diff options
Diffstat (limited to 'authz-test/TestSuite')
183 files changed, 0 insertions, 10173 deletions
diff --git a/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt b/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt deleted file mode 100644 index d7ecee45..00000000 --- a/authz-test/TestSuite/Instructions_for_MTCs/MTC_Appr_README.txt +++ /dev/null @@ -1,101 +0,0 @@ -#-------------------------------------------------------------------------------
-# ============LICENSE_START====================================================
-# * org.onap.aaf
-# * ===========================================================================
-# * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# * ===========================================================================
-# * Licensed under the Apache License, Version 2.0 (the "License");
-# * you may not use this file except in compliance with the License.
-# * You may obtain a copy of the License at
-# *
-# * http://www.apache.org/licenses/LICENSE-2.0
-# *
-# * Unless required by applicable law or agreed to in writing, software
-# * distributed under the License is distributed on an "AS IS" BASIS,
-# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# * See the License for the specific language governing permissions and
-# * limitations under the License.
-# * ============LICENSE_END====================================================
-# *
-# * ECOMP is a trademark and service mark of AT&T Intellectual Property.
-# *
-#-------------------------------------------------------------------------------
-NOTE: You may find slight differences between this readme doc and your actual output in places such as <YOUR_ATTUID>, times, or other such fields that vary for each run.
-
-Do NOT replace anything inside square brackets such as [user.name] Some commands listed here use this notation, but they are set up to work by just copying & pasting the entire command.
-
-run command: sh ./tc MTC_Appr1
-you should see: MTC_Appr1
- SUCCESS! [MTC_Appr1.2014-11-03_11-26-26]
-
-
-open a broswer and goto the gui for the machine you're on. For example, this is the home page on test machine zltv1492:
-https://zltv1492.vci.att.com:8085/gui/home
-
-click on My Approvals
-
-click the submit button at the bottom of the form with no approve or deny buttons selected
-
-you should see: No Approvals have been sent. Try again
-
-click "Try again" link
-
-you should see: The Approval Request page
-
-NOTE: a radio button is a (filled or unfilled) circle under approve or deny
-click the select all link for approve
-
-you should see: all radio buttons under approve should be selected
-
-click the select all link for deny
-
-you should see: all radio buttons under deny should be selected
-
-click the reset button at the bottom of the form
-
-you should see: NO radio buttons should be selected
-
-Try to select both approve and deny for a single entry
-
-you should: not be able to
-
-approve or deny entries as you like, then click submit
-
-after you have submitted all approvals, go back to My Approvals page
-
-you should see: No Approvals to process at this time
-
-in your command line,
-run command: aafcli ns list name com.test.appr.@[user.name].myProject
-
-NOTE: what you see here will depend on which entries you approved and denied. Included are 2 examples of what you can see:
-
-1) If you approve everything
-
-List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]
---------------------------------------------------------------------------------
-com.test.appr.<YOUR_ATTUID>.myProject
- Administrators
- <YOUR_ATTUID>@csp.att.com
- Responsible Parties
- <YOUR_ATTUID>@csp.att.com
-
-
-2) If you deny everything
-
-List Namespaces by Name[com.test.appr.<YOUR_ATTUID>.myProject]
---------------------------------------------------------------------------------
-
-
-run command: sh ./tc MTC_Appr2 dryrun
-you should see: a lot of output. It's fine if you see errors for this command.
-
-run command: aafcli ns list name com.test.appr
-you should see: List Namespaces by Name[com.test.appr]
---------------------------------------------------------------------------------
-
-
-run command: aafcli ns list name com.test.appr.@[user.name]
-you should see: List Namespaces by Name[com.test.appr.<YOUR_ATTUID>]
---------------------------------------------------------------------------------
-
diff --git a/authz-test/TestSuite/JU_Lur2_0/10_init b/authz-test/TestSuite/JU_Lur2_0/10_init deleted file mode 100644 index a38e94bf..00000000 --- a/authz-test/TestSuite/JU_Lur2_0/10_init +++ /dev/null @@ -1,34 +0,0 @@ -as testid@aaf.att.com:<pass> -# JU_Lur2_0.10.0.POS List NS to prove ok -expect 201,409 -ns create com.test.JU_Lur2_0Call @[user.name] testid@aaf.att.com - -# JU_Lur2_0.10.2.POS Create Role in Namespace -role create com.test.JU_Lur2_0Call.role - -# JU_Lur2_0.10.10.POS Create MyInstance Perms -perm create com.test.JU_Lur2_0Call.service myInstance write -perm create com.test.JU_Lur2_0Call.service myInstance read -perm create com.test.JU_Lur2_0Call.service myInstance * - -# JU_Lur2_0.10.11.POS Create kumquat Perms -perm create com.test.JU_Lur2_0Call.service kumquat write -perm create com.test.JU_Lur2_0Call.service kumquat read -perm create com.test.JU_Lur2_0Call.service kumquat * -perm create com.test.JU_Lur2_0Call.service kum.quat read - -# JU_Lur2_0.10.11.POS Create key delimited Perms -perm create com.test.JU_Lur2_0Call.service :myCluster write -perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace write -perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:myCF write -perm create com.test.JU_Lur2_0Call.service :myCluster:*:myCF write -perm create com.test.JU_Lur2_0Call.service :myCluster:myKeyspace:* write - -# JU_Lur2_0.10.20.POS Grant Some Perms to Role -perm grant com.test.JU_Lur2_0Call.service myInstance * com.test.JU_Lur2_0Call.role -perm grant com.test.JU_Lur2_0Call.service kumquat read com.test.JU_Lur2_0Call.role -perm grant com.test.JU_Lur2_0Call.service kum.quat read com.test.JU_Lur2_0Call.role -perm grant com.test.JU_Lur2_0Call.service :myCluster:*:myCF write com.test.JU_Lur2_0Call.role - -# JU_Lur2_0.30.1.POS Add User to ROle -user role add testid@aaf.att.com com.test.JU_Lur2_0Call.role diff --git a/authz-test/TestSuite/JU_Lur2_0/Description b/authz-test/TestSuite/JU_Lur2_0/Description deleted file mode 100644 index 748dc675..00000000 --- a/authz-test/TestSuite/JU_Lur2_0/Description +++ /dev/null @@ -1,2 +0,0 @@ -Load Data for CADI Test: JU_Lur2_0Call.java - diff --git a/authz-test/TestSuite/MTC_Appr1/00_ids b/authz-test/TestSuite/MTC_Appr1/00_ids deleted file mode 100644 index e5c040ea..00000000 --- a/authz-test/TestSuite/MTC_Appr1/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set XX@NS=<pass> -set testunused@aaf.att.com=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/MTC_Appr1/10_init b/authz-test/TestSuite/MTC_Appr1/10_init deleted file mode 100644 index f1c61cec..00000000 --- a/authz-test/TestSuite/MTC_Appr1/10_init +++ /dev/null @@ -1,29 +0,0 @@ - -as testid@aaf.att.com - -# TC_Appr1.10.0.POS List NS to prove ok -expect 200 -ns list name com.test.appr -ns list name com.test.appr.@[user.name] - -# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals -expect 201 -ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com - -# TC_Appr1.10.2.POS Create General Namespace to add Approvals -ns create com.test.appr @[user.name] testid@aaf.att.com - -# TC_Appr1.10.10.POS Create Roles in Namespace -role create com.test.appr.@[user.name].addToUserRole -role create com.test.appr.@[user.name].grantToPerm -role create com.test.appr.@[user.name].ungrantFromPerm -role create com.test.appr.@[user.name].grantFirstPerm -role create com.test.appr.@[user.name].grantSecondPerm - -# TC_Appr1.10.12.POS Create Permissions in Namespace -perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm -perm create com.test.appr.@[user.name].grantToRole myInstance myAction -force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole -perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction -perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm - diff --git a/authz-test/TestSuite/MTC_Appr1/15_create b/authz-test/TestSuite/MTC_Appr1/15_create deleted file mode 100644 index 8791a3b5..00000000 --- a/authz-test/TestSuite/MTC_Appr1/15_create +++ /dev/null @@ -1,40 +0,0 @@ -expect 403 -as testunused@aaf.att.com - -# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request -user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole - -# TC_Appr1.15.02.NEG Create Approval for NS create -ns create com.test.appr.@[user.name].myProject @[user.name] - -# TC_Appr1.15.03.NEG Generate Approval for granting permission to role -perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm - -# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role -perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm - -# TC_Appr1.15.05.NEG Generate Approval for granting permission to role -perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm - -# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role -perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm - -expect 202 -# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request -set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole - -# TC_Appr1.15.52.POS Create Approval for NS create -set request=true ns create com.test.appr.@[user.name].myProject @[user.name] - -# TC_Appr1.15.53.POS Generate Approval for granting permission to role -set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm - -# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role -request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm - -# TC_Appr1.15.55.POS Generate Approval for granting permission to role -request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm - -# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role -request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm - diff --git a/authz-test/TestSuite/MTC_Appr1/Description b/authz-test/TestSuite/MTC_Appr1/Description deleted file mode 100644 index 59af5e1d..00000000 --- a/authz-test/TestSuite/MTC_Appr1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of User Credentials - -APIs: - POST /auth/cred - PUT /auth/cred - DELETE /auth/cred - - -CLI: - Target - user addCred :user :password - user delCred :user - Ancillary - ns create - ns delete - diff --git a/authz-test/TestSuite/MTC_Appr2/00_ids b/authz-test/TestSuite/MTC_Appr2/00_ids deleted file mode 100644 index e5c040ea..00000000 --- a/authz-test/TestSuite/MTC_Appr2/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set XX@NS=<pass> -set testunused@aaf.att.com=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/MTC_Appr2/99_cleanup b/authz-test/TestSuite/MTC_Appr2/99_cleanup deleted file mode 100644 index 4d6fa758..00000000 --- a/authz-test/TestSuite/MTC_Appr2/99_cleanup +++ /dev/null @@ -1,35 +0,0 @@ - -as testid@aaf.att.com - -expect 200,404 - -# TC_Appr2.99.10.POS Delete UserRoles if exists -user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].deleteThisRole -user role del @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole - -# TC_Appr2.10.11.POS Delete Roles if exists -set force=true role delete com.test.appr.@[user.name].addToUserRole -set force=true role delete com.test.appr.@[user.name].grantToPerm -set force=true role delete com.test.appr.@[user.name].ungrantFromPerm -role delete com.test.appr.@[user.name].grantedRole -role delete com.test.appr.@[user.name].approvedRole -role delete com.test.appr.@[user.name].approvedRole2 -role delete com.test.appr.@[user.name].grantFirstPerm -role delete com.test.appr.@[user.name].grantSecondPerm - -# TC_Appr2.10.12.POS Delete Permissions if exists -perm delete com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].grantedRole -perm delete com.test.appr.@[user.name].grantToRole myInstance myAction -perm delete com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole -perm delete com.test.appr.@[user.name].approvedPerm myInstance myAction -perm delete com.test.appr.@[user.name].approvedPerm * * -perm delete com.test.appr.@[user.name].approvedPerm2 myInstance myAction -perm delete com.test.appr.@[user.name].grantTwoRoles myInstance myAction -perm delete com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction - - -# TC_Appr2.99.80.POS Delete Namespaces for TestSuite if exists -ns delete com.test.appr.@[user.name].myProject -set force=true ns delete com.test.appr.@[user.name] -set force=true ns delete com.test.appr - diff --git a/authz-test/TestSuite/MTC_Appr2/Description b/authz-test/TestSuite/MTC_Appr2/Description deleted file mode 100644 index 59af5e1d..00000000 --- a/authz-test/TestSuite/MTC_Appr2/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of User Credentials - -APIs: - POST /auth/cred - PUT /auth/cred - DELETE /auth/cred - - -CLI: - Target - user addCred :user :password - user delCred :user - Ancillary - ns create - ns delete - diff --git a/authz-test/TestSuite/TC_Cred1/00_ids b/authz-test/TestSuite/TC_Cred1/00_ids deleted file mode 100644 index 9f6ad902..00000000 --- a/authz-test/TestSuite/TC_Cred1/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set bogus=boguspass -set XX@NS=<pass> - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Cred1/10_init b/authz-test/TestSuite/TC_Cred1/10_init deleted file mode 100644 index 18231c0d..00000000 --- a/authz-test/TestSuite/TC_Cred1/10_init +++ /dev/null @@ -1,36 +0,0 @@ -as testid@aaf.att.com -# TC_Cred1.10.0.POS List NS to prove ok -expect 200 -ns list name com.test.TC_Cred1.@[user.name] - -# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials -expect 201 -ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_Cred1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com -role create com.test.TC_Cred1.@[user.name].pw_reset - -# TC_Cred1.10.11.POS Assign roles to perms -as XX@NS -expect 201 -perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset -perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin -perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_Cred1.10.30.POS Assign user for creating creds -expect 201 -user cred add m99999@@[user.name].TC_Cred1.test.com password123 -set m99999@@[user.name].TC_Cred1.test.com=password123 - - -# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions -expect 201 -user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin - -# TC_Cred1.10.32.POS Remove create rights for testing -expect 200 -user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin - diff --git a/authz-test/TestSuite/TC_Cred1/15_create b/authz-test/TestSuite/TC_Cred1/15_create deleted file mode 100644 index c862d980..00000000 --- a/authz-test/TestSuite/TC_Cred1/15_create +++ /dev/null @@ -1,33 +0,0 @@ -# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID -as testunused@aaf.att.com -expect 403 -user cred add m99990@@[user.name].TC_Cred1.test.com password123 - -# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID -as m99999@@[user.name].TC_Cred1.test.com -expect 201 -user cred add m99990@@[user.name].TC_Cred1.test.com password123 - -# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID -as testunused@aaf.att.com -expect 403 -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 - -# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID -as m99999@@[user.name].TC_Cred1.test.com:password123 -expect 200 -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 - -# TC_Cred1.15.12.POS Admin, without reset permission can reset Password -as testid@aaf.att.com -expect 200 -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 - -# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID -expect 200 -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 - -# TC_Cred1.15.20.POS Admin, delete -expect 200 -user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 - diff --git a/authz-test/TestSuite/TC_Cred1/30_multiple_creds b/authz-test/TestSuite/TC_Cred1/30_multiple_creds deleted file mode 100644 index 689225e2..00000000 --- a/authz-test/TestSuite/TC_Cred1/30_multiple_creds +++ /dev/null @@ -1,69 +0,0 @@ -# TC_Cred1.30.1.NEG Multiple options available to delete -as XX@NS -expect 201 -user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word - -as testid@aaf.att.com -expect 201 -user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD - -# TC_Cred1.30.2.POS Succeeds when we choose last option -expect 200 -user cred del m99990@@[user.name].TC_Cred1.test.com 2 - -# TC_Cred1.30.10.POS Add another credential -expect 201 -user cred add m99990@@[user.name].TC_Cred1.test.com password123 - -# TC_Cred1.30.11.NEG Multiple options available to reset -expect 300 -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 - -# TC_Cred1.30.12.NEG Fails when we choose a bad option -expect 406 -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 - -# TC_Cred1.30.13.POS Succeeds when we choose last option -expect 200 -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 - -#TC_Cred1.30.30.NEG Fails when we don't have specific property -expect 403 -user cred extend m99990@@[user.name].TC_Cred1.test.com - -#### EXTENDS behavior #### -#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission -expect 201 -as XX@NS -role create com.test.TC_Cred1.@[user.name].extendTemp - -#TC_Cred1.30.33.POS Grant Extends Permission to Role -expect 201 -perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp - -#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission -expect 201 -role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS - -#TC_Cred1.30.36.POS Extend Password, expecting Single Response -expect 200 -user cred extend m99990@@[user.name].TC_Cred1.test.com 1 - -#TC_Cred1.30.39.POS Remove Role -expect 200 -set force=true -role delete com.test.TC_Cred1.@[user.name].extendTemp - -#### MULTI CLEANUP ##### -expect 200 -role list user m99990@@[user.name].TC_Cred1.test.com - -# TC_Cred1.30.80.POS Delete all entries for this cred -expect 200 -set force=true -user cred del m99990@@[user.name].TC_Cred1.test.com - -# TC_Cred1.30.99.POS List ns shows no creds attached -expect 200 -ns list name com.test.TC_Cred1.@[user.name] - diff --git a/authz-test/TestSuite/TC_Cred1/99_cleanup b/authz-test/TestSuite/TC_Cred1/99_cleanup deleted file mode 100644 index 3af41749..00000000 --- a/authz-test/TestSuite/TC_Cred1/99_cleanup +++ /dev/null @@ -1,29 +0,0 @@ -as testid@aaf.att.com -# TC_Cred1.99.1.POS Delete credentials -expect 200,404 -force user cred del m99990@@[user.name].TC_Cred1.test.com - -#TC_Cred1.99.2.POS Ensure Remove Role -expect 200,404 -set force=true -role delete com.test.TC_Cred1.@[user.name].extendTemp - -# TC_Cred1.99.10.POS Remove ability to create creds -force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin -force perm delete com.att.aaf.password com.test reset -force perm delete com.att.aaf.mechid com.test create - -as testid@aaf.att.com -force role delete com.test.TC_Cred1.@[user.name].cred_admin -force role delete com.test.TC_Cred1.@[user.name].pw_reset - -# TC_Cred1.99.99.POS Delete Namespace for TestSuite -set force=true ns delete com.test.TC_Cred1.@[user.name] - -as XX@NS -force ns delete com.test.TC_Cred1.@[user.name] -force ns delete com.test.TC_Cred1 - diff --git a/authz-test/TestSuite/TC_Cred1/Description b/authz-test/TestSuite/TC_Cred1/Description deleted file mode 100644 index 59af5e1d..00000000 --- a/authz-test/TestSuite/TC_Cred1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of User Credentials - -APIs: - POST /auth/cred - PUT /auth/cred - DELETE /auth/cred - - -CLI: - Target - user addCred :user :password - user delCred :user - Ancillary - ns create - ns delete - diff --git a/authz-test/TestSuite/TC_DELG1/00_ids b/authz-test/TestSuite/TC_DELG1/00_ids deleted file mode 100644 index 0f77e593..00000000 --- a/authz-test/TestSuite/TC_DELG1/00_ids +++ /dev/null @@ -1,10 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set XX@NS=<pass> -set m99999@@[user.name].delg.test.com=password123 -set bogus@aaf.att.com=boguspass - -#delay 10 -set NFR=0 - diff --git a/authz-test/TestSuite/TC_DELG1/10_init b/authz-test/TestSuite/TC_DELG1/10_init deleted file mode 100644 index 558effe0..00000000 --- a/authz-test/TestSuite/TC_DELG1/10_init +++ /dev/null @@ -1,55 +0,0 @@ -# TC_DELG1.10.1.POS Check For Existing Data -as testid@aaf.att.com -expect 200 -ns list name com.test.delg.@[user.name] - -as XX@NS -expect 201,409 -perm create com.att.aaf.delg com.att * com.att.admin - -expect 404 -user list delegates delegate @[user.name]@csp.att.com - -as testid@aaf.att.com -# TC_DELG1.10.2.POS Create Namespace to add IDs -expect 201 -ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com - -as XX@NS -# TC_DELG1.10.10.POS Grant ability to change delegates -expect 404 -force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg - -# TC_DELG1.10.11.POS Grant ability to change delegates -expect 201 -role create com.test.delg.@[user.name].change_delg - -# TC_DELG1.10.12.POS Grant ability to change delegates -expect 201 -force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg - -# TC_DELG1.10.14.POS Create user role to change delegates -expect 201 -user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg - -# TC_DELG1.10.15.POS Grant ability to create cred -expect 201 -perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg - -as testid@aaf.att.com -# TC_DELG1.10.30.POS Create cred that will change his own delg -expect 201 -user cred add m99999@@[user.name].delg.test.com password123 - -as XX@NS - TC_DELG1.10.31.POS ungrant ability to create cred -expect 200 -perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg - -as testid@aaf.att.com -# TC_DELG1.10.99.POS Check for Data as Correct -expect 200 -ns list name com.test.delg.@[user.name] - - - diff --git a/authz-test/TestSuite/TC_DELG1/20_create b/authz-test/TestSuite/TC_DELG1/20_create deleted file mode 100644 index 2dec8bf3..00000000 --- a/authz-test/TestSuite/TC_DELG1/20_create +++ /dev/null @@ -1,55 +0,0 @@ -# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID -expect 404 -user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' - -# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate -expect 404 -user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00' - -# TC_DELG1.20.20.NEG May not change user, no delegate permission -as m99999@@[user.name].delg.test.com -expect 403 -force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' - -as testid@aaf.att.com -# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist -expect 404 -user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' - -# TC_DELG1.20.22.NEG May not create delegate for self. -expect 406 -user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' - -# TC_DELG1.20.23.POS May create delegate for self for tests by forcing. -expect 201 -force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' - -as XX@NS -# TC_DELG1.20.30.POS Expect Delegates for User -expect 200 -user list delegates user @[user.name]@csp.att.com - -as testid@aaf.att.com -# TC_DELG1.20.35.NEG Fail Create when exists -expect 409 -user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' - -as XX@NS -# TC_DELG1.20.40.POS Expect Delegates for User -expect 200 -user list delegates user @[user.name]@csp.att.com - -as testid@aaf.att.com -# TC_DELG1.20.46.POS Update Delegate with new Date -expect 200 -user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00' - -as XX@NS -# TC_DELG1.20.82.POS Expect Delegates for User -expect 200 -user list delegates user @[user.name]@csp.att.com - -# TC_DELG1.20.83.POS Expect Delegate to show up in list -expect 200 -user list delegates delegate @[user.name]@csp.att.com - diff --git a/authz-test/TestSuite/TC_DELG1/99_cleanup b/authz-test/TestSuite/TC_DELG1/99_cleanup deleted file mode 100644 index 81dfd74e..00000000 --- a/authz-test/TestSuite/TC_DELG1/99_cleanup +++ /dev/null @@ -1,17 +0,0 @@ -expect 200,404 -as XX@NS -# TC_DELG1.99.0.POS Check for Data as Correct -ns list name com.test.delg.@[user.name] - -# TC_DELG1.99.10.POS Delete Delegates -user delegate del @[user.name]@csp.att.com - -# TC_DELG1.99.30.POS Delete Namespace com.att.test.id -force ns delete com.test.delg.@[user.name] - -# TC_DELG1.99.98.POS Check for Delegate Data as Correct -user list delegates user @[user.name]@csp.att.com - -# TC_DELG1.99.99.POS Check for NS Data as Correct -ns list name com.test.delg.@[user.name] - diff --git a/authz-test/TestSuite/TC_DELG1/Description b/authz-test/TestSuite/TC_DELG1/Description deleted file mode 100644 index 59af5e1d..00000000 --- a/authz-test/TestSuite/TC_DELG1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of User Credentials - -APIs: - POST /auth/cred - PUT /auth/cred - DELETE /auth/cred - - -CLI: - Target - user addCred :user :password - user delCred :user - Ancillary - ns create - ns delete - diff --git a/authz-test/TestSuite/TC_Link/00_ids b/authz-test/TestSuite/TC_Link/00_ids deleted file mode 100644 index 0e7a40aa..00000000 --- a/authz-test/TestSuite/TC_Link/00_ids +++ /dev/null @@ -1,9 +0,0 @@ -expect 0 -set testid=<pass> -set testid@aaf.att.com=<pass> -set XX@NS=<pass> -set testunused=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Link/05_print b/authz-test/TestSuite/TC_Link/05_print deleted file mode 100644 index 62d8e256..00000000 --- a/authz-test/TestSuite/TC_Link/05_print +++ /dev/null @@ -1,6 +0,0 @@ -expect 200,404 -# TC_05 -ns list name com.test.TC_Link_1.@[user.name] -ns list name com.test.TC_Link_2.@[user.name] -perm list role com.test.TC_Link_1.@[user.name].myRole -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/10_init b/authz-test/TestSuite/TC_Link/10_init deleted file mode 100644 index 0f8a4431..00000000 --- a/authz-test/TestSuite/TC_Link/10_init +++ /dev/null @@ -1,13 +0,0 @@ -expect 201 -# TC_10 -as XX@NS -ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS -ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS - -role create com.test.TC_Link_1.@[user.name].myRole - -perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction - -perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole - - diff --git a/authz-test/TestSuite/TC_Link/15_print b/authz-test/TestSuite/TC_Link/15_print deleted file mode 100644 index ac60ddcc..00000000 --- a/authz-test/TestSuite/TC_Link/15_print +++ /dev/null @@ -1,6 +0,0 @@ -# 15_print -expect 200 -ns list name com.test.TC_Link_1.@[user.name] -ns list name com.test.TC_Link_2.@[user.name] -perm list role com.test.TC_Link_1.@[user.name].myRole -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/20_del b/authz-test/TestSuite/TC_Link/20_del deleted file mode 100644 index 35a01d39..00000000 --- a/authz-test/TestSuite/TC_Link/20_del +++ /dev/null @@ -1,3 +0,0 @@ -expect 200 -role delete com.test.TC_Link_1.@[user.name].myRole - diff --git a/authz-test/TestSuite/TC_Link/25_print b/authz-test/TestSuite/TC_Link/25_print deleted file mode 100644 index ac60ddcc..00000000 --- a/authz-test/TestSuite/TC_Link/25_print +++ /dev/null @@ -1,6 +0,0 @@ -# 15_print -expect 200 -ns list name com.test.TC_Link_1.@[user.name] -ns list name com.test.TC_Link_2.@[user.name] -perm list role com.test.TC_Link_1.@[user.name].myRole -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/30_readd b/authz-test/TestSuite/TC_Link/30_readd deleted file mode 100644 index 69bfb22a..00000000 --- a/authz-test/TestSuite/TC_Link/30_readd +++ /dev/null @@ -1,5 +0,0 @@ -expect 201 -role create com.test.TC_Link_1.@[user.name].myRole - -perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole - diff --git a/authz-test/TestSuite/TC_Link/35_print b/authz-test/TestSuite/TC_Link/35_print deleted file mode 100644 index ac60ddcc..00000000 --- a/authz-test/TestSuite/TC_Link/35_print +++ /dev/null @@ -1,6 +0,0 @@ -# 15_print -expect 200 -ns list name com.test.TC_Link_1.@[user.name] -ns list name com.test.TC_Link_2.@[user.name] -perm list role com.test.TC_Link_1.@[user.name].myRole -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction diff --git a/authz-test/TestSuite/TC_Link/99_delete b/authz-test/TestSuite/TC_Link/99_delete deleted file mode 100644 index 8dfcd17b..00000000 --- a/authz-test/TestSuite/TC_Link/99_delete +++ /dev/null @@ -1,5 +0,0 @@ -as XX@NS:<pass> - -expect 200,404 -force ns delete com.test.TC_Link_2.@[user.name] -force ns delete com.test.TC_Link_1.@[user.name] diff --git a/authz-test/TestSuite/TC_Link/Description b/authz-test/TestSuite/TC_Link/Description deleted file mode 100644 index 3abdcad3..00000000 --- a/authz-test/TestSuite/TC_Link/Description +++ /dev/null @@ -1,9 +0,0 @@ -This Testcase Tests the essentials of Grants - -APIs: - - -CLI: - Target - Ancillary - diff --git a/authz-test/TestSuite/TC_NS1/00_ids b/authz-test/TestSuite/TC_NS1/00_ids deleted file mode 100644 index 26c5db24..00000000 --- a/authz-test/TestSuite/TC_NS1/00_ids +++ /dev/null @@ -1,9 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set bogus@aaf.att.com=boguspass - -#delay 10 -set NFR=0 - - diff --git a/authz-test/TestSuite/TC_NS1/01_ERR_BadData b/authz-test/TestSuite/TC_NS1/01_ERR_BadData deleted file mode 100644 index 09b3b949..00000000 --- a/authz-test/TestSuite/TC_NS1/01_ERR_BadData +++ /dev/null @@ -1,14 +0,0 @@ - -as testid@aaf.att.com -# TC_NS1.01.0.POS Expect Clean Namespace to start -expect 200 -ns list name com.test.TC_NS1.@[user.name] - -# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party -expect 403 -ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS - -# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin -expect 403 -ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS - diff --git a/authz-test/TestSuite/TC_NS1/10_init b/authz-test/TestSuite/TC_NS1/10_init deleted file mode 100644 index b05be769..00000000 --- a/authz-test/TestSuite/TC_NS1/10_init +++ /dev/null @@ -1,30 +0,0 @@ - -as testid@aaf.att.com -# TC_NS1.10.0.POS Check for Existing Data -expect 200 -ns list name com.test.TC_NS1.@[user.name] - -# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_NS1.10.40.POS Expect Namespace to be created -expect 200 -ns list name com.test.TC_NS1.@[user.name] - -# TC_NS1.10.41.POS Expect Namespace to be created -expect 200 -perm list role com.test.TC_NS1.@[user.name].admin - -# TC_NS1.10.42.POS Expect Namespace to be created -expect 200 -perm list role com.test.TC_NS1.@[user.name].owner - -# TC_NS1.10.43.POS Expect Namespace to be created -expect 200 -role list perm com.test.TC_NS1.@[user.name].access * * - -# TC_NS1.10.44.POS Expect Namespace to be created -expect 200 -role list perm com.test.TC_NS1.@[user.name].access * read - diff --git a/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists b/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists deleted file mode 100644 index b6aa5080..00000000 --- a/authz-test/TestSuite/TC_NS1/11_ERR_Namespace_Exists +++ /dev/null @@ -1,4 +0,0 @@ -# TC_NS1.11.1.NEG Create Namespace when exists -expect 409 -ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com - diff --git a/authz-test/TestSuite/TC_NS1/20_Commands b/authz-test/TestSuite/TC_NS1/20_Commands deleted file mode 100644 index b53750a1..00000000 --- a/authz-test/TestSuite/TC_NS1/20_Commands +++ /dev/null @@ -1,7 +0,0 @@ -# TC_NS1.20.1.NEG Too Few Args for Create 1 -expect Exception -ns create - -# TC_NS1.20.2.NEG Too Few Args for Create 2 -expect Exception -ns create bogus diff --git a/authz-test/TestSuite/TC_NS1/30_add_data b/authz-test/TestSuite/TC_NS1/30_add_data deleted file mode 100644 index 830b9658..00000000 --- a/authz-test/TestSuite/TC_NS1/30_add_data +++ /dev/null @@ -1,14 +0,0 @@ -# TC_NS1.30.10.NEG Non-admins can't change description -expect 403 -as testunused@aaf.att.com -ns describe com.test.TC_NS1.@[user.name] Description for my Namespace - -# TC_NS1.30.11.NEG Namespace must exist to change description -expect 404 -as testid@aaf.att.com -ns describe com.test.TC_NS1.@[user.name].project1 Description for my project - -# TC_NS1.30.12.POS Admin can change description -expect 200 -ns describe com.test.TC_NS1.@[user.name] Description for my Namespace - diff --git a/authz-test/TestSuite/TC_NS1/50_Admin b/authz-test/TestSuite/TC_NS1/50_Admin deleted file mode 100644 index 78df9cc8..00000000 --- a/authz-test/TestSuite/TC_NS1/50_Admin +++ /dev/null @@ -1,49 +0,0 @@ -# TC_NS1.50.1.NEG Adding a Bogus ID -expect 403 -ns admin add com.test.TC_NS1.@[user.name] bogus - -# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain -expect 403 -ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com - -# TC_NS1.50.3.NEG Adding an OK ID, bad domain -expect 403 -ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com - -# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin -expect 404 -ns admin del com.test.TC_NS1.@[user.name] XX@NS - -sleep @[NFR] -# TC_NS1.50.10.POS Adding an OK ID -expect 201 -ns admin add com.test.TC_NS1.@[user.name] XX@NS - -# TC_NS1.50.11.POS Deleting One of Two -expect 200 -ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com - -# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin -expect 404 -ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com - -# TC_NS1.50.13.POS Add ID back in -expect 201 -ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com - -# TC_NS1.50.14.POS Deleting original -expect 200 -ns admin del com.test.TC_NS1.@[user.name] XX@NS - -# TC_NS1.50.15.NEG Can't remove twice -expect 404 -ns admin del com.test.TC_NS1.@[user.name] XX@NS - -# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions -expect 403 -role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain - -# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions -expect 403 -user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin - diff --git a/authz-test/TestSuite/TC_NS1/60_Responsible b/authz-test/TestSuite/TC_NS1/60_Responsible deleted file mode 100644 index c6fc0261..00000000 --- a/authz-test/TestSuite/TC_NS1/60_Responsible +++ /dev/null @@ -1,43 +0,0 @@ -# TC_NS1.60.1.NEG Adding a Bogus ID -expect 403 -ns responsible add com.test.TC_NS1.@[user.name] bogus - -# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain -expect 403 -ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com - -# TC_NS1.60.3.NEG Adding an OK ID, bad domain -expect 403 -ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com - -# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent -expect 404 -ns responsible del com.test.TC_NS1.@[user.name] testid - -# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent -expect 404 -ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com - -sleep @[NFR] -# TC_NS1.60.10.POS Adding an OK ID -# Note: mw9749 used because we must have employee as responsible -expect 201 -ns responsible add com.test.TC_NS1.@[user.name] mw9749 - -# TC_NS1.60.11.POS Deleting One of Two -expect 200 -ns responsible del com.test.TC_NS1.@[user.name] mw9749 - -# TC_NS1.60.12.NEG mw9749 no longer Admin -expect 404 -ns responsible del com.test.TC_NS1.@[user.name] mw9749 - -# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions -expect 403 -role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain - -# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions -expect 403 -user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner - - diff --git a/authz-test/TestSuite/TC_NS1/80_CheckData b/authz-test/TestSuite/TC_NS1/80_CheckData deleted file mode 100644 index 207c75f0..00000000 --- a/authz-test/TestSuite/TC_NS1/80_CheckData +++ /dev/null @@ -1,15 +0,0 @@ -sleep @[NFR] -# TC_NS1.80.1.POS List Data on Empty NS -as testid@aaf.att.com - -expect 200 -ns list name com.test.TC_NS1.@[user.name] - -# TC_NS1.80.2.POS Add Roles to NS for Listing -expect 201 -role create com.test.TC_NS1.@[user.name].r.A -role create com.test.TC_NS1.@[user.name].r.B - -# TC_NS1.80.3.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_NS1.@[user.name] diff --git a/authz-test/TestSuite/TC_NS1/90_ERR_Delete b/authz-test/TestSuite/TC_NS1/90_ERR_Delete deleted file mode 100644 index 324e829d..00000000 --- a/authz-test/TestSuite/TC_NS1/90_ERR_Delete +++ /dev/null @@ -1,7 +0,0 @@ -# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace -expect 403 -as testunused@aaf.att.com -ns delete com.test.TC_NS1.@[user.name] - -sleep @[NFR] - diff --git a/authz-test/TestSuite/TC_NS1/99_cleanup b/authz-test/TestSuite/TC_NS1/99_cleanup deleted file mode 100644 index 36d5512d..00000000 --- a/authz-test/TestSuite/TC_NS1/99_cleanup +++ /dev/null @@ -1,15 +0,0 @@ -expect 200,404 -as testid@aaf.att.com - -# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles -role delete com.test.TC_NS1.@[user.name].r.A -role delete com.test.TC_NS1.@[user.name].r.B - -# TC_NS1.99.2.POS Namespace Admin can delete Namespace -ns delete com.test.TC_NS1.@[user.name] - -sleep @[NFR] - -# TC_NS1.99.99.POS Check Clean Namespace -ns list name com.test.TC_NS1.@[user.name] - diff --git a/authz-test/TestSuite/TC_NS1/Description b/authz-test/TestSuite/TC_NS1/Description deleted file mode 100644 index 0cde49ed..00000000 --- a/authz-test/TestSuite/TC_NS1/Description +++ /dev/null @@ -1,15 +0,0 @@ -This Testcase Tests the essentials of the Namespace, and the NS Commands - -APIs: POST /authz/ns - DELETE /authz/ns/:ns - GET /authz/roles/:role (where Role is NS + "*") - -CLI: - Target - ns create :ns :responsibleParty :admins - ns delete :ns - ns list :ns - Ancillary - role create :role - role list name :role.* - diff --git a/authz-test/TestSuite/TC_NS2/00_ids b/authz-test/TestSuite/TC_NS2/00_ids deleted file mode 100644 index 450818e0..00000000 --- a/authz-test/TestSuite/TC_NS2/00_ids +++ /dev/null @@ -1,10 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set bogus@aaf.att.com=boguspass - -#delay 10 -set NFR=0 - - diff --git a/authz-test/TestSuite/TC_NS2/10_init b/authz-test/TestSuite/TC_NS2/10_init deleted file mode 100644 index 73b2cc78..00000000 --- a/authz-test/TestSuite/TC_NS2/10_init +++ /dev/null @@ -1,71 +0,0 @@ - -as testid@aaf.att.com -# TC_NS2.10.0.POS Check for Existing Data -expect 200 -ns list name com.test.TC_NS2.@[user.name] - -# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com -ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com - -# TC_NS2.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com - -as XX@NS:<pass> -# TC_NS2.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin - - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -expect 200 -ns list name com.test.TC_NS2.@[user.name] - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -expect 200 -perm list role com.test.TC_NS2.@[user.name].admin - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -expect 200 -perm list role com.test.TC_NS2.@[user.name].owner - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -expect 200 -role list perm com.test.TC_NS2.@[user.name].access * * - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -expect 200 -role list perm com.test.TC_NS2.@[user.name].access * read - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -expect 200 -ns list name com.test.TC_NS2.@[user.name].project - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -expect 200 -perm list role com.test.TC_NS2.@[user.name].project.admin - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -expect 200 -perm list role com.test.TC_NS2.@[user.name].project.owner - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -expect 200 -role list perm com.test.TC_NS2.@[user.name].project.access * * - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -expect 200 -role list perm com.test.TC_NS2.@[user.name].project.access * read - diff --git a/authz-test/TestSuite/TC_NS2/20_add_data b/authz-test/TestSuite/TC_NS2/20_add_data deleted file mode 100644 index ef5e11ea..00000000 --- a/authz-test/TestSuite/TC_NS2/20_add_data +++ /dev/null @@ -1,18 +0,0 @@ -as testid@aaf.att.com -# TC_NS2.20.1.POS Create roles -expect 201 -role create com.test.TC_NS2.@[user.name].watcher -role create com.test.TC_NS2.@[user.name].myRole - -# TC_NS2.20.2.POS Create permissions -perm create com.test.TC_NS2.@[user.name].myType myInstance myAction -perm create com.test.TC_NS2.@[user.name].myType * * - -# TC_NS2.20.3.POS Create mechid -user cred add m99990@@[user.name].TC_NS2.test.com password123 - -as XX@NS -# TC_NS2.20.10.POS Grant view perms to watcher role -expect 201 -perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher - diff --git a/authz-test/TestSuite/TC_NS2/40_viewByName b/authz-test/TestSuite/TC_NS2/40_viewByName deleted file mode 100644 index 6539acc7..00000000 --- a/authz-test/TestSuite/TC_NS2/40_viewByName +++ /dev/null @@ -1,31 +0,0 @@ - -as testunused@aaf.att.com -# TC_NS2.40.1.NEG Non-admin, not granted user should not view -expect 403 -ns list name com.test.TC_NS2.@[user.name] - -as testid@aaf.att.com -# Tens test user granted to permission -# TC_NS2.40.10.POS Add user to watcher role -expect 201 -user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher - -as testunused@aaf.att.com -# TC_NS2.40.11.POS Non-admin, granted user should view -expect 200 -ns list name com.test.TC_NS2.@[user.name] - -as testid@aaf.att.com -# TC_NS2.40.19.POS Remove user from watcher role -expect 200 -user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher - -# Thirties test admin user -# TC_NS2.40.20.POS Admin should be able to view -expect 200 -ns list name com.test.TC_NS2.@[user.name] - -# TC_NS2.40.21.POS Admin of parent NS should be able to view -expect 200 -ns list name com.test.TC_NS2.@[user.name].project - diff --git a/authz-test/TestSuite/TC_NS2/41_viewByAdmin b/authz-test/TestSuite/TC_NS2/41_viewByAdmin deleted file mode 100644 index ad15e9d9..00000000 --- a/authz-test/TestSuite/TC_NS2/41_viewByAdmin +++ /dev/null @@ -1,20 +0,0 @@ -# TC_NS2.41.10.POS List by User when Same as Caller -as testunused@aaf.att.com -expect 200 -ns list admin testunused@aaf.att.com - -# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles -as testid@aaf.att.com -expect 200 -ns list admin testunused@aaf.att.com - -# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace -as XX@NS -expect 200 -ns list admin testunused@aaf.att.com - -# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace -as testunused@aaf.att.com -expect 200 -ns list admin XX@NS - diff --git a/authz-test/TestSuite/TC_NS2/99_cleanup b/authz-test/TestSuite/TC_NS2/99_cleanup deleted file mode 100644 index 24d16d3a..00000000 --- a/authz-test/TestSuite/TC_NS2/99_cleanup +++ /dev/null @@ -1,27 +0,0 @@ -expect 200,404 -as testid@aaf.att.com - -# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms -role delete com.test.TC_NS2.@[user.name].myRole -role delete com.test.TC_NS2.@[user.name].watcher -perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction -perm delete com.test.TC_NS2.@[user.name].myType * * -user cred del m99990@@[user.name].TC_NS2.test.com - -as XX@NS -force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read - -# TC_NS2.99.15.POS Remove ability to create creds -perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin - -as testid@aaf.att.com:<pass> -force role delete com.test.TC_NS2.@[user.name].cred_admin - -# TC_NS2.99.90.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_NS2.@[user.name].project -force ns delete com.test.TC_NS2.@[user.name] -sleep @[NFR] - -# TC_NS2.99.99.POS Check Clean Namespace -ns list name com.test.TC_NS2.@[user.name] - diff --git a/authz-test/TestSuite/TC_NS2/Description b/authz-test/TestSuite/TC_NS2/Description deleted file mode 100644 index 40f2b6c4..00000000 --- a/authz-test/TestSuite/TC_NS2/Description +++ /dev/null @@ -1,7 +0,0 @@ -This Testcase Tests the viewability of different ns commands - -APIs: - -CLI: - - diff --git a/authz-test/TestSuite/TC_NS3/00_ids b/authz-test/TestSuite/TC_NS3/00_ids deleted file mode 100644 index ad09d774..00000000 --- a/authz-test/TestSuite/TC_NS3/00_ids +++ /dev/null @@ -1,10 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set testid_1@test.com=<pass> -set testid_2@test.com=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_NS3/10_init b/authz-test/TestSuite/TC_NS3/10_init deleted file mode 100644 index b13dcefa..00000000 --- a/authz-test/TestSuite/TC_NS3/10_init +++ /dev/null @@ -1,8 +0,0 @@ -as XX@NS -expect 200 -ns list name com.test.TC_NS3.@[user.name] - -# TC_NS3.10.1.POS Create Namespace with User ID -expect 201 -ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com - diff --git a/authz-test/TestSuite/TC_NS3/20_add b/authz-test/TestSuite/TC_NS3/20_add deleted file mode 100644 index 46ca091e..00000000 --- a/authz-test/TestSuite/TC_NS3/20_add +++ /dev/null @@ -1,56 +0,0 @@ -as testid_1@test.com -expect Exception -# TC_NS3.20.0.NEG Too short -ns attrib - -# TC_NS3.20.1.NEG Wrong command -ns attrib xyz - -# TC_NS3.20.2.NEG Too Short after Command -ns attrib add - -# TC_NS3.20.3.NEG Too Short after Namespace -ns attrib add com.test.TC_NS3.@[user.name] - -# TC_NS3.20.4.NEG Too Short after Key -ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm - -# TC_NS3.20.5.NEG No Permission -expect 403 -ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 - -# TC_NS3.20.6.POS Create Permission to write Attrib -expect 201 -as XX@NS -perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin - -# TC_NS3.20.6.POS Create Permission -expect 201 -perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin - -# TC_NS3.20.10.POS Attribute added -as testid_1@test.com -expect 201 -ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 - -# TC_NS3.20.30.POS List NS by Attrib -expect 200 -ns list keys TC_NS3_swm - -# TC_NS3.20.40.POS List NS (shows Attrib) -ns list name com.test.TC_NS3.@[user.name]_1 - -# TC_NS3.20.42.POS Change Attrib -ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1 - -# TC_NS3.20.49.POS List NS (shows new Attrib) -ns list name com.test.TC_NS3.@[user.name]_1 - -# TC_NS3.20.80.POS Remove write Permission -expect 200 -perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin - -# TC_NS3.20.83.POS Remove read Permission -expect 200 -perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin - diff --git a/authz-test/TestSuite/TC_NS3/50_delete b/authz-test/TestSuite/TC_NS3/50_delete deleted file mode 100644 index 9612a1d3..00000000 --- a/authz-test/TestSuite/TC_NS3/50_delete +++ /dev/null @@ -1,27 +0,0 @@ -as testid_1@test.com -expect Exception -# TC_NS3.50.2.NEG Too Short after Command -ns attrib del - -# TC_NS3.50.3.NEG Too Short after Namespace -ns attrib del com.test.TC_NS3.@[user.name] - -# TC_NS3.50.5.NEG No Permission -expect 403 -ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm - -# TC_NS3.50.6.POS Create Permission -as XX@NS -expect 201 -perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin - -# TC_NS3.50.7.POS Attribute added -as testid_1@test.com -expect 200 -ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm - -# TC_NS3.50.8.POS Remove Permission -as XX@NS -expect 200 -perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin - diff --git a/authz-test/TestSuite/TC_NS3/99_cleanup b/authz-test/TestSuite/TC_NS3/99_cleanup deleted file mode 100644 index 104831d7..00000000 --- a/authz-test/TestSuite/TC_NS3/99_cleanup +++ /dev/null @@ -1,14 +0,0 @@ -expect 200,404 -as testid_1@test.com -# TC_NS3.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_NS3.@[user.name]_1 - -# TC_NS3.99.3.POS Print Namespaces -ns list name com.test.TC_NS3.@[user.name]_1 - -# TC_NS3.99.10.POS Remove Special Permissions -as XX@NS -force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write - -force perm delete com.att.aaf.attrib :com.att.*:* read - diff --git a/authz-test/TestSuite/TC_NS3/Description b/authz-test/TestSuite/TC_NS3/Description deleted file mode 100644 index 2283774d..00000000 --- a/authz-test/TestSuite/TC_NS3/Description +++ /dev/null @@ -1,10 +0,0 @@ -This is a TEMPLATE testcase, to make creating new Test Cases easier. - -APIs: - - -CLI: -ns create -ns delete -as - diff --git a/authz-test/TestSuite/TC_NSdelete1/00_ids b/authz-test/TestSuite/TC_NSdelete1/00_ids deleted file mode 100644 index 450818e0..00000000 --- a/authz-test/TestSuite/TC_NSdelete1/00_ids +++ /dev/null @@ -1,10 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set bogus@aaf.att.com=boguspass - -#delay 10 -set NFR=0 - - diff --git a/authz-test/TestSuite/TC_NSdelete1/10_init b/authz-test/TestSuite/TC_NSdelete1/10_init deleted file mode 100644 index 7be6981c..00000000 --- a/authz-test/TestSuite/TC_NSdelete1/10_init +++ /dev/null @@ -1,35 +0,0 @@ -as testid@aaf.att.com -# TC_NSdelete1.10.0.POS Check for Existing Data -expect 200 -ns list name com.test.TC_NSdelete1.@[user.name].app -ns list name com.test.force.@[user.name] -ns list name com.@[user.name] - -as XX@NS -# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com -ns create com.@[user.name] @[user.name] testid@aaf.att.com -ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com -ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_NSdelete1.10.2.POS Expect Namespace to be created -expect 200 -ns list name com.test.TC_NSdelete1.@[user.name].app -ns list name com.test.TC_NSdelete1.@[user.name] -ns list name com.@[user.name] -ns list name com.test.force.@[user.name] - -# TC_NSdelete1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_NSdelete1.@[user.name].cred_admin - -# TC_NSdelete1.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_NSdelete1.10.12.POS Assign user for creating creds -expect 201 -user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin - diff --git a/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp b/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp deleted file mode 100644 index 519e135f..00000000 --- a/authz-test/TestSuite/TC_NSdelete1/20_DeleteApp +++ /dev/null @@ -1,30 +0,0 @@ -as testid@aaf.att.com -# TC_NSdelete1.20.1.POS Create valid Role in my Namespace -expect 201 -role create com.test.TC_NSdelete1.@[user.name].app.r.A - -# TC_NSdelete1.20.2.POS Create valid permission -expect 201 -perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction - -# TC_NSdelete1.20.3.POS Add credential to my namespace -expect 201 -user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123 - -# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential -expect 424 -ns delete com.test.TC_NSdelete1.@[user.name].app - -# TC_NSdelete1.20.11.POS Delete Credential -expect 200 -set force=true -user cred del m99990@app.@[user.name].TC_NSdelete1.test.com - -# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached -expect 424 -ns delete com.test.TC_NSdelete1.@[user.name].app - -# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns -expect 200 -set force=move ns list name com.test.TC_NSdelete1.@[user.name] - diff --git a/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany b/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany deleted file mode 100644 index 6c69bb20..00000000 --- a/authz-test/TestSuite/TC_NSdelete1/30_DeleteCompany +++ /dev/null @@ -1,42 +0,0 @@ -as testid@aaf.att.com -# TC_NSdelete1.30.1.POS Create valid Role in my Namespace -expect 201 -role create com.@[user.name].r.A - -# TC_NSdelete1.30.2.NEG Delete Company with role attached -expect 424 -ns delete com.@[user.name] - -# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles -expect 200 -role delete com.@[user.name].r.A - -# TC_NSdelete1.30.10.POS Create valid permission -expect 201 -perm create com.@[user.name].p.A myInstance myAction - -# TC_NSdelete1.30.11.NEG Delete Company with permission attached -expect 424 -ns delete com.@[user.name] - -# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms -expect 200 -perm delete com.@[user.name].p.A myInstance myAction - -# TC_NSdelete1.30.20.POS Create valid Credential in my namespace -expect 201 -user cred add m99990@@[user.name].com password123 - -# TC_NSdelete1.30.21.NEG Delete Company with credential attached -expect 424 -ns delete com.@[user.name] - -# TC_NSdelete1.30.22.POS Namespace admin can remove Cred -expect 200 -set force=true -user cred del m99990@@[user.name].com - -# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached -expect 200 -ns delete com.@[user.name] - diff --git a/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete b/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete deleted file mode 100644 index c4ae2bb7..00000000 --- a/authz-test/TestSuite/TC_NSdelete1/40_ForceDelete +++ /dev/null @@ -1,26 +0,0 @@ -# TC_NSdelete1.40.1.POS Create valid Role in my Namespace
-expect 201
-role create com.test.force.@[user.name].r.A
-
-# TC_NSdelete1.40.2.POS Create valid permission in my Namespace
-expect 201
-perm create com.test.force.@[user.name].p.A myInstance myAction
-
-# TC_NSdelete1.40.3.POS Add credential to my namespace
-expect 201
-user cred add m99990@@[user.name].force.test.com password123
-
-# TC_NSdelete1.40.10.POS Delete Program in my Namespace
-expect 200
-set force=true ns delete com.test.force.@[user.name]
-
-sleep @[NFR]
-# TC_NSdelete1.40.20.NEG Role and permission should not exist
-expect 200,404
-ns list name com.test.force.@[user.name]
-
-# TC_NSdelete1.40.22.NEG Credential should not exist
-expect 404
-set force=true
-user cred del m99990@@[user.name].force.test.com
-
diff --git a/authz-test/TestSuite/TC_NSdelete1/99_cleanup b/authz-test/TestSuite/TC_NSdelete1/99_cleanup deleted file mode 100644 index cb97bc03..00000000 --- a/authz-test/TestSuite/TC_NSdelete1/99_cleanup +++ /dev/null @@ -1,36 +0,0 @@ -expect 200,404 -as testid@aaf.att.com - -# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles -role delete com.test.TC_NSdelete1.@[user.name].app.r.A - -# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles -perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction - -# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials -set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com - -# TC_NSdelete1.99.10.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin - -as testid@aaf.att.com -set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin - -# TC_NSdelete1.99.97.POS Clean Namespace -set force=true ns delete com.test.TC_NSdelete1.@[user.name].app -set force=true ns delete com.test.TC_NSdelete1.@[user.name] -set force=true ns delete com.test.force.@[user.name] - -# TC_NSdelete1.99.98.POS Check Clean Namespace -ns list name com.test.TC_NSdelete1.@[user.name].app -ns list name com.test.TC_NSdelete1.@[user.name] -ns list name com.test.force.@[user.name] - -# TC_NSdelete1.99.99.POS Clean and check Company Namespace -as XX@NS -set force=true ns delete com.@[user.name] -ns list name com.@[user.name] - diff --git a/authz-test/TestSuite/TC_NSdelete1/Description b/authz-test/TestSuite/TC_NSdelete1/Description deleted file mode 100644 index be99e94f..00000000 --- a/authz-test/TestSuite/TC_NSdelete1/Description +++ /dev/null @@ -1,15 +0,0 @@ -This Testcase Tests the deletion of a Namespace with attached roles and permissions - -APIs: POST /authz/ns - DELETE /authz/ns/:ns - GET /authz/roles/:role (where Role is NS + "*") - -CLI: - Target - ns create :ns :responsibleParty :admins - ns delete :ns - ns list :ns - Ancillary - role create :role - role list name :role.* - diff --git a/authz-test/TestSuite/TC_PW1/00_ids b/authz-test/TestSuite/TC_PW1/00_ids deleted file mode 100644 index 7fb0e054..00000000 --- a/authz-test/TestSuite/TC_PW1/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set XX@NS=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_PW1/10_init b/authz-test/TestSuite/TC_PW1/10_init deleted file mode 100644 index 7614fc4a..00000000 --- a/authz-test/TestSuite/TC_PW1/10_init +++ /dev/null @@ -1,24 +0,0 @@ - -as testid@aaf.att.com - -# TC_PW1.10.0.POS Validate no NS -expect 200,404 -ns list name com.test.TC_PW1.@[user.name] - -# TC_PW1.10.1.POS Create Namespace to add IDs -expect 201 -ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_PW1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_PW1.@[user.name].cred_admin - -as XX@NS -# TC_PW1.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_PW1.10.12.POS Assign user for creating creds -expect 201 -user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin diff --git a/authz-test/TestSuite/TC_PW1/20_length b/authz-test/TestSuite/TC_PW1/20_length deleted file mode 100644 index 233683a8..00000000 --- a/authz-test/TestSuite/TC_PW1/20_length +++ /dev/null @@ -1,10 +0,0 @@ -# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length -expect 406 -user cred add m12345@TC_PW1.test.com 12 - -# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length -user cred add m12345@TC_PW1.test.com 1 - -# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length -user cred add m12345@TC_PW1.test.com 1234567 - diff --git a/authz-test/TestSuite/TC_PW1/21_groups b/authz-test/TestSuite/TC_PW1/21_groups deleted file mode 100644 index 0d853484..00000000 --- a/authz-test/TestSuite/TC_PW1/21_groups +++ /dev/null @@ -1,40 +0,0 @@ -# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -expect 406 -user cred add m12345@@[user.name].TC_PW1.test.com 12345678 - -# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -expect 406 -user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh - -# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -expect 406 -user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*" - -# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -expect 201 -user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*" - -sleep @[NFR] -expect 200 -user cred del m12345@@[user.name].TC_PW1.test.com - -# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -expect 201 -user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*" - -sleep @[NFR] -expect 200 -user cred del m12345@@[user.name].TC_PW1.test.com - -# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -expect 201 -user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" - -sleep @[NFR] -expect 200 -user cred del m12345@@[user.name].TC_PW1.test.com - -# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID -expect 406 -user cred add m12345@@[user.name].TC_PW1.test.com m12345 - diff --git a/authz-test/TestSuite/TC_PW1/23_commands b/authz-test/TestSuite/TC_PW1/23_commands deleted file mode 100644 index 91502251..00000000 --- a/authz-test/TestSuite/TC_PW1/23_commands +++ /dev/null @@ -1,6 +0,0 @@ -# TC_PW1.23.1.NEG Too Few Args for User Cred 1 -expect Exception -user cred - -# TC_PW1.23.2.NEG Too Few Args for User Cred add -user cred add diff --git a/authz-test/TestSuite/TC_PW1/30_reset b/authz-test/TestSuite/TC_PW1/30_reset deleted file mode 100644 index ac058eba..00000000 --- a/authz-test/TestSuite/TC_PW1/30_reset +++ /dev/null @@ -1,15 +0,0 @@ -# TC_PW1.30.1.POS Create a Credential, with Temporary Time -expect 201 -user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" - -# TC_PW1.30.3.NEG Credential Exists -expect 409 -user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf" - -# TC_PW1.30.8.POS Reset this Password -expect 200 -user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1 - -# TC_PW1.30.9.POS Delete a Credential -user cred del m12345@@[user.name].TC_PW1.test.com 1 - diff --git a/authz-test/TestSuite/TC_PW1/99_cleanup b/authz-test/TestSuite/TC_PW1/99_cleanup deleted file mode 100644 index 9de26368..00000000 --- a/authz-test/TestSuite/TC_PW1/99_cleanup +++ /dev/null @@ -1,21 +0,0 @@ -expect 200,404 -as testid@aaf.att.com - -# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com -set force=true -user cred del m12345@@[user.name].TC_PW1.test.com - -# TC_PW1.99.2.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin - -as testid@aaf.att.com -role delete com.test.TC_PW1.@[user.name].cred_admin - -# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1 -ns delete com.test.TC_PW1.@[user.name] - -# TC_PW1.99.99.POS Verify Cleaned NS -ns list name com.test.TC_PW1.@[user.name] diff --git a/authz-test/TestSuite/TC_PW1/Description b/authz-test/TestSuite/TC_PW1/Description deleted file mode 100644 index 24180f49..00000000 --- a/authz-test/TestSuite/TC_PW1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of User Credentials - -APIs: - POST /auth/cred - PUT /auth/cred - DELETE /auth/cred - - -CLI: - Target - user cred add :user :password - user cred del :user - Ancillary - ns create - ns delete - diff --git a/authz-test/TestSuite/TC_Perm1/00_ids b/authz-test/TestSuite/TC_Perm1/00_ids deleted file mode 100644 index 0e7a40aa..00000000 --- a/authz-test/TestSuite/TC_Perm1/00_ids +++ /dev/null @@ -1,9 +0,0 @@ -expect 0 -set testid=<pass> -set testid@aaf.att.com=<pass> -set XX@NS=<pass> -set testunused=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm1/10_init b/authz-test/TestSuite/TC_Perm1/10_init deleted file mode 100644 index 08a9d171..00000000 --- a/authz-test/TestSuite/TC_Perm1/10_init +++ /dev/null @@ -1,23 +0,0 @@ -# TC_Perm1.10.0.POS Validate Namespace is empty first -as testid@aaf.att.com -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_Perm1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_Perm1.@[user.name].cred_admin - -as XX@NS -# TC_Perm1.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_Perm1.10.12.POS Assign user for creating creds -expect 201 -user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin - diff --git a/authz-test/TestSuite/TC_Perm1/20_add_data b/authz-test/TestSuite/TC_Perm1/20_add_data deleted file mode 100644 index 308170f8..00000000 --- a/authz-test/TestSuite/TC_Perm1/20_add_data +++ /dev/null @@ -1,38 +0,0 @@ -# TC_Perm1.20.1.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.20.2.POS Add Perm -expect 201 -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction - -# TC_Perm1.20.3.NEG Already Added Perm -expect 409 -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction - -# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well -expect 201 -force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B - -# TC_Perm1.20.8.POS Print Info for Validation -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well -expect 409 -perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B - -# TC_Perm1.20.10.NEG Non-admins can't change description -expect 403 -as testunused -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A - -# TC_Perm1.20.11.NEG Permission must exist to change description -expect 404 -as testid -perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C - -# TC_Perm1.20.12.POS Admin can change description -expect 200 -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A - diff --git a/authz-test/TestSuite/TC_Perm1/22_rename b/authz-test/TestSuite/TC_Perm1/22_rename deleted file mode 100644 index e2495608..00000000 --- a/authz-test/TestSuite/TC_Perm1/22_rename +++ /dev/null @@ -1,52 +0,0 @@ -# TC_Perm1.22.1.NEG Try to rename permission without changing anything
-expect 409
-perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
-
-# TC_Perm1.22.2.NEG Try to rename parent ns
-expect 403
-perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
-
-# TC_Perm1.22.10.POS View permission in original state
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.11.POS Rename permission instance
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
-
-# TC_Perm1.22.12.POS Verify change in permission instance
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.13.POS Rename permission action
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
-
-# TC_Perm1.22.14.POS Verify change in permission action
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.15.POS Rename permission type
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
-
-# TC_Perm1.22.16.POS Verify change in permission type
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.22.20.POS See permission is attached to this role
-expect 200
-role list role com.test.TC_Perm1.@[user.name].r.A
-
-# TC_Perm1.22.21.POS Rename permission type, instance and action
-expect 200
-perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
-
-# TC_Perm1.22.22.POS See permission stays attached after rename
-expect 200
-role list role com.test.TC_Perm1.@[user.name].r.A
-
-# TC_Perm1.22.23.POS Verify permission is back to original state
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
diff --git a/authz-test/TestSuite/TC_Perm1/25_grant_owned b/authz-test/TestSuite/TC_Perm1/25_grant_owned deleted file mode 100644 index 3085ace7..00000000 --- a/authz-test/TestSuite/TC_Perm1/25_grant_owned +++ /dev/null @@ -1,40 +0,0 @@ -# TC_Perm1.25.1.POS Create another Role in This namespace -expect 201 -role create com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.2.POS Create another Perm in This namespace -expect 201 -perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction - -# TC_Perm1.25.3.NEG Permission must Exist to Add to Role -expect 404 -perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.4.POS Grant individual new Perm to new Role -expect 201 -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.5.NEG Already Granted Perm -expect 409 -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.6.POS Print Info for Validation -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role -expect 200 -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.11.NEG Already UnGranted Perm -expect 404 -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C - -# TC_Perm1.25.20.POS Reset roles attached to permision with setTo -expect 200 -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.25.21.POS Owner of permission can reset roles -expect 200 -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction - diff --git a/authz-test/TestSuite/TC_Perm1/26_grant_unowned b/authz-test/TestSuite/TC_Perm1/26_grant_unowned deleted file mode 100644 index 4449624f..00000000 --- a/authz-test/TestSuite/TC_Perm1/26_grant_unowned +++ /dev/null @@ -1,175 +0,0 @@ -# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
-as XX@NS
-expect 201
-ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
-ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
-
-# TC_Perm1.26.2.POS Create ID in other Namespace
-expect 201
-user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
-
-# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
-expect 201
-role create com.test2.TC_Perm1.@[user.name].r.C
-role create com.test2.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
-expect 403
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
-expect 202
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-set request=true
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
-as testid@aaf.att.com
-expect 403
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
-as testid@aaf.att.com
-expect 404
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.14.POS Create Role
-as testid@aaf.att.com
-expect 201
-role create com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
-expect 201
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.16.POS Print Info for Validation
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-# TC_Perm1.26.17.POS Grant individual new Perm to new Role
-expect 201
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.18.NEG Already Granted Perm
-expect 409
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
-expect 200
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
-expect 403
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
-expect 202
-set request=true
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
-expect 403
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
-
-# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
-expect 202
-set request=true
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
-
-
-# TC_Perm1.26.30.POS Add ID to Role
-as XX@NS:<pass>
-expect 201
-ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-sleep @[NFR]
-
-# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
-expect 403
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
-expect 202
-set request=true
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
-
-
-# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
-expect 201
-as testid@aaf.att.com
-perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.34.POS Print Info for Validation
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-
-as XX@NS
-# TC_Perm1.26.35.POS Print Info for Validation
-expect 200
-ns list name com.test2.TC_Perm1.@[user.name]
-
-as testid@aaf.att.com
-# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
-as testid@aaf.att.com
-expect 200
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.37.NEG Already UnGranted Perm
-expect 404
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
-
-# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
-expect 200
-perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
-
-# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
-expect 403
-as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
-perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-
-# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
-expect 403
-perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
-
-# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
-expect 403
-perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-
-# TC_Perm1.26.45.POS Owner of permission can reset roles
-as testid@aaf.att.com
-expect 200
-perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-
-as XX@NS
-# TC_Perm1.26.97.POS List the Namespaces
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-ns list name com.test2.TC_Perm1.@[user.name]
-
-as testid@aaf.att.com
-# TC_Perm1.26.98.POS Cleanup
-expect 200
-role delete com.test.TC_Perm1.@[user.name].r.A
-role delete com.test.TC_Perm1.@[user.name].r.B
-role delete com.test.TC_Perm1.@[user.name].r.C
-role delete com.test.TC_Perm1.@[user.name]_2.r.C
-as XX@NS
-role delete com.test2.TC_Perm1.@[user.name]_2.r.C
-role delete com.test2.TC_Perm1.@[user.name].r.C
-as testid@aaf.att.com
-perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
-perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
-perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
-force ns delete com.test.TC_Perm1.@[user.name]_2
-as XX@NS
-set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
-ns delete com.test2.TC_Perm1.@[user.name]
-
-# TC_Perm1.26.99.POS List the Now Empty Namespaces
-expect 200
-ns list name com.test.TC_Perm1.@[user.name]
-ns list name com.test2.TC_Perm1.@[user.name]
-
diff --git a/authz-test/TestSuite/TC_Perm1/27_grant_force b/authz-test/TestSuite/TC_Perm1/27_grant_force deleted file mode 100644 index 12ee9839..00000000 --- a/authz-test/TestSuite/TC_Perm1/27_grant_force +++ /dev/null @@ -1,29 +0,0 @@ -# TC_Perm1.27.1.POS Create Permission -expect 201 -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction - -# TC_Perm1.27.2.POS Create Role -expect 201 -role create com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force -expect 404 -perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown - -# TC_Perm1.27.11.POS Role is created with force -expect 201 -force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown - -# TC_Perm1.27.12.NEG Perm must Exist to Grant without force -expect 404 -perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.27.13.POS Perm is created with force -expect 201 -force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A - -# TC_Perm1.27.14.POS Role and perm are created with force -expect 201 -force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 - - diff --git a/authz-test/TestSuite/TC_Perm1/30_change_ns b/authz-test/TestSuite/TC_Perm1/30_change_ns deleted file mode 100644 index a92562a6..00000000 --- a/authz-test/TestSuite/TC_Perm1/30_change_ns +++ /dev/null @@ -1,14 +0,0 @@ -# TC_Perm1.30.1.POS List Data on non-Empty NS -as testid -expect 200 -ns list name com.test.TC_Perm1.@[user.name] - -# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist -expect 201 -ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com - -# TC_Perm1.30.3.POS List Data on NS with sub-roles -expect 200 -ns list name com.test.TC_Perm1.@[user.name] -ns list name com.test.TC_Perm1.@[user.name].r - diff --git a/authz-test/TestSuite/TC_Perm1/99_cleanup b/authz-test/TestSuite/TC_Perm1/99_cleanup deleted file mode 100644 index 222e2a4c..00000000 --- a/authz-test/TestSuite/TC_Perm1/99_cleanup +++ /dev/null @@ -1,42 +0,0 @@ -as XX@NS:<pass> -expect 200,404 - -# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles -set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction -role delete com.test.TC_Perm1.@[user.name].r.A -role delete com.test.TC_Perm1.@[user.name].r.B -role delete com.test.TC_Perm1.@[user.name].r.C -role delete com.test.TC_Perm1.@[user.name].r.unknown -role delete com.test.TC_Perm1.@[user.name].r.unknown2 -role delete com.test2.TC_Perm1.@[user.name].r.C -role delete com.test.TC_Perm1.@[user.name]_2.r.C -role delete com.test2.TC_Perm1.@[user.name]_2.r.C - -# TC_Perm1.99.2.POS Remove ability to create creds -user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin - -as XX@NS:<pass> -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin - -as testid@aaf.att.com:<pass> -role delete com.test.TC_Perm1.@[user.name].cred_admin - -sleep @[NFR] -as XX@NS:<pass> -# TC_Perm1.99.98.POS Namespace Admin can delete Namespace -set force=true ns delete com.test2.TC_Perm1.@[user.name] -as testid:<pass> -force ns delete com.test.TC_Perm1.@[user.name].r -force ns delete com.test.TC_Perm1.@[user.name]_2 -force ns delete com.test.TC_Perm1.@[user.name] -force ns delete com.test2.TC_Perm1.@[user.name] - -# TC_Perm1.99.99.POS List to prove removed -ns list name com.test.TC_Perm1.@[user.name] -ns list name com.test.TC_Perm1.@[user.name].r -ns list name com.test.TC_Perm1.@[user.name]_2 -ns list name com.test2.TC_Perm1.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm1/Description b/authz-test/TestSuite/TC_Perm1/Description deleted file mode 100644 index 012a12b1..00000000 --- a/authz-test/TestSuite/TC_Perm1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of the Namespace, and the NS Commands - -APIs: - - - -CLI: - Target - role create :role - role delete - ns delete :ns - ns list :ns - Ancillary - role create :role - role list name :role.* - diff --git a/authz-test/TestSuite/TC_Perm2/00_ids b/authz-test/TestSuite/TC_Perm2/00_ids deleted file mode 100644 index f7196fc8..00000000 --- a/authz-test/TestSuite/TC_Perm2/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm2/10_init b/authz-test/TestSuite/TC_Perm2/10_init deleted file mode 100644 index dbda5edc..00000000 --- a/authz-test/TestSuite/TC_Perm2/10_init +++ /dev/null @@ -1,8 +0,0 @@ -as testid@aaf.att.com -# TC_Perm2.10.0.POS Print NS to prove ok -expect 200 -ns list name com.test.TC_Perm2.@[user.name] - -# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com diff --git a/authz-test/TestSuite/TC_Perm2/20_add_data b/authz-test/TestSuite/TC_Perm2/20_add_data deleted file mode 100644 index dfcff2fc..00000000 --- a/authz-test/TestSuite/TC_Perm2/20_add_data +++ /dev/null @@ -1,44 +0,0 @@ -as testid@aaf.att.com:<pass> -# TC_Perm2.20.1.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Perm2.@[user.name] - -# TC_Perm2.20.10.POS Add Perms with specific Instance and Action -expect 201 -perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction - -# TC_Perm2.20.11.POS Add Perms with specific Instance and Star -expect 201 -perm create com.test.TC_Perm2.@[user.name].p.A myInstance * - -# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action -expect 201 -perm create com.test.TC_Perm2.@[user.name].p.A * * -perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy - -# TC_Perm2.20.20.POS Create role -expect 201 -role create com.test.TC_Perm2.@[user.name].p.superUser -role create com.test.TC_Perm2.@[user.name].p.secret - -# TC_Perm2.20.21.POS Grant sub-NS perms to role -expect 201 -perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser -perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser -perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser -perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret - -# TC_Perm2.20.30.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Perm2.@[user.name] - -# TC_Perm2.20.40.POS Create role -expect 201 -role create com.test.TC_Perm2.@[user.name].p.watcher - -as XX@NS -# TC_Perm2.20.50.POS Grant view perms to watcher role -expect 201 -perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher -perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher - diff --git a/authz-test/TestSuite/TC_Perm2/30_change_ns b/authz-test/TestSuite/TC_Perm2/30_change_ns deleted file mode 100644 index b69f9e8d..00000000 --- a/authz-test/TestSuite/TC_Perm2/30_change_ns +++ /dev/null @@ -1,14 +0,0 @@ -as testid@aaf.att.com -# TC_Perm2.30.1.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Perm2.@[user.name] - -# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist -expect 201 -ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com - -# TC_Perm2.30.3.POS List Data on NS with sub-roles -expect 200 -ns list name com.test.TC_Perm2.@[user.name] -ns list name com.test.TC_Perm2.@[user.name].p - diff --git a/authz-test/TestSuite/TC_Perm2/40_viewByType b/authz-test/TestSuite/TC_Perm2/40_viewByType deleted file mode 100644 index cef41b05..00000000 --- a/authz-test/TestSuite/TC_Perm2/40_viewByType +++ /dev/null @@ -1,82 +0,0 @@ - -as testunused@aaf.att.com -# TC_Perm2.40.1.NEG Non-admin, not granted user should not view -expect 200 -perm list name com.test.TC_Perm2.@[user.name].p.A - -as testid@aaf.att.com -# Tens test user granted to permission -# TC_Perm2.40.10.POS Add user to superUser role -expect 201 -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser - -as testunused@aaf.att.com -# TC_Perm2.40.11.POS Non-admin, granted user should view -expect 200 -perm list name com.test.TC_Perm2.@[user.name].p.A - -as testid@aaf.att.com -# TC_Perm2.40.12.POS Ungrant perm with wildcards -expect 200 -perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser - -as testunused@aaf.att.com -# TC_Perm2.40.13.POS Non-admin, granted user should view -expect 200 -perm list name com.test.TC_Perm2.@[user.name].p.A - -as testid@aaf.att.com -# TC_Perm2.40.19.POS Remove user from superUser role -expect 200 -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser - -# Twenties test user granted explicit view permission -# TC_Perm2.40.20.POS Add user to watcher role -expect 201 -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher - -as testunused@aaf.att.com -# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view -expect 200 -perm list name com.test.TC_Perm2.@[user.name].p.A - -as XX@NS -# TC_Perm2.40.22.POS Ungrant perm with wildcards -expect 200 -perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher - -as testunused@aaf.att.com -# TC_Perm2.40.23.POS Non-admin, granted user should view -expect 200 -perm list name com.test.TC_Perm2.@[user.name].p.A - -as testid@aaf.att.com -# TC_Perm2.40.29.POS Remove user from watcher role -expect 200 -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher - -# Thirties test admin user -# TC_Perm2.40.30.POS Admin should be able to view -expect 200 -perm list name com.test.TC_Perm2.@[user.name].p.A - -# TC_Perm2.40.31.POS Add new admin for sub-NS -expect 201 -ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com - -# TC_Perm2.40.32.POS Remove admin from sub-NS -expect 200 -ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com - -# TC_Perm2.40.34.POS Admin of parent NS should be able to view -expect 200 -perm list name com.test.TC_Perm2.@[user.name].p.A - -# TC_Perm2.40.80.POS Add new admin for sub-NS -expect 201 -ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com - -# TC_Perm2.40.81.POS Remove admin from sub-NS -expect 200 -ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com - diff --git a/authz-test/TestSuite/TC_Perm2/41_viewByUser b/authz-test/TestSuite/TC_Perm2/41_viewByUser deleted file mode 100644 index 51c2ecb4..00000000 --- a/authz-test/TestSuite/TC_Perm2/41_viewByUser +++ /dev/null @@ -1,34 +0,0 @@ -# TC_Perm2.41.1.POS Add user to some roles with perms attached -as testid@aaf.att.com -expect 201 -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher -user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret - -# TC_Perm2.41.10.POS List by User when Same as Caller -as testunused@aaf.att.com -expect 200 -perm list user testunused@aaf.att.com - -# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles -as testid@aaf.att.com -expect 200 -perm list user testunused@aaf.att.com - -# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace -as XX@NS -expect 200 -perm list user testunused@aaf.att.com - -# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) -as testunused@aaf.att.com -expect 200 -perm list user XX@NS - -# TC_Perm2.41.99.POS Remove users from roles for later test -as testid@aaf.att.com -expect 200 -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher -user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret - diff --git a/authz-test/TestSuite/TC_Perm2/42_viewByNS b/authz-test/TestSuite/TC_Perm2/42_viewByNS deleted file mode 100644 index 69f4ed63..00000000 --- a/authz-test/TestSuite/TC_Perm2/42_viewByNS +++ /dev/null @@ -1,10 +0,0 @@ -# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS -as testid@aaf.att.com -expect 200 -perm list ns com.test.TC_Perm2.@[user.name].p - -# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS -as testunused@aaf.att.com -expect 403 -perm list ns com.test.TC_Perm2.@[user.name].p - diff --git a/authz-test/TestSuite/TC_Perm2/43_viewByRole b/authz-test/TestSuite/TC_Perm2/43_viewByRole deleted file mode 100644 index 29585b47..00000000 --- a/authz-test/TestSuite/TC_Perm2/43_viewByRole +++ /dev/null @@ -1,15 +0,0 @@ -# TC_Perm2.43.10.POS List perms when allowed to see Role -as testid@aaf.att.com -expect 200 -perm list role com.test.TC_Perm2.@[user.name].p.superUser -perm list role com.test.TC_Perm2.@[user.name].p.watcher -perm list role com.test.TC_Perm2.@[user.name].p.secret - -# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role -as testunused@aaf.att.com -expect 403 -perm list role com.test.TC_Perm2.@[user.name].p.superUser -perm list role com.test.TC_Perm2.@[user.name].p.watcher -perm list role com.test.TC_Perm2.@[user.name].p.secret - - diff --git a/authz-test/TestSuite/TC_Perm2/99_cleanup b/authz-test/TestSuite/TC_Perm2/99_cleanup deleted file mode 100644 index 2d853869..00000000 --- a/authz-test/TestSuite/TC_Perm2/99_cleanup +++ /dev/null @@ -1,24 +0,0 @@ -as testid@aaf.att.com -# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles -expect 200,404 - -force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction -force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance * -force perm delete com.test.TC_Perm2.@[user.name].p.A * * -force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy -force role delete com.test.TC_Perm2.@[user.name].p.watcher -force role delete com.test.TC_Perm2.@[user.name].p.superUser -force role delete com.test.TC_Perm2.@[user.name].p.secret - -as XX@NS -force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view -force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view - -# TC_Perm2.99.2.POS Namespace Admin can delete Namespace -expect 200,404 -force ns delete com.test.TC_Perm2.@[user.name].p -force ns delete com.test.TC_Perm2.@[user.name] - -# TC_Perm2.99.3.POS Print Namespaces -ns list name com.test.TC_Perm2.@[user.name].p -ns list name com.test.TC_Perm2.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm2/Description b/authz-test/TestSuite/TC_Perm2/Description deleted file mode 100644 index 96cb3708..00000000 --- a/authz-test/TestSuite/TC_Perm2/Description +++ /dev/null @@ -1,9 +0,0 @@ -This Testcase Tests the viewability of different perm commands - -APIs: - - - -CLI: - - diff --git a/authz-test/TestSuite/TC_Perm3/00_ids b/authz-test/TestSuite/TC_Perm3/00_ids deleted file mode 100644 index ad09d774..00000000 --- a/authz-test/TestSuite/TC_Perm3/00_ids +++ /dev/null @@ -1,10 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set testid_1@test.com=<pass> -set testid_2@test.com=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Perm3/10_init b/authz-test/TestSuite/TC_Perm3/10_init deleted file mode 100644 index f8e2ebf1..00000000 --- a/authz-test/TestSuite/TC_Perm3/10_init +++ /dev/null @@ -1,16 +0,0 @@ -as XX@NS -# TC_Perm3.10.0.POS Print NS to prove ok -expect 200 -ns list name com.test.TC_Perm3.@[user.name] - -# TC_Perm3.10.1.POS Create Namespace with User ID -expect 201 -ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com - -# TC_Perm3.10.2.POS Create Namespace with Different ID -expect 201 -ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com - -# TC_Perm3.10.3.POS Create Namespace in Different Company -expect 201 -ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com diff --git a/authz-test/TestSuite/TC_Perm3/20_innerGrants b/authz-test/TestSuite/TC_Perm3/20_innerGrants deleted file mode 100644 index 4f6482cd..00000000 --- a/authz-test/TestSuite/TC_Perm3/20_innerGrants +++ /dev/null @@ -1,29 +0,0 @@ -as testid_1@test.com - -# TC_Perm3.20.0.POS User1 Create a Perm -expect 201 -perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction - -# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group -expect 403 -role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a - -# TC_Perm3.20.6.POS User2 should be able to create Role in own group -as testid_2@test.com -expect 201 -role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a - -# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role -expect 403 -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a - -# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2 -as testid_2@test.com -expect 403 -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a - -# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1 -expect 201 -as testid_1@test.com -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a - diff --git a/authz-test/TestSuite/TC_Perm3/30_outerGrants b/authz-test/TestSuite/TC_Perm3/30_outerGrants deleted file mode 100644 index ca2f7c53..00000000 --- a/authz-test/TestSuite/TC_Perm3/30_outerGrants +++ /dev/null @@ -1,23 +0,0 @@ -# TC_Perm3.30.0.POS User1 Create a Perm -as testid_1@test.com -expect 201 -perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction - -# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group -expect 403 -role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b - -# TC_Perm3.30.6.POS User2 should be able to create Role in own group -as testunused@aaf.att.com -expect 201 -role create com.att.TC_Perm3.@[user.name].dev.myRole_b - -# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role -expect 403 -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b - -# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm -as testid_1@test.com -expect 403 -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b - diff --git a/authz-test/TestSuite/TC_Perm3/99_cleanup b/authz-test/TestSuite/TC_Perm3/99_cleanup deleted file mode 100644 index 89b20783..00000000 --- a/authz-test/TestSuite/TC_Perm3/99_cleanup +++ /dev/null @@ -1,22 +0,0 @@ -expect 200,404 -as testid_1@test.com -# TC_Perm3.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Perm3.@[user.name]_1 - -# TC_Perm3.99.3.POS Print Namespaces -ns list name com.test.TC_Perm3.@[user.name]_1 - -as testid_2@test.com -# TC_Perm3.99.4.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Perm3.@[user.name]_2 - -# TC_Perm3.99.5.POS Print Namespaces -ns list name com.test.TC_Perm3.@[user.name]_2 - - -as testunused@aaf.att.com -# TC_Perm3.99.6.POS Remove Namespace from other company -force ns delete com.att.TC_Perm3.@[user.name] - -# TC_Perm3.99.7.POS Print Namespace from other company -ns list name com.att.TC_Perm3.@[user.name] diff --git a/authz-test/TestSuite/TC_Perm3/Description b/authz-test/TestSuite/TC_Perm3/Description deleted file mode 100644 index 9f572aa2..00000000 --- a/authz-test/TestSuite/TC_Perm3/Description +++ /dev/null @@ -1,13 +0,0 @@ -This is a targeted Test Case specifically to cover Inner and Outer Granting. - -APIs: - - -CLI: -ns create -ns delete -perm create -perm grant -role create -as - diff --git a/authz-test/TestSuite/TC_Realm1/00_ids b/authz-test/TestSuite/TC_Realm1/00_ids deleted file mode 100644 index 7fb0e054..00000000 --- a/authz-test/TestSuite/TC_Realm1/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set XX@NS=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Realm1/10_init b/authz-test/TestSuite/TC_Realm1/10_init deleted file mode 100644 index 6fee8d9f..00000000 --- a/authz-test/TestSuite/TC_Realm1/10_init +++ /dev/null @@ -1,20 +0,0 @@ - -as testid@aaf.att.com - -# TC_Realm1.10.0.POS Validate no NS -expect 200,404 -ns list name com.test.TC_Realm1.@[user.name] - -# TC_Realm1.10.1.POS Create Namespace to add IDs -expect 201 -ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com - -as XX@NS -# TC_Realm1.10.10.POS Grant ability to change delegates -expect 201 -force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg - -# TC_Realm1.10.11.POS Create user role to change delegates -expect 201 -user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg - diff --git a/authz-test/TestSuite/TC_Realm1/20_ns b/authz-test/TestSuite/TC_Realm1/20_ns deleted file mode 100644 index b090d96d..00000000 --- a/authz-test/TestSuite/TC_Realm1/20_ns +++ /dev/null @@ -1,26 +0,0 @@ - -as testid@aaf.att.com -# TC_Realm1.20.1.NEG Fail to create - default domain wrong -expect 403 -ns create com.test.TC_Realm1.@[user.name].project1 testunused - -# TC_Realm1.20.2.POS Create - default domain appended -expect 201 -ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name] - -# TC_Realm1.20.3.NEG Fail to create - default domain wrong -expect 403 -ns admin add com.test.TC_Realm1.@[user.name].project1 testunused - -# TC_Realm1.20.4.POS Create - full domain given -expect 201 -ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com - -# TC_Realm1.20.5.POS Delete - default domain appended -expect 200 -ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name] - -# TC_Realm1.20.6.POS Add admin - default domain appended -expect 201 -ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name] - diff --git a/authz-test/TestSuite/TC_Realm1/30_role b/authz-test/TestSuite/TC_Realm1/30_role deleted file mode 100644 index ea99bc25..00000000 --- a/authz-test/TestSuite/TC_Realm1/30_role +++ /dev/null @@ -1,20 +0,0 @@ -# TC_Realm1.30.1.POS Create role to add to users -expect 201 -role create com.test.TC_Realm1.@[user.name].role1 - -# TC_Realm1.30.2.NEG Add user, but default domain wrong -expect 403 -role user add com.test.TC_Realm1.@[user.name].role1 testunused - -# TC_Realm1.30.3.POS Add user, with default domain appended -expect 201 -role user add com.test.TC_Realm1.@[user.name].role1 @[user.name] - -# TC_Realm1.30.10.POS Role list, with default domain added -expect 200 -role list user testunused - -# TC_Realm1.30.80.POS Delete user, with default domain appended -expect 200 -role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] - diff --git a/authz-test/TestSuite/TC_Realm1/40_user b/authz-test/TestSuite/TC_Realm1/40_user deleted file mode 100644 index 629251ea..00000000 --- a/authz-test/TestSuite/TC_Realm1/40_user +++ /dev/null @@ -1,42 +0,0 @@ -# TC_Realm1.40.1.POS Create role to add to users -expect 201 -role create com.test.TC_Realm1.@[user.name].role2 - -# TC_Realm1.40.2.NEG Add user, but default domain wrong -expect 403 -user role add testunused com.test.TC_Realm1.@[user.name].role2 - -# TC_Realm1.40.3.POS Add user, with default domain appended -expect 201 -user role add @[user.name] com.test.TC_Realm1.@[user.name].role2 - -# TC_Realm1.40.10.NEG Add delegate, but default domain wrong -expect 404 -user delegate add testunused testid 2099-01-01 - -# TC_Realm1.40.11.POS Add delegate, with default domain appended -expect 201 -force user delegate add @[user.name] @[user.name] 2099-01-01 - -# TC_Realm1.40.12.POS Update delegate, with default domain appended -expect 200 -user delegate upd @[user.name] @[user.name] 2099-01-01 - -as XX@NS -# TC_Realm1.40.20.POS List delegate, with default domain appended -expect 200 -user list delegates user @[user.name] - -# TC_Realm1.40.21.POS List delegate, with default domain appended -expect 200 -user list delegates delegate @[user.name] - -as testid@aaf.att.com -# TC_Realm1.40.80.POS Delete user, with default domain appended -expect 200 -user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 - -# TC_Realm1.40.81.POS Delete delegate, with default domain appended -expect 200 -user delegate del @[user.name] - diff --git a/authz-test/TestSuite/TC_Realm1/99_cleanup b/authz-test/TestSuite/TC_Realm1/99_cleanup deleted file mode 100644 index cf8c3a90..00000000 --- a/authz-test/TestSuite/TC_Realm1/99_cleanup +++ /dev/null @@ -1,28 +0,0 @@ -expect 200,404 -as testid@aaf.att.com - -# TC_Realm1.99.1.POS Delete delgates -user delegate del @[user.name] - -# TC_Realm1.99.2.POS Delete user roles -role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] -user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 - -# TC_Realm1.99.3.POS Delete roles -role delete com.test.TC_Realm1.@[user.name].role1 -role delete com.test.TC_Realm1.@[user.name].role2 - -as XX@NS -# TC_Realm1.99.10.POS UnGrant ability to change delegates -perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg - -as testid@aaf.att.com -# TC_Realm1.99.11.POS Delete role to change delegates -set force=true role delete com.test.TC_Realm1.@[user.name].change_delg - -# TC_Realm1.99.98.POS Delete Namespaces -ns delete com.test.TC_Realm1.@[user.name] -ns delete com.test.TC_Realm1.@[user.name].project1 - -# TC_Realm1.99.99.POS Verify Cleaned NS -ns list name com.test.TC_Realm1.@[user.name] diff --git a/authz-test/TestSuite/TC_Realm1/Description b/authz-test/TestSuite/TC_Realm1/Description deleted file mode 100644 index edd16859..00000000 --- a/authz-test/TestSuite/TC_Realm1/Description +++ /dev/null @@ -1,2 +0,0 @@ -This Testcase tests that the default domain is appended before being sent to the server - diff --git a/authz-test/TestSuite/TC_Role1/00_ids b/authz-test/TestSuite/TC_Role1/00_ids deleted file mode 100644 index 7fb0e054..00000000 --- a/authz-test/TestSuite/TC_Role1/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set XX@NS=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Role1/10_init b/authz-test/TestSuite/TC_Role1/10_init deleted file mode 100644 index 4af50879..00000000 --- a/authz-test/TestSuite/TC_Role1/10_init +++ /dev/null @@ -1,23 +0,0 @@ -as testid@aaf.att.com - -# TC_Role1.10.0.POS Validate NS ok -expect 200 -ns list name com.test.TC_Role1.@[user.name] - -# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_Role1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_Role1.@[user.name].cred_admin - -as XX@NS -# TC_Role1.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_Role1.10.12.POS Assign user for creating creds -expect 201 -user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin diff --git a/authz-test/TestSuite/TC_Role1/20_add_data b/authz-test/TestSuite/TC_Role1/20_add_data deleted file mode 100644 index 43c97d92..00000000 --- a/authz-test/TestSuite/TC_Role1/20_add_data +++ /dev/null @@ -1,40 +0,0 @@ -# TC_Role1.20.1.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Role1.@[user.name] - -# TC_Role1.20.2.POS Add Roles -expect 201 -role create com.test.TC_Role1.@[user.name].r.A -role create com.test.TC_Role1.@[user.name].r.B - -# TC_Role1.20.3.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Role1.@[user.name] - -# TC_Role1.20.4.NEG Don't write over Role -expect 409 -role create com.test.TC_Role1.@[user.name].r.A - -# TC_Role1.20.5.NEG Don't allow non-user to create -expect 401 -as bogus -role create com.test.TC_Role1.@[user.name].r.No - -# TC_Role1.20.6.NEG Don't allow non-user to create without Approval -expect 403 -as testunused@aaf.att.com -role create com.test.TC_Role1.@[user.name].r.No - -# TC_Role1.20.10.NEG Non-admins can't change description -expect 403 -as testunused@aaf.att.com -role describe com.test.TC_Role1.@[user.name].r.A Description A - -# TC_Role1.20.11.NEG Role must exist to change description -expect 404 -as testid@aaf.att.com -role describe com.test.TC_Role1.@[user.name].r.C Description C - -# TC_Role1.20.12.POS Admin can change description -expect 200 -role describe com.test.TC_Role1.@[user.name].r.A Description A diff --git a/authz-test/TestSuite/TC_Role1/30_change_ns b/authz-test/TestSuite/TC_Role1/30_change_ns deleted file mode 100644 index 4d32f656..00000000 --- a/authz-test/TestSuite/TC_Role1/30_change_ns +++ /dev/null @@ -1,14 +0,0 @@ -# TC_Role1.30.1.POS List Data on non-Empty NS -as testid@aaf.att.com -expect 200 -ns list name com.test.TC_Role1.@[user.name] - -# TC_Role1.30.2.POS Create Sub-ns when Roles that exist -expect 201 -ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com - -# TC_Role1.30.3.POS List Data on NS with sub-roles -expect 200 -ns list name com.test.TC_Role1.@[user.name] -ns list name com.test.TC_Role1.@[user.name].r - diff --git a/authz-test/TestSuite/TC_Role1/40_reports b/authz-test/TestSuite/TC_Role1/40_reports deleted file mode 100644 index 657d1c7c..00000000 --- a/authz-test/TestSuite/TC_Role1/40_reports +++ /dev/null @@ -1,24 +0,0 @@ -# TC_Role1.40.01.POS List Data on non-Empty NS -expect 200 -role list role com.test.TC_Role1.@[user.name].r.A - -# TC_Role1.40.20.POS Create a Perm, and add to Role -expect 201 -perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A - -# TC_Role1.40.25.POS List -expect 200 -role list role com.test.TC_Role1.@[user.name].r.A - -# TC_Role1.40.30.POS Create a Perm -expect 201 -perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case - -# TC_Role1.40.32.POS Separately Grant Perm -expect 201 -perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A - -# TC_Role1.40.35.POS List -expect 200 -role list role com.test.TC_Role1.@[user.name].r.A - diff --git a/authz-test/TestSuite/TC_Role1/50_force_delete b/authz-test/TestSuite/TC_Role1/50_force_delete deleted file mode 100644 index ef334b24..00000000 --- a/authz-test/TestSuite/TC_Role1/50_force_delete +++ /dev/null @@ -1,28 +0,0 @@ -# TC_Role1.50.1.POS Create user to attach to role
-expect 201
-user cred add m00001@@[user.name].TC_Role1.test.com password123
-
-# TC_Role1.50.2.POS Create new role
-expect 201
-role create com.test.TC_Role1.@[user.name].r.C
-
-# TC_Role1.50.3.POS Attach user to role
-expect 201
-user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
-
-# TC_Role1.50.4.POS Create permission and attach to role
-expect 201
-perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
-
-# TC_Role1.50.20.NEG Delete role with permission and user attached should fail
-expect 424
-role delete com.test.TC_Role1.@[user.name].r.C
-
-# TC_Role1.50.21.POS Force delete role should work
-expect 200
-set force=true role delete com.test.TC_Role1.@[user.name].r.C
-
-# TC_Role1.50.30.POS List Data on non-Empty NS
-expect 200
-ns list name com.test.TC_Role1.@[user.name]
-
diff --git a/authz-test/TestSuite/TC_Role1/90_wait b/authz-test/TestSuite/TC_Role1/90_wait deleted file mode 100644 index 91d890f0..00000000 --- a/authz-test/TestSuite/TC_Role1/90_wait +++ /dev/null @@ -1,2 +0,0 @@ -# Need to let DB catch up on deletes -sleep @[NFR] diff --git a/authz-test/TestSuite/TC_Role1/99_cleanup b/authz-test/TestSuite/TC_Role1/99_cleanup deleted file mode 100644 index 63e240eb..00000000 --- a/authz-test/TestSuite/TC_Role1/99_cleanup +++ /dev/null @@ -1,34 +0,0 @@ -as testid@aaf.att.com -expect 200,404 - -# TC_Role1.99.05.POS Remove Permissions from "40_reports" -set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT -set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case - -# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles -force role delete com.test.TC_Role1.@[user.name].r.A -force role delete com.test.TC_Role1.@[user.name].r.B -force role delete com.test.TC_Role1.@[user.name].r.C - -# TC_Role1.99.15.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin - -as testid@aaf.att.com -role delete com.test.TC_Role1.@[user.name].cred_admin - -# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials -perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction -set force=true -user cred del m00001@@[user.name].TC_Role1.test.com - -# TC_Role1.99.90.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Role1.@[user.name].r -force ns delete com.test.TC_Role1.@[user.name] - -# TC_Role1.99.99.POS List to prove clean Namespaces -ns list name com.test.TC_Role1.@[user.name].r -ns list name com.test.TC_Role1.@[user.name] - diff --git a/authz-test/TestSuite/TC_Role1/Description b/authz-test/TestSuite/TC_Role1/Description deleted file mode 100644 index 012a12b1..00000000 --- a/authz-test/TestSuite/TC_Role1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of the Namespace, and the NS Commands - -APIs: - - - -CLI: - Target - role create :role - role delete - ns delete :ns - ns list :ns - Ancillary - role create :role - role list name :role.* - diff --git a/authz-test/TestSuite/TC_Role2/00_ids b/authz-test/TestSuite/TC_Role2/00_ids deleted file mode 100644 index f7196fc8..00000000 --- a/authz-test/TestSuite/TC_Role2/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Role2/10_init b/authz-test/TestSuite/TC_Role2/10_init deleted file mode 100644 index dbe7b858..00000000 --- a/authz-test/TestSuite/TC_Role2/10_init +++ /dev/null @@ -1,8 +0,0 @@ -as testid@aaf.att.com -# TC_Role2.10.0.POS Print NS to prove ok -expect 200 -ns list name com.test.TC_Role2.@[user.name] - -# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com diff --git a/authz-test/TestSuite/TC_Role2/20_add_data b/authz-test/TestSuite/TC_Role2/20_add_data deleted file mode 100644 index 6b85dea1..00000000 --- a/authz-test/TestSuite/TC_Role2/20_add_data +++ /dev/null @@ -1,39 +0,0 @@ -############## -# Testing Model -# We are making a Testing model based loosely on George Orwell's Animal Farm -# In Animal Farm, Animals did all the work but didn't get any priviledges. -# In our test, the animals can't see anything but their own role, etc -# Dogs were supervisors, and ostensibly did something, though mostly laid around -# In our test, they have Implicit Permissions by being Admins -# Pigs were the Elite. They did nothing, but watch everyone and eat the produce -# In our test, they have Explicit Permissions to see everything they want -############## -as testid@aaf.att.com:<pass> -# TC_Role2.20.1.POS List Data on non-Empty NS -expect 200 -ns list name com.test.TC_Role2.@[user.name] - -# TC_Role2.20.10.POS Create Orwellian Roles -expect 201 -role create com.test.TC_Role2.@[user.name].r.animals -role create com.test.TC_Role2.@[user.name].r.dogs -role create com.test.TC_Role2.@[user.name].r.pigs - -# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles -expect 201 -perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals -perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs -perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs -perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs - -# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs -expect 201 -as XX@NS:<pass> -perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs -perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs - -# TC_Role2.20.60.POS List Data on non-Empty NS -expect 200 -as testid@aaf.att.com:<pass> -ns list name com.test.TC_Role2.@[user.name] - diff --git a/authz-test/TestSuite/TC_Role2/40_viewByName b/authz-test/TestSuite/TC_Role2/40_viewByName deleted file mode 100644 index a6ec33c5..00000000 --- a/authz-test/TestSuite/TC_Role2/40_viewByName +++ /dev/null @@ -1,45 +0,0 @@ -as XX@NS -# TC_Role2.40.1.POS List Data on Role -expect 200 -role list role com.test.TC_Role2.@[user.name].r.animals -role list role com.test.TC_Role2.@[user.name].r.dogs -role list role com.test.TC_Role2.@[user.name].r.pigs - -# TC_Role2.40.10.POS Add testunused to animals -expect 201 -as testid@aaf.att.com -user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals - -# TC_Role2.40.11.POS List by Name when part of role -as testunused@aaf.att.com -expect 200 -role list role com.test.TC_Role2.@[user.name].r.animals - -# TC_Role2.40.12.NEG List by Name when not part of Role -expect 403 -role list role com.test.TC_Role2.@[user.name].r.dogs -role list role com.test.TC_Role2.@[user.name].r.pigs - - -# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace -as testid@aaf.att.com -expect 200 -role list role com.test.TC_Role2.@[user.name].r.animals -role list role com.test.TC_Role2.@[user.name].r.dogs -role list role com.test.TC_Role2.@[user.name].r.pigs - -# TC_Role2.40.50.POS Change testunused to Pigs -as testid@aaf.att.com -expect 200 -user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals -expect 201 -user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs - -# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions -as testunused@aaf.att.com -expect 403 -role list role com.test.TC_Role2.@[user.name].r.animals -role list role com.test.TC_Role2.@[user.name].r.dogs -expect 200 -role list role com.test.TC_Role2.@[user.name].r.pigs - diff --git a/authz-test/TestSuite/TC_Role2/41_viewByUser b/authz-test/TestSuite/TC_Role2/41_viewByUser deleted file mode 100644 index 684d9ba1..00000000 --- a/authz-test/TestSuite/TC_Role2/41_viewByUser +++ /dev/null @@ -1,20 +0,0 @@ -# TC_Role2.41.10.POS List by User when Same as Caller -as testunused@aaf.att.com -expect 200 -role list user testunused@aaf.att.com - -# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles -as testid@aaf.att.com -expect 200 -role list user testunused@aaf.att.com - -# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace -as XX@NS -expect 200 -role list user testunused@aaf.att.com - -# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) -as testunused@aaf.att.com -expect 200 -role list user XX@NS - diff --git a/authz-test/TestSuite/TC_Role2/42_viewByNS b/authz-test/TestSuite/TC_Role2/42_viewByNS deleted file mode 100644 index 8f184943..00000000 --- a/authz-test/TestSuite/TC_Role2/42_viewByNS +++ /dev/null @@ -1,10 +0,0 @@ -# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS -as testid@aaf.att.com -expect 200 -role list ns com.test.TC_Role2.@[user.name] - -# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS -as testunused@aaf.att.com -expect 403 -role list ns com.test.TC_Role2.@[user.name] - diff --git a/authz-test/TestSuite/TC_Role2/43_viewByPerm b/authz-test/TestSuite/TC_Role2/43_viewByPerm deleted file mode 100644 index 53a1e3d4..00000000 --- a/authz-test/TestSuite/TC_Role2/43_viewByPerm +++ /dev/null @@ -1,15 +0,0 @@ -# TC_Role2.43.10.POS List Roles when allowed to see Perm -as testid@aaf.att.com -expect 200 -role list perm com.test.TC_Role2.@[user.name].r.A grain eat -role list perm com.test.TC_Role2.@[user.name].r.A grain * -role list perm com.test.TC_Role2.@[user.name].r.A * * - -# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm -as testunused@aaf.att.com -expect 403 -role list perm com.test.TC_Role2.@[user.name].r.A grain eat -role list perm com.test.TC_Role2.@[user.name].r.A grain * -role list perm com.test.TC_Role2.@[user.name].r.A * * - - diff --git a/authz-test/TestSuite/TC_Role2/99_cleanup b/authz-test/TestSuite/TC_Role2/99_cleanup deleted file mode 100644 index df344b2d..00000000 --- a/authz-test/TestSuite/TC_Role2/99_cleanup +++ /dev/null @@ -1,22 +0,0 @@ -as XX@NS -expect 200,404 - -# TC_Role2.99.1.POS Delete Roles -force role delete com.test.TC_Role2.@[user.name].r.animals -force role delete com.test.TC_Role2.@[user.name].r.dogs -force role delete com.test.TC_Role2.@[user.name].r.pigs - -# TC_Role2.99.2.POS Delete Perms -force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat -force perm delete com.test.TC_Role2.@[user.name].r.A grain eat -force perm delete com.test.TC_Role2.@[user.name].r.A grain * -force perm delete com.test.TC_Role2.@[user.name].r.A * * -force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view -force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view - - -# TC_Role2.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Role2.@[user.name] - -# TC_Role2.99.3.POS Print Namespaces -ns list name com.test.TC_Role2.@[user.name] diff --git a/authz-test/TestSuite/TC_Role2/Description b/authz-test/TestSuite/TC_Role2/Description deleted file mode 100644 index ea741a81..00000000 --- a/authz-test/TestSuite/TC_Role2/Description +++ /dev/null @@ -1,9 +0,0 @@ -This Testcase Tests the viewability of different role commands - -APIs: - - - -CLI: - - diff --git a/authz-test/TestSuite/TC_UR1/00_ids b/authz-test/TestSuite/TC_UR1/00_ids deleted file mode 100644 index 7fb0e054..00000000 --- a/authz-test/TestSuite/TC_UR1/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set XX@NS=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_UR1/10_init b/authz-test/TestSuite/TC_UR1/10_init deleted file mode 100644 index 3709b5be..00000000 --- a/authz-test/TestSuite/TC_UR1/10_init +++ /dev/null @@ -1,31 +0,0 @@ -as testid@aaf.att.com -# TC_UR1.10.0.POS Validate no NS -expect 200 -ns list name com.test.TC_UR1.@[user.name] - -# TC_UR1.10.1.POS Create Namespace to add IDs -expect 201 -ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_Role1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_UR1.@[user.name].cred_admin - -as XX@NS -# TC_Role1.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_Role1.10.12.POS Assign user for creating creds -expect 201 -user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin - -# TC_UR1.10.20.POS Create two Credentials -user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd" -user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd" - -# TC_UR1.10.21.POS Create two Roles -role create com.test.TC_UR1.@[user.name].r1 -role create com.test.TC_UR1.@[user.name].r2 - diff --git a/authz-test/TestSuite/TC_UR1/23_commands b/authz-test/TestSuite/TC_UR1/23_commands deleted file mode 100644 index b5345714..00000000 --- a/authz-test/TestSuite/TC_UR1/23_commands +++ /dev/null @@ -1,10 +0,0 @@ -# TC_UR1.23.1.NEG Too Few Args for User Role 1 -expect 0 -user - -# TC_UR1.23.2.NEG Too Few Args for user role -expect Exception -user role - -# TC_UR1.23.3.NEG Too Few Args for user role add -user role add diff --git a/authz-test/TestSuite/TC_UR1/30_userrole b/authz-test/TestSuite/TC_UR1/30_userrole deleted file mode 100644 index f4c514e5..00000000 --- a/authz-test/TestSuite/TC_UR1/30_userrole +++ /dev/null @@ -1,53 +0,0 @@ -# TC_UR1.30.10.POS Create a UserRole -expect 201 -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 - -# TC_UR1.30.11.NEG Created UserRole Exists -expect 409 -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 - -# TC_UR1.30.13.POS Delete UserRole -sleep @[NFR] -expect 200 -user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 - - -# TC_UR1.30.20.POS Create multiple UserRoles -expect 201 -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 - -# TC_UR1.30.21.NEG Created UserRole Exists -expect 409 -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 - -# TC_UR1.30.23.POS Delete UserRole -sleep @[NFR] -expect 200 -user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 - -# TC_UR1.30.30.POS Create a Role User -expect 201 -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com - -# TC_UR1.30.31.NEG Created Role User Exists -expect 409 -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com - -# TC_UR1.30.33.POS Delete Role User -sleep @[NFR] -expect 200 -role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com - -# TC_UR1.30.40.POS Create multiple Role Users -expect 201 -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com - -# TC_UR1.30.41.NEG Created Role User Exists -expect 409 -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com - -# TC_UR1.30.43.POS Delete Role Users -sleep @[NFR] -expect 200 -role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com - diff --git a/authz-test/TestSuite/TC_UR1/40_reset b/authz-test/TestSuite/TC_UR1/40_reset deleted file mode 100644 index 66f8c172..00000000 --- a/authz-test/TestSuite/TC_UR1/40_reset +++ /dev/null @@ -1,40 +0,0 @@ -# TC_UR1.40.10.POS Create multiple UserRoles
-expect 200
-user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
-
-# TC_UR1.40.11.POS Reset userrole for a user
-expect 200
-user role setTo m00001@@[user.name].TC_UR1.test.com
-
-# TC_UR1.40.12.NEG Create userrole where Role doesn't exist
-expect 404
-user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5
-
-# TC_UR1.40.13.NEG Create userrole where User doesn't exist
-expect 403
-user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
-
-as testunused@aaf.att.com
-# TC_UR1.40.19.NEG User without permission tries to add userrole
-expect 403
-user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
-
-# TC_UR1.40.20.NEG User without permission tries to add userrole
-expect 403
-role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
-
-as testid@aaf.att.com
-# TC_UR1.40.22.POS Reset userrole for a user
-expect 200
-role user setTo com.test.TC_UR1.@[user.name].r1
-
-sleep @[NFR]
-# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist
-expect 404
-role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com
-
-sleep @[NFR]
-# TC_UR1.40.24.NEG Create UserRole where User doesn't exist
-expect 403
-role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com
-
diff --git a/authz-test/TestSuite/TC_UR1/90_wait b/authz-test/TestSuite/TC_UR1/90_wait deleted file mode 100644 index 91d890f0..00000000 --- a/authz-test/TestSuite/TC_UR1/90_wait +++ /dev/null @@ -1,2 +0,0 @@ -# Need to let DB catch up on deletes -sleep @[NFR] diff --git a/authz-test/TestSuite/TC_UR1/99_cleanup b/authz-test/TestSuite/TC_UR1/99_cleanup deleted file mode 100644 index c5e1caf5..00000000 --- a/authz-test/TestSuite/TC_UR1/99_cleanup +++ /dev/null @@ -1,32 +0,0 @@ -expect 200,404 -as testid@aaf.att.com - -# TC_UR1.99.1.POS Remove User from Role -role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com -role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com -role user setTo com.test.TC_UR1.@[user.name].r1 - -# TC_UR1.99.2.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin - -as testid@aaf.att.com -role delete com.test.TC_UR1.@[user.name].cred_admin - -# TC_UR1.99.3.POS Delete Creds -set force=true -user cred del m00001@@[user.name].TC_UR1.test.com -set force=true -user cred del m00002@@[user.name].TC_UR1.test.com - -# TC_UR1.99.4.POS Delete Roles -set force=true role delete com.test.TC_UR1.@[user.name].r1 -set force=true role delete com.test.TC_UR1.@[user.name].r2 - -# TC_UR1.99.5.POS Delete Namespace -set force=true ns delete com.test.TC_UR1.@[user.name] - -# TC_UR1.99.99.POS Verify Cleaned NS -ns list name com.test.TC_UR1.@[user.name] diff --git a/authz-test/TestSuite/TC_UR1/Description b/authz-test/TestSuite/TC_UR1/Description deleted file mode 100644 index 24180f49..00000000 --- a/authz-test/TestSuite/TC_UR1/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of User Credentials - -APIs: - POST /auth/cred - PUT /auth/cred - DELETE /auth/cred - - -CLI: - Target - user cred add :user :password - user cred del :user - Ancillary - ns create - ns delete - diff --git a/authz-test/TestSuite/TC_User1/00_ids b/authz-test/TestSuite/TC_User1/00_ids deleted file mode 100644 index b989aa3b..00000000 --- a/authz-test/TestSuite/TC_User1/00_ids +++ /dev/null @@ -1,12 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set bogus@aaf.att.com=boguspass -set m99990@@[user.name].TC_User1.test.com=password123 -set m99995@@[user.name].TC_User1.test.com=password123 - -#delay 10 -set NFR=0 - - diff --git a/authz-test/TestSuite/TC_User1/10_init b/authz-test/TestSuite/TC_User1/10_init deleted file mode 100644 index 0cad5595..00000000 --- a/authz-test/TestSuite/TC_User1/10_init +++ /dev/null @@ -1,25 +0,0 @@ - -as testid@aaf.att.com -# TC_User1.10.0.POS Check for Existing Data -expect 200 -ns list name com.test.TC_User1.@[user.name] - -# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com - -# TC_User1.10.10.POS Create role to assign mechid perm to -expect 201 -role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com - -as XX@NS:<pass> -# TC_User1.10.11.POS Assign role to mechid perm -expect 201 -perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin -perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin - -as testid@aaf.att.com -# TC_User1.01.99.POS Expect Namespace to be created -expect 200 -ns list name com.test.TC_User1.@[user.name] - diff --git a/authz-test/TestSuite/TC_User1/20_add_data b/authz-test/TestSuite/TC_User1/20_add_data deleted file mode 100644 index 9a9acec5..00000000 --- a/authz-test/TestSuite/TC_User1/20_add_data +++ /dev/null @@ -1,26 +0,0 @@ -as testid@aaf.att.com -# TC_User1.20.1.POS Create roles -expect 201 -role create com.test.TC_User1.@[user.name].manager -role create com.test.TC_User1.@[user.name].worker - -# TC_User1.20.2.POS Create permissions -perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker -perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker -perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager -perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager - -# TC_User1.20.3.POS Create mechid -user cred add m99990@@[user.name].TC_User1.test.com password123 -user cred add m99995@@[user.name].TC_User1.test.com password123 - -as XX@NS -# TC_User1.20.10.POS Add users to roles -expect 201 -user role add @[user.name] com.test.TC_User1.@[user.name].manager -user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker - -# TC_User1.20.20.POS Add Delegate -as XX@NS -# TC_User1.20.20.POS Create delegates -force user delegate add @[user.name] @[user.name] diff --git a/authz-test/TestSuite/TC_User1/40_viewByRole b/authz-test/TestSuite/TC_User1/40_viewByRole deleted file mode 100644 index 824f01e2..00000000 --- a/authz-test/TestSuite/TC_User1/40_viewByRole +++ /dev/null @@ -1,23 +0,0 @@ - -# TC_User1.40.1.NEG Non-admin, user not in role should not view -expect 403 -as testunused@aaf.att.com -user list role com.test.TC_User1.@[user.name].manager -user list role com.test.TC_User1.@[user.name].worker - -as m99990@@[user.name].TC_User1.test.com -# TC_User1.40.2.NEG Non-admin, user in role should not view -expect 403 -user list role com.test.TC_User1.@[user.name].manager - -sleep @[NFR] -# TC_User1.40.3.POS Non-admin, user in role can view himself -expect 200 -user list role com.test.TC_User1.@[user.name].worker - -as testid@aaf.att.com -# TC_User1.40.10.POS admin should view -expect 200 -user list role com.test.TC_User1.@[user.name].manager -user list role com.test.TC_User1.@[user.name].worker - diff --git a/authz-test/TestSuite/TC_User1/41_viewByPerm b/authz-test/TestSuite/TC_User1/41_viewByPerm deleted file mode 100644 index 6813cb15..00000000 --- a/authz-test/TestSuite/TC_User1/41_viewByPerm +++ /dev/null @@ -1,29 +0,0 @@ -as testunused@aaf.att.com -# TC_User1.41.1.NEG Non-admin, user not in perm should not view -expect 200 -user list perm com.test.TC_User1.@[user.name].supplies * move -user list perm com.test.TC_User1.@[user.name].supplies * stock -user list perm com.test.TC_User1.@[user.name].schedule worker create -user list perm com.test.TC_User1.@[user.name].worker * annoy - -as m99990@@[user.name].TC_User1.test.com -# TC_User1.41.2.POS Non-admin, user in perm can view himself -expect 200 -user list perm com.test.TC_User1.@[user.name].supplies * move -user list perm com.test.TC_User1.@[user.name].supplies * stock - -as m99990@@[user.name].TC_User1.test.com -# TC_User1.41.3.NEG Non-admin, user in perm should not view -expect 200 -user list perm com.test.TC_User1.@[user.name].schedule worker create -user list perm com.test.TC_User1.@[user.name].worker * annoy - -as testid@aaf.att.com -# TC_User1.41.10.POS admin should view -expect 200 -user list perm com.test.TC_User1.@[user.name].supplies * move -user list perm com.test.TC_User1.@[user.name].supplies * stock -user list perm com.test.TC_User1.@[user.name].schedule worker create -user list perm com.test.TC_User1.@[user.name].worker * annoy - - diff --git a/authz-test/TestSuite/TC_User1/42_viewByDelegates b/authz-test/TestSuite/TC_User1/42_viewByDelegates deleted file mode 100644 index 7d16cb3c..00000000 --- a/authz-test/TestSuite/TC_User1/42_viewByDelegates +++ /dev/null @@ -1,12 +0,0 @@ -as testunused@aaf.att.com -# TC_User1.42.1.NEG Unrelated user can't view delegates -expect 403 -user list delegates user m99990@@[user.name].TC_User1.test.com -user list delegates delegate m99995@@[user.name].TC_User1.test.com - -as XX@NS -# TC_User1.42.10.POS Admin of domain NS can view -expect 200 -user list delegates user @[user.name] -user list delegates delegate @[user.name] - diff --git a/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm deleted file mode 100644 index 8f4ffd05..00000000 --- a/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm +++ /dev/null @@ -1,27 +0,0 @@ - -as testid@aaf.att.com -# TC_User1.43.1.POS Add another user to worker role -expect 201 -user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker - - -as m99990@@[user.name].TC_User1.test.com -# TC_User1.43.2.POS User should only see himself here -expect 200 -user list role com.test.TC_User1.@[user.name].worker -user list perm com.test.TC_User1.@[user.name].supplies * move -user list perm com.test.TC_User1.@[user.name].supplies * stock - - -as XX@NS -# TC_User1.43.10.POS Grant explicit user perm to user -expect 201 -perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker - -as m99990@@[user.name].TC_User1.test.com -# TC_User1.43.11.POS User should see all users of test domain now -expect 200 -user list role com.test.TC_User1.@[user.name].worker -user list perm com.test.TC_User1.@[user.name].supplies * move -user list perm com.test.TC_User1.@[user.name].supplies * stock - diff --git a/authz-test/TestSuite/TC_User1/99_cleanup b/authz-test/TestSuite/TC_User1/99_cleanup deleted file mode 100644 index f6e9724e..00000000 --- a/authz-test/TestSuite/TC_User1/99_cleanup +++ /dev/null @@ -1,37 +0,0 @@ -expect 200,404 -as testid@aaf.att.com - -# TC_User1.99.0.POS Remove user roles -user role del @[user.name] com.test.TC_User1.@[user.name].manager -user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker -user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker - -# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms -force perm delete com.test.TC_User1.@[user.name].supplies * move -force perm delete com.test.TC_User1.@[user.name].supplies * stock -force perm delete com.test.TC_User1.@[user.name].schedule worker create -force perm delete com.test.TC_User1.@[user.name].worker * annoy -force role delete com.test.TC_User1.@[user.name].manager -force role delete com.test.TC_User1.@[user.name].worker - -# TC_User1.99.10.POS Creds and delegate -user delegate del @[user.name] -user cred del m99990@@[user.name].TC_User1.test.com -user cred del m99995@@[user.name].TC_User1.test.com - -as XX@NS -# TC_User1.99.15.POS Remove ability to create creds -perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin -perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin -perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view - -as testid@aaf.att.com:<pass> -force role delete com.test.TC_User1.@[user.name].cred_admin - -# TC_User1.99.90.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_User1.@[user.name] -sleep @[NFR] - -# TC_User1.99.99.POS Check Clean Namespace -ns list name com.test.TC_User1.@[user.name] - diff --git a/authz-test/TestSuite/TC_User1/Description b/authz-test/TestSuite/TC_User1/Description deleted file mode 100644 index 9f74081d..00000000 --- a/authz-test/TestSuite/TC_User1/Description +++ /dev/null @@ -1,6 +0,0 @@ -This Testcase Tests the viewability of different user commands - -APIs: - -CLI: - diff --git a/authz-test/TestSuite/TC_Wild/00_ids b/authz-test/TestSuite/TC_Wild/00_ids deleted file mode 100644 index 7fb0e054..00000000 --- a/authz-test/TestSuite/TC_Wild/00_ids +++ /dev/null @@ -1,8 +0,0 @@ -expect 0 -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set XX@NS=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TC_Wild/10_init b/authz-test/TestSuite/TC_Wild/10_init deleted file mode 100644 index c411f930..00000000 --- a/authz-test/TestSuite/TC_Wild/10_init +++ /dev/null @@ -1,18 +0,0 @@ -as XX@NS -# TC_Wild.10.0.POS Validate NS ok -expect 200 -ns list name com.att.test.TC_Wild.@[user.name] - -# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties -expect 201 -ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com - -# TC_Wild.10.10.POS Create a clean MechID -expect 201 -user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8 -set m99999@@[user.name].TC_Wild.att.com=aNewPass8 - -as XX@NS -# TC_Wild.10.11.POS Create role and assign MechID to -expect 201 -role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com diff --git a/authz-test/TestSuite/TC_Wild/20_perm b/authz-test/TestSuite/TC_Wild/20_perm deleted file mode 100644 index 2110cbe5..00000000 --- a/authz-test/TestSuite/TC_Wild/20_perm +++ /dev/null @@ -1,33 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.20.1.NEG Fail to create a perm in NS -expect 403 -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction - - -# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service - -# TC_Wild.20.5.POS Print Perms -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - - -# TC_Wild.20.7.POS Now able to create a perm in NS -as m99999@@[user.name].TC_Wild.att.com -expect 201 -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction - - -# TC_Wild.20.8.POS Print Perms -as XX@NS -expect 200 -perm list ns com.att.TC_Wild.@[user.name] - -# TC_Wild.20.10.POS Delete Perms Created -expect 200 -force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write -force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction - diff --git a/authz-test/TestSuite/TC_Wild/21_perm b/authz-test/TestSuite/TC_Wild/21_perm deleted file mode 100644 index 772eea9d..00000000 --- a/authz-test/TestSuite/TC_Wild/21_perm +++ /dev/null @@ -1,33 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.21.1.NEG Fail to create a perm in NS -expect 403 -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction - - -# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service - -# TC_Wild.21.5.POS Print Perms -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - - -# TC_Wild.21.7.POS Now able to create a perm in NS -as m99999@@[user.name].TC_Wild.att.com -expect 201 -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction - - -# TC_Wild.21.8.POS Print Perms -as XX@NS -expect 200 -perm list ns com.att.TC_Wild.@[user.name] - -# TC_Wild.21.10.POS Delete Perms Created -expect 200 -force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write -force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction - diff --git a/authz-test/TestSuite/TC_Wild/30_role b/authz-test/TestSuite/TC_Wild/30_role deleted file mode 100644 index 6d680c7e..00000000 --- a/authz-test/TestSuite/TC_Wild/30_role +++ /dev/null @@ -1,33 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.30.1.NEG Fail to create a role in NS -expect 403 -role create com.att.TC_Wild.@[user.name].tool.myRole - - -# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service - -# TC_Wild.30.5.POS Print Perms -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - - -# TC_Wild.30.7.POS Now able to create a role in NS -as m99999@@[user.name].TC_Wild.att.com -expect 201 -role create com.att.TC_Wild.@[user.name].tool.myRole - - -# TC_Wild.30.8.POS Print Perms -as XX@NS -expect 200 -role list ns com.att.TC_Wild.@[user.name] - -# TC_Wild.30.10.POS Delete Perms Created -expect 200 -force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write -force role delete com.att.TC_Wild.@[user.name].tool.myRole - diff --git a/authz-test/TestSuite/TC_Wild/31_role b/authz-test/TestSuite/TC_Wild/31_role deleted file mode 100644 index e29f308c..00000000 --- a/authz-test/TestSuite/TC_Wild/31_role +++ /dev/null @@ -1,33 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.31.1.NEG Fail to create a role in NS -expect 403 -role create com.att.TC_Wild.@[user.name].tool.myRole - - -# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service - -# TC_Wild.31.5.POS Print Perms -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - - -# TC_Wild.31.7.POS Now able to create a role in NS -as m99999@@[user.name].TC_Wild.att.com -expect 201 -role create com.att.TC_Wild.@[user.name].tool.myRole - - -# TC_Wild.31.8.POS Print Perms -as XX@NS -expect 200 -role list ns com.att.TC_Wild.@[user.name] - -# TC_Wild.31.10.POS Delete Perms Created -expect 200 -force perm delete com.att.TC_Wild.@[user.name].access :role:* write -force role delete com.att.TC_Wild.@[user.name].tool.myRole - diff --git a/authz-test/TestSuite/TC_Wild/32_role b/authz-test/TestSuite/TC_Wild/32_role deleted file mode 100644 index ccbe866a..00000000 --- a/authz-test/TestSuite/TC_Wild/32_role +++ /dev/null @@ -1,30 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.32.1.NEG Fail to create a role in NS -expect 403 -role create com.att.TC_Wild.@[user.name].tool.myRole - -# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service - -# TC_Wild.32.5.POS Print Perms -as m99999@@[user.name].TC_Wild.att.com -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.32.7.POS Now able to create a role in NS -expect 201 -role create com.att.TC_Wild.@[user.name].tool.myRole - -# TC_Wild.32.8.POS May Print Role -expect 200 -role list role com.att.TC_Wild.@[user.name].tool.myRole - -as XX@NS -# TC_Wild.32.10.POS Delete Perms Created -expect 200 -force perm delete com.att.TC_Wild.@[user.name].access :role:* * -force role delete com.att.TC_Wild.@[user.name].tool.myRole - diff --git a/authz-test/TestSuite/TC_Wild/50_global_perm b/authz-test/TestSuite/TC_Wild/50_global_perm deleted file mode 100644 index df5f5426..00000000 --- a/authz-test/TestSuite/TC_Wild/50_global_perm +++ /dev/null @@ -1,33 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.50.1.NEG Fail to create a perm in NS -expect 403 -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction - - -# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service - -# TC_Wild.50.5.POS Print Perms -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - - -# TC_Wild.50.7.POS Now able to create a perm in NS -as m99999@@[user.name].TC_Wild.att.com -expect 201 -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction - - -# TC_Wild.50.8.POS Print Perms -as XX@NS -expect 200 -perm list ns com.att.TC_Wild.@[user.name] - -# TC_Wild.50.10.POS Delete Perms Created -expect 200 -force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write -force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction - diff --git a/authz-test/TestSuite/TC_Wild/51_global_role b/authz-test/TestSuite/TC_Wild/51_global_role deleted file mode 100644 index 1e86e916..00000000 --- a/authz-test/TestSuite/TC_Wild/51_global_role +++ /dev/null @@ -1,33 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.51.1.NEG Fail to create a role in NS -expect 403 -role create com.att.TC_Wild.@[user.name].tool.myRole - - -# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service - -# TC_Wild.51.5.POS Print Perms -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - - -# TC_Wild.51.7.POS Now able to create a role in NS -as m99999@@[user.name].TC_Wild.att.com -expect 201 -role create com.att.TC_Wild.@[user.name].tool.myRole - - -# TC_Wild.51.8.POS Print Perms -as XX@NS -expect 200 -role list ns com.att.TC_Wild.@[user.name] - -# TC_Wild.51.10.POS Delete Perms Created -expect 200 -force perm delete com.att.aaf.ns :com.att.*:role:tool.* write -force role delete com.att.TC_Wild.@[user.name].tool.myRole - diff --git a/authz-test/TestSuite/TC_Wild/52_global_ns b/authz-test/TestSuite/TC_Wild/52_global_ns deleted file mode 100644 index b1e45ad3..00000000 --- a/authz-test/TestSuite/TC_Wild/52_global_ns +++ /dev/null @@ -1,33 +0,0 @@ -as m99999@@[user.name].TC_Wild.att.com - -# TC_Wild.52.1.NEG Fail to create a NS -expect 403 -ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com - - -# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -expect 201 -perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service - -# TC_Wild.52.5.POS Print Perms -expect 200 -perm list user m99999@@[user.name].TC_Wild.att.com - - -# TC_Wild.52.7.POS Now able to create an NS -as m99999@@[user.name].TC_Wild.att.com -expect 201 -ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com - - -# TC_Wild.52.8.POS Print Perms -as XX@NS -expect 200 -ns list name com.test.TC_Wild.@[user.name] - -# TC_Wild.52.10.POS Delete Perms Created -expect 200 -force perm delete com.att.aaf.ns :com.test:ns write -force ns delete com.test.TC_Wild.@[user.name] - diff --git a/authz-test/TestSuite/TC_Wild/99_cleanup b/authz-test/TestSuite/TC_Wild/99_cleanup deleted file mode 100644 index d6abfd90..00000000 --- a/authz-test/TestSuite/TC_Wild/99_cleanup +++ /dev/null @@ -1,25 +0,0 @@ -as XX@NS -expect 200,404 - -# TC_Wild.99.80.POS Cleanup -force perm delete com.att.aaf.ns :com.att.*:perm:*:* write - -# TC_Wild.99.81.POS Cleanup -force perm delete com.att.aaf.ns :com.att.*:perm:*:* * - -# TC_Wild.99.82.POS Cleanup -force perm delete com.att.aaf.ns :com.att.*:role:* write - -# TC_Wild.99.83.POS Cleanup -force perm delete com.att.aaf.ns :com.test:ns write - -# TC_Wild.99.90.POS Cleanup -force ns delete com.test.TC_Wild.@[user.name] - -# TC_Wild.99.91.POS Cleanup -force ns delete com.att.TC_Wild.@[user.name] - -# TC_Wild.99.99.POS List to prove clean Namespaces -ns list name com.att.TC_Wild.@[user.name] -ns list name com.test.TC_Wild.@[user.name] - diff --git a/authz-test/TestSuite/TC_Wild/Description b/authz-test/TestSuite/TC_Wild/Description deleted file mode 100644 index 012a12b1..00000000 --- a/authz-test/TestSuite/TC_Wild/Description +++ /dev/null @@ -1,16 +0,0 @@ -This Testcase Tests the essentials of the Namespace, and the NS Commands - -APIs: - - - -CLI: - Target - role create :role - role delete - ns delete :ns - ns list :ns - Ancillary - role create :role - role list name :role.* - diff --git a/authz-test/TestSuite/TEMPLATE_TC/00_ids b/authz-test/TestSuite/TEMPLATE_TC/00_ids deleted file mode 100644 index ad09d774..00000000 --- a/authz-test/TestSuite/TEMPLATE_TC/00_ids +++ /dev/null @@ -1,10 +0,0 @@ -expect 0 -set XX@NS=<pass> -set testid@aaf.att.com=<pass> -set testunused@aaf.att.com=<pass> -set testid_1@test.com=<pass> -set testid_2@test.com=<pass> -set bogus=boguspass - -#delay 10 -set NFR=0 diff --git a/authz-test/TestSuite/TEMPLATE_TC/10_init b/authz-test/TestSuite/TEMPLATE_TC/10_init deleted file mode 100644 index ebdaaae5..00000000 --- a/authz-test/TestSuite/TEMPLATE_TC/10_init +++ /dev/null @@ -1,24 +0,0 @@ -as XX@NS -# TEMPLATE_TC.10.0.POS Print NS to prove ok -expect 200 -ns list name com.test.TEMPLATE_TC.@[user.name] - -# TEMPLATE_TC.10.1.POS Create Namespace with User ID -expect 201 -ns create com.test.TEMPLATE_TC.@[user.name]_1 @[user.name] testid_1@test.com - -# TEMPLATE_TC.10.4.POS Print NS to prove ok -expect 200 -ns list name com.test.TEMPLATE_TC.@[user.name]_2 - -# TEMPLATE_TC.10.5.POS Create Namespace with Different ID -expect 201 -ns create com.test.TEMPLATE_TC.@[user.name]_2 @[user.name] testid_2@test.com - -# TEMPLATE_TC.10.8.POS Print NS to prove ok -expect 200 -ns list name com.att.TEMPLATE_TC.@[user.name] - -# TEMPLATE_TC.10.9.POS Create Namespace in Different Company -expect 201 -ns create com.att.TEMPLATE_TC.@[user.name] @[user.name] testunused@aaf.att.com diff --git a/authz-test/TestSuite/TEMPLATE_TC/99_cleanup b/authz-test/TestSuite/TEMPLATE_TC/99_cleanup deleted file mode 100644 index a2080461..00000000 --- a/authz-test/TestSuite/TEMPLATE_TC/99_cleanup +++ /dev/null @@ -1,22 +0,0 @@ -expect 200,404 -as testid_1@test.com -# TEMPLATE_TC.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TEMPLATE_TC.@[user.name]_1 - -# TEMPLATE_TC.99.3.POS Print Namespaces -ns list name com.test.TEMPLATE_TC.@[user.name]_1 - -as testid_2@test.com -# TEMPLATE_TC.99.4.POS Namespace Admin can delete Namespace -force ns delete com.test.TEMPLATE_TC.@[user.name]_2 - -# TEMPLATE_TC.99.5.POS Print Namespaces -ns list name com.test.TEMPLATE_TC.@[user.name]_2 - - -as testunused@aaf.att.com -# TEMPLATE_TC.99.6.POS Remove Namespace from other company -force ns delete com.att.TEMPLATE_TC.@[user.name] - -# TEMPLATE_TC.99.7.POS Print Namespace from other company -ns list name com.att.TEMPLATE_TC.@[user.name] diff --git a/authz-test/TestSuite/TEMPLATE_TC/Description b/authz-test/TestSuite/TEMPLATE_TC/Description deleted file mode 100644 index 2283774d..00000000 --- a/authz-test/TestSuite/TEMPLATE_TC/Description +++ /dev/null @@ -1,10 +0,0 @@ -This is a TEMPLATE testcase, to make creating new Test Cases easier. - -APIs: - - -CLI: -ns create -ns delete -as - diff --git a/authz-test/TestSuite/cmds b/authz-test/TestSuite/cmds deleted file mode 100644 index 4d3c6ab4..00000000 --- a/authz-test/TestSuite/cmds +++ /dev/null @@ -1,21 +0,0 @@ -# /bin/bash -. ~/.bashrc -function failed { - echo "FAILED TEST! " $* - exit 1 -} - -if [ "$1" == "" ] ; then - DIRS=`find . -name "TC_*" -maxdepth 1`" "`find . -name "MTC_*" -maxdepth 1` -else - DIRS="$1" -fi - - for DIR in $DIRS; do - for FILE in $DIR/[0-9]*; do - echo "*** "$FILE" ***" - cat $FILE - echo - done - done -exit 0 diff --git a/authz-test/TestSuite/copy b/authz-test/TestSuite/copy deleted file mode 100644 index 27d57cb6..00000000 --- a/authz-test/TestSuite/copy +++ /dev/null @@ -1,17 +0,0 @@ -# /bin/bash -if [ "$2" != "" ] ; then - if [ -e $2 ]; then - echo "$2 exists, copy aborted" - exit 1 - fi - mkdir -p $2 - for FILE in $1/*; do - FILE2=`echo $FILE | sed -e "s/$1/$2/"` - echo $FILE2 - sed -e "s/$1/$2/g" $FILE > $FILE2 - done -else - echo 'Usage: copy <Source TestCase> <Target TestCase>' -fi - -exit 0 diff --git a/authz-test/TestSuite/csv b/authz-test/TestSuite/csv deleted file mode 100644 index a6a0b305..00000000 --- a/authz-test/TestSuite/csv +++ /dev/null @@ -1,13 +0,0 @@ -# /bin/bash -if [ "$1" == "" ]; then - DIRS=`ls -d TC*` -else - DIRS=$1 -fi - -echo '"Test Case","Description"' -for DIR in $DIRS; do - grep -h "^# $DIR" $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ /,"/' -e 's/$/"/' -done -cd .. -exit 0 diff --git a/authz-test/TestSuite/expected/MTC_Appr1.expected b/authz-test/TestSuite/expected/MTC_Appr1.expected deleted file mode 100644 index 269f7317..00000000 --- a/authz-test/TestSuite/expected/MTC_Appr1.expected +++ /dev/null @@ -1,144 +0,0 @@ -set testid@aaf.att.com <pass> -set XX@NS <pass> -set testunused@aaf.att.com <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_Appr1.10.0.POS List NS to prove ok -ns list name com.test.appr -** Expect 200 ** - -List Namespaces by Name[com.test.appr] --------------------------------------------------------------------------------- - -ns list name com.test.appr.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.appr.@[THE_USER]] --------------------------------------------------------------------------------- - -# TC_Appr1.10.1.POS Create Personalized Namespace to add Approvals -ns create com.test.appr.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Appr1.10.2.POS Create General Namespace to add Approvals -ns create com.test.appr @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Appr1.10.10.POS Create Roles in Namespace -role create com.test.appr.@[user.name].addToUserRole -** Expect 201 ** -Created Role - -role create com.test.appr.@[user.name].grantToPerm -** Expect 201 ** -Created Role - -role create com.test.appr.@[user.name].ungrantFromPerm -** Expect 201 ** -Created Role - -role create com.test.appr.@[user.name].grantFirstPerm -** Expect 201 ** -Created Role - -role create com.test.appr.@[user.name].grantSecondPerm -** Expect 201 ** -Created Role - -# TC_Appr1.10.12.POS Create Permissions in Namespace -perm create com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm -** Expect 201 ** -Created Permission -Granted Permission [com.test.appr.@[THE_USER].ungrantFromRole|myInstance|myAction] to Role [com.test.appr.@[THE_USER].ungrantFromPerm] - -perm create com.test.appr.@[user.name].grantToRole myInstance myAction -** Expect 201 ** -Created Permission - -force perm create com.test.appr.@[user.name].deleteThisPerm myInstance myAction com.test.appr.@[user.name].grantedRole -** Expect 201 ** -Created Permission -Granted Permission [com.test.appr.@[THE_USER].deleteThisPerm|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantedRole] (Created) - -perm create com.test.appr.@[user.name].grantTwoRoles myInstance myAction -** Expect 201 ** -Created Permission - -perm create com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm -** Expect 201 ** -Created Permission -Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantFirstPerm] -Granted Permission [com.test.appr.@[THE_USER].ungrantTwoRoles|myInstance|myAction] to Role [com.test.appr.@[THE_USER].grantSecondPerm] - -as testunused@aaf.att.com -# TC_Appr1.15.01.NEG Create Future and Approvals with non-admin request -user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole -** Expect 403 ** -Failed [SVC2403]: Approvals required, but not requested by Client - -# TC_Appr1.15.02.NEG Create Approval for NS create -ns create com.test.appr.@[user.name].myProject @[user.name] -** Expect 403 ** -Failed [SVC2403]: Approvals required, but not requested by Client - -# TC_Appr1.15.03.NEG Generate Approval for granting permission to role -perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm -** Expect 403 ** -Failed [SVC2403]: Approvals required, but not requested by Client - -# TC_Appr1.15.04.NEG Generate Approval for ungranting permission from role -perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm -** Expect 403 ** -Failed [SVC2403]: Approvals required, but not requested by Client - -# TC_Appr1.15.05.NEG Generate Approval for granting permission to role -perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm -** Expect 403 ** -Failed [SVC2403]: Approvals required, but not requested by Client -Failed [SVC2403]: Approvals required, but not requested by Client - -# TC_Appr1.15.06.NEG Generate Approval for ungranting permission from role -perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm -** Expect 403 ** -Failed [SVC2403]: Approvals required, but not requested by Client -Failed [SVC2403]: Approvals required, but not requested by Client - -# TC_Appr1.15.51.POS Create Future and Approvals with non-admin request -set request true -set request=true user role add @[user.name]@@[user.name].appr.test.com com.test.appr.@[user.name].addToUserRole -** Expect 202 ** -UserRole Creation Accepted, but requires Approvals before actualizing - -# TC_Appr1.15.52.POS Create Approval for NS create -set request true -set request=true ns create com.test.appr.@[user.name].myProject @[user.name] -** Expect 202 ** -Namespace Creation Accepted, but requires Approvals before actualizing - -# TC_Appr1.15.53.POS Generate Approval for granting permission to role -set request true -set request=true perm grant com.test.appr.@[user.name].grantToRole myInstance myAction com.test.appr.@[user.name].grantToPerm -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Appr1.15.54.POS Generate Approval for ungranting permission from role -request perm ungrant com.test.appr.@[user.name].ungrantFromRole myInstance myAction com.test.appr.@[user.name].ungrantFromPerm -** Expect 202 ** -Permission Role Ungranted Accepted, but requires Approvals before actualizing - -# TC_Appr1.15.55.POS Generate Approval for granting permission to role -request perm grant com.test.appr.@[user.name].grantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Appr1.15.56.POS Generate Approval for ungranting permission from role -request perm ungrant com.test.appr.@[user.name].ungrantTwoRoles myInstance myAction com.test.appr.@[user.name].grantFirstPerm,com.test.appr.@[user.name].grantSecondPerm -** Expect 202 ** -Permission Role Ungranted Accepted, but requires Approvals before actualizing -Permission Role Ungranted Accepted, but requires Approvals before actualizing - diff --git a/authz-test/TestSuite/expected/MTC_Appr2.expected b/authz-test/TestSuite/expected/MTC_Appr2.expected deleted file mode 100644 index 7191a044..00000000 --- a/authz-test/TestSuite/expected/MTC_Appr2.expected +++ /dev/null @@ -1,24 +0,0 @@ -# TC_Appr2.99.1.POS Delete User Role, if exists -user role del testunused@aaf.att.com com.test.appr.@[user.name].myRole -** Expect 200,404 ** -Failed [SVC1404]: Cannot delete non-existent User Role - -# TC_Appr2.99.79.POS Delete Role -role delete com.test.appr.@[user.name].myRole -** Expect 200,404 ** -Deleted Role - -# TC_Appr2.99.80.POS Delete Namespaces for TestSuite -ns delete com.test.appr -** Expect 200,404 ** -Deleted Namespace - -ns delete com.test.appr.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_Appr2.99.81.POS Delete Credential used to generate approvals -as XX@NS:<pass> user cred del testbatch@aaf.att.com -** Expect 200,404 ** -Deleted Credential [testbatch@aaf.att.com] - diff --git a/authz-test/TestSuite/expected/TC_Cred1.expected b/authz-test/TestSuite/expected/TC_Cred1.expected deleted file mode 100644 index 8d310d91..00000000 --- a/authz-test/TestSuite/expected/TC_Cred1.expected +++ /dev/null @@ -1,269 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set bogus boguspass -set XX@NS <pass> -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_Cred1.10.0.POS List NS to prove ok -ns list name com.test.TC_Cred1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials -ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Cred1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com -** Expect 201 ** -Created Role -Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] - -role create com.test.TC_Cred1.@[user.name].pw_reset -** Expect 201 ** -Created Role - -# TC_Cred1.10.11.POS Assign roles to perms -as XX@NS -perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset] - -perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] - -perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_Cred1.10.30.POS Assign user for creating creds -user cred add m99999@@[user.name].TC_Cred1.test.com password123 -** Expect 201 ** -Added Credential [m99999@@[THE_USER].TC_Cred1.test.com] - -set m99999@@[THE_USER].TC_Cred1.test.com password123 -# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions -user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com] -Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.10.32.POS Remove create rights for testing -user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin -** Expect 200 ** -Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] - -# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID -as testunused@aaf.att.com -user cred add m99990@@[user.name].TC_Cred1.test.com password123 -** Expect 403 ** -Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T - -# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID -as m99999@@[THE_USER].TC_Cred1.test.com -user cred add m99990@@[user.name].TC_Cred1.test.com password123 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID -as testunused@aaf.att.com -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 -** Expect 403 ** -Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER] - -# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID -as m99999@@[THE_USER].TC_Cred1.test.com -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 -** Expect 200 ** -Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.15.12.POS Admin, without reset permission can reset Password -as testid@aaf.att.com -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 -** Expect 200 ** -Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 -** Expect 200 ** -Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.15.20.POS Admin, delete -user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 -** Expect 200 ** -Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.30.1.NEG Multiple options available to delete -as XX@NS -user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -as testid@aaf.att.com -user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.30.2.POS Succeeds when we choose last option -user cred del m99990@@[user.name].TC_Cred1.test.com 2 -** Expect 200 ** -Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.30.10.POS Add another credential -user cred add m99990@@[user.name].TC_Cred1.test.com password123 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.30.11.NEG Multiple options available to reset -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 -** Expect 300 ** -Failed [SVC1300]: Choice - Select which cred to update: - Id Type Expires - 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] - 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] -Run same command again with chosen entry as last parameter - -# TC_Cred1.30.12.NEG Fails when we choose a bad option -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - User chose invalid credential selection - -# TC_Cred1.30.13.POS Succeeds when we choose last option -user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 -** Expect 200 ** -Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -#TC_Cred1.30.30.NEG Fails when we don't have specific property -user cred extend m99990@@[user.name].TC_Cred1.test.com -** Expect 403 ** -Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T - -#### EXTENDS behavior #### -#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission -as XX@NS -role create com.test.TC_Cred1.@[user.name].extendTemp -** Expect 201 ** -Created Role - -#TC_Cred1.30.33.POS Grant Extends Permission to Role -perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp -** Expect 201 ** -Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] - -#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission -role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS -** Expect 201 ** -Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] - -#TC_Cred1.30.36.POS Extend Password, expecting Single Response -user cred extend m99990@@[user.name].TC_Cred1.test.com 1 -** Expect 200 ** -Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -#TC_Cred1.30.39.POS Remove Role -set force true -role delete com.test.TC_Cred1.@[user.name].extendTemp -** Expect 200 ** -Deleted Role - -#### MULTI CLEANUP ##### -role list user m99990@@[user.name].TC_Cred1.test.com -** Expect 200 ** - -List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- - -# TC_Cred1.30.80.POS Delete all entries for this cred -set force true -user cred del m99990@@[user.name].TC_Cred1.test.com -** Expect 200 ** -Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] - -# TC_Cred1.30.99.POS List ns shows no creds attached -ns list name com.test.TC_Cred1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Cred1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Cred1.@[THE_USER].admin - com.test.TC_Cred1.@[THE_USER].cred_admin - com.test.TC_Cred1.@[THE_USER].owner - com.test.TC_Cred1.@[THE_USER].pw_reset - Permissions - com.test.TC_Cred1.@[THE_USER].access * * - com.test.TC_Cred1.@[THE_USER].access * read - Credentials - m99999@@[THE_USER].TC_Cred1.test.com - -as testid@aaf.att.com -# TC_Cred1.99.1.POS Delete credentials -force user cred del m99990@@[user.name].TC_Cred1.test.com -** Expect 200,404 ** -Failed [SVC5404]: Not Found - Credential does not exist - -#TC_Cred1.99.2.POS Ensure Remove Role -set force true -role delete com.test.TC_Cred1.@[user.name].extendTemp -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist - -# TC_Cred1.99.10.POS Remove ability to create creds -force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin -** Expect 200,404 ** -Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin] - -force perm delete com.att.aaf.password com.test reset -** Expect 200,404 ** -Deleted Permission - -force perm delete com.att.aaf.mechid com.test create -** Expect 200,404 ** -Deleted Permission - -as testid@aaf.att.com -force role delete com.test.TC_Cred1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Cred1.@[user.name].pw_reset -** Expect 200,404 ** -Deleted Role - -# TC_Cred1.99.99.POS Delete Namespace for TestSuite -set force true -set force=true ns delete com.test.TC_Cred1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -as XX@NS -force ns delete com.test.TC_Cred1.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist - -force ns delete com.test.TC_Cred1 -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist - diff --git a/authz-test/TestSuite/expected/TC_DELG1.expected b/authz-test/TestSuite/expected/TC_DELG1.expected deleted file mode 100644 index 962caf6a..00000000 --- a/authz-test/TestSuite/expected/TC_DELG1.expected +++ /dev/null @@ -1,223 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set XX@NS <pass> -set m99999@@[THE_USER].delg.test.com password123 -set bogus@aaf.att.com boguspass -#delay 10 -set NFR 0 -# TC_DELG1.10.1.POS Check For Existing Data -as testid@aaf.att.com -ns list name com.test.delg.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.delg.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -as XX@NS -perm create com.att.aaf.delg com.att * com.att.admin -** Expect 201,409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.att.aaf.delg|com.att|*] already exists. - -user list delegates delegate @[user.name]@csp.att.com -** Expect 404 ** -Failed [SVC7404]: Not Found - Delegate [@[THE_USER]@csp.att.com] is not delegating for anyone. - -as testid@aaf.att.com -# TC_DELG1.10.2.POS Create Namespace to add IDs -ns create com.test.delg.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -as XX@NS -# TC_DELG1.10.10.POS Grant ability to change delegates -force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg -** Expect 404 ** -Failed [SVC3404]: Not Found - Role [com.test.delg.@[THE_USER].change_delg] does not exist - -# TC_DELG1.10.11.POS Grant ability to change delegates -role create com.test.delg.@[user.name].change_delg -** Expect 201 ** -Created Role - -# TC_DELG1.10.12.POS Grant ability to change delegates -force perm grant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg] - -# TC_DELG1.10.14.POS Create user role to change delegates -user role add testid@aaf.att.com com.test.delg.@[user.name].change_delg -** Expect 201 ** -Added Role [com.test.delg.@[THE_USER].change_delg] to User [testid@aaf.att.com] - -# TC_DELG1.10.15.POS Grant ability to create cred -perm grant com.att.aaf.delg com.att create com.test.delg.@[user.name].change_delg -** Expect 201 ** -Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.delg.@[THE_USER].change_delg] - -as testid@aaf.att.com -# TC_DELG1.10.30.POS Create cred that will change his own delg -user cred add m99999@@[user.name].delg.test.com password123 -** Expect 201 ** -Added Credential [m99999@@[THE_USER].delg.test.com] - -as XX@NS -Unknown Instruction "TC_DELG1.10.31.POS" -perm ungrant com.att.aaf.mechid com.att create com.test.delg.@[user.name].change_delg -** Expect 200 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.delg.@[THE_USER].change_delg] - -as testid@aaf.att.com -# TC_DELG1.10.99.POS Check for Data as Correct -ns list name com.test.delg.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.delg.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.delg.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.delg.@[THE_USER].admin - com.test.delg.@[THE_USER].change_delg - com.test.delg.@[THE_USER].owner - Permissions - com.test.delg.@[THE_USER].access * * - com.test.delg.@[THE_USER].access * read - Credentials - m99999@@[THE_USER].delg.test.com - -# TC_DELG1.20.10.NEG Cannot create delegate with unknown user ID -user delegate add aa111q@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' -** Expect 404 ** -Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database. - -# TC_DELG1.20.11.NEG Cannot Create Delegate with unknown delegate -user delegate add @[user.name]@csp.att.com aa111q@csp.att.com '2099-12-31 06:00' -** Expect 404 ** -Failed [SVC5404]: Not Found - [aa111q@csp.att.com] is not a user in the company database. - -# TC_DELG1.20.20.NEG May not change user, no delegate permission -as m99999@@[THE_USER].delg.test.com -force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].delg.test.com] may not create a delegate for [@[THE_USER]@csp.att.com] - -as testid@aaf.att.com -# TC_DELG1.20.21.NEG Fail to Update Delegate that doesnt exist -user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' -** Expect 404 ** -Failed [SVC1404]: Not Found - [@[THE_USER]@csp.att.com] does not have a Delegate Record to [write]. - -# TC_DELG1.20.22.NEG May not create delegate for self. -user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - [@[THE_USER]@csp.att.com] cannot be a delegate for self - -# TC_DELG1.20.23.POS May create delegate for self for tests by forcing. -force user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' -** Expect 201 ** -Delegate Added - -as XX@NS -# TC_DELG1.20.30.POS Expect Delegates for User -user list delegates user @[user.name]@csp.att.com -** Expect 200 ** - -List Delegates by user[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -as testid@aaf.att.com -# TC_DELG1.20.35.NEG Fail Create when exists -user delegate add @[user.name]@csp.att.com @[user.name]@csp.att.com '2099-12-31 06:00' -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - [@[THE_USER]@csp.att.com] already delegates to [@[THE_USER]@csp.att.com] - -as XX@NS -# TC_DELG1.20.40.POS Expect Delegates for User -user list delegates user @[user.name]@csp.att.com -** Expect 200 ** - -List Delegates by user[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -as testid@aaf.att.com -# TC_DELG1.20.46.POS Update Delegate with new Date -user delegate upd @[user.name]@csp.att.com @[user.name]@csp.att.com '2999-01-01 06:00' -** Expect 200 ** -Delegate Updated - -as XX@NS -# TC_DELG1.20.82.POS Expect Delegates for User -user list delegates user @[user.name]@csp.att.com -** Expect 200 ** - -List Delegates by user[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -# TC_DELG1.20.83.POS Expect Delegate to show up in list -user list delegates delegate @[user.name]@csp.att.com -** Expect 200 ** - -List Delegates by delegate[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -as XX@NS -# TC_DELG1.99.0.POS Check for Data as Correct -ns list name com.test.delg.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.delg.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.delg.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.delg.@[THE_USER].admin - com.test.delg.@[THE_USER].change_delg - com.test.delg.@[THE_USER].owner - Permissions - com.test.delg.@[THE_USER].access * * - com.test.delg.@[THE_USER].access * read - Credentials - m99999@@[THE_USER].delg.test.com - -# TC_DELG1.99.10.POS Delete Delegates -user delegate del @[user.name]@csp.att.com -** Expect 200,404 ** -Delegate Deleted - -# TC_DELG1.99.30.POS Delete Namespace com.att.test.id -force ns delete com.test.delg.