diff options
Diffstat (limited to 'authz-test/TestSuite/TC_Perm2')
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/00_ids | 8 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/10_init | 8 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/20_add_data | 44 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/30_change_ns | 14 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/40_viewByType | 82 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/41_viewByUser | 34 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/42_viewByNS | 10 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/43_viewByRole | 15 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/99_cleanup | 24 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Perm2/Description | 9 |
10 files changed, 248 insertions, 0 deletions
diff --git a/authz-test/TestSuite/TC_Perm2/00_ids b/authz-test/TestSuite/TC_Perm2/00_ids new file mode 100644 index 00000000..f7196fc8 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/00_ids @@ -0,0 +1,8 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm2/10_init b/authz-test/TestSuite/TC_Perm2/10_init new file mode 100644 index 00000000..dbda5edc --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/10_init @@ -0,0 +1,8 @@ +as testid@aaf.att.com +# TC_Perm2.10.0.POS Print NS to prove ok +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com diff --git a/authz-test/TestSuite/TC_Perm2/20_add_data b/authz-test/TestSuite/TC_Perm2/20_add_data new file mode 100644 index 00000000..dfcff2fc --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/20_add_data @@ -0,0 +1,44 @@ +as testid@aaf.att.com:<pass> +# TC_Perm2.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.20.10.POS Add Perms with specific Instance and Action +expect 201 +perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction + +# TC_Perm2.20.11.POS Add Perms with specific Instance and Star +expect 201 +perm create com.test.TC_Perm2.@[user.name].p.A myInstance * + +# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action +expect 201 +perm create com.test.TC_Perm2.@[user.name].p.A * * +perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy + +# TC_Perm2.20.20.POS Create role +expect 201 +role create com.test.TC_Perm2.@[user.name].p.superUser +role create com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.20.21.POS Grant sub-NS perms to role +expect 201 +perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser +perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser +perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser +perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.20.30.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.20.40.POS Create role +expect 201 +role create com.test.TC_Perm2.@[user.name].p.watcher + +as XX@NS +# TC_Perm2.20.50.POS Grant view perms to watcher role +expect 201 +perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher +perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher + diff --git a/authz-test/TestSuite/TC_Perm2/30_change_ns b/authz-test/TestSuite/TC_Perm2/30_change_ns new file mode 100644 index 00000000..b69f9e8d --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/30_change_ns @@ -0,0 +1,14 @@ +as testid@aaf.att.com +# TC_Perm2.30.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Perm2.@[user.name] + +# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist +expect 201 +ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com + +# TC_Perm2.30.3.POS List Data on NS with sub-roles +expect 200 +ns list name com.test.TC_Perm2.@[user.name] +ns list name com.test.TC_Perm2.@[user.name].p + diff --git a/authz-test/TestSuite/TC_Perm2/40_viewByType b/authz-test/TestSuite/TC_Perm2/40_viewByType new file mode 100644 index 00000000..cef41b05 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/40_viewByType @@ -0,0 +1,82 @@ + +as testunused@aaf.att.com +# TC_Perm2.40.1.NEG Non-admin, not granted user should not view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# Tens test user granted to permission +# TC_Perm2.40.10.POS Add user to superUser role +expect 201 +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser + +as testunused@aaf.att.com +# TC_Perm2.40.11.POS Non-admin, granted user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# TC_Perm2.40.12.POS Ungrant perm with wildcards +expect 200 +perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser + +as testunused@aaf.att.com +# TC_Perm2.40.13.POS Non-admin, granted user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# TC_Perm2.40.19.POS Remove user from superUser role +expect 200 +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser + +# Twenties test user granted explicit view permission +# TC_Perm2.40.20.POS Add user to watcher role +expect 201 +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher + +as testunused@aaf.att.com +# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as XX@NS +# TC_Perm2.40.22.POS Ungrant perm with wildcards +expect 200 +perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher + +as testunused@aaf.att.com +# TC_Perm2.40.23.POS Non-admin, granted user should view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +as testid@aaf.att.com +# TC_Perm2.40.29.POS Remove user from watcher role +expect 200 +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher + +# Thirties test admin user +# TC_Perm2.40.30.POS Admin should be able to view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +# TC_Perm2.40.31.POS Add new admin for sub-NS +expect 201 +ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com + +# TC_Perm2.40.32.POS Remove admin from sub-NS +expect 200 +ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com + +# TC_Perm2.40.34.POS Admin of parent NS should be able to view +expect 200 +perm list name com.test.TC_Perm2.@[user.name].p.A + +# TC_Perm2.40.80.POS Add new admin for sub-NS +expect 201 +ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com + +# TC_Perm2.40.81.POS Remove admin from sub-NS +expect 200 +ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com + diff --git a/authz-test/TestSuite/TC_Perm2/41_viewByUser b/authz-test/TestSuite/TC_Perm2/41_viewByUser new file mode 100644 index 00000000..51c2ecb4 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/41_viewByUser @@ -0,0 +1,34 @@ +# TC_Perm2.41.1.POS Add user to some roles with perms attached +as testid@aaf.att.com +expect 201 +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +expect 200 +perm list user testunused@aaf.att.com + +# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +expect 200 +perm list user testunused@aaf.att.com + +# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace +as XX@NS +expect 200 +perm list user testunused@aaf.att.com + +# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) +as testunused@aaf.att.com +expect 200 +perm list user XX@NS + +# TC_Perm2.41.99.POS Remove users from roles for later test +as testid@aaf.att.com +expect 200 +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser +user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher +user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret + diff --git a/authz-test/TestSuite/TC_Perm2/42_viewByNS b/authz-test/TestSuite/TC_Perm2/42_viewByNS new file mode 100644 index 00000000..69f4ed63 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/42_viewByNS @@ -0,0 +1,10 @@ +# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS +as testid@aaf.att.com +expect 200 +perm list ns com.test.TC_Perm2.@[user.name].p + +# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS +as testunused@aaf.att.com +expect 403 +perm list ns com.test.TC_Perm2.@[user.name].p + diff --git a/authz-test/TestSuite/TC_Perm2/43_viewByRole b/authz-test/TestSuite/TC_Perm2/43_viewByRole new file mode 100644 index 00000000..29585b47 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/43_viewByRole @@ -0,0 +1,15 @@ +# TC_Perm2.43.10.POS List perms when allowed to see Role +as testid@aaf.att.com +expect 200 +perm list role com.test.TC_Perm2.@[user.name].p.superUser +perm list role com.test.TC_Perm2.@[user.name].p.watcher +perm list role com.test.TC_Perm2.@[user.name].p.secret + +# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role +as testunused@aaf.att.com +expect 403 +perm list role com.test.TC_Perm2.@[user.name].p.superUser +perm list role com.test.TC_Perm2.@[user.name].p.watcher +perm list role com.test.TC_Perm2.@[user.name].p.secret + + diff --git a/authz-test/TestSuite/TC_Perm2/99_cleanup b/authz-test/TestSuite/TC_Perm2/99_cleanup new file mode 100644 index 00000000..2d853869 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/99_cleanup @@ -0,0 +1,24 @@ +as testid@aaf.att.com +# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles +expect 200,404 + +force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction +force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance * +force perm delete com.test.TC_Perm2.@[user.name].p.A * * +force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy +force role delete com.test.TC_Perm2.@[user.name].p.watcher +force role delete com.test.TC_Perm2.@[user.name].p.superUser +force role delete com.test.TC_Perm2.@[user.name].p.secret + +as XX@NS +force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view +force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view + +# TC_Perm2.99.2.POS Namespace Admin can delete Namespace +expect 200,404 +force ns delete com.test.TC_Perm2.@[user.name].p +force ns delete com.test.TC_Perm2.@[user.name] + +# TC_Perm2.99.3.POS Print Namespaces +ns list name com.test.TC_Perm2.@[user.name].p +ns list name com.test.TC_Perm2.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm2/Description b/authz-test/TestSuite/TC_Perm2/Description new file mode 100644 index 00000000..96cb3708 --- /dev/null +++ b/authz-test/TestSuite/TC_Perm2/Description @@ -0,0 +1,9 @@ +This Testcase Tests the viewability of different perm commands + +APIs: + + + +CLI: + + |