summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite/expected/TC_Role2.expected
diff options
context:
space:
mode:
Diffstat (limited to 'authz-test/TestSuite/expected/TC_Role2.expected')
-rw-r--r--authz-test/TestSuite/expected/TC_Role2.expected447
1 files changed, 447 insertions, 0 deletions
diff --git a/authz-test/TestSuite/expected/TC_Role2.expected b/authz-test/TestSuite/expected/TC_Role2.expected
new file mode 100644
index 00000000..45abf9fd
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_Role2.expected
@@ -0,0 +1,447 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_Role2.10.0.POS Print NS to prove ok
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+##############
+# Testing Model
+# We are making a Testing model based loosely on George Orwell's Animal Farm
+# In Animal Farm, Animals did all the work but didn't get any priviledges.
+# In our test, the animals can't see anything but their own role, etc
+# Dogs were supervisors, and ostensibly did something, though mostly laid around
+# In our test, they have Implicit Permissions by being Admins
+# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
+# In our test, they have Explicit Permissions to see everything they want
+##############
+as testid@aaf.att.com
+# TC_Role2.20.1.POS List Data on non-Empty NS
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].owner
+ Permissions
+ com.test.TC_Role2.@[THE_USER].access * *
+ com.test.TC_Role2.@[THE_USER].access * read
+
+# TC_Role2.20.10.POS Create Orwellian Roles
+role create com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Role
+
+role create com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Role
+
+# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
+perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals]
+
+perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
+as XX@NS
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+# TC_Role2.20.60.POS List Data on non-Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].owner
+ com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.pigs
+ Permissions
+ com.test.TC_Role2.@[THE_USER].access * *
+ com.test.TC_Role2.@[THE_USER].access * read
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+as XX@NS
+# TC_Role2.40.1.POS List Data on Role
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.40.10.POS Add testunused to animals
+as testid@aaf.att.com
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+** Expect 201 **
+Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com]
+
+# TC_Role2.40.11.POS List by Name when part of role
+as testunused@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+# TC_Role2.40.12.NEG List by Name when not part of Role
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs]
+
+# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
+as testid@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.40.50.POS Change testunused to Pigs
+as testid@aaf.att.com
+user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
+** Expect 200 **
+Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com]
+
+user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
+** Expect 201 **
+Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com]
+
+# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
+as testunused@aaf.att.com
+role list role com.test.TC_Role2.@[user.name].r.animals
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals]
+
+role list role com.test.TC_Role2.@[user.name].r.dogs
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
+
+role list role com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200 **
+
+List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.10.POS List by User when Same as Caller
+as testunused@aaf.att.com
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
+as testid@aaf.att.com
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
+as XX@NS
+role list user testunused@aaf.att.com
+** Expect 200 **
+
+List Roles for User [testunused@aaf.att.com]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
+as testunused@aaf.att.com
+role list user XX@NS
+** Expect 200 **
+
+List Roles for User [XX@NS]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+
+# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
+as testid@aaf.att.com
+role list ns com.test.TC_Role2.@[user.name]
+** Expect 200 **
+
+List Roles by NS [com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].admin
+ com.test.TC_Role2.@[THE_USER].access * *
+com.test.TC_Role2.@[THE_USER].owner
+ com.test.TC_Role2.@[THE_USER].access * read
+com.test.TC_Role2.@[THE_USER].r.animals
+ com.test.TC_Role2.@[THE_USER].r.A garbage eat
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+com.test.TC_Role2.@[THE_USER].r.pigs
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
+ com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
+
+# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
+as testunused@aaf.att.com
+role list ns com.test.TC_Role2.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]]
+
+# TC_Role2.43.10.POS List Roles when allowed to see Perm
+as testid@aaf.att.com
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_Role2.@[THE_USER].r.dogs
+ com.test.TC_Role2.@[THE_USER].r.A * *
+ com.test.TC_Role2.@[THE_USER].r.A grain *
+ com.test.TC_Role2.@[THE_USER].r.A grain eat
+
+# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
+as testunused@aaf.att.com
+role list perm com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat]
+
+role list perm com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*]
+
+role list perm com.test.TC_Role2.@[user.name].r.A * *
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*]
+
+as XX@NS
+# TC_Role2.99.1.POS Delete Roles
+force role delete com.test.TC_Role2.@[user.name].r.animals
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role2.@[user.name].r.dogs
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_Role2.@[user.name].r.pigs
+** Expect 200,404 **
+Deleted Role
+
+# TC_Role2.99.2.POS Delete Perms
+force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A grain *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_Role2.@[user.name].r.A * *
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
+** Expect 200,404 **
+Deleted Permission
+
+# TC_Role2.99.2.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_Role2.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_Role2.99.3.POS Print Namespaces
+ns list name com.test.TC_Role2.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+