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_DELG1.99.98.POS Check for Delegate Data as Correct -user list delegates user @[user.name]@csp.att.com -** Expect 200,404 ** -Failed [SVC7404]: Not Found - No Delegate found for [@[THE_USER]@csp.att.com] - -# TC_DELG1.99.99.POS Check for NS Data as Correct -ns list name com.test.delg.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.delg.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Link.expected b/authz-test/TestSuite/expected/TC_Link.expected deleted file mode 100644 index 3c58002e..00000000 --- a/authz-test/TestSuite/expected/TC_Link.expected +++ /dev/null @@ -1,253 +0,0 @@ -set testid <pass> -set testid@aaf.att.com <pass> -set XX@NS <pass> -set testunused <pass> -set bogus boguspass -#delay 10 -set NFR 0 -# TC_05 -ns list name com.test.TC_Link_1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Link_2.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -perm list role com.test.TC_Link_1.@[user.name].myRole -** Expect 200,404 ** - -List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- - - -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction -** Expect 200,404 ** - -List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- - -# TC_10 -as XX@NS -ns create com.test.TC_Link_1.@[user.name] @[user.name] XX@NS -** Expect 201 ** -Created Namespace - -ns create com.test.TC_Link_2.@[user.name] @[user.name] XX@NS -** Expect 201 ** -Created Namespace - -role create com.test.TC_Link_1.@[user.name].myRole -** Expect 201 ** -Created Role - -perm create com.test.TC_Link_2.@[user.name].myPerm myInstance myAction -** Expect 201 ** -Created Permission - -perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole -** Expect 201 ** -Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole] - -# 15_print -ns list name com.test.TC_Link_1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Link_1.@[THE_USER] - Administrators - XX@NS - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Link_1.@[THE_USER].admin - com.test.TC_Link_1.@[THE_USER].myRole - com.test.TC_Link_1.@[THE_USER].owner - Permissions - com.test.TC_Link_1.@[THE_USER].access * * - com.test.TC_Link_1.@[THE_USER].access * read - -ns list name com.test.TC_Link_2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Link_2.@[THE_USER] - Administrators - XX@NS - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Link_2.@[THE_USER].admin - com.test.TC_Link_2.@[THE_USER].owner - Permissions - com.test.TC_Link_2.@[THE_USER].access * * - com.test.TC_Link_2.@[THE_USER].access * read - com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction - -perm list role com.test.TC_Link_1.@[user.name].myRole -** Expect 200 ** - -List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction - - -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction -** Expect 200 ** - -List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Link_1.@[THE_USER].myRole - com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction - -role delete com.test.TC_Link_1.@[user.name].myRole -** Expect 200 ** -Deleted Role - -# 15_print -ns list name com.test.TC_Link_1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Link_1.@[THE_USER] - Administrators - XX@NS - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Link_1.@[THE_USER].admin - com.test.TC_Link_1.@[THE_USER].owner - Permissions - com.test.TC_Link_1.@[THE_USER].access * * - com.test.TC_Link_1.@[THE_USER].access * read - -ns list name com.test.TC_Link_2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Link_2.@[THE_USER] - Administrators - XX@NS - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Link_2.@[THE_USER].admin - com.test.TC_Link_2.@[THE_USER].owner - Permissions - com.test.TC_Link_2.@[THE_USER].access * * - com.test.TC_Link_2.@[THE_USER].access * read - com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction - -perm list role com.test.TC_Link_1.@[user.name].myRole -** Expect 200 ** - -List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- - - -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction -** Expect 200 ** - -List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- - -role create com.test.TC_Link_1.@[user.name].myRole -** Expect 201 ** -Created Role - -perm grant com.test.TC_Link_2.@[user.name].myPerm myInstance myAction com.test.TC_Link_1.@[user.name].myRole -** Expect 201 ** -Granted Permission [com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction] to Role [com.test.TC_Link_1.@[THE_USER].myRole] - -# 15_print -ns list name com.test.TC_Link_1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Link_1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Link_1.@[THE_USER] - Administrators - XX@NS - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Link_1.@[THE_USER].admin - com.test.TC_Link_1.@[THE_USER].myRole - com.test.TC_Link_1.@[THE_USER].owner - Permissions - com.test.TC_Link_1.@[THE_USER].access * * - com.test.TC_Link_1.@[THE_USER].access * read - -ns list name com.test.TC_Link_2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Link_2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Link_2.@[THE_USER] - Administrators - XX@NS - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Link_2.@[THE_USER].admin - com.test.TC_Link_2.@[THE_USER].owner - Permissions - com.test.TC_Link_2.@[THE_USER].access * * - com.test.TC_Link_2.@[THE_USER].access * read - com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction - -perm list role com.test.TC_Link_1.@[user.name].myRole -** Expect 200 ** - -List Perms by Role [com.test.TC_Link_1.@[THE_USER].myRole] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction - - -role list perm com.test.TC_Link_2.@[user.name].myPerm myInstance myAction -** Expect 200 ** - -List Roles by Perm com.test.TC_Link_2.@[THE_USER].myPerm|myInstance|myAction --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Link_1.@[THE_USER].myRole - com.test.TC_Link_2.@[THE_USER].myPerm myInstance myAction - -as XX@NS -force ns delete com.test.TC_Link_2.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test.TC_Link_1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - diff --git a/authz-test/TestSuite/expected/TC_NS1.expected b/authz-test/TestSuite/expected/TC_NS1.expected deleted file mode 100644 index 6c5a89ec..00000000 --- a/authz-test/TestSuite/expected/TC_NS1.expected +++ /dev/null @@ -1,327 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set bogus@aaf.att.com boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_NS1.01.0.POS Expect Clean Namespace to start -ns list name com.test.TC_NS1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party -ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS -** Expect 403 ** -Failed [SVC3403]: Forbidden - testunused@aaf.att.com does not have permission to assume test status at AT&T - -# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin -ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS -** Expect 403 ** -Failed [SVC2403]: Forbidden - bogus@aaf.att.com is not a valid AAF Credential - -as testid@aaf.att.com -# TC_NS1.10.0.POS Check for Existing Data -ns list name com.test.TC_NS1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_NS1.10.40.POS Expect Namespace to be created -ns list name com.test.TC_NS1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NS1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS1.@[THE_USER].admin - com.test.TC_NS1.@[THE_USER].owner - Permissions - com.test.TC_NS1.@[THE_USER].access * * - com.test.TC_NS1.@[THE_USER].access * read - -# TC_NS1.10.41.POS Expect Namespace to be created -perm list role com.test.TC_NS1.@[user.name].admin -** Expect 200 ** - -List Perms by Role [com.test.TC_NS1.@[THE_USER].admin] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS1.@[THE_USER].access * * - - -# TC_NS1.10.42.POS Expect Namespace to be created -perm list role com.test.TC_NS1.@[user.name].owner -** Expect 200 ** - -List Perms by Role [com.test.TC_NS1.@[THE_USER].owner] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS1.@[THE_USER].access * read - - -# TC_NS1.10.43.POS Expect Namespace to be created -role list perm com.test.TC_NS1.@[user.name].access * * -** Expect 200 ** - -List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|* --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS1.@[THE_USER].admin - com.test.TC_NS1.@[THE_USER].access * * - -# TC_NS1.10.44.POS Expect Namespace to be created -role list perm com.test.TC_NS1.@[user.name].access * read -** Expect 200 ** - -List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|read --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS1.@[THE_USER].owner - com.test.TC_NS1.@[THE_USER].access * read - -# TC_NS1.11.1.NEG Create Namespace when exists -ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Target Namespace already exists - -# TC_NS1.20.1.NEG Too Few Args for Create 1 -ns create -** Expect -1 ** -Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)] - -# TC_NS1.20.2.NEG Too Few Args for Create 2 -ns create bogus -** Expect -1 ** -Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)] - -# TC_NS1.30.10.NEG Non-admins can't change description -as testunused@aaf.att.com -ns describe com.test.TC_NS1.@[user.name] Description for my Namespace -** Expect 403 ** -Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_NS1.@[THE_USER] - -# TC_NS1.30.11.NEG Namespace must exist to change description -as testid@aaf.att.com -ns describe com.test.TC_NS1.@[user.name].project1 Description for my project -** Expect 404 ** -Failed [SVC1404]: Not Found - Namespace [com.test.TC_NS1.@[THE_USER].project1] does not exist - -# TC_NS1.30.12.POS Admin can change description -ns describe com.test.TC_NS1.@[user.name] Description for my Namespace -** Expect 200 ** -Description added to Namespace - -# TC_NS1.50.1.NEG Adding a Bogus ID -ns admin add com.test.TC_NS1.@[user.name] bogus -** Expect 403 ** -Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID - -# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain -ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com -** Expect 403 ** -Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID - -# TC_NS1.50.3.NEG Adding an OK ID, bad domain -ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com -** Expect 403 ** -Failed [SVC2403]: Forbidden - xz9914@bogus.test.com is not a valid AAF Credential - -# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin -ns admin del com.test.TC_NS1.@[user.name] XX@NS -** Expect 404 ** -Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin] - -sleep 0 -# TC_NS1.50.10.POS Adding an OK ID -ns admin add com.test.TC_NS1.@[user.name] XX@NS -** Expect 201 ** -Admin XX@NS added to com.test.TC_NS1.@[THE_USER] - -# TC_NS1.50.11.POS Deleting One of Two -ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com -** Expect 200 ** -Admin testid@aaf.att.com deleted from com.test.TC_NS1.@[THE_USER] - -# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin -ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com -** Expect 404 ** -Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].admin] - -# TC_NS1.50.13.POS Add ID back in -ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com -** Expect 201 ** -Admin testid@aaf.att.com added to com.test.TC_NS1.@[THE_USER] - -# TC_NS1.50.14.POS Deleting original -ns admin del com.test.TC_NS1.@[user.name] XX@NS -** Expect 200 ** -Admin XX@NS deleted from com.test.TC_NS1.@[THE_USER] - -# TC_NS1.50.15.NEG Can't remove twice -ns admin del com.test.TC_NS1.@[user.name] XX@NS -** Expect 404 ** -Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin] - -# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions -role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain -** Expect 403 ** -Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential - -# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions -user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin -** Expect 403 ** -Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential - -# TC_NS1.60.1.NEG Adding a Bogus ID -ns responsible add com.test.TC_NS1.@[user.name] bogus -** Expect 403 ** -Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential - -# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain -ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com -** Expect 403 ** -Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential - -# TC_NS1.60.3.NEG Adding an OK ID, bad domain -ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com -** Expect 403 ** -Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential - -# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent -ns responsible del com.test.TC_NS1.@[user.name] testid -** Expect 404 ** -Failed [SVC6404]: Not Found - UserRole [testid@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner] - -# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent -ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com -** Expect 404 ** -Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].owner] - -sleep 0 -# TC_NS1.60.10.POS Adding an OK ID -# Note: mw9749 used because we must have employee as responsible -ns responsible add com.test.TC_NS1.@[user.name] mw9749 -** Expect 201 ** -mw9749@csp.att.com is now responsible for com.test.TC_NS1.@[THE_USER] - -# TC_NS1.60.11.POS Deleting One of Two -ns responsible del com.test.TC_NS1.@[user.name] mw9749 -** Expect 200 ** -mw9749@csp.att.com is no longer responsible for com.test.TC_NS1.@[THE_USER] - -# TC_NS1.60.12.NEG mw9749 no longer Admin -ns responsible del com.test.TC_NS1.@[user.name] mw9749 -** Expect 404 ** -Failed [SVC6404]: Not Found - UserRole [mw9749@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner] - -# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions -role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain -** Expect 403 ** -Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential - -# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions -user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner -** Expect 403 ** -Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential - -sleep 0 -# TC_NS1.80.1.POS List Data on Empty NS -as testid@aaf.att.com -ns list name com.test.TC_NS1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NS1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS1.@[THE_USER].admin - com.test.TC_NS1.@[THE_USER].owner - Permissions - com.test.TC_NS1.@[THE_USER].access * * - com.test.TC_NS1.@[THE_USER].access * read - -# TC_NS1.80.2.POS Add Roles to NS for Listing -role create com.test.TC_NS1.@[user.name].r.A -** Expect 201 ** -Created Role - -role create com.test.TC_NS1.@[user.name].r.B -** Expect 201 ** -Created Role - -# TC_NS1.80.3.POS List Data on non-Empty NS -ns list name com.test.TC_NS1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NS1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS1.@[THE_USER].admin - com.test.TC_NS1.@[THE_USER].owner - com.test.TC_NS1.@[THE_USER].r.A - com.test.TC_NS1.@[THE_USER].r.B - Permissions - com.test.TC_NS1.@[THE_USER].access * * - com.test.TC_NS1.@[THE_USER].access * read - -# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace -as testunused@aaf.att.com -ns delete com.test.TC_NS1.@[user.name] -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write in NS [com.test.TC_NS1.@[THE_USER]] - -sleep 0 -as testid@aaf.att.com -# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles -role delete com.test.TC_NS1.@[user.name].r.A -** Expect 200,404 ** -Deleted Role - -role delete com.test.TC_NS1.@[user.name].r.B -** Expect 200,404 ** -Deleted Role - -# TC_NS1.99.2.POS Namespace Admin can delete Namespace -ns delete com.test.TC_NS1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -sleep 0 -# TC_NS1.99.99.POS Check Clean Namespace -ns list name com.test.TC_NS1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_NS1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_NS2.expected b/authz-test/TestSuite/expected/TC_NS2.expected deleted file mode 100644 index f8de4564..00000000 --- a/authz-test/TestSuite/expected/TC_NS2.expected +++ /dev/null @@ -1,389 +0,0 @@ -set XX@NS <pass> -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set bogus@aaf.att.com boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_NS2.10.0.POS Check for Existing Data -ns list name com.test.TC_NS2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_NS2.10.10.POS Create role to assign mechid perm to -role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com -** Expect 201 ** -Created Role -Added User [testid@aaf.att.com] to Role [com.test.TC_NS2.@[THE_USER].cred_admin] - -as XX@NS -# TC_NS2.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NS2.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -ns list name com.test.TC_NS2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS2.@[THE_USER].admin - com.test.TC_NS2.@[THE_USER].cred_admin - com.test.TC_NS2.@[THE_USER].owner - Permissions - com.test.TC_NS2.@[THE_USER].access * * - com.test.TC_NS2.@[THE_USER].access * read - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -perm list role com.test.TC_NS2.@[user.name].admin -** Expect 200 ** - -List Perms by Role [com.test.TC_NS2.@[THE_USER].admin] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].access * * - - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -perm list role com.test.TC_NS2.@[user.name].owner -** Expect 200 ** - -List Perms by Role [com.test.TC_NS2.@[THE_USER].owner] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].access * read - - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -role list perm com.test.TC_NS2.@[user.name].access * * -** Expect 200 ** - -List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|* --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].admin - com.test.TC_NS2.@[THE_USER].access * * - -as testid@aaf.att.com -# TC_NS2.10.70.POS Expect Namespace to be created -role list perm com.test.TC_NS2.@[user.name].access * read -** Expect 200 ** - -List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|read --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].owner - com.test.TC_NS2.@[THE_USER].access * read - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -ns list name com.test.TC_NS2.@[user.name].project -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project - Administrators - testunused@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS2.@[THE_USER].project.admin - com.test.TC_NS2.@[THE_USER].project.owner - Permissions - com.test.TC_NS2.@[THE_USER].project.access * * - com.test.TC_NS2.@[THE_USER].project.access * read - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -perm list role com.test.TC_NS2.@[user.name].project.admin -** Expect 200 ** - -List Perms by Role [com.test.TC_NS2.@[THE_USER].project.admin] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project.access * * - - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -perm list role com.test.TC_NS2.@[user.name].project.owner -** Expect 200 ** - -List Perms by Role [com.test.TC_NS2.@[THE_USER].project.owner] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project.access * read - - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -role list perm com.test.TC_NS2.@[user.name].project.access * * -** Expect 200 ** - -List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|* --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project.admin - com.test.TC_NS2.@[THE_USER].project.access * * - -as testid@aaf.att.com -# TC_NS2.10.80.POS Expect Namespace to be created -role list perm com.test.TC_NS2.@[user.name].project.access * read -** Expect 200 ** - -List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|read --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project.owner - com.test.TC_NS2.@[THE_USER].project.access * read - -as testid@aaf.att.com -# TC_NS2.20.1.POS Create roles -role create com.test.TC_NS2.@[user.name].watcher -** Expect 201 ** -Created Role - -role create com.test.TC_NS2.@[user.name].myRole -** Expect 201 ** -Created Role - -# TC_NS2.20.2.POS Create permissions -perm create com.test.TC_NS2.@[user.name].myType myInstance myAction -** Expect 201 ** -Created Permission - -perm create com.test.TC_NS2.@[user.name].myType * * -** Expect 201 ** -Created Permission - -# TC_NS2.20.3.POS Create mechid -user cred add m99990@@[user.name].TC_NS2.test.com password123 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_NS2.test.com] - -as XX@NS -# TC_NS2.20.10.POS Grant view perms to watcher role -perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.ns|:com.test.TC_NS2.@[THE_USER]:ns|read] to Role [com.test.TC_NS2.@[THE_USER].watcher] - -as testunused@aaf.att.com -# TC_NS2.40.1.NEG Non-admin, not granted user should not view -ns list name com.test.TC_NS2.@[user.name] -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_NS2.@[THE_USER]] - -as testid@aaf.att.com -# Tens test user granted to permission -# TC_NS2.40.10.POS Add user to watcher role -user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher -** Expect 201 ** -Added Role [com.test.TC_NS2.@[THE_USER].watcher] to User [testunused@aaf.att.com] - -as testunused@aaf.att.com -# TC_NS2.40.11.POS Non-admin, granted user should view -ns list name com.test.TC_NS2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS2.@[THE_USER].admin - com.test.TC_NS2.@[THE_USER].cred_admin - com.test.TC_NS2.@[THE_USER].myRole - com.test.TC_NS2.@[THE_USER].owner - com.test.TC_NS2.@[THE_USER].watcher - Permissions - com.test.TC_NS2.@[THE_USER].access * * - com.test.TC_NS2.@[THE_USER].access * read - com.test.TC_NS2.@[THE_USER].myType * * - com.test.TC_NS2.@[THE_USER].myType myInstance myAction - Credentials - m99990@@[THE_USER].TC_NS2.test.com - -as testid@aaf.att.com -# TC_NS2.40.19.POS Remove user from watcher role -user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher -** Expect 200 ** -Removed Role [com.test.TC_NS2.@[THE_USER].watcher] from User [testunused@aaf.att.com] - -# Thirties test admin user -# TC_NS2.40.20.POS Admin should be able to view -ns list name com.test.TC_NS2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS2.@[THE_USER].admin - com.test.TC_NS2.@[THE_USER].cred_admin - com.test.TC_NS2.@[THE_USER].myRole - com.test.TC_NS2.@[THE_USER].owner - com.test.TC_NS2.@[THE_USER].watcher - Permissions - com.test.TC_NS2.@[THE_USER].access * * - com.test.TC_NS2.@[THE_USER].access * read - com.test.TC_NS2.@[THE_USER].myType * * - com.test.TC_NS2.@[THE_USER].myType myInstance myAction - Credentials - m99990@@[THE_USER].TC_NS2.test.com - -# TC_NS2.40.21.POS Admin of parent NS should be able to view -ns list name com.test.TC_NS2.@[user.name].project -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project - Administrators - testunused@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NS2.@[THE_USER].project.admin - com.test.TC_NS2.@[THE_USER].project.owner - Permissions - com.test.TC_NS2.@[THE_USER].project.access * * - com.test.TC_NS2.@[THE_USER].project.access * read - -# TC_NS2.41.10.POS List by User when Same as Caller -as testunused@aaf.att.com -ns list admin testunused@aaf.att.com -** Expect 200 ** - -List Namespaces with admin privileges for [testunused@aaf.att.com] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project - -# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles -as testid@aaf.att.com -ns list admin testunused@aaf.att.com -** Expect 200 ** - -List Namespaces with admin privileges for [testunused@aaf.att.com] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project - -# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace -as XX@NS -ns list admin testunused@aaf.att.com -** Expect 200 ** - -List Namespaces with admin privileges for [testunused@aaf.att.com] --------------------------------------------------------------------------------- -com.test.TC_NS2.@[THE_USER].project - -# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace -as testunused@aaf.att.com -ns list admin XX@NS -** Expect 200 ** - -List Namespaces with admin privileges for [XX@NS] --------------------------------------------------------------------------------- -com -com.att -com.att.aaf -com.test - -as testid@aaf.att.com -# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms -role delete com.test.TC_NS2.@[user.name].myRole -** Expect 200,404 ** -Deleted Role - -role delete com.test.TC_NS2.@[user.name].watcher -** Expect 200,404 ** -Deleted Role - -perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction -** Expect 200,404 ** -Deleted Permission - -perm delete com.test.TC_NS2.@[user.name].myType * * -** Expect 200,404 ** -Deleted Permission - -user cred del m99990@@[user.name].TC_NS2.test.com -** Expect 200,404 ** -Deleted Credential [m99990@@[THE_USER].TC_NS2.test.com] - -as XX@NS -force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read -** Expect 200,404 ** -Deleted Permission - -# TC_NS2.99.15.POS Remove ability to create creds -perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NS2.@[THE_USER].cred_admin] - -as testid@aaf.att.com -force role delete com.test.TC_NS2.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -# TC_NS2.99.90.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_NS2.@[user.name].project -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test.TC_NS2.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -sleep 0 -# TC_NS2.99.99.POS Check Clean Namespace -ns list name com.test.TC_NS2.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_NS2.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_NS3.expected b/authz-test/TestSuite/expected/TC_NS3.expected deleted file mode 100644 index 8ac3afcf..00000000 --- a/authz-test/TestSuite/expected/TC_NS3.expected +++ /dev/null @@ -1,192 +0,0 @@ -set XX@NS <pass> -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set testid_1@test.com <pass> -set testid_2@test.com <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as XX@NS -ns list name com.test.TC_NS3.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS3.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_NS3.10.1.POS Create Namespace with User ID -ns create com.test.TC_NS3.@[user.name]_1 @[user.name] testid_1@test.com -** Expect 201 ** -Created Namespace - -as testid_1@test.com -# TC_NS3.20.0.NEG Too short -ns attrib -** Expect -1 ** -Too few args: attrib <add|upd|del> <ns> <key> [value] - -# TC_NS3.20.1.NEG Wrong command -ns attrib xyz -** Expect -1 ** -Too few args: attrib <add|upd|del> <ns> <key> [value] - -# TC_NS3.20.2.NEG Too Short after Command -ns attrib add -** Expect -1 ** -Too few args: attrib <add|upd|del> <ns> <key> [value] - -# TC_NS3.20.3.NEG Too Short after Namespace -ns attrib add com.test.TC_NS3.@[user.name] -** Expect -1 ** -Too few args: attrib <add|upd|del> <ns> <key> [value] - -# TC_NS3.20.4.NEG Too Short after Key -ns attrib add com.test.TC_NS3.@[user.name] TC_NS3_swm -** Expect -1 ** -Not added: Need more Data - -# TC_NS3.20.5.NEG No Permission -ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 -** Expect 403 ** -Failed [SVC1403]: Forbidden - testid_1@test.com may not create NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm] - -# TC_NS3.20.6.POS Create Permission to write Attrib -as XX@NS -perm create com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin] - -# TC_NS3.20.6.POS Create Permission -perm create com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.attrib|:com.att.*:*|read] to Role [com.test.TC_NS3.@[THE_USER]_1.admin] - -# TC_NS3.20.10.POS Attribute added -as testid_1@test.com -ns attrib add com.test.TC_NS3.@[user.name]_1 TC_NS3_swm v1 -** Expect 201 ** -Add Attrib TC_NS3_swm=v1 to com.test.TC_NS3.@[THE_USER]_1 - -# TC_NS3.20.30.POS List NS by Attrib -ns list keys TC_NS3_swm -** Expect 200 ** - -List Namespace Names by Attribute --------------------------------------------------------------------------------- - com.test.TC_NS3.@[THE_USER]_1 - -# TC_NS3.20.40.POS List NS (shows Attrib) -ns list name com.test.TC_NS3.@[user.name]_1 -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1] --------------------------------------------------------------------------------- -com.test.TC_NS3.@[THE_USER]_1 - Administrators - testid_1@test.com - Responsible Parties - @[THE_USER]@csp.att.com - Namespace Attributes - TC_NS3_swm=v1 - Roles - com.test.TC_NS3.@[THE_USER]_1.admin - com.test.TC_NS3.@[THE_USER]_1.owner - Permissions - com.test.TC_NS3.@[THE_USER]_1.access * * - com.test.TC_NS3.@[THE_USER]_1.access * read - -# TC_NS3.20.42.POS Change Attrib -ns attrib upd com.test.TC_NS3.@[user.name]_1 TC_NS3_swm Version1 -** Expect 200 ** -Update Attrib TC_NS3_swm=Version1 for com.test.TC_NS3.@[THE_USER]_1 - -# TC_NS3.20.49.POS List NS (shows new Attrib) -ns list name com.test.TC_NS3.@[user.name]_1 -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1] --------------------------------------------------------------------------------- -com.test.TC_NS3.@[THE_USER]_1 - Administrators - testid_1@test.com - Responsible Parties - @[THE_USER]@csp.att.com - Namespace Attributes - TC_NS3_swm=Version1 - Roles - com.test.TC_NS3.@[THE_USER]_1.admin - com.test.TC_NS3.@[THE_USER]_1.owner - Permissions - com.test.TC_NS3.@[THE_USER]_1.access * * - com.test.TC_NS3.@[THE_USER]_1.access * read - -# TC_NS3.20.80.POS Remove write Permission -perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin -** Expect 200 ** -UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin] - -# TC_NS3.20.83.POS Remove read Permission -perm ungrant com.att.aaf.attrib :com.att.*:* read com.test.TC_NS3.@[user.name]_1.admin -** Expect 200 ** -UnGranted Permission [com.att.aaf.attrib|:com.att.*:*|read] from Role [com.test.TC_NS3.@[THE_USER]_1.admin] - -as testid_1@test.com -# TC_NS3.50.2.NEG Too Short after Command -ns attrib del -** Expect -1 ** -Too few args: attrib <add|upd|del> <ns> <key> [value] - -# TC_NS3.50.3.NEG Too Short after Namespace -ns attrib del com.test.TC_NS3.@[user.name] -** Expect -1 ** -Too few args: attrib <add|upd|del> <ns> <key> [value] - -# TC_NS3.50.5.NEG No Permission -ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm -** Expect 403 ** -Failed [SVC1403]: Forbidden - testid_1@test.com may not delete NS Attrib [com.test.TC_NS3.@[THE_USER]_1:TC_NS3_swm] - -# TC_NS3.50.6.POS Create Permission -as XX@NS -perm grant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin -** Expect 201 ** -Granted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] to Role [com.test.TC_NS3.@[THE_USER]_1.admin] - -# TC_NS3.50.7.POS Attribute added -as testid_1@test.com -ns attrib del com.test.TC_NS3.@[user.name]_1 TC_NS3_swm -** Expect 200 ** -Attrib TC_NS3_swm deleted from com.test.TC_NS3.@[THE_USER]_1 - -# TC_NS3.50.8.POS Remove Permission -as XX@NS -perm ungrant com.att.aaf.attrib :com.att.*:TC_NS3_swm write com.test.TC_NS3.@[user.name]_1.admin -** Expect 200 ** -UnGranted Permission [com.att.aaf.attrib|:com.att.*:TC_NS3_swm|write] from Role [com.test.TC_NS3.@[THE_USER]_1.admin] - -as testid_1@test.com -# TC_NS3.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_NS3.@[user.name]_1 -** Expect 200,404 ** -Deleted Namespace - -# TC_NS3.99.3.POS Print Namespaces -ns list name com.test.TC_NS3.@[user.name]_1 -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_NS3.@[THE_USER]_1] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_NS3.99.10.POS Remove Special Permissions -as XX@NS -force perm delete com.att.aaf.attrib :com.att.*:TC_NS3_swm write -** Expect 200,404 ** -Deleted Permission - -force perm delete com.att.aaf.attrib :com.att.*:* read -** Expect 200,404 ** -Deleted Permission - diff --git a/authz-test/TestSuite/expected/TC_NSdelete1.expected b/authz-test/TestSuite/expected/TC_NSdelete1.expected deleted file mode 100644 index 29732c5d..00000000 --- a/authz-test/TestSuite/expected/TC_NSdelete1.expected +++ /dev/null @@ -1,362 +0,0 @@ -set XX@NS <pass> -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set bogus@aaf.att.com boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_NSdelete1.10.0.POS Check for Existing Data -ns list name com.test.TC_NSdelete1.@[user.name].app -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.force.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.force.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -as XX@NS -# TC_NSdelete1.10.1.POS Create Namespaces with valid IDs and Responsible Parties -ns create com.test.TC_NSdelete1.@[user.name].app @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -ns create com.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -ns create com.test.force.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -ns create com.test.TC_NSdelete1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_NSdelete1.10.2.POS Expect Namespace to be created -ns list name com.test.TC_NSdelete1.@[user.name].app -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app] --------------------------------------------------------------------------------- -com.test.TC_NSdelete1.@[THE_USER].app - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NSdelete1.@[THE_USER].app.admin - com.test.TC_NSdelete1.@[THE_USER].app.owner - Permissions - com.test.TC_NSdelete1.@[THE_USER].app.access * * - com.test.TC_NSdelete1.@[THE_USER].app.access * read - -ns list name com.test.TC_NSdelete1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NSdelete1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NSdelete1.@[THE_USER].admin - com.test.TC_NSdelete1.@[THE_USER].owner - Permissions - com.test.TC_NSdelete1.@[THE_USER].access * * - com.test.TC_NSdelete1.@[THE_USER].access * read - -ns list name com.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.@[THE_USER]] --------------------------------------------------------------------------------- -com.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.@[THE_USER].admin - com.@[THE_USER].owner - Permissions - com.@[THE_USER].access * * - com.@[THE_USER].access * read - -ns list name com.test.force.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.force.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.force.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.force.@[THE_USER].admin - com.test.force.@[THE_USER].owner - Permissions - com.test.force.@[THE_USER].access * * - com.test.force.@[THE_USER].access * read - -# TC_NSdelete1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_NSdelete1.@[user.name].cred_admin -** Expect 201 ** -Created Role - -# TC_NSdelete1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_NSdelete1.10.12.POS Assign user for creating creds -user role add testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] - -as testid@aaf.att.com -# TC_NSdelete1.20.1.POS Create valid Role in my Namespace -role create com.test.TC_NSdelete1.@[user.name].app.r.A -** Expect 201 ** -Created Role - -# TC_NSdelete1.20.2.POS Create valid permission -perm create com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_NSdelete1.20.3.POS Add credential to my namespace -user cred add m99990@app.@[user.name].TC_NSdelete1.test.com password123 -** Expect 201 ** -Added Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com] - -# TC_NSdelete1.20.10.NEG Delete Program Should fail because of attached credential -ns delete com.test.TC_NSdelete1.@[user.name].app -** Expect 424 ** -Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains users, permissions, roles. - Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. - -# TC_NSdelete1.20.11.POS Delete Credential -set force true -user cred del m99990@app.@[user.name].TC_NSdelete1.test.com -** Expect 200 ** -Deleted Credential [m99990@app.@[THE_USER].TC_NSdelete1.test.com] - -# TC_NSdelete1.20.12.NEG Delete Program with role and permission attached -ns delete com.test.TC_NSdelete1.@[user.name].app -** Expect 424 ** -Failed [SVC1424]: Failed Dependency - [com.test.TC_NSdelete1.@[THE_USER].app] contains permissions, roles. - Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. - -# TC_NSdelete1.20.20.POS Expect role and permission to move to parent ns -set force move -set force=move ns list name com.test.TC_NSdelete1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_NSdelete1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_NSdelete1.@[THE_USER].admin - com.test.TC_NSdelete1.@[THE_USER].cred_admin - com.test.TC_NSdelete1.@[THE_USER].owner - Permissions - com.test.TC_NSdelete1.@[THE_USER].access * * - com.test.TC_NSdelete1.@[THE_USER].access * read - -as testid@aaf.att.com -# TC_NSdelete1.30.1.POS Create valid Role in my Namespace -role create com.@[user.name].r.A -** Expect 201 ** -Created Role - -# TC_NSdelete1.30.2.NEG Delete Company with role attached -ns delete com.@[user.name] -** Expect 424 ** -Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains roles. - Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. - -# TC_NSdelete1.30.3.POS Namespace Admin can delete Namepace defined Roles -role delete com.@[user.name].r.A -** Expect 200 ** -Deleted Role - -# TC_NSdelete1.30.10.POS Create valid permission -perm create com.@[user.name].p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_NSdelete1.30.11.NEG Delete Company with permission attached -ns delete com.@[user.name] -** Expect 424 ** -Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains permissions. - Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. - -# TC_NSdelete1.30.12.POS Namespace Admin can delete Namepace defined Perms -perm delete com.@[user.name].p.A myInstance myAction -** Expect 200 ** -Deleted Permission - -# TC_NSdelete1.30.20.POS Create valid Credential in my namespace -user cred add m99990@@[user.name].com password123 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].com] - -# TC_NSdelete1.30.21.NEG Delete Company with credential attached -ns delete com.@[user.name] -** Expect 424 ** -Failed [SVC1424]: Failed Dependency - [com.@[THE_USER]] contains users. - Delete dependencies and try again. Note: using force=true will delete all. force=move will delete Creds, but move Roles and Perms to parent. - -# TC_NSdelete1.30.22.POS Namespace admin can remove Cred -set force true -user cred del m99990@@[user.name].com -** Expect 200 ** -Deleted Credential [m99990@@[THE_USER].com] - -# TC_NSdelete1.30.30.POS Delete Company with no roles or perms attached -ns delete com.@[user.name] -** Expect 200 ** -Deleted Namespace - -# TC_NSdelete1.40.1.POS Create valid Role in my Namespace -role create com.test.force.@[user.name].r.A -** Expect 201 ** -Created Role - -# TC_NSdelete1.40.2.POS Create valid permission in my Namespace -perm create com.test.force.@[user.name].p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_NSdelete1.40.3.POS Add credential to my namespace -user cred add m99990@@[user.name].force.test.com password123 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].force.test.com] - -# TC_NSdelete1.40.10.POS Delete Program in my Namespace -set force true -set force=true ns delete com.test.force.@[user.name] -** Expect 200 ** -Deleted Namespace - -sleep 0 -# TC_NSdelete1.40.20.NEG Role and permission should not exist -ns list name com.test.force.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.force.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_NSdelete1.40.22.NEG Credential should not exist -set force true -user cred del m99990@@[user.name].force.test.com -** Expect 404 ** -Failed [SVC5404]: Not Found - Credential does not exist - -as testid@aaf.att.com -# TC_NSdelete1.99.1.POS Namespace Admin can delete Namepace defined Roles -role delete com.test.TC_NSdelete1.@[user.name].app.r.A -** Expect 200,404 ** -Deleted Role - -# TC_NSdelete1.99.2.POS Namespace Admin can delete Namepace defined Roles -perm delete com.test.TC_NSdelete1.@[user.name].app.p.A myInstance myAction -** Expect 200,404 ** -Deleted Permission - -# TC_NSdelete1.99.3.POS Namespace Admin can remove Namepace defined Credentials -set force true -set force=true user cred del m99990@@app.[user.name].TC_NSdelete1.test.com -** Expect 200,404 ** -Failed [SVC5404]: Not Found - Credential does not exist - -# TC_NSdelete1.99.10.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_NSdelete1.@[user.name].cred_admin -** Expect 200,404 ** -Removed Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_NSdelete1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NSdelete1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -set force true -set force=true role delete com.test.TC_NSdelete1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -# TC_NSdelete1.99.97.POS Clean Namespace -set force true -set force=true ns delete com.test.TC_NSdelete1.@[user.name].app -** Expect 200,404 ** -Deleted Namespace - -set force true -set force=true ns delete com.test.TC_NSdelete1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -set force true -set force=true ns delete com.test.force.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test.force.@[THE_USER] does not exist - -# TC_NSdelete1.99.98.POS Check Clean Namespace -ns list name com.test.TC_NSdelete1.@[user.name].app -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER].app] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_NSdelete1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_NSdelete1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.force.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.force.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_NSdelete1.99.99.POS Clean and check Company Namespace -as XX@NS -set force true -set force=true ns delete com.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.@[THE_USER] does not exist - -ns list name com.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_PW1.expected b/authz-test/TestSuite/expected/TC_PW1.expected deleted file mode 100644 index b167edbb..00000000 --- a/authz-test/TestSuite/expected/TC_PW1.expected +++ /dev/null @@ -1,170 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set XX@NS <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_PW1.10.0.POS Validate no NS -ns list name com.test.TC_PW1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_PW1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_PW1.10.1.POS Create Namespace to add IDs -ns create com.test.TC_PW1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_PW1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_PW1.@[user.name].cred_admin -** Expect 201 ** -Created Role - -as XX@NS -# TC_PW1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_PW1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_PW1.10.12.POS Assign user for creating creds -user role add testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_PW1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] - -# TC_PW1.20.1.NEG ASPR 1010 Passwords must be at least 8 characters in length -user cred add m12345@TC_PW1.test.com 12 -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010), -Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) - -# TC_PW1.20.2.NEG ASPR 1010 Passwords must be at least 8 characters in length -user cred add m12345@TC_PW1.test.com 1 -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010), -Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) - -# TC_PW1.20.3.NEG ASPR 1010 Passwords must be at least 8 characters in length -user cred add m12345@TC_PW1.test.com 1234567 -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010), -Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) - -# TC_PW1.21.1.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -user cred add m12345@@[user.name].TC_PW1.test.com 12345678 -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) - -# TC_PW1.21.2.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -user cred add m12345@@[user.name].TC_PW1.test.com abcdefgh -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) - -# TC_PW1.21.3.NEG ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -user cred add m12345@@[user.name].TC_PW1.test.com "!@#%^()*" -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - Passwords must include characters from at least two of these groupings: alpha, numeric and one of these special chars: !@#$%^*()-+?/,:;. (ASPR-1010) - -# TC_PW1.21.4.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -user cred add m12345@@[user.name].TC_PW1.test.com "!@#a%^()*" -** Expect 201 ** -Added Credential [m12345@@[THE_USER].TC_PW1.test.com] - -sleep 0 -user cred del m12345@@[user.name].TC_PW1.test.com -** Expect 200 ** -Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] - -# TC_PW1.21.5.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -user cred add m12345@@[user.name].TC_PW1.test.com "!@#2%^()*" -** Expect 201 ** -Added Credential [m12345@@[THE_USER].TC_PW1.test.com] - -sleep 0 -user cred del m12345@@[user.name].TC_PW1.test.com -** Expect 200 ** -Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] - -# TC_PW1.21.6.POS ASPR 1010 Passwords must include chars from 2 groupings, alpha, numeric and special -user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" -** Expect 201 ** -Added Credential [m12345@@[THE_USER].TC_PW1.test.com] - -sleep 0 -user cred del m12345@@[user.name].TC_PW1.test.com -** Expect 200 ** -Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] - -# TC_PW1.21.10.NEG ASPR 1010 Passwords cannot be the same as the User ID -user cred add m12345@@[user.name].TC_PW1.test.com m12345 -** Expect 406 ** -Failed [SVC1406]: Not Acceptable - Password must be 8 chars or greater in length (ASPR-1010) - -# TC_PW1.23.1.NEG Too Few Args for User Cred 1 -user cred -** Expect -1 ** -Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)] - -# TC_PW1.23.2.NEG Too Few Args for User Cred add -user cred add -** Expect -1 ** -Too few args: cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)] - -# TC_PW1.30.1.POS Create a Credential, with Temporary Time -user cred add m12345@@[user.name].TC_PW1.test.com "abc123sd" -** Expect 201 ** -Added Credential [m12345@@[THE_USER].TC_PW1.test.com] - -# TC_PW1.30.3.NEG Credential Exists -user cred add m12345@@[user.name].TC_PW1.test.com "abc123sf" -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Credential with same Expiration Date exists, use 'reset' - -# TC_PW1.30.8.POS Reset this Password -user cred reset m12345@@[user.name].TC_PW1.test.com "ABC123SD" 1 -** Expect 200 ** -Reset Credential [m12345@@[THE_USER].TC_PW1.test.com] - -# TC_PW1.30.9.POS Delete a Credential -user cred del m12345@@[user.name].TC_PW1.test.com 1 -** Expect 200 ** -Deleted Credential [m12345@@[THE_USER].TC_PW1.test.com] - -as testid@aaf.att.com -# TC_PW1.99.1.NEG Delete ID m12345@@[user.name].TC_PW1.test.com -set force true -user cred del m12345@@[user.name].TC_PW1.test.com -** Expect 200,404 ** -Failed [SVC5404]: Not Found - Credential does not exist - -# TC_PW1.99.2.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_PW1.@[user.name].cred_admin -** Expect 200,404 ** -Removed Role [com.test.TC_PW1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_PW1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_PW1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -role delete com.test.TC_PW1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -# TC_PW1.99.98.POS Delete Namespace com..test.TC_PW1 -ns delete com.test.TC_PW1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_PW1.99.99.POS Verify Cleaned NS -ns list name com.test.TC_PW1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_PW1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Perm1.expected b/authz-test/TestSuite/expected/TC_Perm1.expected deleted file mode 100644 index d099990c..00000000 --- a/authz-test/TestSuite/expected/TC_Perm1.expected +++ /dev/null @@ -1,963 +0,0 @@ -set testid <pass> -set testid@aaf.att.com <pass> -set XX@NS <pass> -set testunused <pass> -set bogus boguspass -#delay 10 -set NFR 0 -# TC_Perm1.10.0.POS Validate Namespace is empty first -as testid@aaf.att.com -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Perm1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_Perm1.@[user.name].cred_admin -** Expect 201 ** -Created Role - -as XX@NS -# TC_Perm1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_Perm1.10.12.POS Assign user for creating creds -user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS] - -# TC_Perm1.20.1.POS List Data on non-Empty NS -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - -# TC_Perm1.20.2.POS Add Perm -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm1.20.3.NEG Already Added Perm -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists. - -# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well -force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B -** Expect 201 ** -Created Role [com.test.TC_Perm1.@[THE_USER].r.A] -Created Role [com.test.TC_Perm1.@[THE_USER].r.B] -Created Permission -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B] - -# TC_Perm1.20.8.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well -perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists. - -# TC_Perm1.20.10.NEG Non-admins can't change description -as testunused -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A -** Expect 403 ** -Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] - -# TC_Perm1.20.11.NEG Permission must exist to change description -as testid -perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C -** Expect 404 ** -Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist - -# TC_Perm1.20.12.POS Admin can change description -perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A -** Expect 200 ** -Description added to Permission - -# TC_Perm1.22.1.NEG Try to rename permission without changing anything -perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission - -# TC_Perm1.22.2.NEG Try to rename parent ns -perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.22.10.POS View permission in original state -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.22.11.POS Rename permission instance -perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.12.POS Verify change in permission instance -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction - -# TC_Perm1.22.13.POS Rename permission action -perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.14.POS Verify change in permission action -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction - -# TC_Perm1.22.15.POS Rename permission type -perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.16.POS Verify change in permission type -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction - -# TC_Perm1.22.20.POS See permission is attached to this role -role list role com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction - -# TC_Perm1.22.21.POS Rename permission type, instance and action -perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 200 ** -Updated Permission - -# TC_Perm1.22.22.POS See permission stays attached after rename -role list role com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.22.23.POS Verify permission is back to original state -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - -# TC_Perm1.25.1.POS Create another Role in This namespace -role create com.test.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Created Role - -# TC_Perm1.25.2.POS Create another Perm in This namespace -perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm1.25.3.NEG Permission must Exist to Add to Role -perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist - -# TC_Perm1.25.4.POS Grant individual new Perm to new Role -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.25.5.NEG Already Granted Perm -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.25.6.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 200 ** -UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.25.11.NEG Already UnGranted Perm -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role - -# TC_Perm1.25.20.POS Reset roles attached to permision with setTo -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** -Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] - -# TC_Perm1.25.21.POS Owner of permission can reset roles -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200 ** -Set Permission's Roles to [] - -# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not -as XX@NS -ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS -** Expect 201 ** -Created Namespace - -ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS -** Expect 201 ** -Created Namespace - -# TC_Perm1.26.2.POS Create ID in other Namespace -user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com] - -# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid -role create com.test2.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Created Role - -role create com.test2.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Created Role - -# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID -as m99990@@[THE_USER].TC_Perm1.test2.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID -as m99990@@[THE_USER].TC_Perm1.test2.com -set request true -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company -as testid@aaf.att.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company -as testid@aaf.att.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist - -# TC_Perm1.26.14.POS Create Role -as testid@aaf.att.com -role create com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Created Role - -# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.16.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -# TC_Perm1.26.17.POS Grant individual new Perm to new Role -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.26.18.NEG Already Granted Perm -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C] - -# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID -as m99990@@[THE_USER].TC_Perm1.test2.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID -set request true -as m99990@@[THE_USER].TC_Perm1.test2.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID -set request true -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.30.POS Add ID to Role -as XX@NS -ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com -** Expect 201 ** -Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER] - -as m99990@@[THE_USER].TC_Perm1.test2.com -sleep 0 -# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner -set request true -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C -** Expect 202 ** -Permission Role Granted Accepted, but requires Approvals before actualizing - -# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace -as testid@aaf.att.com -perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.34.POS Print Info for Validation -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -as XX@NS -# TC_Perm1.26.35.POS Print Info for Validation -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test2.TC_Perm1.@[THE_USER] - Administrators - XX@NS - m99990@@[THE_USER].TC_Perm1.test2.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test2.TC_Perm1.@[THE_USER].admin - com.test2.TC_Perm1.@[THE_USER].owner - com.test2.TC_Perm1.@[THE_USER].r.C - Permissions - com.test2.TC_Perm1.@[THE_USER].access * * - com.test2.TC_Perm1.@[THE_USER].access * read - Credentials - m99990@@[THE_USER].TC_Perm1.test2.com - -as testid@aaf.att.com -# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role -as testid@aaf.att.com -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] - -# TC_Perm1.26.37.NEG Already UnGranted Perm -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role - -# TC_Perm1.26.40.POS Reset roles attached to permision with setTo -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** -Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A] - -# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles -as m99990@@[THE_USER].TC_Perm1.test2.com -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant -perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.43.NEG Non-owner of permission cannot delete -perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] - -# TC_Perm1.26.45.POS Owner of permission can reset roles -as testid@aaf.att.com -perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200 ** -Set Permission's Roles to [] - -as XX@NS -# TC_Perm1.26.97.POS List the Namespaces -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.B - com.test.TC_Perm1.@[THE_USER].r.C - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction - -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test2.TC_Perm1.@[THE_USER] - Administrators - XX@NS - m99990@@[THE_USER].TC_Perm1.test2.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test2.TC_Perm1.@[THE_USER].admin - com.test2.TC_Perm1.@[THE_USER].owner - com.test2.TC_Perm1.@[THE_USER].r.C - Permissions - com.test2.TC_Perm1.@[THE_USER].access * * - com.test2.TC_Perm1.@[THE_USER].access * read - Credentials - m99990@@[THE_USER].TC_Perm1.test2.com - -as testid@aaf.att.com -# TC_Perm1.26.98.POS Cleanup -role delete com.test.TC_Perm1.@[user.name].r.A -** Expect 200 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.B -** Expect 200 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.C -** Expect 200 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -Deleted Role - -as XX@NS -role delete com.test2.TC_Perm1.@[user.name]_2.r.C -** Expect 200 ** -Deleted Role - -role delete com.test2.TC_Perm1.@[user.name].r.C -** Expect 200 ** -Deleted Role - -as testid@aaf.att.com -perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 200 ** -Deleted Permission - -perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 200 ** -Deleted Permission - -perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200 ** -Deleted Permission - -force ns delete com.test.TC_Perm1.@[user.name]_2 -** Expect 200 ** -Deleted Namespace - -as XX@NS -set force true -set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com -** Expect 200 ** -Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com] - -ns delete com.test2.TC_Perm1.@[user.name] -** Expect 200 ** -Deleted Namespace - -# TC_Perm1.26.99.POS List the Now Empty Namespaces -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Perm1.27.1.POS Create Permission -perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm1.27.2.POS Create Role -role create com.test.TC_Perm1.@[user.name].r.A -** Expect 201 ** -Created Role - -# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force -perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown -** Expect 404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist - -# TC_Perm1.27.11.POS Role is created with force -force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown -** Expect 201 ** -Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown] -Created Permission -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown] - -# TC_Perm1.27.12.NEG Perm must Exist to Grant without force -perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A -** Expect 404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist - -# TC_Perm1.27.13.POS Perm is created with force -force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A -** Expect 201 ** -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A] - -# TC_Perm1.27.14.POS Role and perm are created with force -force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2 -** Expect 201 ** -Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] -Created Permission -Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2] - -# TC_Perm1.30.1.POS List Data on non-Empty NS -as testid -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.unknown - com.test.TC_Perm1.@[THE_USER].r.unknown2 - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction - -# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist -ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Perm1.30.3.POS List Data on NS with sub-roles -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].admin - com.test.TC_Perm1.@[THE_USER].cred_admin - com.test.TC_Perm1.@[THE_USER].owner - Permissions - com.test.TC_Perm1.@[THE_USER].access * * - com.test.TC_Perm1.@[THE_USER].access * read - com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction - com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction - -ns list name com.test.TC_Perm1.@[user.name].r -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] --------------------------------------------------------------------------------- -com.test.TC_Perm1.@[THE_USER].r - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm1.@[THE_USER].r.A - com.test.TC_Perm1.@[THE_USER].r.admin - com.test.TC_Perm1.@[THE_USER].r.owner - com.test.TC_Perm1.@[THE_USER].r.unknown - com.test.TC_Perm1.@[THE_USER].r.unknown2 - Permissions - com.test.TC_Perm1.@[THE_USER].r.access * * - com.test.TC_Perm1.@[THE_USER].r.access * read - -as XX@NS -# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction -** Expect 200,404 ** -Deleted Permission - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction -** Expect 200,404 ** -Deleted Permission - -set force true -set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction -** Expect 200,404 ** -Deleted Permission - -role delete com.test.TC_Perm1.@[user.name].r.A -** Expect 200,404 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.B -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist - -role delete com.test.TC_Perm1.@[user.name].r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist - -role delete com.test.TC_Perm1.@[user.name].r.unknown -** Expect 200,404 ** -Deleted Role - -role delete com.test.TC_Perm1.@[user.name].r.unknown2 -** Expect 200,404 ** -Deleted Role - -role delete com.test2.TC_Perm1.@[user.name].r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist - -role delete com.test.TC_Perm1.@[user.name]_2.r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist - -role delete com.test2.TC_Perm1.@[user.name]_2.r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist - -# TC_Perm1.99.2.POS Remove ability to create creds -user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin -** Expect 200,404 ** -Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -role delete com.test.TC_Perm1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -sleep 0 -as XX@NS -# TC_Perm1.99.98.POS Namespace Admin can delete Namespace -set force true -set force=true ns delete com.test2.TC_Perm1.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist - -as testid -force ns delete com.test.TC_Perm1.@[user.name].r -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test.TC_Perm1.@[user.name]_2 -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist - -force ns delete com.test.TC_Perm1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test2.TC_Perm1.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist - -# TC_Perm1.99.99.POS List to prove removed -ns list name com.test.TC_Perm1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Perm1.@[user.name].r -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Perm1.@[user.name]_2 -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test2.TC_Perm1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Perm2.expected b/authz-test/TestSuite/expected/TC_Perm2.expected deleted file mode 100644 index dadff03b..00000000 --- a/authz-test/TestSuite/expected/TC_Perm2.expected +++ /dev/null @@ -1,554 +0,0 @@ -set XX@NS <pass> -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_Perm2.10.0.POS Print NS to prove ok -ns list name com.test.TC_Perm2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Perm2.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_Perm2.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -as testid@aaf.att.com -# TC_Perm2.20.1.POS List Data on non-Empty NS -ns list name com.test.TC_Perm2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm2.@[THE_USER].admin - com.test.TC_Perm2.@[THE_USER].owner - Permissions - com.test.TC_Perm2.@[THE_USER].access * * - com.test.TC_Perm2.@[THE_USER].access * read - -# TC_Perm2.20.10.POS Add Perms with specific Instance and Action -perm create com.test.TC_Perm2.@[user.name].p.A myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm2.20.11.POS Add Perms with specific Instance and Star -perm create com.test.TC_Perm2.@[user.name].p.A myInstance * -** Expect 201 ** -Created Permission - -# TC_Perm2.20.12.POS Add Perms with Stars for Instance and Action -perm create com.test.TC_Perm2.@[user.name].p.A * * -** Expect 201 ** -Created Permission - -perm create com.test.TC_Perm2.@[user.name].p.phoneCalls * spy -** Expect 201 ** -Created Permission - -# TC_Perm2.20.20.POS Create role -role create com.test.TC_Perm2.@[user.name].p.superUser -** Expect 201 ** -Created Role - -role create com.test.TC_Perm2.@[user.name].p.secret -** Expect 201 ** -Created Role - -# TC_Perm2.20.21.POS Grant sub-NS perms to role -perm grant com.test.TC_Perm2.@[user.name].p.A myInstance myAction com.test.TC_Perm2.@[user.name].p.superUser -** Expect 201 ** -Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser] - -perm grant com.test.TC_Perm2.@[user.name].p.A myInstance * com.test.TC_Perm2.@[user.name].p.superUser -** Expect 201 ** -Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|myInstance|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser] - -perm grant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser -** Expect 201 ** -Granted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] to Role [com.test.TC_Perm2.@[THE_USER].p.superUser] - -perm grant com.test.TC_Perm2.@[user.name].p.phoneCalls * spy com.test.TC_Perm2.@[user.name].p.secret -** Expect 201 ** -Granted Permission [com.test.TC_Perm2.@[THE_USER].p.phoneCalls|*|spy] to Role [com.test.TC_Perm2.@[THE_USER].p.secret] - -# TC_Perm2.20.30.POS List Data on non-Empty NS -ns list name com.test.TC_Perm2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm2.@[THE_USER].admin - com.test.TC_Perm2.@[THE_USER].owner - com.test.TC_Perm2.@[THE_USER].p.secret - com.test.TC_Perm2.@[THE_USER].p.superUser - Permissions - com.test.TC_Perm2.@[THE_USER].access * * - com.test.TC_Perm2.@[THE_USER].access * read - com.test.TC_Perm2.@[THE_USER].p.A * * - com.test.TC_Perm2.@[THE_USER].p.A myInstance * - com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy - -# TC_Perm2.20.40.POS Create role -role create com.test.TC_Perm2.@[user.name].p.watcher -** Expect 201 ** -Created Role - -as XX@NS -# TC_Perm2.20.50.POS Grant view perms to watcher role -perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view com.test.TC_Perm2.@[user.name].p.watcher -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher] - -perm create com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] to Role [com.test.TC_Perm2.@[THE_USER].p.watcher] - -as testid@aaf.att.com -# TC_Perm2.30.1.POS List Data on non-Empty NS -ns list name com.test.TC_Perm2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm2.@[THE_USER].admin - com.test.TC_Perm2.@[THE_USER].owner - com.test.TC_Perm2.@[THE_USER].p.secret - com.test.TC_Perm2.@[THE_USER].p.superUser - com.test.TC_Perm2.@[THE_USER].p.watcher - Permissions - com.test.TC_Perm2.@[THE_USER].access * * - com.test.TC_Perm2.@[THE_USER].access * read - com.test.TC_Perm2.@[THE_USER].p.A * * - com.test.TC_Perm2.@[THE_USER].p.A myInstance * - com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy - -# TC_Perm2.30.2.POS Create Sub-ns when Roles that exist -ns create com.test.TC_Perm2.@[user.name].p @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Perm2.30.3.POS List Data on NS with sub-roles -ns list name com.test.TC_Perm2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm2.@[THE_USER].admin - com.test.TC_Perm2.@[THE_USER].owner - Permissions - com.test.TC_Perm2.@[THE_USER].access * * - com.test.TC_Perm2.@[THE_USER].access * read - -ns list name com.test.TC_Perm2.@[user.name].p -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p] --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Perm2.@[THE_USER].p.admin - com.test.TC_Perm2.@[THE_USER].p.owner - com.test.TC_Perm2.@[THE_USER].p.secret - com.test.TC_Perm2.@[THE_USER].p.superUser - com.test.TC_Perm2.@[THE_USER].p.watcher - Permissions - com.test.TC_Perm2.@[THE_USER].p.A * * - com.test.TC_Perm2.@[THE_USER].p.A myInstance * - com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - com.test.TC_Perm2.@[THE_USER].p.access * * - com.test.TC_Perm2.@[THE_USER].p.access * read - com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy - -as testunused@aaf.att.com -# TC_Perm2.40.1.NEG Non-admin, not granted user should not view -perm list name com.test.TC_Perm2.@[user.name].p.A -** Expect 200 ** - -List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- - - -as testid@aaf.att.com -# Tens test user granted to permission -# TC_Perm2.40.10.POS Add user to superUser role -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser -** Expect 201 ** -Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com] - -as testunused@aaf.att.com -# TC_Perm2.40.11.POS Non-admin, granted user should view -perm list name com.test.TC_Perm2.@[user.name].p.A -** Expect 200 ** - -List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.A * * -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -as testid@aaf.att.com -# TC_Perm2.40.12.POS Ungrant perm with wildcards -perm ungrant com.test.TC_Perm2.@[user.name].p.A * * com.test.TC_Perm2.@[user.name].p.superUser -** Expect 200 ** -UnGranted Permission [com.test.TC_Perm2.@[THE_USER].p.A|*|*] from Role [com.test.TC_Perm2.@[THE_USER].p.superUser] - -as testunused@aaf.att.com -# TC_Perm2.40.13.POS Non-admin, granted user should view -perm list name com.test.TC_Perm2.@[user.name].p.A -** Expect 200 ** - -List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -as testid@aaf.att.com -# TC_Perm2.40.19.POS Remove user from superUser role -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser -** Expect 200 ** -Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com] - -# Twenties test user granted explicit view permission -# TC_Perm2.40.20.POS Add user to watcher role -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher -** Expect 201 ** -Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com] - -as testunused@aaf.att.com -# TC_Perm2.40.21.NEG Non-admin, granted explicit view perm user should view -perm list name com.test.TC_Perm2.@[user.name].p.A -** Expect 200 ** - -List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- - - -as XX@NS -# TC_Perm2.40.22.POS Ungrant perm with wildcards -perm ungrant com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view com.test.TC_Perm2.@[user.name].p.watcher -** Expect 200 ** -UnGranted Permission [com.att.aaf.perm|:com.test.TC_Perm2.@[THE_USER].p.A:*:*|view] from Role [com.test.TC_Perm2.@[THE_USER].p.watcher] - -as testunused@aaf.att.com -# TC_Perm2.40.23.POS Non-admin, granted user should view -perm list name com.test.TC_Perm2.@[user.name].p.A -** Expect 200 ** - -List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- - - -as testid@aaf.att.com -# TC_Perm2.40.29.POS Remove user from watcher role -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher -** Expect 200 ** -Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com] - -# Thirties test admin user -# TC_Perm2.40.30.POS Admin should be able to view -perm list name com.test.TC_Perm2.@[user.name].p.A -** Expect 200 ** - -List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.A * * -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -# TC_Perm2.40.31.POS Add new admin for sub-NS -ns admin add com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com -** Expect 201 ** -Admin testunused@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p - -# TC_Perm2.40.32.POS Remove admin from sub-NS -ns admin del com.test.TC_Perm2.@[user.name].p testid@aaf.att.com -** Expect 200 ** -Admin testid@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p - -# TC_Perm2.40.34.POS Admin of parent NS should be able to view -perm list name com.test.TC_Perm2.@[user.name].p.A -** Expect 200 ** - -List Child Permissions[com.test.TC_Perm2.@[THE_USER].p.A] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.A * * -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -# TC_Perm2.40.80.POS Add new admin for sub-NS -ns admin add com.test.TC_Perm2.@[user.name].p testid@aaf.att.com -** Expect 201 ** -Admin testid@aaf.att.com added to com.test.TC_Perm2.@[THE_USER].p - -# TC_Perm2.40.81.POS Remove admin from sub-NS -ns admin del com.test.TC_Perm2.@[user.name].p testunused@aaf.att.com -** Expect 200 ** -Admin testunused@aaf.att.com deleted from com.test.TC_Perm2.@[THE_USER].p - -# TC_Perm2.41.1.POS Add user to some roles with perms attached -as testid@aaf.att.com -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser -** Expect 201 ** -Added Role [com.test.TC_Perm2.@[THE_USER].p.superUser] to User [testunused@aaf.att.com] - -user role add testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher -** Expect 201 ** -Added Role [com.test.TC_Perm2.@[THE_USER].p.watcher] to User [testunused@aaf.att.com] - -user role add XX@NS com.test.TC_Perm2.@[user.name].p.secret -** Expect 201 ** -Added Role [com.test.TC_Perm2.@[THE_USER].p.secret] to User [XX@NS] - -# TC_Perm2.41.10.POS List by User when Same as Caller -as testunused@aaf.att.com -perm list user testunused@aaf.att.com -** Expect 200 ** - -List Permissions by User[testunused@aaf.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles -as testid@aaf.att.com -perm list user testunused@aaf.att.com -** Expect 200 ** - -List Permissions by User[testunused@aaf.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -# TC_Perm2.41.20.POS List by User when not same as Caller, but parent owner/admin of Namespace -as XX@NS -perm list user testunused@aaf.att.com -** Expect 200 ** - -List Permissions by User[testunused@aaf.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.aaf.perm :com.test.TC_Perm2.@[THE_USER].p.A:myInstance:myAction view -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -# TC_Perm2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) -as testunused@aaf.att.com -perm list user XX@NS -** Expect 200 ** - -List Permissions by User[XX@NS] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- - - -# TC_Perm2.41.99.POS Remove users from roles for later test -as testid@aaf.att.com -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.superUser -** Expect 200 ** -Removed Role [com.test.TC_Perm2.@[THE_USER].p.superUser] from User [testunused@aaf.att.com] - -user role del testunused@aaf.att.com com.test.TC_Perm2.@[user.name].p.watcher -** Expect 200 ** -Removed Role [com.test.TC_Perm2.@[THE_USER].p.watcher] from User [testunused@aaf.att.com] - -user role del XX@NS com.test.TC_Perm2.@[user.name].p.secret -** Expect 200 ** -Removed Role [com.test.TC_Perm2.@[THE_USER].p.secret] from User [XX@NS] - -# TC_Perm2.42.10.POS List Roles from NS when not allowed to see NS -as testid@aaf.att.com -perm list ns com.test.TC_Perm2.@[user.name].p -** Expect 200 ** - -List Perms by NS [com.test.TC_Perm2.@[THE_USER].p] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.A * * -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction -com.test.TC_Perm2.@[THE_USER].p.access * * -com.test.TC_Perm2.@[THE_USER].p.access * read -com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy - - -# TC_Perm2.42.20.NEG Don't List Roles from NS when not allowed to see NS -as testunused@aaf.att.com -perm list ns com.test.TC_Perm2.@[user.name].p -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Perm2.@[THE_USER].p] - -# TC_Perm2.43.10.POS List perms when allowed to see Role -as testid@aaf.att.com -perm list role com.test.TC_Perm2.@[user.name].p.superUser -** Expect 200 ** - -List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.superUser] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.A myInstance * -com.test.TC_Perm2.@[THE_USER].p.A myInstance myAction - - -perm list role com.test.TC_Perm2.@[user.name].p.watcher -** Expect 200 ** - -List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.watcher] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- - - -perm list role com.test.TC_Perm2.@[user.name].p.secret -** Expect 200 ** - -List Perms by Role [com.test.TC_Perm2.@[THE_USER].p.secret] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Perm2.@[THE_USER].p.phoneCalls * spy - - -# TC_Perm2.43.20.NEG Don't List perms when not allowed to see Role -as testunused@aaf.att.com -perm list role com.test.TC_Perm2.@[user.name].p.superUser -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.superUser] - -perm list role com.test.TC_Perm2.@[user.name].p.watcher -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.watcher] - -perm list role com.test.TC_Perm2.@[user.name].p.secret -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Perm2.@[THE_USER].p.secret] - -as testid@aaf.att.com -# TC_Perm2.99.1.POS Namespace Admin can delete Namepace defined Roles -force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance myAction -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_Perm2.@[user.name].p.A myInstance * -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_Perm2.@[user.name].p.A * * -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_Perm2.@[user.name].p.phoneCalls * spy -** Expect 200,404 ** -Deleted Permission - -force role delete com.test.TC_Perm2.@[user.name].p.watcher -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Perm2.@[user.name].p.superUser -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Perm2.@[user.name].p.secret -** Expect 200,404 ** -Deleted Role - -as XX@NS -force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:*:* view -** Expect 200,404 ** -Deleted Permission - -force perm delete com.att.aaf.perm :com.test.TC_Perm2.@[user.name].p.A:myInstance:myAction view -** Expect 200,404 ** -Deleted Permission - -# TC_Perm2.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Perm2.@[user.name].p -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test.TC_Perm2.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_Perm2.99.3.POS Print Namespaces -ns list name com.test.TC_Perm2.@[user.name].p -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER].p] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Perm2.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm2.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Perm3.expected b/authz-test/TestSuite/expected/TC_Perm3.expected deleted file mode 100644 index 6cdf2297..00000000 --- a/authz-test/TestSuite/expected/TC_Perm3.expected +++ /dev/null @@ -1,136 +0,0 @@ -set XX@NS <pass> -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set testid_1@test.com <pass> -set testid_2@test.com <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as XX@NS -# TC_Perm3.10.0.POS Print NS to prove ok -ns list name com.test.TC_Perm3.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Perm3.10.1.POS Create Namespace with User ID -ns create com.test.TC_Perm3.@[user.name]_1 @[user.name] testid_1@test.com -** Expect 201 ** -Created Namespace - -# TC_Perm3.10.2.POS Create Namespace with Different ID -ns create com.test.TC_Perm3.@[user.name]_2 @[user.name] testid_2@test.com -** Expect 201 ** -Created Namespace - -# TC_Perm3.10.3.POS Create Namespace in Different Company -ns create com.att.TC_Perm3.@[user.name] @[user.name] testunused@aaf.att.com -** Expect 201 ** -Created Namespace - -as testid_1@test.com -# TC_Perm3.20.0.POS User1 Create a Perm -perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm3.20.5.NEG User1 should not be able to create Role in other group -role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a] - -# TC_Perm3.20.6.POS User2 should be able to create Role in own group -as testid_2@test.com -role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_a -** Expect 201 ** -Created Role - -# TC_Perm3.20.7.NEG User2 should not be able to grant Perm to own Role -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] - -# TC_Perm3.20.8.NEG User2 cannot create Role in NS 2 -as testid_2@test.com -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testid_2@test.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] - -# TC_Perm3.20.9.POS Role created, but can't grant... has to be testid_1 -as testid_1@test.com -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_a myInstance myAction com.test.TC_Perm3.@[user.name]_2.dev.myRole_a -** Expect 201 ** -Granted Permission [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_a|myInstance|myAction] to Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_a] - -# TC_Perm3.30.0.POS User1 Create a Perm -as testid_1@test.com -perm create com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Perm3.30.5.NEG User1 should not be able to create Role in other group -role create com.test.TC_Perm3.@[user.name]_2.dev.myRole_b -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.test.TC_Perm3.@[THE_USER]_2.dev.myRole_b] - -# TC_Perm3.30.6.POS User2 should be able to create Role in own group -as testunused@aaf.att.com -role create com.att.TC_Perm3.@[user.name].dev.myRole_b -** Expect 201 ** -Created Role - -# TC_Perm3.30.7.NEG User2 should not be able to grant Perm to own Role -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Perm [com.test.TC_Perm3.@[THE_USER]_1.dev.myPerm_b|myInstance|myAction] - -# TC_Perm3.30.8.POS User should be able to grant cross company only Double Perm -as testid_1@test.com -perm grant com.test.TC_Perm3.@[user.name]_1.dev.myPerm_b myInstance myAction com.att.TC_Perm3.@[user.name].dev.myRole_b -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testid_1@test.com] may not write Role [com.att.TC_Perm3.@[THE_USER].dev.myRole_b] - -as testid_1@test.com -# TC_Perm3.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Perm3.@[user.name]_1 -** Expect 200,404 ** -Deleted Namespace - -# TC_Perm3.99.3.POS Print Namespaces -ns list name com.test.TC_Perm3.@[user.name]_1 -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_1] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -as testid_2@test.com -# TC_Perm3.99.4.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Perm3.@[user.name]_2 -** Expect 200,404 ** -Deleted Namespace - -# TC_Perm3.99.5.POS Print Namespaces -ns list name com.test.TC_Perm3.@[user.name]_2 -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Perm3.@[THE_USER]_2] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -as testunused@aaf.att.com -# TC_Perm3.99.6.POS Remove Namespace from other company -force ns delete com.att.TC_Perm3.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_Perm3.99.7.POS Print Namespace from other company -ns list name com.att.TC_Perm3.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.att.TC_Perm3.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Realm1.expected b/authz-test/TestSuite/expected/TC_Realm1.expected deleted file mode 100644 index 67232e2a..00000000 --- a/authz-test/TestSuite/expected/TC_Realm1.expected +++ /dev/null @@ -1,210 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set XX@NS <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_Realm1.10.0.POS Validate no NS -ns list name com.test.TC_Realm1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Realm1.10.1.POS Create Namespace to add IDs -ns create com.test.TC_Realm1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -as XX@NS -# TC_Realm1.10.10.POS Grant ability to change delegates -force perm create com.att.aaf.delg com.att create com.test.TC_Realm1.@[user.name].change_delg -** Expect 201 ** -Created Role [com.test.TC_Realm1.@[THE_USER].change_delg] -Created Permission -Granted Permission [com.att.aaf.delg|com.att|create] to Role [com.test.TC_Realm1.@[THE_USER].change_delg] - -# TC_Realm1.10.11.POS Create user role to change delegates -user role add testid@aaf.att.com com.test.TC_Realm1.@[user.name].change_delg -** Expect 201 ** -Added Role [com.test.TC_Realm1.@[THE_USER].change_delg] to User [testid@aaf.att.com] - -as testid@aaf.att.com -# TC_Realm1.20.1.NEG Fail to create - default domain wrong -ns create com.test.TC_Realm1.@[user.name].project1 testunused -** Expect 403 ** -Failed [SVC3403]: Forbidden - testunused@csp.att.com does not have permission to assume test status at AT&T - -# TC_Realm1.20.2.POS Create - default domain appended -ns create com.test.TC_Realm1.@[user.name].project1 @[user.name] @[user.name] -** Expect 201 ** -Created Namespace - -# TC_Realm1.20.3.NEG Fail to create - default domain wrong -ns admin add com.test.TC_Realm1.@[user.name].project1 testunused -** Expect 403 ** -Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID - -# TC_Realm1.20.4.POS Create - full domain given -ns admin add com.test.TC_Realm1.@[user.name].project1 testid@aaf.att.com -** Expect 201 ** -Admin testid@aaf.att.com added to com.test.TC_Realm1.@[THE_USER].project1 - -# TC_Realm1.20.5.POS Delete - default domain appended -ns admin del com.test.TC_Realm1.@[user.name].project1 @[user.name] -** Expect 200 ** -Admin @[THE_USER]@csp.att.com deleted from com.test.TC_Realm1.@[THE_USER].project1 - -# TC_Realm1.20.6.POS Add admin - default domain appended -ns admin add com.test.TC_Realm1.@[user.name].project1 @[user.name] -** Expect 201 ** -Admin @[THE_USER]@csp.att.com added to com.test.TC_Realm1.@[THE_USER].project1 - -# TC_Realm1.30.1.POS Create role to add to users -role create com.test.TC_Realm1.@[user.name].role1 -** Expect 201 ** -Created Role - -# TC_Realm1.30.2.NEG Add user, but default domain wrong -role user add com.test.TC_Realm1.@[user.name].role1 testunused -** Expect 403 ** -Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID - -# TC_Realm1.30.3.POS Add user, with default domain appended -role user add com.test.TC_Realm1.@[user.name].role1 @[user.name] -** Expect 201 ** -Added User [@[THE_USER]@csp.att.com] to Role [com.test.TC_Realm1.@[THE_USER].role1] - -# TC_Realm1.30.10.POS Role list, with default domain added -role list user testunused -** Expect 200 ** - -List Roles for User [testunused@csp.att.com] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- - -# TC_Realm1.30.80.POS Delete user, with default domain appended -role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] -** Expect 200 ** -Removed User [@[THE_USER]@csp.att.com] from Role [com.test.TC_Realm1.@[THE_USER].role1] - -# TC_Realm1.40.1.POS Create role to add to users -role create com.test.TC_Realm1.@[user.name].role2 -** Expect 201 ** -Created Role - -# TC_Realm1.40.2.NEG Add user, but default domain wrong -user role add testunused com.test.TC_Realm1.@[user.name].role2 -** Expect 403 ** -Failed [SVC1403]: Forbidden - AT&T reports that testunused@csp.att.com is a faulty ID - -# TC_Realm1.40.3.POS Add user, with default domain appended -user role add @[user.name] com.test.TC_Realm1.@[user.name].role2 -** Expect 201 ** -Added Role [com.test.TC_Realm1.@[THE_USER].role2] to User [@[THE_USER]@csp.att.com] - -# TC_Realm1.40.10.NEG Add delegate, but default domain wrong -user delegate add testunused testid 2099-01-01 -** Expect 404 ** -Failed [SVC5404]: Not Found - [testunused@csp.att.com] is not a user in the company database. - -# TC_Realm1.40.11.POS Add delegate, with default domain appended -force user delegate add @[user.name] @[user.name] 2099-01-01 -** Expect 201 ** -Delegate Added - -# TC_Realm1.40.12.POS Update delegate, with default domain appended -user delegate upd @[user.name] @[user.name] 2099-01-01 -** Expect 200 ** -Delegate Updated - -as XX@NS -# TC_Realm1.40.20.POS List delegate, with default domain appended -user list delegates user @[user.name] -** Expect 200 ** - -List Delegates by user[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -# TC_Realm1.40.21.POS List delegate, with default domain appended -user list delegates delegate @[user.name] -** Expect 200 ** - -List Delegates by delegate[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -as testid@aaf.att.com -# TC_Realm1.40.80.POS Delete user, with default domain appended -user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 -** Expect 200 ** -Removed Role [com.test.TC_Realm1.@[THE_USER].role2] from User [@[THE_USER]@csp.att.com] - -# TC_Realm1.40.81.POS Delete delegate, with default domain appended -user delegate del @[user.name] -** Expect 200 ** -Delegate Deleted - -as testid@aaf.att.com -# TC_Realm1.99.1.POS Delete delgates -user delegate del @[user.name] -** Expect 200,404 ** -Failed [SVC7404]: Not Found - Cannot delete non-existent Delegate - -# TC_Realm1.99.2.POS Delete user roles -role user del com.test.TC_Realm1.@[user.name].role1 @[user.name] -** Expect 200,404 ** -Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role1 ] - -user role del @[user.name] com.test.TC_Realm1.@[user.name].role2 -** Expect 200,404 ** -Failed [SVC6404]: Not Found - User [ @[THE_USER]@csp.att.com ] is not Assigned to the Role [ com.test.TC_Realm1.@[THE_USER].role2 ] - -# TC_Realm1.99.3.POS Delete roles -role delete com.test.TC_Realm1.@[user.name].role1 -** Expect 200,404 ** -Deleted Role - -role delete com.test.TC_Realm1.@[user.name].role2 -** Expect 200,404 ** -Deleted Role - -as XX@NS -# TC_Realm1.99.10.POS UnGrant ability to change delegates -perm ungrant com.att.aaf.delg com.att change com.test.TC_Realm1.@[user.name].change_delg -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.att.aaf.delg|com.att|change] not associated with any Role - -as testid@aaf.att.com -# TC_Realm1.99.11.POS Delete role to change delegates -set force true -set force=true role delete com.test.TC_Realm1.@[user.name].change_delg -** Expect 200,404 ** -Deleted Role - -# TC_Realm1.99.98.POS Delete Namespaces -ns delete com.test.TC_Realm1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -ns delete com.test.TC_Realm1.@[user.name].project1 -** Expect 200,404 ** -Deleted Namespace - -# TC_Realm1.99.99.POS Verify Cleaned NS -ns list name com.test.TC_Realm1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Realm1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Role1.expected b/authz-test/TestSuite/expected/TC_Role1.expected deleted file mode 100644 index 5cb610fb..00000000 --- a/authz-test/TestSuite/expected/TC_Role1.expected +++ /dev/null @@ -1,369 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set XX@NS <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_Role1.10.0.POS Validate NS ok -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Role1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_Role1.@[user.name].cred_admin -** Expect 201 ** -Created Role - -as XX@NS -# TC_Role1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_Role1.10.12.POS Assign user for creating creds -user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] - -# TC_Role1.20.1.POS List Data on non-Empty NS -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -# TC_Role1.20.2.POS Add Roles -role create com.test.TC_Role1.@[user.name].r.A -** Expect 201 ** -Created Role - -role create com.test.TC_Role1.@[user.name].r.B -** Expect 201 ** -Created Role - -# TC_Role1.20.3.POS List Data on non-Empty NS -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].r.B - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -# TC_Role1.20.4.NEG Don't write over Role -role create com.test.TC_Role1.@[user.name].r.A -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists - -# TC_Role1.20.5.NEG Don't allow non-user to create -as bogus -role create com.test.TC_Role1.@[user.name].r.No -** Expect 401 ** -Failed with code 401, Unauthorized - -# TC_Role1.20.6.NEG Don't allow non-user to create without Approval -as testunused@aaf.att.com -role create com.test.TC_Role1.@[user.name].r.No -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No] - -# TC_Role1.20.10.NEG Non-admins can't change description -as testunused@aaf.att.com -role describe com.test.TC_Role1.@[user.name].r.A Description A -** Expect 403 ** -Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A - -# TC_Role1.20.11.NEG Role must exist to change description -as testid@aaf.att.com -role describe com.test.TC_Role1.@[user.name].r.C Description C -** Expect 404 ** -Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist - -# TC_Role1.20.12.POS Admin can change description -role describe com.test.TC_Role1.@[user.name].r.A Description A -** Expect 200 ** -Description added to role - -# TC_Role1.30.1.POS List Data on non-Empty NS -as testid@aaf.att.com -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].r.B - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -# TC_Role1.30.2.POS Create Sub-ns when Roles that exist -ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Role1.30.3.POS List Data on NS with sub-roles -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - -ns list name com.test.TC_Role1.@[user.name].r -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].r.B - com.test.TC_Role1.@[THE_USER].r.admin - com.test.TC_Role1.@[THE_USER].r.owner - Permissions - com.test.TC_Role1.@[THE_USER].r.access * * - com.test.TC_Role1.@[THE_USER].r.access * read - -# TC_Role1.40.01.POS List Data on non-Empty NS -role list role com.test.TC_Role1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r.A - -# TC_Role1.40.20.POS Create a Perm, and add to Role -perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A] - -# TC_Role1.40.25.POS List -role list role com.test.TC_Role1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT - -# TC_Role1.40.30.POS Create a Perm -perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case -** Expect 201 ** -Created Permission - -# TC_Role1.40.32.POS Separately Grant Perm -perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A -** Expect 201 ** -Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A] - -# TC_Role1.40.35.POS List -role list role com.test.TC_Role1.@[user.name].r.A -** Expect 200 ** - -List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER].r.A - com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT - com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case - -# TC_Role1.50.1.POS Create user to attach to role -user cred add m00001@@[user.name].TC_Role1.test.com password123 -** Expect 201 ** -Added Credential [m00001@@[THE_USER].TC_Role1.test.com] - -# TC_Role1.50.2.POS Create new role -role create com.test.TC_Role1.@[user.name].r.C -** Expect 201 ** -Created Role - -# TC_Role1.50.3.POS Attach user to role -user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C -** Expect 201 ** -Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com] - -# TC_Role1.50.4.POS Create permission and attach to role -perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C] - -# TC_Role1.50.20.NEG Delete role with permission and user attached should fail -role delete com.test.TC_Role1.@[user.name].r.C -** Expect 424 ** -Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users. - -# TC_Role1.50.21.POS Force delete role should work -set force true -set force=true role delete com.test.TC_Role1.@[user.name].r.C -** Expect 200 ** -Deleted Role - -# TC_Role1.50.30.POS List Data on non-Empty NS -ns list name com.test.TC_Role1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role1.@[THE_USER].admin - com.test.TC_Role1.@[THE_USER].cred_admin - com.test.TC_Role1.@[THE_USER].owner - Permissions - com.test.TC_Role1.@[THE_USER].access * * - com.test.TC_Role1.@[THE_USER].access * read - com.test.TC_Role1.@[THE_USER].p.C myInstance myAction - com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT - com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case - Credentials - m00001@@[THE_USER].TC_Role1.test.com - -# Need to let DB catch up on deletes -sleep 0 -as testid@aaf.att.com -# TC_Role1.99.05.POS Remove Permissions from "40_reports" -set force true -set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT -** