diff options
Diffstat (limited to 'authz-test/TestSuite/expected/TC_Role1.expected')
-rw-r--r-- | authz-test/TestSuite/expected/TC_Role1.expected | 369 |
1 files changed, 0 insertions, 369 deletions
diff --git a/authz-test/TestSuite/expected/TC_Role1.expected b/authz-test/TestSuite/expected/TC_Role1.expected deleted file mode 100644 index 5cb610fb..00000000 --- a/authz-test/TestSuite/expected/TC_Role1.expected +++ /dev/null @@ -1,369 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set XX@NS <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_Role1.10.0.POS Validate NS ok -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Role1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_Role1.@[user.name].cred_admin -** Expect 201 ** -Created Role - -as XX@NS -# TC_Role1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_Role1.10.12.POS Assign user for creating creds -user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] - -# TC_Role1.20.1.POS List Data on non-Empty NS -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -# TC_Role1.20.2.POS Add Roles -role create com.test.TC_Role1.@[user.name].r.A -** Expect 201 ** -Created Role - -role create com.test.TC_Role1.@[user.name].r.B -** Expect 201 ** -Created Role - -# TC_Role1.20.3.POS List Data on non-Empty NS -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].r.B - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -# TC_Role1.20.4.NEG Don't write over Role -role create com.test.TC_Role1.@[user.name].r.A -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists - -# TC_Role1.20.5.NEG Don't allow non-user to create -as bogus -role create com.test.TC_Role1.@[user.name].r.No -** Expect 401 ** -Failed with code 401, Unauthorized - -# TC_Role1.20.6.NEG Don't allow non-user to create without Approval -as testunused@aaf.att.com -role create com.test.TC_Role1.@[user.name].r.No -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No] - -# TC_Role1.20.10.NEG Non-admins can't change description -as testunused@aaf.att.com -role describe com.test.TC_Role1.@[user.name].r.A Description A -** Expect 403 ** -Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A - -# TC_Role1.20.11.NEG Role must exist to change description -as testid@aaf.att.com -role describe com.test.TC_Role1.@[user.name].r.C Description C -** Expect 404 ** -Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist - -# TC_Role1.20.12.POS Admin can change description -role describe com.test.TC_Role1.@[user.name].r.A Description A -** Expect 200 ** -Description added to role - -# TC_Role1.30.1.POS List Data on non-Empty NS -as testid@aaf.att.com -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].r.B - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -# TC_Role1.30.2.POS Create Sub-ns when Roles that exist -ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Role1.30.3.POS List Data on NS with sub-roles -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -ns list name com.test.TC_Role1.@[user.name].r -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].r.B - com.test.TC_Role1.@[THE_USER].r.admin - com.test.TC_Role1.@[THE_USER].r.owner - Permissions - com.test.TC_Role1.@[THE_USER].r.access * * - com.test.TC_Role1.@[THE_USER].r.access * read - -# TC_Role1.40.01.POS List Data on non-Empty NS -role list role com.test.TC_Role1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r.A - -# TC_Role1.40.20.POS Create a Perm, and add to Role -perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A] - -# TC_Role1.40.25.POS List -role list role com.test.TC_Role1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT - -# TC_Role1.40.30.POS Create a Perm -perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case -** Expect 201 ** -Created Permission - -# TC_Role1.40.32.POS Separately Grant Perm -perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A -** Expect 201 ** -Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A] - -# TC_Role1.40.35.POS List -role list role com.test.TC_Role1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT - com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case - -# TC_Role1.50.1.POS Create user to attach to role -user cred add m00001@@[user.name].TC_Role1.test.com password123 -** Expect 201 ** -Added Credential [m00001@@[THE_USER].TC_Role1.test.com] - -# TC_Role1.50.2.POS Create new role -role create com.test.TC_Role1.@[user.name].r.C -** Expect 201 ** -Created Role - -# TC_Role1.50.3.POS Attach user to role -user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C -** Expect 201 ** -Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com] - -# TC_Role1.50.4.POS Create permission and attach to role -perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C] - -# TC_Role1.50.20.NEG Delete role with permission and user attached should fail -role delete com.test.TC_Role1.@[user.name].r.C -** Expect 424 ** -Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users. - -# TC_Role1.50.21.POS Force delete role should work -set force true -set force=true role delete com.test.TC_Role1.@[user.name].r.C -** Expect 200 ** -Deleted Role - -# TC_Role1.50.30.POS List Data on non-Empty NS -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - com.test.TC_Role1.@[THE_USER].p.C myInstance myAction - com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT - com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case - Credentials - m00001@@[THE_USER].TC_Role1.test.com - -# Need to let DB catch up on deletes -sleep 0 -as testid@aaf.att.com -# TC_Role1.99.05.POS Remove Permissions from "40_reports" -set force true -set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT -** Expect 200,404 ** -Deleted Permission - -set force true -set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case -** Expect 200,404 ** -Deleted Permission - -# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles -force role delete com.test.TC_Role1.@[user.name].r.A -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Role1.@[user.name].r.B -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Role1.@[user.name].r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist - -# TC_Role1.99.15.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin -** Expect 200,404 ** -Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -role delete com.test.TC_Role1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials -perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction -** Expect 200,404 ** -Deleted Permission - -set force true -user cred del m00001@@[user.name].TC_Role1.test.com -** Expect 200,404 ** -Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com] - -# TC_Role1.99.90.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Role1.@[user.name].r -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test.TC_Role1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_Role1.99.99.POS List to prove clean Namespaces -ns list name com.test.TC_Role1.@[user.name].r -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Role1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - |