Role + +# TC_NSdelete1.30.2.NEG Delete Company with role attached +ns delete com.@[user.name] +** Expect 424 ** +Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains roles. + Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. + +# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles +role delete com.@[user.name].r.A +** Expect 200 ** +Deleted Role + +# TC_NSdelete1.30.10.POS Create valid permission +perm create com.@[user.name].p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_NSdelete1.30.11.NEG Delete Company with permission attached +ns delete com.@[user.name] +** Expect 424 ** +Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains permissions. + Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. + +# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms +perm delete com.@[user.name].p.A myInstance myAction +** Expect 200 ** +Deleted Permission + +# TC_NSdelete1.30.20.POS Create valid Credential in my namespace +user cred add m99990@@[user.name].com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].com] + +# TC_NSdelete1.30.21.NEG Delete Company with credential attached +ns delete com.@[user.name] +** Expect 424 ** +Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains users. + Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. + +# TC_NSdelete1.30.22.POS Namespace admin can remove Cred +set force true +user cred del m99990@@[user.name].com +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].com] + +# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached +ns delete com.@[user.name] +** Expect 200 ** +Deleted Namespace + +# TC_NSdelete1.40.1.POS Create valid Role in my Namespace +role create com.test.force.@[user.name].r.A +** Expect 201 ** +Created Role + +# TC_NSdelete1.40.2.POS Create valid permission in my Namespace +perm create com.test.force.@[user.name].p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_NSdelete1.40.3.POS Add credential to my namespace +user cred add m99990@@[user.name].force.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].force.test.com] + +# TC_NSdelete1.40.10.POS Delete Program in my Namespace +set force true +set force=true ns delete com.test.force.@[user.name] +** Expect 200 ** +Deleted Namespace + +sleep 0 +# TC_NSdelete1.40.20.NEG Role and permission should not exist +ns list name com.test.force.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.force.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_NSdelete1.40.22.NEG Credential should not exist +set force true +user cred del m99990@@[user.name].force.test.com +** Expect 404 ** +Failed [SVC5404]: Not Found - Credential does not exist + +as testid@aaf.att.com +# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles +role delete com.test.TC_NSdelete1.@[user.name].app.r.A +** Expect 200,404 ** +Deleted Role + +# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles +perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction +** Expect 200,404 ** +Deleted Permission + +# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials +set force true +set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com +** Expect 200,404 ** +Failed [SVC5404]: Not Found - Credential does not exist + +# TC_NSdelete1.99.10.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin +** Expect 200,404 ** +Removed Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +set force true +set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +# TC_NSdelete1.99.97.POS Clean Namespace +set force true +set force=true ns delete com.test.TC_NSdelete1.@[user.name].app +** Expect 200,404 ** +Deleted Namespace + +set force true +set force=true ns delete com.test.TC_NSdelete1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +set force true +set force=true ns delete com.test.force.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.force.@[THE_USER] does not exist + +# TC_NSdelete1.99.98.POS Check Clean Namespace +ns list name com.test.TC_NSdelete1.@[user.name].app +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_NSdelete1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.force.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.force.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_NSdelete1.99.99.POS Clean and check Company Namespace +as XX@NS +set force true +set force=true ns delete com.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.@[THE_USER] does not exist + +ns list name com.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_PW1.expected b/authz-test/TestSuite/expected/TC_PW1.expected new file mode 100644 index 00000000..b167edbb --- /dev/null +++ b/authz-test/TestSuite/expected/TC_PW1.expected @@ -0,0 +1,170 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set XX@NS <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_PW1.10.0.POS Validate no NS +ns list name com.test.TC_PW1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_PW1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_PW1.10.1.POS Create Namespace to add IDs +ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_PW1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_PW1.@[user.name].cred_admin +** Expect 201 ** +Created Role + +as XX@NS +# TC_PW1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_PW1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_PW1.10.12.POS Assign user for creating creds +user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_PW1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] + +# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length +user cred add m12345@TC_PW1.test.com 12 +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010), +Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) + +# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length +user cred add m12345@TC_PW1.test.com 1 +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010), +Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) + +# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length +user cred add m12345@TC_PW1.test.com 1234567 +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010), +Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) + +# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +user cred add m12345@@[user.name].TC_PW1.test.com 12345678 +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) + +# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) + +# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*" +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) + +# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*" +** Expect 201 ** +Added Credential [m12345@@[THE_USER].TC_PW1.test.com] + +sleep 0 +user cred del m12345@@[user.name].TC_PW1.test.com +** Expect 200 ** +Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] + +# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*" +** Expect 201 ** +Added Credential [m12345@@[THE_USER].TC_PW1.test.com] + +sleep 0 +user cred del m12345@@[user.name].TC_PW1.test.com +** Expect 200 ** +Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] + +# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special +user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" +** Expect 201 ** +Added Credential [m12345@@[THE_USER].TC_PW1.test.com] + +sleep 0 +user cred del m12345@@[user.name].TC_PW1.test.com +** Expect 200 ** +Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] + +# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID +user cred add m12345@@[user.name].TC_PW1.test.com m12345 +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010) + +# TC_PW1.23.1.NEG Too Few Args for User Cred 1 +user cred +** Expect -1 ** +Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)] + +# TC_PW1.23.2.NEG Too Few Args for User Cred add +user cred add +** Expect -1 ** +Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)] + +# TC_PW1.30.1.POS Create a Credential, with Temporary Time +user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" +** Expect 201 ** +Added Credential [m12345@@[THE_USER].TC_PW1.test.com] + +# TC_PW1.30.3.NEG Credential Exists +user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf" +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Credential with same Expiration Date exists, use 'reset' + +# TC_PW1.30.8.POS Reset this Password +user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1 +** Expect 200 ** +Reset Credential [m12345@@[THE_USER].TC_PW1.test.com] + +# TC_PW1.30.9.POS Delete a Credential +user cred del m12345@@[user.name].TC_PW1.test.com 1 +** Expect 200 ** +Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] + +as testid@aaf.att.com +# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com +set force true +user cred del m12345@@[user.name].TC_PW1.test.com +** Expect 200,404 ** +Failed [SVC5404]: Not Found - Credential does not exist + +# TC_PW1.99.2.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin +** Expect 200,404 ** +Removed Role [com.test.TC_PW1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_PW1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +role delete com.test.TC_PW1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1 +ns delete com.test.TC_PW1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_PW1.99.99.POS Verify Cleaned NS +ns list name com.test.TC_PW1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_PW1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Perm1.expected b/authz-test/TestSuite/expected/TC_Perm1.expected new file mode 100644 index 00000000..d099990c --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Perm1.expected @@ -0,0 +1,963 @@ +set testid <pass> +set testid@aaf.att.com <pass> +set XX@NS <pass> +set testunused <pass> +set bogus boguspass +#delay 10 +set NFR 0 +# TC_Perm1.10.0.POS Validate Namespace is empty first +as testid@aaf.att.com +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Perm1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_Perm1.@[user.name].cred_admin +** Expect 201 ** +Created Role + +as XX@NS +# TC_Perm1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_Perm1.10.12.POS Assign user for creating creds +user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS] + +# TC_Perm1.20.1.POS List Data on non-Empty NS +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + +# TC_Perm1.20.2.POS Add Perm +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm1.20.3.NEG Already Added Perm +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists. + +# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well +force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B +** Expect 201 ** +Created Role [com.test.TC_Perm1.@[THE_USER].r.A] +Created Role [com.test.TC_Perm1.@[THE_USER].r.B] +Created Permission +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B] + +# TC_Perm1.20.8.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well +perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists. + +# TC_Perm1.20.10.NEG Non-admins can't change description +as testunused +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A +** Expect 403 ** +Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] + +# TC_Perm1.20.11.NEG Permission must exist to change description +as testid +perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C +** Expect 404 ** +Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist + +# TC_Perm1.20.12.POS Admin can change description +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A +** Expect 200 ** +Description added to Permission + +# TC_Perm1.22.1.NEG Try to rename permission without changing anything +perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission + +# TC_Perm1.22.2.NEG Try to rename parent ns +perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.22.10.POS View permission in original state +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.22.11.POS Rename permission instance +perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.12.POS Verify change in permission instance +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction + +# TC_Perm1.22.13.POS Rename permission action +perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.14.POS Verify change in permission action +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction + +# TC_Perm1.22.15.POS Rename permission type +perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.16.POS Verify change in permission type +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction + +# TC_Perm1.22.20.POS See permission is attached to this role +role list role com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** + +List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction + +# TC_Perm1.22.21.POS Rename permission type, instance and action +perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.22.POS See permission stays attached after rename +role list role com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** + +List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.22.23.POS Verify permission is back to original state +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.25.1.POS Create another Role in This namespace +role create com.test.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Created Role + +# TC_Perm1.25.2.POS Create another Perm in This namespace +perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm1.25.3.NEG Permission must Exist to Add to Role +perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist + +# TC_Perm1.25.4.POS Grant individual new Perm to new Role +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.25.5.NEG Already Granted Perm +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.25.6.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 200 ** +UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.25.11.NEG Already UnGranted Perm +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role + +# TC_Perm1.25.20.POS Reset roles attached to permision with setTo +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** +Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] + +# TC_Perm1.25.21.POS Owner of permission can reset roles +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200 ** +Set Permission's Roles to [] + +# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not +as XX@NS +ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS +** Expect 201 ** +Created Namespace + +ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS +** Expect 201 ** +Created Namespace + +# TC_Perm1.26.2.POS Create ID in other Namespace +user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com] + +# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid +role create com.test2.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Created Role + +role create com.test2.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Created Role + +# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID +as m99990@@[THE_USER].TC_Perm1.test2.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID +as m99990@@[THE_USER].TC_Perm1.test2.com +set request true +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company +as testid@aaf.att.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company +as testid@aaf.att.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist + +# TC_Perm1.26.14.POS Create Role +as testid@aaf.att.com +role create com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Created Role + +# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.16.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +# TC_Perm1.26.17.POS Grant individual new Perm to new Role +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.26.18.NEG Already Granted Perm +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID +as m99990@@[THE_USER].TC_Perm1.test2.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID +set request true +as m99990@@[THE_USER].TC_Perm1.test2.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID +set request true +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.30.POS Add ID to Role +as XX@NS +ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com +** Expect 201 ** +Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER] + +as m99990@@[THE_USER].TC_Perm1.test2.com +sleep 0 +# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner +set request true +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace +as testid@aaf.att.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.34.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +as XX@NS +# TC_Perm1.26.35.POS Print Info for Validation +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test2.TC_Perm1.@[THE_USER] + Administrators + XX@NS + m99990@@[THE_USER].TC_Perm1.test2.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test2.TC_Perm1.@[THE_USER].admin + com.test2.TC_Perm1.@[THE_USER].owner + com.test2.TC_Perm1.@[THE_USER].r.C + Permissions + com.test2.TC_Perm1.@[THE_USER].access * * + com.test2.TC_Perm1.@[THE_USER].access * read + Credentials + m99990@@[THE_USER].TC_Perm1.test2.com + +as testid@aaf.att.com +# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role +as testid@aaf.att.com +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.37.NEG Already UnGranted Perm +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role + +# TC_Perm1.26.40.POS Reset roles attached to permision with setTo +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** +Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] + +# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles +as m99990@@[THE_USER].TC_Perm1.test2.com +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.43.NEG Non-owner of permission cannot delete +perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.45.POS Owner of permission can reset roles +as testid@aaf.att.com +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200 ** +Set Permission's Roles to [] + +as XX@NS +# TC_Perm1.26.97.POS List the Namespaces +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test2.TC_Perm1.@[THE_USER] + Administrators + XX@NS + m99990@@[THE_USER].TC_Perm1.test2.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test2.TC_Perm1.@[THE_USER].admin + com.test2.TC_Perm1.@[THE_USER].owner + com.test2.TC_Perm1.@[THE_USER].r.C + Permissions + com.test2.TC_Perm1.@[THE_USER].access * * + com.test2.TC_Perm1.@[THE_USER].access * read + Credentials + m99990@@[THE_USER].TC_Perm1.test2.com + +as testid@aaf.att.com +# TC_Perm1.26.98.POS Cleanup +role delete com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.B +** Expect 200 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.C +** Expect 200 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +Deleted Role + +as XX@NS +role delete com.test2.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +Deleted Role + +role delete com.test2.TC_Perm1.@[user.name].r.C +** Expect 200 ** +Deleted Role + +as testid@aaf.att.com +perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 200 ** +Deleted Permission + +perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 200 ** +Deleted Permission + +perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200 ** +Deleted Permission + +force ns delete com.test.TC_Perm1.@[user.name]_2 +** Expect 200 ** +Deleted Namespace + +as XX@NS +set force true +set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com] + +ns delete com.test2.TC_Perm1.@[user.name] +** Expect 200 ** +Deleted Namespace + +# TC_Perm1.26.99.POS List the Now Empty Namespaces +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Perm1.27.1.POS Create Permission +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm1.27.2.POS Create Role +role create com.test.TC_Perm1.@[user.name].r.A +** Expect 201 ** +Created Role + +# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force +perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown +** Expect 404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist + +# TC_Perm1.27.11.POS Role is created with force +force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown +** Expect 201 ** +Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown] +Created Permission +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown] + +# TC_Perm1.27.12.NEG Perm must Exist to Grant without force +perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist + +# TC_Perm1.27.13.POS Perm is created with force +force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] + +# TC_Perm1.27.14.POS Role and perm are created with force +force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 +** Expect 201 ** +Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] +Created Permission +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] + +# TC_Perm1.30.1.POS List Data on non-Empty NS +as testid +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.unknown + com.test.TC_Perm1.@[THE_USER].r.unknown2 + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction + +# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist +ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Perm1.30.3.POS List Data on NS with sub-roles +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction + +ns list name com.test.TC_Perm1.@[user.name].r +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER].r + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.admin + com.test.TC_Perm1.@[THE_USER].r.owner + com.test.TC_Perm1.@[THE_USER].r.unknown + com.test.TC_Perm1.@[THE_USER].r.unknown2 + Permissions + com.test.TC_Perm1.@[THE_USER].r.access * * + com.test.TC_Perm1.@[THE_USER].r.access * read + +as XX@NS +# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 200,404 ** +Deleted Permission + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction +** Expect 200,404 ** +Deleted Permission + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction +** Expect 200,404 ** +Deleted Permission + +role delete com.test.TC_Perm1.@[user.name].r.A +** Expect 200,404 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.B +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist + +role delete com.test.TC_Perm1.@[user.name].r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist + +role delete com.test.TC_Perm1.@[user.name].r.unknown +** Expect 200,404 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.unknown2 +** Expect 200,404 ** +Deleted Role + +role delete com.test2.TC_Perm1.@[user.name].r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist + +role delete com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist + +role delete com.test2.TC_Perm1.@[user.name]_2.r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist + +# TC_Perm1.99.2.POS Remove ability to create creds +user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin +** Expect 200,404 ** +Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +role delete com.test.TC_Perm1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +sleep 0 +as XX@NS +# TC_Perm1.99.98.POS Namespace Admin can delete Namespace +set force true +set force=true ns delete com.test2.TC_Perm1.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist + +as testid +force ns delete com.test.TC_Perm1.@[user.name].r +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test.TC_Perm1.@[user.name]_2 +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist + +force ns delete com.test.TC_Perm1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test2.TC_Perm1.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist + +# TC_Perm1.99.99.POS List to prove removed +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Perm1.@[user.name].r +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Perm1.@[user.name]_2 +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Perm2.expected b/authz-test/TestSuite/expected/TC_Perm2.expected new file mode 100644 index 00000000..dadff03b --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Perm2.expected @@ -0,0 +1,554 @@ +set XX@NS <pass> +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Perm2.10.0.POS Print NS to prove ok +ns list name com.test.TC_Perm2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +as testid@aaf.att.com +# TC_Perm2.20.1.POS List Data on non-Empty NS +ns list name com.test.TC_Perm2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm2.@[THE_USER].admin + com.test.TC_Perm2.@[THE_USER].owner + Permissions + com.test.TC_Perm2.@[THE_USER].access * * + com.test.TC_Perm2.@[THE_USER].access * read + +# TC_Perm2.20.10.POS Add Perms with specific Instance and Action +perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm2.20.11.POS Add Perms with specific Instance and Star +perm create com.test.TC_Perm2.@[user.name].p.A myInstance * +** Expect 201 ** +Created Permission + +# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action +perm create com.test.TC_Perm2.@[user.name].p.A * * +** Expect 201 ** +Created Permission + +perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy +** Expect 201 ** +Created Permission + +# TC_Perm2.20.20.POS Create role +role create com.test.TC_Perm2.@[user.name].p.superUser +** Expect 201 ** +Created Role + +role create com.test.TC_Perm2.@[user.name].p.secret +** Expect 201 ** +Created Role + +# TC_Perm2.20.21.POS Grant sub-NS perms to role +perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser +** Expect 201 ** +Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser] + +perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser +** Expect 201 ** +Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser] + +perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser +** Expect 201 ** +Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser] + +perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret +** Expect 201 ** +Granted Permission [com.test.TC_Perm2.@[THE_USER].p.phoneCalls|*|spy] to Role [com.test.TC_Perm2.@[THE_USER].p.secret] + +# TC_Perm2.20.30.POS List Data on non-Empty NS +ns list name com.test.TC_Perm2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm2.@[THE_USER].admin + com.test.TC_Perm2.@[THE_USER].owner + com.test.TC_Perm2.@[THE_USER].p.secret + com.test.TC_Perm2.@[THE_USER].p.superUser + Permissions + com.test.TC_Perm2.@[THE_USER].access * * + com.test.TC_Perm2.@[THE_USER].access * read + com.test.TC_Perm2.@[THE_USER].p.A * * + com.test.TC_Perm2.@[THE_USER].p.A myInstance * + com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy + +# TC_Perm2.20.40.POS Create role +role create com.test.TC_Perm2.@[user.name].p.watcher +** Expect 201 ** +Created Role + +as XX@NS +# TC_Perm2.20.50.POS Grant view perms to watcher role +perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher] + +perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher] + +as testid@aaf.att.com +# TC_Perm2.30.1.POS List Data on non-Empty NS +ns list name com.test.TC_Perm2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm2.@[THE_USER].admin + com.test.TC_Perm2.@[THE_USER].owner + com.test.TC_Perm2.@[THE_USER].p.secret + com.test.TC_Perm2.@[THE_USER].p.superUser + com.test.TC_Perm2.@[THE_USER].p.watcher + Permissions + com.test.TC_Perm2.@[THE_USER].access * * + com.test.TC_Perm2.@[THE_USER].access * read + com.test.TC_Perm2.@[THE_USER].p.A * * + com.test.TC_Perm2.@[THE_USER].p.A myInstance * + com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy + +# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist +ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Perm2.30.3.POS List Data on NS with sub-roles +ns list name com.test.TC_Perm2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm2.@[THE_USER].admin + com.test.TC_Perm2.@[THE_USER].owner + Permissions + com.test.TC_Perm2.@[THE_USER].access * * + com.test.TC_Perm2.@[THE_USER].access * read + +ns list name com.test.TC_Perm2.@[user.name].p +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p] +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm2.@[THE_USER].p.admin + com.test.TC_Perm2.@[THE_USER].p.owner + com.test.TC_Perm2.@[THE_USER].p.secret + com.test.TC_Perm2.@[THE_USER].p.superUser + com.test.TC_Perm2.@[THE_USER].p.watcher + Permissions + com.test.TC_Perm2.@[THE_USER].p.A * * + com.test.TC_Perm2.@[THE_USER].p.A myInstance * + com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm2.@[THE_USER].p.access * * + com.test.TC_Perm2.@[THE_USER].p.access * read + com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy + +as testunused@aaf.att.com +# TC_Perm2.40.1.NEG Non-admin, not granted user should not view +perm list name com.test.TC_Perm2.@[user.name].p.A +** Expect 200 ** + +List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- + + +as testid@aaf.att.com +# Tens test user granted to permission +# TC_Perm2.40.10.POS Add user to superUser role +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +** Expect 201 ** +Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com] + +as testunused@aaf.att.com +# TC_Perm2.40.11.POS Non-admin, granted user should view +perm list name com.test.TC_Perm2.@[user.name].p.A +** Expect 200 ** + +List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.A * * +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +as testid@aaf.att.com +# TC_Perm2.40.12.POS Ungrant perm with wildcards +perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser +** Expect 200 ** +UnGranted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] from Role [com.test.TC_Perm2.@[THE_USER].p.superUser] + +as testunused@aaf.att.com +# TC_Perm2.40.13.POS Non-admin, granted user should view +perm list name com.test.TC_Perm2.@[user.name].p.A +** Expect 200 ** + +List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +as testid@aaf.att.com +# TC_Perm2.40.19.POS Remove user from superUser role +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +** Expect 200 ** +Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com] + +# Twenties test user granted explicit view permission +# TC_Perm2.40.20.POS Add user to watcher role +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +** Expect 201 ** +Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com] + +as testunused@aaf.att.com +# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view +perm list name com.test.TC_Perm2.@[user.name].p.A +** Expect 200 ** + +List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- + + +as XX@NS +# TC_Perm2.40.22.POS Ungrant perm with wildcards +perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher +** Expect 200 ** +UnGranted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] from Role [com.test.TC_Perm2.@[THE_USER].p.watcher] + +as testunused@aaf.att.com +# TC_Perm2.40.23.POS Non-admin, granted user should view +perm list name com.test.TC_Perm2.@[user.name].p.A +** Expect 200 ** + +List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- + + +as testid@aaf.att.com +# TC_Perm2.40.29.POS Remove user from watcher role +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +** Expect 200 ** +Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com] + +# Thirties test admin user +# TC_Perm2.40.30.POS Admin should be able to view +perm list name com.test.TC_Perm2.@[user.name].p.A +** Expect 200 ** + +List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.A * * +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +# TC_Perm2.40.31.POS Add new admin for sub-NS +ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com +** Expect 201 ** +Admin testunused@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p + +# TC_Perm2.40.32.POS Remove admin from sub-NS +ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com +** Expect 200 ** +Admin testid@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p + +# TC_Perm2.40.34.POS Admin of parent NS should be able to view +perm list name com.test.TC_Perm2.@[user.name].p.A +** Expect 200 ** + +List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.A * * +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +# TC_Perm2.40.80.POS Add new admin for sub-NS +ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com +** Expect 201 ** +Admin testid@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p + +# TC_Perm2.40.81.POS Remove admin from sub-NS +ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com +** Expect 200 ** +Admin testunused@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p + +# TC_Perm2.41.1.POS Add user to some roles with perms attached +as testid@aaf.att.com +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +** Expect 201 ** +Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com] + +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +** Expect 201 ** +Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com] + +user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret +** Expect 201 ** +Added Role [com.test.TC_Perm2.@[THE_USER].p.secret] to User [XX@NS] + +# TC_Perm2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +perm list user testunused@aaf.att.com +** Expect 200 ** + +List Permissions by User[testunused@aaf.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +perm list user testunused@aaf.att.com +** Expect 200 ** + +List Permissions by User[testunused@aaf.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace +as XX@NS +perm list user testunused@aaf.att.com +** Expect 200 ** + +List Permissions by User[testunused@aaf.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) +as testunused@aaf.att.com +perm list user XX@NS +** Expect 200 ** + +List Permissions by User[XX@NS] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- + + +# TC_Perm2.41.99.POS Remove users from roles for later test +as testid@aaf.att.com +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +** Expect 200 ** +Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com] + +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +** Expect 200 ** +Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com] + +user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret +** Expect 200 ** +Removed Role [com.test.TC_Perm2.@[THE_USER].p.secret] from User [XX@NS] + +# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS +as testid@aaf.att.com +perm list ns com.test.TC_Perm2.@[user.name].p +** Expect 200 ** + +List Perms by NS [com.test.TC_Perm2.@[THE_USER].p] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.A * * +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction +com.test.TC_Perm2.@[THE_USER].p.access * * +com.test.TC_Perm2.@[THE_USER].p.access * read +com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy + + +# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS +as testunused@aaf.att.com +perm list ns com.test.TC_Perm2.@[user.name].p +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Perm2.@[THE_USER].p] + +# TC_Perm2.43.10.POS List perms when allowed to see Role +as testid@aaf.att.com +perm list role com.test.TC_Perm2.@[user.name].p.superUser +** Expect 200 ** + +List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.superUser] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.A myInstance * +com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction + + +perm list role com.test.TC_Perm2.@[user.name].p.watcher +** Expect 200 ** + +List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.watcher] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- + + +perm list role com.test.TC_Perm2.@[user.name].p.secret +** Expect 200 ** + +List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.secret] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy + + +# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role +as testunused@aaf.att.com +perm list role com.test.TC_Perm2.@[user.name].p.superUser +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.superUser] + +perm list role com.test.TC_Perm2.@[user.name].p.watcher +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.watcher] + +perm list role com.test.TC_Perm2.@[user.name].p.secret +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.secret] + +as testid@aaf.att.com +# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles +force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance * +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Perm2.@[user.name].p.A * * +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy +** Expect 200,404 ** +Deleted Permission + +force role delete com.test.TC_Perm2.@[user.name].p.watcher +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Perm2.@[user.name].p.superUser +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Perm2.@[user.name].p.secret +** Expect 200,404 ** +Deleted Role + +as XX@NS +force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view +** Expect 200,404 ** +Deleted Permission + +# TC_Perm2.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Perm2.@[user.name].p +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test.TC_Perm2.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_Perm2.99.3.POS Print Namespaces +ns list name com.test.TC_Perm2.@[user.name].p +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Perm2.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Perm3.expected b/authz-test/TestSuite/expected/TC_Perm3.expected new file mode 100644 index 00000000..6cdf2297 --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Perm3.expected @@ -0,0 +1,136 @@ +set XX@NS <pass> +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set testid_1@test.com <pass> +set testid_2@test.com <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as XX@NS +# TC_Perm3.10.0.POS Print NS to prove ok +ns list name com.test.TC_Perm3.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Perm3.10.1.POS Create Namespace with User ID +ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com +** Expect 201 ** +Created Namespace + +# TC_Perm3.10.2.POS Create Namespace with Different ID +ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com +** Expect 201 ** +Created Namespace + +# TC_Perm3.10.3.POS Create Namespace in Different Company +ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com +** Expect 201 ** +Created Namespace + +as testid_1@test.com +# TC_Perm3.20.0.POS User1 Create a Perm +perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group +role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a] + +# TC_Perm3.20.6.POS User2 should be able to create Role in own group +as testid_2@test.com +role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a +** Expect 201 ** +Created Role + +# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] + +# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2 +as testid_2@test.com +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] + +# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1 +as testid_1@test.com +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a +** Expect 201 ** +Granted Permission [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] to Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a] + +# TC_Perm3.30.0.POS User1 Create a Perm +as testid_1@test.com +perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group +role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_b] + +# TC_Perm3.30.6.POS User2 should be able to create Role in own group +as testunused@aaf.att.com +role create com.att.TC_Perm3.@[user.name].dev.myRole_b +** Expect 201 ** +Created Role + +# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_b|myInstance|myAction] + +# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm +as testid_1@test.com +perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.att.TC_Perm3.@[THE_USER].dev.myRole_b] + +as testid_1@test.com +# TC_Perm3.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Perm3.@[user.name]_1 +** Expect 200,404 ** +Deleted Namespace + +# TC_Perm3.99.3.POS Print Namespaces +ns list name com.test.TC_Perm3.@[user.name]_1 +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_1] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +as testid_2@test.com +# TC_Perm3.99.4.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Perm3.@[user.name]_2 +** Expect 200,404 ** +Deleted Namespace + +# TC_Perm3.99.5.POS Print Namespaces +ns list name com.test.TC_Perm3.@[user.name]_2 +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_2] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +as testunused@aaf.att.com +# TC_Perm3.99.6.POS Remove Namespace from other company +force ns delete com.att.TC_Perm3.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_Perm3.99.7.POS Print Namespace from other company +ns list name com.att.TC_Perm3.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.att.TC_Perm3.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Realm1.expected b/authz-test/TestSuite/expected/TC_Realm1.expected new file mode 100644 index 00000000..67232e2a --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Realm1.expected @@ -0,0 +1,210 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set XX@NS <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Realm1.10.0.POS Validate no NS +ns list name com.test.TC_Realm1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Realm1.10.1.POS Create Namespace to add IDs +ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +as XX@NS +# TC_Realm1.10.10.POS Grant ability to change delegates +force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg +** Expect 201 ** +Created Role [com.test.TC_Realm1.@[THE_USER].change_delg] +Created Permission +Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.TC_Realm1.@[THE_USER].change_delg] + +# TC_Realm1.10.11.POS Create user role to change delegates +user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg +** Expect 201 ** +Added Role [com.test.TC_Realm1.@[THE_USER].change_delg] to User [testid@aaf.att.com] + +as testid@aaf.att.com +# TC_Realm1.20.1.NEG Fail to create - default domain wrong +ns create com.test.TC_Realm1.@[user.name].project1 testunused +** Expect 403 ** +Failed [SVC3403]: Forbidden - testunused@csp.att.com does not have permission to assume test status at AT&T + +# TC_Realm1.20.2.POS Create - default domain appended +ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name] +** Expect 201 ** +Created Namespace + +# TC_Realm1.20.3.NEG Fail to create - default domain wrong +ns admin add com.test.TC_Realm1.@[user.name].project1 testunused +** Expect 403 ** +Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID + +# TC_Realm1.20.4.POS Create - full domain given +ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com +** Expect 201 ** +Admin testid@aaf.att.com added to com.test.TC_Realm1.@[THE_USER].project1 + +# TC_Realm1.20.5.POS Delete - default domain appended +ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name] +** Expect 200 ** +Admin @[THE_USER]@csp.att.com deleted from com.test.TC_Realm1.@[THE_USER].project1 + +# TC_Realm1.20.6.POS Add admin - default domain appended +ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name] +** Expect 201 ** +Admin @[THE_USER]@csp.att.com added to com.test.TC_Realm1.@[THE_USER].project1 + +# TC_Realm1.30.1.POS Create role to add to users +role create com.test.TC_Realm1.@[user.name].role1 +** Expect 201 ** +Created Role + +# TC_Realm1.30.2.NEG Add user, but default domain wrong +role user add com.test.TC_Realm1.@[user.name].role1 testunused +** Expect 403 ** +Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID + +# TC_Realm1.30.3.POS Add user, with default domain appended +role user add com.test.TC_Realm1.@[user.name].role1 @[user.name] +** Expect 201 ** +Added User [@[THE_USER]@csp.att.com] to Role [com.test.TC_Realm1.@[THE_USER].role1] + +# TC_Realm1.30.10.POS Role list, with default domain added +role list user testunused +** Expect 200 ** + +List Roles for User [testunused@csp.att.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- + +# TC_Realm1.30.80.POS Delete user, with default domain appended +role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] +** Expect 200 ** +Removed User [@[THE_USER]@csp.att.com] from Role [com.test.TC_Realm1.@[THE_USER].role1] + +# TC_Realm1.40.1.POS Create role to add to users +role create com.test.TC_Realm1.@[user.name].role2 +** Expect 201 ** +Created Role + +# TC_Realm1.40.2.NEG Add user, but default domain wrong +user role add testunused com.test.TC_Realm1.@[user.name].role2 +** Expect 403 ** +Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID + +# TC_Realm1.40.3.POS Add user, with default domain appended +user role add @[user.name] com.test.TC_Realm1.@[user.name].role2 +** Expect 201 ** +Added Role [com.test.TC_Realm1.@[THE_USER].role2] to User [@[THE_USER]@csp.att.com] + +# TC_Realm1.40.10.NEG Add delegate, but default domain wrong +user delegate add testunused testid 2099-01-01 +** Expect 404 ** +Failed [SVC5404]: Not Found - [testunused@csp.att.com] is not a user in the company database. + +# TC_Realm1.40.11.POS Add delegate, with default domain appended +force user delegate add @[user.name] @[user.name] 2099-01-01 +** Expect 201 ** +Delegate Added + +# TC_Realm1.40.12.POS Update delegate, with default domain appended +user delegate upd @[user.name] @[user.name] 2099-01-01 +** Expect 200 ** +Delegate Updated + +as XX@NS +# TC_Realm1.40.20.POS List delegate, with default domain appended +user list delegates user @[user.name] +** Expect 200 ** + +List Delegates by user[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +# TC_Realm1.40.21.POS List delegate, with default domain appended +user list delegates delegate @[user.name] +** Expect 200 ** + +List Delegates by delegate[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +as testid@aaf.att.com +# TC_Realm1.40.80.POS Delete user, with default domain appended +user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 +** Expect 200 ** +Removed Role [com.test.TC_Realm1.@[THE_USER].role2] from User [@[THE_USER]@csp.att.com] + +# TC_Realm1.40.81.POS Delete delegate, with default domain appended +user delegate del @[user.name] +** Expect 200 ** +Delegate Deleted + +as testid@aaf.att.com +# TC_Realm1.99.1.POS Delete delgates +user delegate del @[user.name] +** Expect 200,404 ** +Failed [SVC7404]: Not Found - Cannot delete non-existent Delegate + +# TC_Realm1.99.2.POS Delete user roles +role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] +** Expect 200,404 ** +Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role1 ] + +user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 +** Expect 200,404 ** +Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role2 ] + +# TC_Realm1.99.3.POS Delete roles +role delete com.test.TC_Realm1.@[user.name].role1 +** Expect 200,404 ** +Deleted Role + +role delete com.test.TC_Realm1.@[user.name].role2 +** Expect 200,404 ** +Deleted Role + +as XX@NS +# TC_Realm1.99.10.POS UnGrant ability to change delegates +perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.att.aaf.delg|com.att|change] not associated with any Role + +as testid@aaf.att.com +# TC_Realm1.99.11.POS Delete role to change delegates +set force true +set force=true role delete com.test.TC_Realm1.@[user.name].change_delg +** Expect 200,404 ** +Deleted Role + +# TC_Realm1.99.98.POS Delete Namespaces +ns delete com.test.TC_Realm1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +ns delete com.test.TC_Realm1.@[user.name].project1 +** Expect 200,404 ** +Deleted Namespace + +# TC_Realm1.99.99.POS Verify Cleaned NS +ns list name com.test.TC_Realm1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Role1.expected b/authz-test/TestSuite/expected/TC_Role1.expected new file mode 100644 index 00000000..5cb610fb --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Role1.expected @@ -0,0 +1,369 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set XX@NS <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Role1.10.0.POS Validate NS ok +ns list name com.test.TC_Role1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Role1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_Role1.@[user.name].cred_admin +** Expect 201 ** +Created Role + +as XX@NS +# TC_Role1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_Role1.10.12.POS Assign user for creating creds +user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] + +# TC_Role1.20.1.POS List Data on non-Empty NS +ns list name com.test.TC_Role1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role1.@[THE_USER].admin + com.test.TC_Role1.@[THE_USER].cred_admin + com.test.TC_Role1.@[THE_USER].owner + Permissions + com.test.TC_Role1.@[THE_USER].access * * + com.test.TC_Role1.@[THE_USER].access * read + +# TC_Role1.20.2.POS Add Roles +role create com.test.TC_Role1.@[user.name].r.A +** Expect 201 ** +Created Role + +role create com.test.TC_Role1.@[user.name].r.B +** Expect 201 ** +Created Role + +# TC_Role1.20.3.POS List Data on non-Empty NS +ns list name com.test.TC_Role1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role1.@[THE_USER].admin + com.test.TC_Role1.@[THE_USER].cred_admin + com.test.TC_Role1.@[THE_USER].owner + com.test.TC_Role1.@[THE_USER].r.A + com.test.TC_Role1.@[THE_USER].r.B + Permissions + com.test.TC_Role1.@[THE_USER].access * * + com.test.TC_Role1.@[THE_USER].access * read + +# TC_Role1.20.4.NEG Don't write over Role +role create com.test.TC_Role1.@[user.name].r.A +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists + +# TC_Role1.20.5.NEG Don't allow non-user to create +as bogus +role create com.test.TC_Role1.@[user.name].r.No +** Expect 401 ** +Failed with code 401, Unauthorized + +# TC_Role1.20.6.NEG Don't allow non-user to create without Approval +as testunused@aaf.att.com +role create com.test.TC_Role1.@[user.name].r.No +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No] + +# TC_Role1.20.10.NEG Non-admins can't change description +as testunused@aaf.att.com +role describe com.test.TC_Role1.@[user.name].r.A Description A +** Expect 403 ** +Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A + +# TC_Role1.20.11.NEG Role must exist to change description +as testid@aaf.att.com +role describe com.test.TC_Role1.@[user.name].r.C Description C +** Expect 404 ** +Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist + +# TC_Role1.20.12.POS Admin can change description +role describe com.test.TC_Role1.@[user.name].r.A Description A +** Expect 200 ** +Description added to role + +# TC_Role1.30.1.POS List Data on non-Empty NS +as testid@aaf.att.com +ns list name com.test.TC_Role1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role1.@[THE_USER].admin + com.test.TC_Role1.@[THE_USER].cred_admin + com.test.TC_Role1.@[THE_USER].owner + com.test.TC_Role1.@[THE_USER].r.A + com.test.TC_Role1.@[THE_USER].r.B + Permissions + com.test.TC_Role1.@[THE_USER].access * * + com.test.TC_Role1.@[THE_USER].access * read + +# TC_Role1.30.2.POS Create Sub-ns when Roles that exist +ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Role1.30.3.POS List Data on NS with sub-roles +ns list name com.test.TC_Role1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role1.@[THE_USER].admin + com.test.TC_Role1.@[THE_USER].cred_admin + com.test.TC_Role1.@[THE_USER].owner + Permissions + com.test.TC_Role1.@[THE_USER].access * * + com.test.TC_Role1.@[THE_USER].access * read + +ns list name com.test.TC_Role1.@[user.name].r +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER].r + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role1.@[THE_USER].r.A + com.test.TC_Role1.@[THE_USER].r.B + com.test.TC_Role1.@[THE_USER].r.admin + com.test.TC_Role1.@[THE_USER].r.owner + Permissions + com.test.TC_Role1.@[THE_USER].r.access * * + com.test.TC_Role1.@[THE_USER].r.access * read + +# TC_Role1.40.01.POS List Data on non-Empty NS +role list role com.test.TC_Role1.@[user.name].r.A +** Expect 200 ** + +List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER].r.A + +# TC_Role1.40.20.POS Create a Perm, and add to Role +perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A] + +# TC_Role1.40.25.POS List +role list role com.test.TC_Role1.@[user.name].r.A +** Expect 200 ** + +List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER].r.A + com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT + +# TC_Role1.40.30.POS Create a Perm +perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case +** Expect 201 ** +Created Permission + +# TC_Role1.40.32.POS Separately Grant Perm +perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A +** Expect 201 ** +Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A] + +# TC_Role1.40.35.POS List +role list role com.test.TC_Role1.@[user.name].r.A +** Expect 200 ** + +List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER].r.A + com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT + com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case + +# TC_Role1.50.1.POS Create user to attach to role +user cred add m00001@@[user.name].TC_Role1.test.com password123 +** Expect 201 ** +Added Credential [m00001@@[THE_USER].TC_Role1.test.com] + +# TC_Role1.50.2.POS Create new role +role create com.test.TC_Role1.@[user.name].r.C +** Expect 201 ** +Created Role + +# TC_Role1.50.3.POS Attach user to role +user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C +** Expect 201 ** +Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com] + +# TC_Role1.50.4.POS Create permission and attach to role +perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C] + +# TC_Role1.50.20.NEG Delete role with permission and user attached should fail +role delete com.test.TC_Role1.@[user.name].r.C +** Expect 424 ** +Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users. + +# TC_Role1.50.21.POS Force delete role should work +set force true +set force=true role delete com.test.TC_Role1.@[user.name].r.C +** Expect 200 ** +Deleted Role + +# TC_Role1.50.30.POS List Data on non-Empty NS +ns list name com.test.TC_Role1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role1.@[THE_USER].admin + com.test.TC_Role1.@[THE_USER].cred_admin + com.test.TC_Role1.@[THE_USER].owner + Permissions + com.test.TC_Role1.@[THE_USER].access * * + com.test.TC_Role1.@[THE_USER].access * read + com.test.TC_Role1.@[THE_USER].p.C myInstance myAction + com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT + com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case + Credentials + m00001@@[THE_USER].TC_Role1.test.com + +# Need to let DB catch up on deletes +sleep 0 +as testid@aaf.att.com +# TC_Role1.99.05.POS Remove Permissions from "40_reports" +set force true +set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT +** Expect 200,404 ** +Deleted Permission + +set force true +set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case +** Expect 200,404 ** +Deleted Permission + +# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles +force role delete com.test.TC_Role1.@[user.name].r.A +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Role1.@[user.name].r.B +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Role1.@[user.name].r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist + +# TC_Role1.99.15.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin +** Expect 200,404 ** +Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +role delete com.test.TC_Role1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials +perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction +** Expect 200,404 ** +Deleted Permission + +set force true +user cred del m00001@@[user.name].TC_Role1.test.com +** Expect 200,404 ** +Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com] + +# TC_Role1.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Role1.@[user.name].r +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test.TC_Role1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_Role1.99.99.POS List to prove clean Namespaces +ns list name com.test.TC_Role1.@[user.name].r +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Role1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Role2.expected b/authz-test/TestSuite/expected/TC_Role2.expected new file mode 100644 index 00000000..45abf9fd --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Role2.expected @@ -0,0 +1,447 @@ +set XX@NS <pass> +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Role2.10.0.POS Print NS to prove ok +ns list name com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +############## +# Testing Model +# We are making a Testing model based loosely on George Orwell's Animal Farm +# In Animal Farm, Animals did all the work but didn't get any priviledges. +# In our test, the animals can't see anything but their own role, etc +# Dogs were supervisors, and ostensibly did something, though mostly laid around +# In our test, they have Implicit Permissions by being Admins +# Pigs were the Elite. They did nothing, but watch everyone and eat the produce +# In our test, they have Explicit Permissions to see everything they want +############## +as testid@aaf.att.com +# TC_Role2.20.1.POS List Data on non-Empty NS +ns list name com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role2.@[THE_USER].admin + com.test.TC_Role2.@[THE_USER].owner + Permissions + com.test.TC_Role2.@[THE_USER].access * * + com.test.TC_Role2.@[THE_USER].access * read + +# TC_Role2.20.10.POS Create Orwellian Roles +role create com.test.TC_Role2.@[user.name].r.animals +** Expect 201 ** +Created Role + +role create com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Role + +role create com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Created Role + +# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles +perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals] + +perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs +as XX@NS +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] + +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] + +# TC_Role2.20.60.POS List Data on non-Empty NS +as testid@aaf.att.com +ns list name com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role2.@[THE_USER].admin + com.test.TC_Role2.@[THE_USER].owner + com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.pigs + Permissions + com.test.TC_Role2.@[THE_USER].access * * + com.test.TC_Role2.@[THE_USER].access * read + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A garbage eat + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +as XX@NS +# TC_Role2.40.1.POS List Data on Role +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat + +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.40.10.POS Add testunused to animals +as testid@aaf.att.com +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals +** Expect 201 ** +Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com] + +# TC_Role2.40.11.POS List by Name when part of role +as testunused@aaf.att.com +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat + +# TC_Role2.40.12.NEG List by Name when not part of Role +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs] + +# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace +as testid@aaf.att.com +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat + +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.40.50.POS Change testunused to Pigs +as testid@aaf.att.com +user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** +Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com] + +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com] + +# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions +as testunused@aaf.att.com +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals] + +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +role list user testunused@aaf.att.com +** Expect 200 ** + +List Roles for User [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +role list user testunused@aaf.att.com +** Expect 200 ** + +List Roles for User [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace +as XX@NS +role list user testunused@aaf.att.com +** Expect 200 ** + +List Roles for User [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) +as testunused@aaf.att.com +role list user XX@NS +** Expect 200 ** + +List Roles for User [XX@NS] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- + +# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS +as testid@aaf.att.com +role list ns com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Roles by NS [com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].admin + com.test.TC_Role2.@[THE_USER].access * * +com.test.TC_Role2.@[THE_USER].owner + com.test.TC_Role2.@[THE_USER].access * read +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS +as testunused@aaf.att.com +role list ns com.test.TC_Role2.@[user.name] +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]] + +# TC_Role2.43.10.POS List Roles when allowed to see Perm +as testid@aaf.att.com +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +** Expect 200 ** + +List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list perm com.test.TC_Role2.@[user.name].r.A grain * +** Expect 200 ** + +List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|* +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list perm com.test.TC_Role2.@[user.name].r.A * * +** Expect 200 ** + +List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|* +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm +as testunused@aaf.att.com +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] + +role list perm com.test.TC_Role2.@[user.name].r.A grain * +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*] + +role list perm com.test.TC_Role2.@[user.name].r.A * * +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*] + +as XX@NS +# TC_Role2.99.1.POS Delete Roles +force role delete com.test.TC_Role2.@[user.name].r.animals +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Role2.@[user.name].r.dogs +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Role2.@[user.name].r.pigs +** Expect 200,404 ** +Deleted Role + +# TC_Role2.99.2.POS Delete Perms +force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Role2.@[user.name].r.A grain eat +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Role2.@[user.name].r.A grain * +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Role2.@[user.name].r.A * * +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view +** Expect 200,404 ** +Deleted Permission + +# TC_Role2.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Role2.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_Role2.99.3.POS Print Namespaces +ns list name com.test.TC_Role2.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_UR1.expected b/authz-test/TestSuite/expected/TC_UR1.expected new file mode 100644 index 00000000..7630488f --- /dev/null +++ b/authz-test/TestSuite/expected/TC_UR1.expected @@ -0,0 +1,266 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set XX@NS <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_UR1.10.0.POS Validate no NS +ns list name com.test.TC_UR1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_UR1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_UR1.10.1.POS Create Namespace to add IDs +ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Role1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_UR1.@[user.name].cred_admin +** Expect 201 ** +Created Role + +as XX@NS +# TC_Role1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_UR1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_Role1.10.12.POS Assign user for creating creds +user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_UR1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] + +# TC_UR1.10.20.POS Create two Credentials +user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd" +** Expect 201 ** +Added Credential [m00001@@[THE_USER].TC_UR1.test.com] + +user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd" +** Expect 201 ** +Added Credential [m00002@@[THE_USER].TC_UR1.test.com] + +# TC_UR1.10.21.POS Create two Roles +role create com.test.TC_UR1.@[user.name].r1 +** Expect 201 ** +Created Role + +role create com.test.TC_UR1.@[user.name].r2 +** Expect 201 ** +Created Role + +# TC_UR1.23.1.NEG Too Few Args for User Role 1 +user +** Expect 0 ** +user role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)] + cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)] + delegate <add|upd|del> <from> [to REQ A&U] [until (YYYY-MM-DD) REQ A] + list role <role> + perm <type> <instance> <action> + cred <ns|id> <value> + delegates <user|delegate> <id> + approvals <user|approver|ticket> <value> + activity <user> + +# TC_UR1.23.2.NEG Too Few Args for user role +user role +** Expect -1 ** +Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)] + +# TC_UR1.23.3.NEG Too Few Args for user role add +user role add +** Expect -1 ** +Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)] + +# TC_UR1.30.10.POS Create a UserRole +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 +** Expect 201 ** +Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com] + +# TC_UR1.30.11.NEG Created UserRole Exists +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - User Role exists + +# TC_UR1.30.13.POS Delete UserRole +sleep 0 +user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 +** Expect 200 ** +Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com] + +# TC_UR1.30.20.POS Create multiple UserRoles +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 +** Expect 201 ** +Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com] +Added Role [com.test.TC_UR1.@[THE_USER].r2] to User [m00001@@[THE_USER].TC_UR1.test.com] + +# TC_UR1.30.21.NEG Created UserRole Exists +user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - User Role exists +Failed [SVC1409]: Conflict Already Exists - User Role exists + +# TC_UR1.30.23.POS Delete UserRole +sleep 0 +user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 +** Expect 200 ** +Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com] +Removed Role [com.test.TC_UR1.@[THE_USER].r2] from User [m00001@@[THE_USER].TC_UR1.test.com] + +# TC_UR1.30.30.POS Create a Role User +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com +** Expect 201 ** +Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1] + +# TC_UR1.30.31.NEG Created Role User Exists +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - User Role exists + +# TC_UR1.30.33.POS Delete Role User +sleep 0 +role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com +** Expect 200 ** +Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1] + +# TC_UR1.30.40.POS Create multiple Role Users +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com +** Expect 201 ** +Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1] +Added User [m00002@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1] + +# TC_UR1.30.41.NEG Created Role User Exists +role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - User Role exists +Failed [SVC1409]: Conflict Already Exists - User Role exists + +# TC_UR1.30.43.POS Delete Role Users +sleep 0 +role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com +** Expect 200 ** +Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1] +Removed User [m00002@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1] + +# TC_UR1.40.10.POS Create multiple UserRoles +user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 +** Expect 200 ** +Set User's Roles to [com.test.TC_UR1.@[THE_USER].r1,com.test.TC_UR1.@[THE_USER].r2] + +# TC_UR1.40.11.POS Reset userrole for a user +user role setTo m00001@@[user.name].TC_UR1.test.com +** Expect 200 ** +Set User's Roles to [] + +# TC_UR1.40.12.NEG Create userrole where Role doesn't exist +user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5 +** Expect 404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist + +# TC_UR1.40.13.NEG Create userrole where User doesn't exist +user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 +** Expect 403 ** +Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential + +as testunused@aaf.att.com +# TC_UR1.40.19.NEG User without permission tries to add userrole +user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1] + +# TC_UR1.40.20.NEG User without permission tries to add userrole +role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1] + +as testid@aaf.att.com +# TC_UR1.40.22.POS Reset userrole for a user +role user setTo com.test.TC_UR1.@[user.name].r1 +** Expect 200 ** +Set the Role to Users [] + +sleep 0 +# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist +role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com +** Expect 404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist + +sleep 0 +# TC_UR1.40.24.NEG Create UserRole where User doesn't exist +role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com +** Expect 403 ** +Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential + +# Need to let DB catch up on deletes +sleep 0 +as testid@aaf.att.com +# TC_UR1.99.1.POS Remove User from Role +role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com +** Expect 200,404 ** +Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ] +Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ] + +role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com +** Expect 200,404 ** +Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ] +Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ] + +role user setTo com.test.TC_UR1.@[user.name].r1 +** Expect 200,404 ** +Set the Role to Users [] + +# TC_UR1.99.2.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin +** Expect 200,404 ** +Removed Role [com.test.TC_UR1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_UR1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +role delete com.test.TC_UR1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +# TC_UR1.99.3.POS Delete Creds +set force true +user cred del m00001@@[user.name].TC_UR1.test.com +** Expect 200,404 ** +Deleted Credential [m00001@@[THE_USER].TC_UR1.test.com] + +set force true +user cred del m00002@@[user.name].TC_UR1.test.com +** Expect 200,404 ** +Deleted Credential [m00002@@[THE_USER].TC_UR1.test.com] + +# TC_UR1.99.4.POS Delete Roles +set force true +set force=true role delete com.test.TC_UR1.@[user.name].r1 +** Expect 200,404 ** +Deleted Role + +set force true +set force=true role delete com.test.TC_UR1.@[user.name].r2 +** Expect 200,404 ** +Deleted Role + +# TC_UR1.99.5.POS Delete Namespace +set force true +set force=true ns delete com.test.TC_UR1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_UR1.99.99.POS Verify Cleaned NS +ns list name com.test.TC_UR1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_UR1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_User1.expected b/authz-test/TestSuite/expected/TC_User1.expected new file mode 100644 index 00000000..e1d304f5 --- /dev/null +++ b/authz-test/TestSuite/expected/TC_User1.expected @@ -0,0 +1,485 @@ +set XX@NS <pass> +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus@aaf.att.com boguspass +set m99990@@[THE_USER].TC_User1.test.com password123 +set m99995@@[THE_USER].TC_User1.test.com password123 +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_User1.10.0.POS Check for Existing Data +ns list name com.test.TC_User1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_User1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_User1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com +** Expect 201 ** +Created Role +Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin] + +as XX@NS +# TC_User1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin] + +perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_User1.01.99.POS Expect Namespace to be created +ns list name com.test.TC_User1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_User1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_User1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_User1.@[THE_USER].admin + com.test.TC_User1.@[THE_USER].cred_admin + com.test.TC_User1.@[THE_USER].owner + Permissions + com.test.TC_User1.@[THE_USER].access * * + com.test.TC_User1.@[THE_USER].access * read + +as testid@aaf.att.com +# TC_User1.20.1.POS Create roles +role create com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Created Role + +role create com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Role + +# TC_User1.20.2.POS Create permissions +perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker] + +perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker] + +perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager] + +perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager] + +# TC_User1.20.3.POS Create mechid +user cred add m99990@@[user.name].TC_User1.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_User1.test.com] + +user cred add m99995@@[user.name].TC_User1.test.com password123 +** Expect 201 ** +Added Credential [m99995@@[THE_USER].TC_User1.test.com] + +as XX@NS +# TC_User1.20.10.POS Add users to roles +user role add @[user.name] com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com] + +user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com] + +# TC_User1.20.20.POS Add Delegate +as XX@NS +# TC_User1.20.20.POS Create delegates +force user delegate add @[user.name] @[user.name] +** Expect 201 ** +Delegate Added + +# TC_User1.40.1.NEG Non-admin, user not in role should not view +as testunused@aaf.att.com +user list role com.test.TC_User1.@[user.name].manager +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] + +user list role com.test.TC_User1.@[user.name].worker +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker] + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.40.2.NEG Non-admin, user in role should not view +user list role com.test.TC_User1.@[user.name].manager +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] + +sleep 0 +# TC_User1.40.3.POS Non-admin, user in role can view himself +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as testid@aaf.att.com +# TC_User1.40.10.POS admin should view +user list role com.test.TC_User1.@[user.name].manager +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].manager] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +@[THE_USER]@csp.att.com XXXX-XX-XX + + +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as testunused@aaf.att.com +# TC_User1.41.1.NEG Non-admin, user not in perm should not view +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].schedule worker create +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].worker * annoy +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.41.2.POS Non-admin, user in perm can view himself +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.41.3.NEG Non-admin, user in perm should not view +user list perm com.test.TC_User1.@[user.name].schedule worker create +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].worker * annoy +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +as testid@aaf.att.com +# TC_User1.41.10.POS admin should view +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].schedule worker create +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +@[THE_USER]@csp.att.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].worker * annoy +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +@[THE_USER]@csp.att.com XXXX-XX-XX + + +as testunused@aaf.att.com +# TC_User1.42.1.NEG Unrelated user can't view delegates +user list delegates user m99990@@[user.name].TC_User1.test.com +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com] + +user list delegates delegate m99995@@[user.name].TC_User1.test.com +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com] + +as XX@NS +# TC_User1.42.10.POS Admin of domain NS can view +user list delegates user @[user.name] +** Expect 200 ** + +List Delegates by user[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +user list delegates delegate @[user.name] +** Expect 200 ** + +List Delegates by delegate[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +as testid@aaf.att.com +# TC_User1.43.1.POS Add another user to worker role +user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com] + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.43.2.POS User should only see himself here +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as XX@NS +# TC_User1.43.10.POS Grant explicit user perm to user +perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker] + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.43.11.POS User should see all users of test domain now +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as testid@aaf.att.com +# TC_User1.99.0.POS Remove user roles +user role del @[user.name] com.test.TC_User1.@[user.name].manager +** Expect 200,404 ** +Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com] + +user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 200,404 ** +Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com] + +user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 200,404 ** +Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com] + +# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms +force perm delete com.test.TC_User1.@[user.name].supplies * move +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_User1.@[user.name].supplies * stock +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_User1.@[user.name].schedule worker create +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_User1.@[user.name].worker * annoy +** Expect 200,404 ** +Deleted Permission + +force role delete com.test.TC_User1.@[user.name].manager +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_User1.@[user.name].worker +** Expect 200,404 ** +Deleted Role + +# TC_User1.99.10.POS Creds and delegate +user delegate del @[user.name] +** Expect 200,404 ** +Delegate Deleted + +user cred del m99990@@[user.name].TC_User1.test.com +** Expect 200,404 ** +Deleted Credential [m99990@@[THE_USER].TC_User1.test.com] + +user cred del m99995@@[user.name].TC_User1.test.com +** Expect 200,404 ** +Deleted Credential [m99995@@[THE_USER].TC_User1.test.com] + +as XX@NS +# TC_User1.99.15.POS Remove ability to create creds +perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin] + +perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin] + +perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view +** Expect 200,404 ** +Deleted Permission + +as testid@aaf.att.com +force role delete com.test.TC_User1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +# TC_User1.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_User1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +sleep 0 +# TC_User1.99.99.POS Check Clean Namespace +ns list name com.test.TC_User1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_User1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/expected/TC_Wild.expected b/authz-test/TestSuite/expected/TC_Wild.expected new file mode 100644 index 00000000..448efa1d --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Wild.expected @@ -0,0 +1,520 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set XX@NS <pass> +set bogus boguspass +#delay 10 +set NFR 0 +as XX@NS +# TC_Wild.10.0.POS Validate NS ok +ns list name com.att.test.TC_Wild.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.att.test.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Wild.10.10.POS Create a clean MechID +user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8 +** Expect 201 ** +Added Credential [m99999@@[THE_USER].TC_Wild.att.com] + +set m99999@@[THE_USER].TC_Wild.att.com aNewPass8 +as XX@NS +# TC_Wild.10.11.POS Create role and assign MechID to +role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com +** Expect 201 ** +Created Role +Added User [m99999@@[THE_USER].TC_Wild.att.com] to Role [com.att.TC_Wild.@[THE_USER].service] + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.20.1.NEG Fail to create a perm in NS +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction] + +# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action +as XX@NS +perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:myAction|write] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.20.5.POS Print Perms +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write + + +# TC_Wild.20.7.POS Now able to create a perm in NS +as m99999@@[THE_USER].TC_Wild.att.com +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Wild.20.8.POS Print Perms +as XX@NS +perm list ns com.att.TC_Wild.@[user.name] +** Expect 200 ** + +List Perms by NS [com.att.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access * * +com.att.TC_Wild.@[THE_USER].access * read +com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write +com.att.TC_Wild.@[THE_USER].myType myInstance myAction + + +# TC_Wild.20.10.POS Delete Perms Created +force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write +** Expect 200 ** +Deleted Permission + +force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 200 ** +Deleted Permission + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.21.1.NEG Fail to create a perm in NS +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction] + +# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action +as XX@NS +perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.21.5.POS Print Perms +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write + + +# TC_Wild.21.7.POS Now able to create a perm in NS +as m99999@@[THE_USER].TC_Wild.att.com +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Wild.21.8.POS Print Perms +as XX@NS +perm list ns com.att.TC_Wild.@[user.name] +** Expect 200 ** + +List Perms by NS [com.att.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access * * +com.att.TC_Wild.@[THE_USER].access * read +com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write +com.att.TC_Wild.@[THE_USER].myType myInstance myAction + + +# TC_Wild.21.10.POS Delete Perms Created +force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write +** Expect 200 ** +Deleted Permission + +force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 200 ** +Deleted Permission + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.30.1.NEG Fail to create a role in NS +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] + +# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.30.5.POS Print Perms +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access :role:tool.* write + + +# TC_Wild.30.7.POS Now able to create a role in NS +as m99999@@[THE_USER].TC_Wild.att.com +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 201 ** +Created Role + +# TC_Wild.30.8.POS Print Perms +as XX@NS +role list ns com.att.TC_Wild.@[user.name] +** Expect 200 ** + +List Roles by NS [com.att.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].admin + com.att.TC_Wild.@[THE_USER].access * * +com.att.TC_Wild.@[THE_USER].owner + com.att.TC_Wild.@[THE_USER].access * read +com.att.TC_Wild.@[THE_USER].service + com.att.TC_Wild.@[THE_USER].access :role:tool.* write +com.att.TC_Wild.@[THE_USER].tool.myRole + +# TC_Wild.30.10.POS Delete Perms Created +force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write +** Expect 200 ** +Deleted Permission + +force role delete com.att.TC_Wild.@[user.name].tool.myRole +** Expect 200 ** +Deleted Role + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.31.1.NEG Fail to create a role in NS +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] + +# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|write] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.31.5.POS Print Perms +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access :role:* write + + +# TC_Wild.31.7.POS Now able to create a role in NS +as m99999@@[THE_USER].TC_Wild.att.com +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 201 ** +Created Role + +# TC_Wild.31.8.POS Print Perms +as XX@NS +role list ns com.att.TC_Wild.@[user.name] +** Expect 200 ** + +List Roles by NS [com.att.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].admin + com.att.TC_Wild.@[THE_USER].access * * +com.att.TC_Wild.@[THE_USER].owner + com.att.TC_Wild.@[THE_USER].access * read +com.att.TC_Wild.@[THE_USER].service + com.att.TC_Wild.@[THE_USER].access :role:* write +com.att.TC_Wild.@[THE_USER].tool.myRole + +# TC_Wild.31.10.POS Delete Perms Created +force perm delete com.att.TC_Wild.@[user.name].access :role:* write +** Expect 200 ** +Deleted Permission + +force role delete com.att.TC_Wild.@[user.name].tool.myRole +** Expect 200 ** +Deleted Role + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.32.1.NEG Fail to create a role in NS +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] + +# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|*] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.32.5.POS Print Perms +as m99999@@[THE_USER].TC_Wild.att.com +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access :role:* * + + +# TC_Wild.32.7.POS Now able to create a role in NS +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 201 ** +Created Role + +# TC_Wild.32.8.POS May Print Role +role list role com.att.TC_Wild.@[user.name].tool.myRole +** Expect 200 ** + +List Roles for Role[com.att.TC_Wild.@[THE_USER].tool.myRole] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].tool.myRole + +as XX@NS +# TC_Wild.32.10.POS Delete Perms Created +force perm delete com.att.TC_Wild.@[user.name].access :role:* * +** Expect 200 ** +Deleted Permission + +force role delete com.att.TC_Wild.@[user.name].tool.myRole +** Expect 200 ** +Deleted Role + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.50.1.NEG Fail to create a perm in NS +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction] + +# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action +as XX@NS +perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.ns|:com.att.*:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.50.5.POS Print Perms +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.aaf.ns :com.att.*:perm:myType:*:* write + + +# TC_Wild.50.7.POS Now able to create a perm in NS +as m99999@@[THE_USER].TC_Wild.att.com +perm create com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Wild.50.8.POS Print Perms +as XX@NS +perm list ns com.att.TC_Wild.@[user.name] +** Expect 200 ** + +List Perms by NS [com.att.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].access * * +com.att.TC_Wild.@[THE_USER].access * read +com.att.TC_Wild.@[THE_USER].myType myInstance myAction + + +# TC_Wild.50.10.POS Delete Perms Created +force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write +** Expect 200 ** +Deleted Permission + +force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction +** Expect 200 ** +Deleted Permission + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.51.1.NEG Fail to create a role in NS +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] + +# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.ns|:com.att.*:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.51.5.POS Print Perms +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.aaf.ns :com.att.*:role:tool.* write + + +# TC_Wild.51.7.POS Now able to create a role in NS +as m99999@@[THE_USER].TC_Wild.att.com +role create com.att.TC_Wild.@[user.name].tool.myRole +** Expect 201 ** +Created Role + +# TC_Wild.51.8.POS Print Perms +as XX@NS +role list ns com.att.TC_Wild.@[user.name] +** Expect 200 ** + +List Roles by NS [com.att.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.TC_Wild.@[THE_USER].admin + com.att.TC_Wild.@[THE_USER].access * * +com.att.TC_Wild.@[THE_USER].owner + com.att.TC_Wild.@[THE_USER].access * read +com.att.TC_Wild.@[THE_USER].service + com.att.aaf.ns :com.att.*:role:tool.* write +com.att.TC_Wild.@[THE_USER].tool.myRole + +# TC_Wild.51.10.POS Delete Perms Created +force perm delete com.att.aaf.ns :com.att.*:role:tool.* write +** Expect 200 ** +Deleted Permission + +force role delete com.att.TC_Wild.@[user.name].tool.myRole +** Expect 200 ** +Deleted Role + +as m99999@@[THE_USER].TC_Wild.att.com +# TC_Wild.52.1.NEG Fail to create a NS +ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write in NS [com.test] + +# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action +as XX@NS +perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.ns|:com.test:ns|write] to Role [com.att.TC_Wild.@[THE_USER].service] + +# TC_Wild.52.5.POS Print Perms +perm list user m99999@@[user.name].TC_Wild.att.com +** Expect 200 ** + +List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] +-------------------------------------------------------------------------------- +PERM Type Instance Action +-------------------------------------------------------------------------------- +com.att.aaf.ns :com.test:ns write + + +# TC_Wild.52.7.POS Now able to create an NS +as m99999@@[THE_USER].TC_Wild.att.com +ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Wild.52.8.POS Print Perms +as XX@NS +ns list name com.test.TC_Wild.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Wild.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Wild.@[THE_USER].admin + com.test.TC_Wild.@[THE_USER].owner + Permissions + com.test.TC_Wild.@[THE_USER].access * * + com.test.TC_Wild.@[THE_USER].access * read + +# TC_Wild.52.10.POS Delete Perms Created +force perm delete com.att.aaf.ns :com.test:ns write +** Expect 200 ** +Deleted Permission + +force ns delete com.test.TC_Wild.@[user.name] +** Expect 200 ** +Deleted Namespace + +as XX@NS +# TC_Wild.99.80.POS Cleanup +force perm delete com.att.aaf.ns :com.att.*:perm:*:* write +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|write] does not exist + +# TC_Wild.99.81.POS Cleanup +force perm delete com.att.aaf.ns :com.att.*:perm:*:* * +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|*] does not exist + +# TC_Wild.99.82.POS Cleanup +force perm delete com.att.aaf.ns :com.att.*:role:* write +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:role:*|write] does not exist + +# TC_Wild.99.83.POS Cleanup +force perm delete com.att.aaf.ns :com.test:ns write +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.test:ns|write] does not exist + +# TC_Wild.99.90.POS Cleanup +force ns delete com.test.TC_Wild.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.TC_Wild.@[THE_USER] does not exist + +# TC_Wild.99.91.POS Cleanup +force ns delete com.att.TC_Wild.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_Wild.99.99.POS List to prove clean Namespaces +ns list name com.att.TC_Wild.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.att.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Wild.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Wild.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + diff --git a/authz-test/TestSuite/list b/authz-test/TestSuite/list new file mode 100644 index 00000000..8742d971 --- /dev/null +++ b/authz-test/TestSuite/list @@ -0,0 +1,2 @@ +# /bin/sh +find . -maxdepth 1 -name "TC*" -exec sh cmds {} \; | grep \# diff --git a/authz-test/TestSuite/qc b/authz-test/TestSuite/qc new file mode 100644 index 00000000..83149a3a --- /dev/null +++ b/authz-test/TestSuite/qc @@ -0,0 +1,38 @@ +#!/bin/bash + +# For Jenkins, we need to keep track of the exit code returned from each tc run; +# if it's ever non-zero (ie, a failure), must return that value when this script exits +# +STATUS=0 + +for DIR in `ls | grep ^TC_ | sort`; do + echo "**" | tee reports/$DIR.txt + echo "** TC Group: $DIR" | tee -a reports/$DIR.txt + echo "** Date : "`date` | tee -a reports/$DIR.txt + echo "** By : "`who | cut -d " " -f 1` | tee -a reports/$DIR.txt + echo "**" | tee -a reports/$DIR.txt + echo "" >> reports/$DIR.txt + echo "-- Description --" >> reports/$DIR.txt + cat $DIR/Description >> reports/$DIR.txt + echo -- Positive Cases -- >> reports/$DIR.txt + grep -h "^# $DIR.*POS " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt + echo >> reports/$DIR.txt + echo -- Negative Cases -- >> reports/$DIR.txt + grep -h "^# $DIR.*NEG " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt + + + echo "" >> reports/$DIR.txt + echo "-- Results" | tee -a reports/$DIR.txt + echo "" | tee -a reports/$DIR.txt + + bash ./tc $DIR | tee -a reports/$DIR.txt + + if [[ ${PIPESTATUS[0]} -ne 0 ]]; then + STATUS=1 + fi +done + + +exit $STATUS + + diff --git a/authz-test/TestSuite/reset b/authz-test/TestSuite/reset new file mode 100644 index 00000000..af9b1005 --- /dev/null +++ b/authz-test/TestSuite/reset @@ -0,0 +1,4 @@ +set m12345=<pass> +as m12345 +ns create com.test testid@test.com + diff --git a/authz-test/TestSuite/rpt1 b/authz-test/TestSuite/rpt1 new file mode 100644 index 00000000..4997ed83 --- /dev/null +++ b/authz-test/TestSuite/rpt1 @@ -0,0 +1,22 @@ +# /bin/bash +if [ "$1" == "" ]; then + echo "Usage: rpt1 <TestCase>" + exit 1 +fi + +echo "**" +echo "** TC Group: $1" +echo "** Date : "`date` +echo "** By : "`who | cut -d " " -f 1` +echo "**" +echo "" +echo "-- Description --" +cat $1/Description +echo -- Positive Cases -- +grep -h "^# $1.*POS " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' +echo +echo -- Negative Cases -- +grep -h "^# $1.*NEG " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' + +cd .. +exit 0 diff --git a/authz-test/TestSuite/rpt2 b/authz-test/TestSuite/rpt2 new file mode 100644 index 00000000..45eb1e21 --- /dev/null +++ b/authz-test/TestSuite/rpt2 @@ -0,0 +1,12 @@ +# /bin/bash +if [ "$1" == "" ]; then + echo "Usage: rpt2 <TestCase>" + exit 1 +fi + +./rpt1 $1 +echo "" +echo "-- Results" +echo "" +./tc $1 + diff --git a/authz-test/TestSuite/tc b/authz-test/TestSuite/tc new file mode 100644 index 00000000..ed21c64e --- /dev/null +++ b/authz-test/TestSuite/tc @@ -0,0 +1,82 @@ +#!/bin/bash +TS=`echo $0 | sed "s/\/tc//"` + +mkdir -p runs + +function failed { + echo "FAILED TEST! $*" + exit 1 +} + +if [ "$1" == "-a" ]; then + OPTS=$OPTS" -a"; + shift +elif [ "$1" == "clean" ]; then + CLEAN="TRUE" + shift +fi + +if [[ -z $USER ]]; then + THE_USER=`whoami` +elif [[ -n "$SUDO_USER" ]]; then + THE_USER=$SUDO_USER +elif [[ -n "$USER" ]]; then + THE_USER=$USER +fi + +if [ "$1" == "" ]; then + DIRS=`find $TS -maxdepth 2 -type d -name "TC_*" | sed "s/^$TS\///" | sort` + if [ "$DIRS" == "" ] ; then + echo "Usage: tc <TestCase> [expected]" + echo " expected - create the expected response for future comparison" + exit 1 + fi +else + DIRS=$1 + shift +fi + +if [ "$1" == "-a" ]; then + OPTS=$OPTS" -a"; + shift +elif [ "$1" == "clean" ]; then + CLEAN="TRUE" + shift +fi + +if [ -e tc.delay ]; then + OPTS=$OPTS" -delayAll "`cat tc.delay` +fi + + +SUFFIX=`date "+%Y-%m-%d_%H:%M:%S"` +for TC in $DIRS; do + echo $TC + if [ "$CLEAN" = "TRUE" ]; then + cat $TS/$TC/00* $TS/$TC/99* | aafcli -i -a -t -n + rm -f last + ln -s runs/$TC.CLEAN.$SUFFIX last + elif [ "$1" = "expected" ]; then + SUFFIX=$1 + cat $TS/$TC/[0-9]* | aafcli -i -t 2>&1 | sed -e "/$THE_USER/s//@[THE_USER]/g" | tee $TS/expected/$TC.$SUFFIX + elif [ -d "$TS/$TC" ]; then + if [ "$1" = "dryrun" ]; then + cat $TS/$TC/[0-9]* > temp + cat $TS/$TC/[0-9]* | aafcli -i -t + else + rm -f last + > runs/$TC.$SUFFIX + ln -s runs/$TC.$SUFFIX last + cat $TS/$TC/[0-9]* | aafcli -i -t $OPTS | sed -e "/$THE_USER/s//@[THE_USER]/g" -e "s/
//" 2>&1 > runs/$TC.$SUFFIX + + diff --ignore-blank-lines -w runs/$TC.$SUFFIX $TS/expected/$TC.expected || failed "[$TC.$SUFFIX]" + echo "SUCCESS! [$TC.$SUFFIX]" + fi + elif [ -f "$TS/$TC" ]; then + cat $TS/$TC | aafcli -i -t $OPTS + else + echo missed dir + fi +done + +exit 0 |