summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite/expected/TC_User1.expected
diff options
context:
space:
mode:
Diffstat (limited to 'authz-test/TestSuite/expected/TC_User1.expected')
-rw-r--r--authz-test/TestSuite/expected/TC_User1.expected485
1 files changed, 485 insertions, 0 deletions
diff --git a/authz-test/TestSuite/expected/TC_User1.expected b/authz-test/TestSuite/expected/TC_User1.expected
new file mode 100644
index 00000000..e1d304f5
--- /dev/null
+++ b/authz-test/TestSuite/expected/TC_User1.expected
@@ -0,0 +1,485 @@
+set XX@NS <pass>
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+set m99990@@[THE_USER].TC_User1.test.com password123
+set m99995@@[THE_USER].TC_User1.test.com password123
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_User1.10.0.POS Check for Existing Data
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_User1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
+** Expect 201 **
+Created Role
+Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+as XX@NS
+# TC_User1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_User1.01.99.POS Expect Namespace to be created
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_User1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_User1.@[THE_USER].admin
+ com.test.TC_User1.@[THE_USER].cred_admin
+ com.test.TC_User1.@[THE_USER].owner
+ Permissions
+ com.test.TC_User1.@[THE_USER].access * *
+ com.test.TC_User1.@[THE_USER].access * read
+
+as testid@aaf.att.com
+# TC_User1.20.1.POS Create roles
+role create com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Role
+
+role create com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Role
+
+# TC_User1.20.2.POS Create permissions
+perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager]
+
+perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Created Permission
+Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager]
+
+# TC_User1.20.3.POS Create mechid
+user cred add m99990@@[user.name].TC_User1.test.com password123
+** Expect 201 **
+Added Credential [m99990@@[THE_USER].TC_User1.test.com]
+
+user cred add m99995@@[user.name].TC_User1.test.com password123
+** Expect 201 **
+Added Credential [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.20.10.POS Add users to roles
+user role add @[user.name] com.test.TC_User1.@[user.name].manager
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com]
+
+user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com]
+
+# TC_User1.20.20.POS Add Delegate
+as XX@NS
+# TC_User1.20.20.POS Create delegates
+force user delegate add @[user.name] @[user.name]
+** Expect 201 **
+Delegate Added
+
+# TC_User1.40.1.NEG Non-admin, user not in role should not view
+as testunused@aaf.att.com
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
+
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.40.2.NEG Non-admin, user in role should not view
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
+
+sleep 0
+# TC_User1.40.3.POS Non-admin, user in role can view himself
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testid@aaf.att.com
+# TC_User1.40.10.POS admin should view
+user list role com.test.TC_User1.@[user.name].manager
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].manager]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testunused@aaf.att.com
+# TC_User1.41.1.NEG Non-admin, user not in perm should not view
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.41.2.POS Non-admin, user in perm can view himself
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.41.3.NEG Non-admin, user in perm should not view
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+
+
+as testid@aaf.att.com
+# TC_User1.41.10.POS admin should view
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+@[THE_USER]@csp.att.com XXXX-XX-XX
+
+
+as testunused@aaf.att.com
+# TC_User1.42.1.NEG Unrelated user can't view delegates
+user list delegates user m99990@@[user.name].TC_User1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com]
+
+user list delegates delegate m99995@@[user.name].TC_User1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.42.10.POS Admin of domain NS can view
+user list delegates user @[user.name]
+** Expect 200 **
+
+List Delegates by user[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+user list delegates delegate @[user.name]
+** Expect 200 **
+
+List Delegates by delegate[@[THE_USER]@csp.att.com]
+--------------------------------------------------------------------------------
+ User Delegate Expires
+--------------------------------------------------------------------------------
+ @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
+
+as testid@aaf.att.com
+# TC_User1.43.1.POS Add another user to worker role
+user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.43.2.POS User should only see himself here
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as XX@NS
+# TC_User1.43.10.POS Grant explicit user perm to user
+perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
+** Expect 201 **
+Created Permission
+Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker]
+
+as m99990@@[THE_USER].TC_User1.test.com
+# TC_User1.43.11.POS User should see all users of test domain now
+user list role com.test.TC_User1.@[user.name].worker
+** Expect 200 **
+
+List Users for Role[com.test.TC_User1.@[THE_USER].worker]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * move
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+user list perm com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200 **
+
+List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
+--------------------------------------------------------------------------------
+User Expires
+--------------------------------------------------------------------------------
+m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
+
+
+as testid@aaf.att.com
+# TC_User1.99.0.POS Remove user roles
+user role del @[user.name] com.test.TC_User1.@[user.name].manager
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com]
+
+user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com]
+
+user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com]
+
+# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
+force perm delete com.test.TC_User1.@[user.name].supplies * move
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].supplies * stock
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].schedule worker create
+** Expect 200,404 **
+Deleted Permission
+
+force perm delete com.test.TC_User1.@[user.name].worker * annoy
+** Expect 200,404 **
+Deleted Permission
+
+force role delete com.test.TC_User1.@[user.name].manager
+** Expect 200,404 **
+Deleted Role
+
+force role delete com.test.TC_User1.@[user.name].worker
+** Expect 200,404 **
+Deleted Role
+
+# TC_User1.99.10.POS Creds and delegate
+user delegate del @[user.name]
+** Expect 200,404 **
+Delegate Deleted
+
+user cred del m99990@@[user.name].TC_User1.test.com
+** Expect 200,404 **
+Deleted Credential [m99990@@[THE_USER].TC_User1.test.com]
+
+user cred del m99995@@[user.name].TC_User1.test.com
+** Expect 200,404 **
+Deleted Credential [m99995@@[THE_USER].TC_User1.test.com]
+
+as XX@NS
+# TC_User1.99.15.POS Remove ability to create creds
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
+
+perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
+** Expect 200,404 **
+Deleted Permission
+
+as testid@aaf.att.com
+force role delete com.test.TC_User1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_User1.99.90.POS Namespace Admin can delete Namespace
+force ns delete com.test.TC_User1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_User1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_User1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+