diff options
Diffstat (limited to 'authz-test/TestSuite/expected/TC_Perm1.expected')
| -rw-r--r-- | authz-test/TestSuite/expected/TC_Perm1.expected | 963 |
1 files changed, 0 insertions, 963 deletions
diff --git a/authz-test/TestSuite/expected/TC_Perm1.expected b/authz-test/TestSuite/expected/TC_Perm1.expected deleted file mode 100644 index d099990c..00000000 --- a/authz-test/TestSuite/expected/TC_Perm1.expected +++ /dev/null @@ -1,963 +0,0 @@ -set testid <pass> -set testid@aaf.att.com <pass> -set XX@NS <pass> -set testunused <pass> -set bogus boguspass -#delay 10 -set NFR 0 -# TC_Perm1.10.0.POS Validate Namespace is empty first -as testid@aaf.att.com -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Perm1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_Perm1.@[user.name].cred_admin -** Expect 201 ** -Created Role - -as XX@NS -# TC_Perm1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_Perm1.10.12.POS Assign user for creating creds -user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS] - -# TC_Perm1.20.1.POS List Data on non-Empty NS -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - -# TC_Perm1.20.2.POS Add Perm -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm1.20.3.NEG Already Added Perm -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists. - -# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well -force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B -** Expect 201 ** -Created Role [com.test.TC_Perm1.@[THE_USER].r.A] -Created Role [com.test.TC_Perm1.@[THE_USER].r.B] -Created Permission -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B] - -# TC_Perm1.20.8.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well -perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists. - -# TC_Perm1.20.10.NEG Non-admins can't change description -as testunused -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A -** Expect 403 ** -Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] - -# TC_Perm1.20.11.NEG Permission must exist to change description -as testid -perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C -** Expect 404 ** -Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist - -# TC_Perm1.20.12.POS Admin can change description -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A -** Expect 200 ** -Description added to Permission - -# TC_Perm1.22.1.NEG Try to rename permission without changing anything -perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission - -# TC_Perm1.22.2.NEG Try to rename parent ns -perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.22.10.POS View permission in original state -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.22.11.POS Rename permission instance -perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.12.POS Verify change in permission instance -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction - -# TC_Perm1.22.13.POS Rename permission action -perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.14.POS Verify change in permission action -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction - -# TC_Perm1.22.15.POS Rename permission type -perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.16.POS Verify change in permission type -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction - -# TC_Perm1.22.20.POS See permission is attached to this role -role list role com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction - -# TC_Perm1.22.21.POS Rename permission type, instance and action -perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.22.POS See permission stays attached after rename -role list role com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.22.23.POS Verify permission is back to original state -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.25.1.POS Create another Role in This namespace -role create com.test.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Created Role - -# TC_Perm1.25.2.POS Create another Perm in This namespace -perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm1.25.3.NEG Permission must Exist to Add to Role -perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist - -# TC_Perm1.25.4.POS Grant individual new Perm to new Role -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.25.5.NEG Already Granted Perm -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.25.6.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 200 ** -UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.25.11.NEG Already UnGranted Perm -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role - -# TC_Perm1.25.20.POS Reset roles attached to permision with setTo -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** -Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] - -# TC_Perm1.25.21.POS Owner of permission can reset roles -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200 ** -Set Permission's Roles to [] - -# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not -as XX@NS -ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS -** Expect 201 ** -Created Namespace - -ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS -** Expect 201 ** -Created Namespace - -# TC_Perm1.26.2.POS Create ID in other Namespace -user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com] - -# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid -role create com.test2.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Created Role - -role create com.test2.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Created Role - -# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID -as m99990@@[THE_USER].TC_Perm1.test2.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID -as m99990@@[THE_USER].TC_Perm1.test2.com -set request true -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company -as testid@aaf.att.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company -as testid@aaf.att.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist - -# TC_Perm1.26.14.POS Create Role -as testid@aaf.att.com -role create com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Created Role - -# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.16.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -# TC_Perm1.26.17.POS Grant individual new Perm to new Role -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.26.18.NEG Already Granted Perm -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID -as m99990@@[THE_USER].TC_Perm1.test2.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID -set request true -as m99990@@[THE_USER].TC_Perm1.test2.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID -set request true -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.30.POS Add ID to Role -as XX@NS -ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com -** Expect 201 ** -Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER] - -as m99990@@[THE_USER].TC_Perm1.test2.com -sleep 0 -# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner -set request true -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace -as testid@aaf.att.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.34.