diff options
Diffstat (limited to 'authz-test/TestSuite/expected/TC_Cred1.expected')
| -rw-r--r-- | authz-test/TestSuite/expected/TC_Cred1.expected | 269 |
1 files changed, 269 insertions, 0 deletions
diff --git a/authz-test/TestSuite/expected/TC_Cred1.expected b/authz-test/TestSuite/expected/TC_Cred1.expected new file mode 100644 index 00000000..8d310d91 --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Cred1.expected @@ -0,0 +1,269 @@ +set testid@aaf.att.com <pass> +set testunused@aaf.att.com <pass> +set bogus boguspass +set XX@NS <pass> +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Cred1.10.0.POS List NS to prove ok +ns list name com.test.TC_Cred1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials +ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Cred1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com +** Expect 201 ** +Created Role +Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +role create com.test.TC_Cred1.@[user.name].pw_reset +** Expect 201 ** +Created Role + +# TC_Cred1.10.11.POS Assign roles to perms +as XX@NS +perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset] + +perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_Cred1.10.30.POS Assign user for creating creds +user cred add m99999@@[user.name].TC_Cred1.test.com password123 +** Expect 201 ** +Added Credential [m99999@@[THE_USER].TC_Cred1.test.com] + +set m99999@@[THE_USER].TC_Cred1.test.com password123 +# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions +user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com] +Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.10.32.POS Remove create rights for testing +user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200 ** +Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] + +# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID +as testunused@aaf.att.com +user cred add m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 403 ** +Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T + +# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID +as m99999@@[THE_USER].TC_Cred1.test.com +user cred add m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID +as testunused@aaf.att.com +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 403 ** +Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER] + +# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID +as m99999@@[THE_USER].TC_Cred1.test.com +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.12.POS Admin, without reset permission can reset Password +as testid@aaf.att.com +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.15.20.POS Admin, delete +user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.1.NEG Multiple options available to delete +as XX@NS +user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +as testid@aaf.att.com +user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.2.POS Succeeds when we choose last option +user cred del m99990@@[user.name].TC_Cred1.test.com 2 +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.10.POS Add another credential +user cred add m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.11.NEG Multiple options available to reset +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 +** Expect 300 ** +Failed [SVC1300]: Choice - Select which cred to update: + Id Type Expires + 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] + 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] +Run same command again with chosen entry as last parameter + +# TC_Cred1.30.12.NEG Fails when we choose a bad option +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 +** Expect 406 ** +Failed [SVC1406]: Not Acceptable - User chose invalid credential selection + +# TC_Cred1.30.13.POS Succeeds when we choose last option +user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 +** Expect 200 ** +Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +#TC_Cred1.30.30.NEG Fails when we don't have specific property +user cred extend m99990@@[user.name].TC_Cred1.test.com +** Expect 403 ** +Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T + +#### EXTENDS behavior #### +#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission +as XX@NS +role create com.test.TC_Cred1.@[user.name].extendTemp +** Expect 201 ** +Created Role + +#TC_Cred1.30.33.POS Grant Extends Permission to Role +perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp +** Expect 201 ** +Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] + +#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission +role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS +** Expect 201 ** +Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] + +#TC_Cred1.30.36.POS Extend Password, expecting Single Response +user cred extend m99990@@[user.name].TC_Cred1.test.com 1 +** Expect 200 ** +Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +#TC_Cred1.30.39.POS Remove Role +set force true +role delete com.test.TC_Cred1.@[user.name].extendTemp +** Expect 200 ** +Deleted Role + +#### MULTI CLEANUP ##### +role list user m99990@@[user.name].TC_Cred1.test.com +** Expect 200 ** + +List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- + +# TC_Cred1.30.80.POS Delete all entries for this cred +set force true +user cred del m99990@@[user.name].TC_Cred1.test.com +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] + +# TC_Cred1.30.99.POS List ns shows no creds attached +ns list name com.test.TC_Cred1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Cred1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Cred1.@[THE_USER].admin + com.test.TC_Cred1.@[THE_USER].cred_admin + com.test.TC_Cred1.@[THE_USER].owner + com.test.TC_Cred1.@[THE_USER].pw_reset + Permissions + com.test.TC_Cred1.@[THE_USER].access * * + com.test.TC_Cred1.@[THE_USER].access * read + Credentials + m99999@@[THE_USER].TC_Cred1.test.com + +as testid@aaf.att.com +# TC_Cred1.99.1.POS Delete credentials +force user cred del m99990@@[user.name].TC_Cred1.test.com +** Expect 200,404 ** +Failed [SVC5404]: Not Found - Credential does not exist + +#TC_Cred1.99.2.POS Ensure Remove Role +set force true +role delete com.test.TC_Cred1.@[user.name].extendTemp +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist + +# TC_Cred1.99.10.POS Remove ability to create creds +force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200,404 ** +Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin] + +force perm delete com.att.aaf.password com.test reset +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.mechid com.test create +** Expect 200,404 ** +Deleted Permission + +as testid@aaf.att.com +force role delete com.test.TC_Cred1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Cred1.@[user.name].pw_reset +** Expect 200,404 ** +Deleted Role + +# TC_Cred1.99.99.POS Delete Namespace for TestSuite +set force true +set force=true ns delete com.test.TC_Cred1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +as XX@NS +force ns delete com.test.TC_Cred1.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist + +force ns delete com.test.TC_Cred1 +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist + |