diff options
Diffstat (limited to 'authz-test/TestSuite/TC_Perm1')
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/00_ids | 9 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/10_init | 23 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/20_add_data | 38 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/22_rename | 52 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/25_grant_owned | 40 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/26_grant_unowned | 175 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/27_grant_force | 29 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/30_change_ns | 14 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/99_cleanup | 42 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/Description | 16 |
10 files changed, 438 insertions, 0 deletions
diff --git a/authz-test/TestSuite/TC_Perm1/00_ids b/authz-test/TestSuite/TC_Perm1/00_ids new file mode 100644 index 00000000..0e7a40aa --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/00_ids @@ -0,0 +1,9 @@ +expect 0 +set testid=<pass> +set testid@aaf.att.com=<pass> +set XX@NS=<pass> +set testunused=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm1/10_init b/authz-test/TestSuite/TC_Perm1/10_init new file mode 100644 index 00000000..08a9d171 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/10_init @@ -0,0 +1,23 @@ +# TC_Perm1.10.0.POS Validate Namespace is empty first +as testid@aaf.att.com +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Perm1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_Perm1.@[user.name].cred_admin + +as XX@NS +# TC_Perm1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_Perm1.10.12.POS Assign user for creating creds +expect 201 +user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin + diff --git a/authz-test/TestSuite/TC_Perm1/20_add_data b/authz-test/TestSuite/TC_Perm1/20_add_data new file mode 100644 index 00000000..308170f8 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/20_add_data @@ -0,0 +1,38 @@ +# TC_Perm1.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.20.2.POS Add Perm +expect 201 +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction + +# TC_Perm1.20.3.NEG Already Added Perm +expect 409 +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction + +# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well +expect 201 +force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B + +# TC_Perm1.20.8.POS Print Info for Validation +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well +expect 409 +perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B + +# TC_Perm1.20.10.NEG Non-admins can't change description +expect 403 +as testunused +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A + +# TC_Perm1.20.11.NEG Permission must exist to change description +expect 404 +as testid +perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C + +# TC_Perm1.20.12.POS Admin can change description +expect 200 +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A + diff --git a/authz-test/TestSuite/TC_Perm1/22_rename b/authz-test/TestSuite/TC_Perm1/22_rename new file mode 100644 index 00000000..e2495608 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/22_rename @@ -0,0 +1,52 @@ +# TC_Perm1.22.1.NEG Try to rename permission without changing anything
+expect 409
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.2.NEG Try to rename parent ns
+expect 403
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.22.10.POS View permission in original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.11.POS Rename permission instance
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
+
+# TC_Perm1.22.12.POS Verify change in permission instance
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.13.POS Rename permission action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
+
+# TC_Perm1.22.14.POS Verify change in permission action
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.15.POS Rename permission type
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.16.POS Verify change in permission type
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.20.POS See permission is attached to this role
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.21.POS Rename permission type, instance and action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.22.POS See permission stays attached after rename
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.23.POS Verify permission is back to original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/25_grant_owned b/authz-test/TestSuite/TC_Perm1/25_grant_owned new file mode 100644 index 00000000..3085ace7 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/25_grant_owned @@ -0,0 +1,40 @@ +# TC_Perm1.25.1.POS Create another Role in This namespace +expect 201 +role create com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.2.POS Create another Perm in This namespace +expect 201 +perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction + +# TC_Perm1.25.3.NEG Permission must Exist to Add to Role +expect 404 +perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.4.POS Grant individual new Perm to new Role +expect 201 +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.5.NEG Already Granted Perm +expect 409 +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.6.POS Print Info for Validation +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role +expect 200 +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.11.NEG Already UnGranted Perm +expect 404 +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C + +# TC_Perm1.25.20.POS Reset roles attached to permision with setTo +expect 200 +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.25.21.POS Owner of permission can reset roles +expect 200 +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction + diff --git a/authz-test/TestSuite/TC_Perm1/26_grant_unowned b/authz-test/TestSuite/TC_Perm1/26_grant_unowned new file mode 100644 index 00000000..4449624f --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/26_grant_unowned @@ -0,0 +1,175 @@ +# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
+as XX@NS
+expect 201
+ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
+ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
+
+# TC_Perm1.26.2.POS Create ID in other Namespace
+expect 201
+user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
+
+# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
+expect 201
+role create com.test2.TC_Perm1.@[user.name].r.C
+role create com.test2.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 202
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
+as testid@aaf.att.com
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+as testid@aaf.att.com
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.14.POS Create Role
+as testid@aaf.att.com
+expect 201
+role create com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.16.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.17.POS Grant individual new Perm to new Role
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.18.NEG Already Granted Perm
+expect 409
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 202
+set request=true
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+
+# TC_Perm1.26.30.POS Add ID to Role
+as XX@NS:<pass>
+expect 201
+ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+sleep @[NFR]
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+
+# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
+expect 201
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.34.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+as XX@NS
+# TC_Perm1.26.35.POS Print Info for Validation
+expect 200
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
+as testid@aaf.att.com
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.37.NEG Already UnGranted Perm
+expect 404
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
+expect 403
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
+expect 403
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.45.POS Owner of permission can reset roles
+as testid@aaf.att.com
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+as XX@NS
+# TC_Perm1.26.97.POS List the Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.98.POS Cleanup
+expect 200
+role delete com.test.TC_Perm1.@[user.name].r.A
+role delete com.test.TC_Perm1.@[user.name].r.B
+role delete com.test.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+as XX@NS
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+role delete com.test2.TC_Perm1.@[user.name].r.C
+as testid@aaf.att.com
+perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+force ns delete com.test.TC_Perm1.@[user.name]_2
+as XX@NS
+set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
+ns delete com.test2.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.99.POS List the Now Empty Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/27_grant_force b/authz-test/TestSuite/TC_Perm1/27_grant_force new file mode 100644 index 00000000..12ee9839 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/27_grant_force @@ -0,0 +1,29 @@ +# TC_Perm1.27.1.POS Create Permission +expect 201 +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction + +# TC_Perm1.27.2.POS Create Role +expect 201 +role create com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force +expect 404 +perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown + +# TC_Perm1.27.11.POS Role is created with force +expect 201 +force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown + +# TC_Perm1.27.12.NEG Perm must Exist to Grant without force +expect 404 +perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.27.13.POS Perm is created with force +expect 201 +force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A + +# TC_Perm1.27.14.POS Role and perm are created with force +expect 201 +force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 + + diff --git a/authz-test/TestSuite/TC_Perm1/30_change_ns b/authz-test/TestSuite/TC_Perm1/30_change_ns new file mode 100644 index 00000000..a92562a6 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/30_change_ns @@ -0,0 +1,14 @@ +# TC_Perm1.30.1.POS List Data on non-Empty NS +as testid +expect 200 +ns list name com.test.TC_Perm1.@[user.name] + +# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist +expect 201 +ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com + +# TC_Perm1.30.3.POS List Data on NS with sub-roles +expect 200 +ns list name com.test.TC_Perm1.@[user.name] +ns list name com.test.TC_Perm1.@[user.name].r + diff --git a/authz-test/TestSuite/TC_Perm1/99_cleanup b/authz-test/TestSuite/TC_Perm1/99_cleanup new file mode 100644 index 00000000..222e2a4c --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/99_cleanup @@ -0,0 +1,42 @@ +as XX@NS:<pass> +expect 200,404 + +# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles +set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction +role delete com.test.TC_Perm1.@[user.name].r.A +role delete com.test.TC_Perm1.@[user.name].r.B +role delete com.test.TC_Perm1.@[user.name].r.C +role delete com.test.TC_Perm1.@[user.name].r.unknown +role delete com.test.TC_Perm1.@[user.name].r.unknown2 +role delete com.test2.TC_Perm1.@[user.name].r.C +role delete com.test.TC_Perm1.@[user.name]_2.r.C +role delete com.test2.TC_Perm1.@[user.name]_2.r.C + +# TC_Perm1.99.2.POS Remove ability to create creds +user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin + +as XX@NS:<pass> +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin + +as testid@aaf.att.com:<pass> +role delete com.test.TC_Perm1.@[user.name].cred_admin + +sleep @[NFR] +as XX@NS:<pass> +# TC_Perm1.99.98.POS Namespace Admin can delete Namespace +set force=true ns delete com.test2.TC_Perm1.@[user.name] +as testid:<pass> +force ns delete com.test.TC_Perm1.@[user.name].r +force ns delete com.test.TC_Perm1.@[user.name]_2 +force ns delete com.test.TC_Perm1.@[user.name] +force ns delete com.test2.TC_Perm1.@[user.name] + +# TC_Perm1.99.99.POS List to prove removed +ns list name com.test.TC_Perm1.@[user.name] +ns list name com.test.TC_Perm1.@[user.name].r +ns list name com.test.TC_Perm1.@[user.name]_2 +ns list name com.test2.TC_Perm1.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm1/Description b/authz-test/TestSuite/TC_Perm1/Description new file mode 100644 index 00000000..012a12b1 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of the Namespace, and the NS Commands + +APIs: + + + +CLI: + Target + role create :role + role delete + ns delete :ns + ns list :ns + Ancillary + role create :role + role list name :role.* + |