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -as XX@NS -# TC_Perm1.26.35.POS Print Info for Validation -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test2.TC_Perm1.@[THE_USER] - Administrators - XX@NS - m99990@@[THE_USER].TC_Perm1.test2.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test2.TC_Perm1.@[THE_USER].admin - com.test2.TC_Perm1.@[THE_USER].owner - com.test2.TC_Perm1.@[THE_USER].r.C - Permissions - com.test2.TC_Perm1.@[THE_USER].access * * - com.test2.TC_Perm1.@[THE_USER].access * read - Credentials - m99990@@[THE_USER].TC_Perm1.test2.com - -as testid@aaf.att.com -# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role -as testid@aaf.att.com -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.37.NEG Already UnGranted Perm -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role - -# TC_Perm1.26.40.POS Reset roles attached to permision with setTo -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** -Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] - -# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles -as m99990@@[THE_USER].TC_Perm1.test2.com -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.43.NEG Non-owner of permission cannot delete -perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.45.POS Owner of permission can reset roles -as testid@aaf.att.com -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200 ** -Set Permission's Roles to [] - -as XX@NS -# TC_Perm1.26.97.POS List the Namespaces -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test2.TC_Perm1.@[THE_USER] - Administrators - XX@NS - m99990@@[THE_USER].TC_Perm1.test2.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test2.TC_Perm1.@[THE_USER].admin - com.test2.TC_Perm1.@[THE_USER].owner - com.test2.TC_Perm1.@[THE_USER].r.C - Permissions - com.test2.TC_Perm1.@[THE_USER].access * * - com.test2.TC_Perm1.@[THE_USER].access * read - Credentials - m99990@@[THE_USER].TC_Perm1.test2.com - -as testid@aaf.att.com -# TC_Perm1.26.98.POS Cleanup -role delete com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.B -** Expect 200 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.C -** Expect 200 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -Deleted Role - -as XX@NS -role delete com.test2.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -Deleted Role - -role delete com.test2.TC_Perm1.@[user.name].r.C -** Expect 200 ** -Deleted Role - -as testid@aaf.att.com -perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 200 ** -Deleted Permission - -perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 200 ** -Deleted Permission - -perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200 ** -Deleted Permission - -force ns delete com.test.TC_Perm1.@[user.name]_2 -** Expect 200 ** -Deleted Namespace - -as XX@NS -set force true -set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com -** Expect 200 ** -Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com] - -ns delete com.test2.TC_Perm1.@[user.name] -** Expect 200 ** -Deleted Namespace - -# TC_Perm1.26.99.POS List the Now Empty Namespaces -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Perm1.27.1.POS Create Permission -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm1.27.2.POS Create Role -role create com.test.TC_Perm1.@[user.name].r.A -** Expect 201 ** -Created Role - -# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force -perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown -** Expect 404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist - -# TC_Perm1.27.11.POS Role is created with force -force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown -** Expect 201 ** -Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown] -Created Permission -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown] - -# TC_Perm1.27.12.NEG Perm must Exist to Grant without force -perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist - -# TC_Perm1.27.13.POS Perm is created with force -force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] - -# TC_Perm1.27.14.POS Role and perm are created with force -force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 -** Expect 201 ** -Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] -Created Permission -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] - -# TC_Perm1.30.1.POS List Data on non-Empty NS -as testid -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.unknown - com.test.TC_Perm1.@[THE_USER].r.unknown2 - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction - -# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist -ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Perm1.30.3.POS List Data on NS with sub-roles -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction - -ns list name com.test.TC_Perm1.@[user.name].r -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER].r - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.admin - com.test.TC_Perm1.@[THE_USER].r.owner - com.test.TC_Perm1.@[THE_USER].r.unknown - com.test.TC_Perm1.@[THE_USER].r.unknown2 - Permissions - com.test.TC_Perm1.@[THE_USER].r.access * * - com.test.TC_Perm1.@[THE_USER].r.access * read - -as XX@NS -# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 200,404 ** -Deleted Permission - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction -** Expect 200,404 ** -Deleted Permission - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction -** Expect 200,404 ** -Deleted Permission - -role delete com.test.TC_Perm1.@[user.name].r.A -** Expect 200,404 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.B -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist - -role delete com.test.TC_Perm1.@[user.name].r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist - -role delete com.test.TC_Perm1.@[user.name].r.unknown -** Expect 200,404 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.unknown2 -** Expect 200,404 ** -Deleted Role - -role delete com.test2.TC_Perm1.@[user.name].r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist - -role delete com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist - -role delete com.test2.TC_Perm1.@[user.name]_2.r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist - -# TC_Perm1.99.2.POS Remove ability to create creds -user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin -** Expect 200,404 ** -Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -role delete com.test.TC_Perm1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -sleep 0 -as XX@NS -# TC_Perm1.99.98.POS Namespace Admin can delete Namespace -set force true -set force=true ns delete com.test2.TC_Perm1.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist - -as testid -force ns delete com.test.TC_Perm1.@[user.name].r -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test.TC_Perm1.@[user.name]_2 -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist - -force ns delete com.test.TC_Perm1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test2.TC_Perm1.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist - -# TC_Perm1.99.99.POS List to prove removed -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Perm1.@[user.name].r -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Perm1.@[user.name]_2 -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - |