diff options
Diffstat (limited to 'authz-test/TestSuite/TC_Perm1')
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/00_ids | 9 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/10_init | 23 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/20_add_data | 38 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/22_rename | 52 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/25_grant_owned | 40 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/26_grant_unowned | 175 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/27_grant_force | 29 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/30_change_ns | 14 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/99_cleanup | 42 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm1/Description | 16 |
10 files changed, 0 insertions, 438 deletions
diff --git a/authz-test/TestSuite/TC_Perm1/00_ids b/authz-test/TestSuite/TC_Perm1/00_ids deleted file mode 100644 index 0e7a40aa..00000000 --- a/authz-test/TestSuite/TC_Perm1/00_ids +++ /dev/null @@ -1,9 +0,0 @@ -expect 0 -set testid=<pass> -set testid@aaf.att.com=<pass> -set XX@NS=<pass> -set testunused=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm1/10_init b/authz-test/TestSuite/TC_Perm1/10_init deleted file mode 100644 index 08a9d171..00000000 --- a/authz-test/TestSuite/TC_Perm1/10_init +++ /dev/null @@ -1,23 +0,0 @@ -# TC_Perm1.10.0.POS Validate Namespace is empty first -as testid@aaf.att.com -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_Perm1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_Perm1.@[user.name].cred_admin - -as XX@NS -# TC_Perm1.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_Perm1.10.12.POS Assign user for creating creds -expect 201 -user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin - diff --git a/authz-test/TestSuite/TC_Perm1/20_add_data b/authz-test/TestSuite/TC_Perm1/20_add_data deleted file mode 100644 index 308170f8..00000000 --- a/authz-test/TestSuite/TC_Perm1/20_add_data +++ /dev/null @@ -1,38 +0,0 @@ -# TC_Perm1.20.1.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.20.2.POS Add Perm -expect 201 -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction - -# TC_Perm1.20.3.NEG Already Added Perm -expect 409 -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction - -# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well -expect 201 -force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B - -# TC_Perm1.20.8.POS Print Info for Validation -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well -expect 409 -perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B - -# TC_Perm1.20.10.NEG Non-admins can't change description -expect 403 -as testunused -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A - -# TC_Perm1.20.11.NEG Permission must exist to change description -expect 404 -as testid -perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C - -# TC_Perm1.20.12.POS Admin can change description -expect 200 -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A - diff --git a/authz-test/TestSuite/TC_Perm1/22_rename b/authz-test/TestSuite/TC_Perm1/22_rename deleted file mode 100644 index e2495608..00000000 --- a/authz-test/TestSuite/TC_Perm1/22_rename +++ /dev/null @@ -1,52 +0,0 @@ -# TC_Perm1.22.1.NEG Try to rename permission without changing anything
-expect 409
-perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
-
-# TC_Perm1.22.2.NEG Try to rename parent ns
-expect 403
-perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
-
-# TC_Perm1.22.10.POS View permission in original state
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.11.POS Rename permission instance
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
-
-# TC_Perm1.22.12.POS Verify change in permission instance
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.13.POS Rename permission action
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
-
-# TC_Perm1.22.14.POS Verify change in permission action
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.15.POS Rename permission type
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
-
-# TC_Perm1.22.16.POS Verify change in permission type
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.20.POS See permission is attached to this role
-expect 200
-role list role com.test.TC_Perm1.@[user.name].r.A
-
-# TC_Perm1.22.21.POS Rename permission type, instance and action
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
-
-# TC_Perm1.22.22.POS See permission stays attached after rename
-expect 200
-role list role com.test.TC_Perm1.@[user.name].r.A
-
-# TC_Perm1.22.23.POS Verify permission is back to original state
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
diff --git a/authz-test/TestSuite/TC_Perm1/25_grant_owned b/authz-test/TestSuite/TC_Perm1/25_grant_owned deleted file mode 100644 index 3085ace7..00000000 --- a/authz-test/TestSuite/TC_Perm1/25_grant_owned +++ /dev/null @@ -1,40 +0,0 @@ -# TC_Perm1.25.1.POS Create another Role in This namespace -expect 201 -role create com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.2.POS Create another Perm in This namespace -expect 201 -perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction - -# TC_Perm1.25.3.NEG Permission must Exist to Add to Role -expect 404 -perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.4.POS Grant individual new Perm to new Role -expect 201 -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.5.NEG Already Granted Perm -expect 409 -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.6.POS Print Info for Validation -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role -expect 200 -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.11.NEG Already UnGranted Perm -expect 404 -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.20.POS Reset roles attached to permision with setTo -expect 200 -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.25.21.POS Owner of permission can reset roles -expect 200 -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction - diff --git a/authz-test/TestSuite/TC_Perm1/26_grant_unowned b/authz-test/TestSuite/TC_Perm1/26_grant_unowned deleted file mode 100644 index 4449624f..00000000 --- a/authz-test/TestSuite/TC_Perm1/26_grant_unowned +++ /dev/null @@ -1,175 +0,0 @@ -# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
-as XX@NS
-expect 201
-ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
-ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
-
-# TC_Perm1.26.2.POS Create ID in other Namespace
-expect 201
-user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
-
-# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
-expect 201
-role create com.test2.TC_Perm1.@[user.name].r.C
-role create com.test2.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
-expect 403
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
-expect 202
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-set request=true
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
-as testid@aaf.att.com
-expect 403
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
-as testid@aaf.att.com
-expect 404
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.14.POS Create Role
-as testid@aaf.att.com
-expect 201
-role create com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
-expect 201
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.16.POS Print Info for Validation
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.26.17.POS Grant individual new Perm to new Role
-expect 201
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.18.NEG Already Granted Perm
-expect 409
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
-expect 200
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
-expect 403
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
-expect 202
-set request=true
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
-expect 403
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
-
-# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
-expect 202
-set request=true
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
-
-
-# TC_Perm1.26.30.POS Add ID to Role
-as XX@NS:<pass>
-expect 201
-ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-sleep @[NFR]
-
-# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
-expect 403
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
-expect 202
-set request=true
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-
-# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
-expect 201
-as testid@aaf.att.com
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.34.POS Print Info for Validation
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-as XX@NS
-# TC_Perm1.26.35.POS Print Info for Validation
-expect 200
-ns list name com.test2.TC_Perm1.@[user.name]
-
-as testid@aaf.att.com
-# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
-as testid@aaf.att.com
-expect 200
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.37.NEG Already UnGranted Perm
-expect 404
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
-expect 200
-perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
-
-# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
-expect 403
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-
-# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
-expect 403
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
-expect 403
-perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-
-# TC_Perm1.26.45.POS Owner of permission can reset roles
-as testid@aaf.att.com
-expect 200
-perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-
-as XX@NS
-# TC_Perm1.26.97.POS List the Namespaces
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-ns list name com.test2.TC_Perm1.@[user.name]
-
-as testid@aaf.att.com
-# TC_Perm1.26.98.POS Cleanup
-expect 200
-role delete com.test.TC_Perm1.@[user.name].r.A
-role delete com.test.TC_Perm1.@[user.name].r.B
-role delete com.test.TC_Perm1.@[user.name].r.C
-role delete com.test.TC_Perm1.@[user.name]_2.r.C
-as XX@NS
-role delete com.test2.TC_Perm1.@[user.name]_2.r.C
-role delete com.test2.TC_Perm1.@[user.name].r.C
-as testid@aaf.att.com
-perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
-perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
-perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-force ns delete com.test.TC_Perm1.@[user.name]_2
-as XX@NS
-set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
-ns delete com.test2.TC_Perm1.@[user.name]
-
-# TC_Perm1.26.99.POS List the Now Empty Namespaces
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-ns list name com.test2.TC_Perm1.@[user.name]
-
diff --git a/authz-test/TestSuite/TC_Perm1/27_grant_force b/authz-test/TestSuite/TC_Perm1/27_grant_force deleted file mode 100644 index 12ee9839..00000000 --- a/authz-test/TestSuite/TC_Perm1/27_grant_force +++ /dev/null @@ -1,29 +0,0 @@ -# TC_Perm1.27.1.POS Create Permission -expect 201 -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction - -# TC_Perm1.27.2.POS Create Role -expect 201 -role create com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force -expect 404 -perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown - -# TC_Perm1.27.11.POS Role is created with force -expect 201 -force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown - -# TC_Perm1.27.12.NEG Perm must Exist to Grant without force -expect 404 -perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.27.13.POS Perm is created with force -expect 201 -force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.27.14.POS Role and perm are created with force -expect 201 -force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 - - diff --git a/authz-test/TestSuite/TC_Perm1/30_change_ns b/authz-test/TestSuite/TC_Perm1/30_change_ns deleted file mode 100644 index a92562a6..00000000 --- a/authz-test/TestSuite/TC_Perm1/30_change_ns +++ /dev/null @@ -1,14 +0,0 @@ -# TC_Perm1.30.1.POS List Data on non-Empty NS -as testid -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist -expect 201 -ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com - -# TC_Perm1.30.3.POS List Data on NS with sub-roles -expect 200 -ns list name com.test.TC_Perm1.@[user.name] -ns list name com.test.TC_Perm1.@[user.name].r - diff --git a/authz-test/TestSuite/TC_Perm1/99_cleanup b/authz-test/TestSuite/TC_Perm1/99_cleanup deleted file mode 100644 index 222e2a4c..00000000 --- a/authz-test/TestSuite/TC_Perm1/99_cleanup +++ /dev/null @@ -1,42 +0,0 @@ -as XX@NS:<pass> -expect 200,404 - -# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles -set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction -role delete com.test.TC_Perm1.@[user.name].r.A -role delete com.test.TC_Perm1.@[user.name].r.B -role delete com.test.TC_Perm1.@[user.name].r.C -role delete com.test.TC_Perm1.@[user.name].r.unknown -role delete com.test.TC_Perm1.@[user.name].r.unknown2 -role delete com.test2.TC_Perm1.@[user.name].r.C -role delete com.test.TC_Perm1.@[user.name]_2.r.C -role delete com.test2.TC_Perm1.@[user.name]_2.r.C - -# TC_Perm1.99.2.POS Remove ability to create creds -user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin - -as XX@NS:<pass> -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin - -as testid@aaf.att.com:<pass> -role delete com.test.TC_Perm1.@[user.name].cred_admin - -sleep @[NFR] -as XX@NS:<pass> -# TC_Perm1.99.98.POS Namespace Admin can delete Namespace -set force=true ns delete com.test2.TC_Perm1.@[user.name] -as testid:<pass> -force ns delete com.test.TC_Perm1.@[user.name].r -force ns delete com.test.TC_Perm1.@[user.name]_2 -force ns delete com.test.TC_Perm1.@[user.name] -force ns delete com.test2.TC_Perm1.@[user.name] - -# TC_Perm1.99.99.POS List to prove removed -ns list name com.test.TC_Perm1.@[user.name] -ns list name com.test.TC_Perm1.@[user.name].r -ns list name com.test.TC_Perm1.@[user.name]_2 -ns list name com.test2.TC_Perm1.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm1/Description b/authz-test/TestSuite/TC_Perm1/Description deleted file mode 100644 index 012a12b1..00000000 --- a/authz-test/TestSuite/TC_Perm1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of the Namespace, and the NS Commands - -APIs: - - - -CLI: - Target - role create :role - role delete - ns delete :ns - ns list :ns - Ancillary - role create :role - role list name :role.* - |