diff options
Diffstat (limited to 'authz-test/TestSuite/TC_Role2')
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/00_ids | 8 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/10_init | 8 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/20_add_data | 39 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/40_viewByName | 45 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/41_viewByUser | 20 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/42_viewByNS | 10 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/43_viewByPerm | 15 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/99_cleanup | 22 | ||||
| -rw-r--r-- | authz-test/TestSuite/TC_Role2/Description | 9 |
9 files changed, 176 insertions, 0 deletions
diff --git a/authz-test/TestSuite/TC_Role2/00_ids b/authz-test/TestSuite/TC_Role2/00_ids new file mode 100644 index 00000000..f7196fc8 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/00_ids @@ -0,0 +1,8 @@ +expect 0 +set XX@NS=<pass> +set testid@aaf.att.com=<pass> +set testunused@aaf.att.com=<pass> +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Role2/10_init b/authz-test/TestSuite/TC_Role2/10_init new file mode 100644 index 00000000..dbe7b858 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/10_init @@ -0,0 +1,8 @@ +as testid@aaf.att.com +# TC_Role2.10.0.POS Print NS to prove ok +expect 200 +ns list name com.test.TC_Role2.@[user.name] + +# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com diff --git a/authz-test/TestSuite/TC_Role2/20_add_data b/authz-test/TestSuite/TC_Role2/20_add_data new file mode 100644 index 00000000..6b85dea1 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/20_add_data @@ -0,0 +1,39 @@ +############## +# Testing Model +# We are making a Testing model based loosely on George Orwell's Animal Farm +# In Animal Farm, Animals did all the work but didn't get any priviledges. +# In our test, the animals can't see anything but their own role, etc +# Dogs were supervisors, and ostensibly did something, though mostly laid around +# In our test, they have Implicit Permissions by being Admins +# Pigs were the Elite. They did nothing, but watch everyone and eat the produce +# In our test, they have Explicit Permissions to see everything they want +############## +as testid@aaf.att.com:<pass> +# TC_Role2.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Role2.@[user.name] + +# TC_Role2.20.10.POS Create Orwellian Roles +expect 201 +role create com.test.TC_Role2.@[user.name].r.animals +role create com.test.TC_Role2.@[user.name].r.dogs +role create com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles +expect 201 +perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals +perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs +perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs +perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs + +# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs +expect 201 +as XX@NS:<pass> +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.20.60.POS List Data on non-Empty NS +expect 200 +as testid@aaf.att.com:<pass> +ns list name com.test.TC_Role2.@[user.name] + diff --git a/authz-test/TestSuite/TC_Role2/40_viewByName b/authz-test/TestSuite/TC_Role2/40_viewByName new file mode 100644 index 00000000..a6ec33c5 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/40_viewByName @@ -0,0 +1,45 @@ +as XX@NS +# TC_Role2.40.1.POS List Data on Role +expect 200 +role list role com.test.TC_Role2.@[user.name].r.animals +role list role com.test.TC_Role2.@[user.name].r.dogs +role list role com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.40.10.POS Add testunused to animals +expect 201 +as testid@aaf.att.com +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals + +# TC_Role2.40.11.POS List by Name when part of role +as testunused@aaf.att.com +expect 200 +role list role com.test.TC_Role2.@[user.name].r.animals + +# TC_Role2.40.12.NEG List by Name when not part of Role +expect 403 +role list role com.test.TC_Role2.@[user.name].r.dogs +role list role com.test.TC_Role2.@[user.name].r.pigs + + +# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace +as testid@aaf.att.com +expect 200 +role list role com.test.TC_Role2.@[user.name].r.animals +role list role com.test.TC_Role2.@[user.name].r.dogs +role list role com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.40.50.POS Change testunused to Pigs +as testid@aaf.att.com +expect 200 +user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals +expect 201 +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions +as testunused@aaf.att.com +expect 403 +role list role com.test.TC_Role2.@[user.name].r.animals +role list role com.test.TC_Role2.@[user.name].r.dogs +expect 200 +role list role com.test.TC_Role2.@[user.name].r.pigs + diff --git a/authz-test/TestSuite/TC_Role2/41_viewByUser b/authz-test/TestSuite/TC_Role2/41_viewByUser new file mode 100644 index 00000000..684d9ba1 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/41_viewByUser @@ -0,0 +1,20 @@ +# TC_Role2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +expect 200 +role list user testunused@aaf.att.com + +# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +expect 200 +role list user testunused@aaf.att.com + +# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace +as XX@NS +expect 200 +role list user testunused@aaf.att.com + +# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) +as testunused@aaf.att.com +expect 200 +role list user XX@NS + diff --git a/authz-test/TestSuite/TC_Role2/42_viewByNS b/authz-test/TestSuite/TC_Role2/42_viewByNS new file mode 100644 index 00000000..8f184943 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/42_viewByNS @@ -0,0 +1,10 @@ +# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS +as testid@aaf.att.com +expect 200 +role list ns com.test.TC_Role2.@[user.name] + +# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS +as testunused@aaf.att.com +expect 403 +role list ns com.test.TC_Role2.@[user.name] + diff --git a/authz-test/TestSuite/TC_Role2/43_viewByPerm b/authz-test/TestSuite/TC_Role2/43_viewByPerm new file mode 100644 index 00000000..53a1e3d4 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/43_viewByPerm @@ -0,0 +1,15 @@ +# TC_Role2.43.10.POS List Roles when allowed to see Perm +as testid@aaf.att.com +expect 200 +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +role list perm com.test.TC_Role2.@[user.name].r.A grain * +role list perm com.test.TC_Role2.@[user.name].r.A * * + +# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm +as testunused@aaf.att.com +expect 403 +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +role list perm com.test.TC_Role2.@[user.name].r.A grain * +role list perm com.test.TC_Role2.@[user.name].r.A * * + + diff --git a/authz-test/TestSuite/TC_Role2/99_cleanup b/authz-test/TestSuite/TC_Role2/99_cleanup new file mode 100644 index 00000000..df344b2d --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/99_cleanup @@ -0,0 +1,22 @@ +as XX@NS +expect 200,404 + +# TC_Role2.99.1.POS Delete Roles +force role delete com.test.TC_Role2.@[user.name].r.animals +force role delete com.test.TC_Role2.@[user.name].r.dogs +force role delete com.test.TC_Role2.@[user.name].r.pigs + +# TC_Role2.99.2.POS Delete Perms +force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat +force perm delete com.test.TC_Role2.@[user.name].r.A grain eat +force perm delete com.test.TC_Role2.@[user.name].r.A grain * +force perm delete com.test.TC_Role2.@[user.name].r.A * * +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view + + +# TC_Role2.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Role2.@[user.name] + +# TC_Role2.99.3.POS Print Namespaces +ns list name com.test.TC_Role2.@[user.name] diff --git a/authz-test/TestSuite/TC_Role2/Description b/authz-test/TestSuite/TC_Role2/Description new file mode 100644 index 00000000..ea741a81 --- /dev/null +++ b/authz-test/TestSuite/TC_Role2/Description @@ -0,0 +1,9 @@ +This Testcase Tests the viewability of different role commands + +APIs: + + + +CLI: + + |