summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite/TC_Perm2
diff options
context:
space:
mode:
Diffstat (limited to 'authz-test/TestSuite/TC_Perm2')
-rw-r--r--authz-test/TestSuite/TC_Perm2/00_ids8
-rw-r--r--authz-test/TestSuite/TC_Perm2/10_init8
-rw-r--r--authz-test/TestSuite/TC_Perm2/20_add_data44
-rw-r--r--authz-test/TestSuite/TC_Perm2/30_change_ns14
-rw-r--r--authz-test/TestSuite/TC_Perm2/40_viewByType82
-rw-r--r--authz-test/TestSuite/TC_Perm2/41_viewByUser34
-rw-r--r--authz-test/TestSuite/TC_Perm2/42_viewByNS10
-rw-r--r--authz-test/TestSuite/TC_Perm2/43_viewByRole15
-rw-r--r--authz-test/TestSuite/TC_Perm2/99_cleanup24
-rw-r--r--authz-test/TestSuite/TC_Perm2/Description9
10 files changed, 248 insertions, 0 deletions
diff --git a/authz-test/TestSuite/TC_Perm2/00_ids b/authz-test/TestSuite/TC_Perm2/00_ids
new file mode 100644
index 00000000..f7196fc8
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/00_ids
@@ -0,0 +1,8 @@
+expect 0
+set XX@NS=<pass>
+set testid@aaf.att.com=<pass>
+set testunused@aaf.att.com=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Perm2/10_init b/authz-test/TestSuite/TC_Perm2/10_init
new file mode 100644
index 00000000..dbda5edc
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/10_init
@@ -0,0 +1,8 @@
+as testid@aaf.att.com
+# TC_Perm2.10.0.POS Print NS to prove ok
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com
diff --git a/authz-test/TestSuite/TC_Perm2/20_add_data b/authz-test/TestSuite/TC_Perm2/20_add_data
new file mode 100644
index 00000000..dfcff2fc
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/20_add_data
@@ -0,0 +1,44 @@
+as testid@aaf.att.com:<pass>
+# TC_Perm2.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.20.10.POS Add Perms with specific Instance and Action
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+
+# TC_Perm2.20.11.POS Add Perms with specific Instance and Star
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A myInstance *
+
+# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action
+expect 201
+perm create com.test.TC_Perm2.@[user.name].p.A * *
+perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+
+# TC_Perm2.20.20.POS Create role
+expect 201
+role create com.test.TC_Perm2.@[user.name].p.superUser
+role create com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.20.21.POS Grant sub-NS perms to role
+expect 201
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.20.30.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.20.40.POS Create role
+expect 201
+role create com.test.TC_Perm2.@[user.name].p.watcher
+
+as XX@NS
+# TC_Perm2.20.50.POS Grant view perms to watcher role
+expect 201
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher
+perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+
diff --git a/authz-test/TestSuite/TC_Perm2/30_change_ns b/authz-test/TestSuite/TC_Perm2/30_change_ns
new file mode 100644
index 00000000..b69f9e8d
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/30_change_ns
@@ -0,0 +1,14 @@
+as testid@aaf.att.com
+# TC_Perm2.30.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com
+
+# TC_Perm2.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Perm2.@[user.name]
+ns list name com.test.TC_Perm2.@[user.name].p
+
diff --git a/authz-test/TestSuite/TC_Perm2/40_viewByType b/authz-test/TestSuite/TC_Perm2/40_viewByType
new file mode 100644
index 00000000..cef41b05
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/40_viewByType
@@ -0,0 +1,82 @@
+
+as testunused@aaf.att.com
+# TC_Perm2.40.1.NEG Non-admin, not granted user should not view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# Tens test user granted to permission
+# TC_Perm2.40.10.POS Add user to superUser role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+
+as testunused@aaf.att.com
+# TC_Perm2.40.11.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.12.POS Ungrant perm with wildcards
+expect 200
+perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser
+
+as testunused@aaf.att.com
+# TC_Perm2.40.13.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.19.POS Remove user from superUser role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+
+# Twenties test user granted explicit view permission
+# TC_Perm2.40.20.POS Add user to watcher role
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+
+as testunused@aaf.att.com
+# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as XX@NS
+# TC_Perm2.40.22.POS Ungrant perm with wildcards
+expect 200
+perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher
+
+as testunused@aaf.att.com
+# TC_Perm2.40.23.POS Non-admin, granted user should view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+as testid@aaf.att.com
+# TC_Perm2.40.29.POS Remove user from watcher role
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+
+# Thirties test admin user
+# TC_Perm2.40.30.POS Admin should be able to view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+# TC_Perm2.40.31.POS Add new admin for sub-NS
+expect 201
+ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+
+# TC_Perm2.40.32.POS Remove admin from sub-NS
+expect 200
+ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+
+# TC_Perm2.40.34.POS Admin of parent NS should be able to view
+expect 200
+perm list name com.test.TC_Perm2.@[user.name].p.A
+
+# TC_Perm2.40.80.POS Add new admin for sub-NS
+expect 201
+ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com
+
+# TC_Perm2.40.81.POS Remove admin from sub-NS
+expect 200
+ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com
+
diff --git a/authz-test/TestSuite/TC_Perm2/41_viewByUser b/authz-test/TestSuite/TC_Perm2/41_viewByUser
new file mode 100644
index 00000000..51c2ecb4
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/41_viewByUser
@@ -0,0 +1,34 @@
+# TC_Perm2.41.1.POS Add user to some roles with perms attached
+as testid@aaf.att.com
+expect 201
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace
+as XX@NS
+expect 200
+perm list user testunused@aaf.att.com
+
+# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+expect 200
+perm list user XX@NS
+
+# TC_Perm2.41.99.POS Remove users from roles for later test
+as testid@aaf.att.com
+expect 200
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser
+user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher
+user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret
+
diff --git a/authz-test/TestSuite/TC_Perm2/42_viewByNS b/authz-test/TestSuite/TC_Perm2/42_viewByNS
new file mode 100644
index 00000000..69f4ed63
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/42_viewByNS
@@ -0,0 +1,10 @@
+# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+expect 200
+perm list ns com.test.TC_Perm2.@[user.name].p
+
+# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+expect 403
+perm list ns com.test.TC_Perm2.@[user.name].p
+
diff --git a/authz-test/TestSuite/TC_Perm2/43_viewByRole b/authz-test/TestSuite/TC_Perm2/43_viewByRole
new file mode 100644
index 00000000..29585b47
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/43_viewByRole
@@ -0,0 +1,15 @@
+# TC_Perm2.43.10.POS List perms when allowed to see Role
+as testid@aaf.att.com
+expect 200
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+
+# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role
+as testunused@aaf.att.com
+expect 403
+perm list role com.test.TC_Perm2.@[user.name].p.superUser
+perm list role com.test.TC_Perm2.@[user.name].p.watcher
+perm list role com.test.TC_Perm2.@[user.name].p.secret
+
+
diff --git a/authz-test/TestSuite/TC_Perm2/99_cleanup b/authz-test/TestSuite/TC_Perm2/99_cleanup
new file mode 100644
index 00000000..2d853869
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/99_cleanup
@@ -0,0 +1,24 @@
+as testid@aaf.att.com
+# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles
+expect 200,404
+
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction
+force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance *
+force perm delete com.test.TC_Perm2.@[user.name].p.A * *
+force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy
+force role delete com.test.TC_Perm2.@[user.name].p.watcher
+force role delete com.test.TC_Perm2.@[user.name].p.superUser
+force role delete com.test.TC_Perm2.@[user.name].p.secret
+
+as XX@NS
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view
+force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view
+
+# TC_Perm2.99.2.POS Namespace Admin can delete Namespace
+expect 200,404
+force ns delete com.test.TC_Perm2.@[user.name].p
+force ns delete com.test.TC_Perm2.@[user.name]
+
+# TC_Perm2.99.3.POS Print Namespaces
+ns list name com.test.TC_Perm2.@[user.name].p
+ns list name com.test.TC_Perm2.@[user.name]
diff --git a/authz-test/TestSuite/TC_Perm2/Description b/authz-test/TestSuite/TC_Perm2/Description
new file mode 100644
index 00000000..96cb3708
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm2/Description
@@ -0,0 +1,9 @@
+This Testcase Tests the viewability of different perm commands
+
+APIs:
+
+
+
+CLI:
+
+