diff options
Diffstat (limited to 'authz-test/TestSuite/expected/TC_Perm1.expected')
| -rw-r--r-- | authz-test/TestSuite/expected/TC_Perm1.expected | 963 |
1 files changed, 963 insertions, 0 deletions
diff --git a/authz-test/TestSuite/expected/TC_Perm1.expected b/authz-test/TestSuite/expected/TC_Perm1.expected new file mode 100644 index 00000000..d099990c --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Perm1.expected @@ -0,0 +1,963 @@ +set testid <pass> +set testid@aaf.att.com <pass> +set XX@NS <pass> +set testunused <pass> +set bogus boguspass +#delay 10 +set NFR 0 +# TC_Perm1.10.0.POS Validate Namespace is empty first +as testid@aaf.att.com +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Perm1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_Perm1.@[user.name].cred_admin +** Expect 201 ** +Created Role + +as XX@NS +# TC_Perm1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_Perm1.10.12.POS Assign user for creating creds +user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin +** Expect 201 ** +Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS] + +# TC_Perm1.20.1.POS List Data on non-Empty NS +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + +# TC_Perm1.20.2.POS Add Perm +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm1.20.3.NEG Already Added Perm +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists. + +# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well +force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B +** Expect 201 ** +Created Role [com.test.TC_Perm1.@[THE_USER].r.A] +Created Role [com.test.TC_Perm1.@[THE_USER].r.B] +Created Permission +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B] + +# TC_Perm1.20.8.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well +perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists. + +# TC_Perm1.20.10.NEG Non-admins can't change description +as testunused +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A +** Expect 403 ** +Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] + +# TC_Perm1.20.11.NEG Permission must exist to change description +as testid +perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C +** Expect 404 ** +Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist + +# TC_Perm1.20.12.POS Admin can change description +perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A +** Expect 200 ** +Description added to Permission + +# TC_Perm1.22.1.NEG Try to rename permission without changing anything +perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission + +# TC_Perm1.22.2.NEG Try to rename parent ns +perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.22.10.POS View permission in original state +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.22.11.POS Rename permission instance +perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.12.POS Verify change in permission instance +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction + +# TC_Perm1.22.13.POS Rename permission action +perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.14.POS Verify change in permission action +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction + +# TC_Perm1.22.15.POS Rename permission type +perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.16.POS Verify change in permission type +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction + +# TC_Perm1.22.20.POS See permission is attached to this role +role list role com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** + +List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction + +# TC_Perm1.22.21.POS Rename permission type, instance and action +perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 200 ** +Updated Permission + +# TC_Perm1.22.22.POS See permission stays attached after rename +role list role com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** + +List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.22.23.POS Verify permission is back to original state +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + +# TC_Perm1.25.1.POS Create another Role in This namespace +role create com.test.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Created Role + +# TC_Perm1.25.2.POS Create another Perm in This namespace +perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm1.25.3.NEG Permission must Exist to Add to Role +perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist + +# TC_Perm1.25.4.POS Grant individual new Perm to new Role +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.25.5.NEG Already Granted Perm +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.25.6.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 200 ** +UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.25.11.NEG Already UnGranted Perm +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role + +# TC_Perm1.25.20.POS Reset roles attached to permision with setTo +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** +Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] + +# TC_Perm1.25.21.POS Owner of permission can reset roles +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200 ** +Set Permission's Roles to [] + +# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not +as XX@NS +ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS +** Expect 201 ** +Created Namespace + +ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS +** Expect 201 ** +Created Namespace + +# TC_Perm1.26.2.POS Create ID in other Namespace +user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com] + +# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid +role create com.test2.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Created Role + +role create com.test2.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Created Role + +# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID +as m99990@@[THE_USER].TC_Perm1.test2.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID +as m99990@@[THE_USER].TC_Perm1.test2.com +set request true +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company +as testid@aaf.att.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company +as testid@aaf.att.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist + +# TC_Perm1.26.14.POS Create Role +as testid@aaf.att.com +role create com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Created Role + +# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.16.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +# TC_Perm1.26.17.POS Grant individual new Perm to new Role +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.26.18.NEG Already Granted Perm +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 409 ** +Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] + +# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID +as m99990@@[THE_USER].TC_Perm1.test2.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID +set request true +as m99990@@[THE_USER].TC_Perm1.test2.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID +set request true +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.30.POS Add ID to Role +as XX@NS +ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com +** Expect 201 ** +Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER] + +as m99990@@[THE_USER].TC_Perm1.test2.com +sleep 0 +# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner +set request true +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C +** Expect 202 ** +Permission Role Granted Accepted, but requires Approvals before actualizing + +# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace +as testid@aaf.att.com +perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.34.POS Print Info for Validation +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +as XX@NS +# TC_Perm1.26.35.POS Print Info for Validation +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test2.TC_Perm1.@[THE_USER] + Administrators + XX@NS + m99990@@[THE_USER].TC_Perm1.test2.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test2.TC_Perm1.@[THE_USER].admin + com.test2.TC_Perm1.@[THE_USER].owner + com.test2.TC_Perm1.@[THE_USER].r.C + Permissions + com.test2.TC_Perm1.@[THE_USER].access * * + com.test2.TC_Perm1.@[THE_USER].access * read + Credentials + m99990@@[THE_USER].TC_Perm1.test2.com + +as testid@aaf.att.com +# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role +as testid@aaf.att.com +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] + +# TC_Perm1.26.37.NEG Already UnGranted Perm +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role + +# TC_Perm1.26.40.POS Reset roles attached to permision with setTo +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** +Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] + +# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles +as m99990@@[THE_USER].TC_Perm1.test2.com +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant +perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.43.NEG Non-owner of permission cannot delete +perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] + +# TC_Perm1.26.45.POS Owner of permission can reset roles +as testid@aaf.att.com +perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200 ** +Set Permission's Roles to [] + +as XX@NS +# TC_Perm1.26.97.POS List the Namespaces +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.B + com.test.TC_Perm1.@[THE_USER].r.C + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction + +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test2.TC_Perm1.@[THE_USER] + Administrators + XX@NS + m99990@@[THE_USER].TC_Perm1.test2.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test2.TC_Perm1.@[THE_USER].admin + com.test2.TC_Perm1.@[THE_USER].owner + com.test2.TC_Perm1.@[THE_USER].r.C + Permissions + com.test2.TC_Perm1.@[THE_USER].access * * + com.test2.TC_Perm1.@[THE_USER].access * read + Credentials + m99990@@[THE_USER].TC_Perm1.test2.com + +as testid@aaf.att.com +# TC_Perm1.26.98.POS Cleanup +role delete com.test.TC_Perm1.@[user.name].r.A +** Expect 200 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.B +** Expect 200 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.C +** Expect 200 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +Deleted Role + +as XX@NS +role delete com.test2.TC_Perm1.@[user.name]_2.r.C +** Expect 200 ** +Deleted Role + +role delete com.test2.TC_Perm1.@[user.name].r.C +** Expect 200 ** +Deleted Role + +as testid@aaf.att.com +perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 200 ** +Deleted Permission + +perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 200 ** +Deleted Permission + +perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200 ** +Deleted Permission + +force ns delete com.test.TC_Perm1.@[user.name]_2 +** Expect 200 ** +Deleted Namespace + +as XX@NS +set force true +set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com +** Expect 200 ** +Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com] + +ns delete com.test2.TC_Perm1.@[user.name] +** Expect 200 ** +Deleted Namespace + +# TC_Perm1.26.99.POS List the Now Empty Namespaces +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Perm1.27.1.POS Create Permission +perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 201 ** +Created Permission + +# TC_Perm1.27.2.POS Create Role +role create com.test.TC_Perm1.@[user.name].r.A +** Expect 201 ** +Created Role + +# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force +perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown +** Expect 404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist + +# TC_Perm1.27.11.POS Role is created with force +force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown +** Expect 201 ** +Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown] +Created Permission +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown] + +# TC_Perm1.27.12.NEG Perm must Exist to Grant without force +perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A +** Expect 404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist + +# TC_Perm1.27.13.POS Perm is created with force +force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A +** Expect 201 ** +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] + +# TC_Perm1.27.14.POS Role and perm are created with force +force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 +** Expect 201 ** +Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] +Created Permission +Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] + +# TC_Perm1.30.1.POS List Data on non-Empty NS +as testid +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.unknown + com.test.TC_Perm1.@[THE_USER].r.unknown2 + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction + +# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist +ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_Perm1.30.3.POS List Data on NS with sub-roles +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].admin + com.test.TC_Perm1.@[THE_USER].cred_admin + com.test.TC_Perm1.@[THE_USER].owner + Permissions + com.test.TC_Perm1.@[THE_USER].access * * + com.test.TC_Perm1.@[THE_USER].access * read + com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction + com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction + +ns list name com.test.TC_Perm1.@[user.name].r +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] +-------------------------------------------------------------------------------- +com.test.TC_Perm1.@[THE_USER].r + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Perm1.@[THE_USER].r.A + com.test.TC_Perm1.@[THE_USER].r.admin + com.test.TC_Perm1.@[THE_USER].r.owner + com.test.TC_Perm1.@[THE_USER].r.unknown + com.test.TC_Perm1.@[THE_USER].r.unknown2 + Permissions + com.test.TC_Perm1.@[THE_USER].r.access * * + com.test.TC_Perm1.@[THE_USER].r.access * read + +as XX@NS +# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction +** Expect 200,404 ** +Deleted Permission + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction +** Expect 200,404 ** +Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction +** Expect 200,404 ** +Deleted Permission + +set force true +set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction +** Expect 200,404 ** +Deleted Permission + +role delete com.test.TC_Perm1.@[user.name].r.A +** Expect 200,404 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.B +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist + +role delete com.test.TC_Perm1.@[user.name].r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist + +role delete com.test.TC_Perm1.@[user.name].r.unknown +** Expect 200,404 ** +Deleted Role + +role delete com.test.TC_Perm1.@[user.name].r.unknown2 +** Expect 200,404 ** +Deleted Role + +role delete com.test2.TC_Perm1.@[user.name].r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist + +role delete com.test.TC_Perm1.@[user.name]_2.r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist + +role delete com.test2.TC_Perm1.@[user.name]_2.r.C +** Expect 200,404 ** +Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist + +# TC_Perm1.99.2.POS Remove ability to create creds +user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin +** Expect 200,404 ** +Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS] + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +role delete com.test.TC_Perm1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +sleep 0 +as XX@NS +# TC_Perm1.99.98.POS Namespace Admin can delete Namespace +set force true +set force=true ns delete com.test2.TC_Perm1.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist + +as testid +force ns delete com.test.TC_Perm1.@[user.name].r +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test.TC_Perm1.@[user.name]_2 +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist + +force ns delete com.test.TC_Perm1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +force ns delete com.test2.TC_Perm1.@[user.name] +** Expect 200,404 ** +Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist + +# TC_Perm1.99.99.POS List to prove removed +ns list name com.test.TC_Perm1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Perm1.@[user.name].r +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test.TC_Perm1.@[user.name]_2 +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +ns list name com.test2.TC_Perm1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + |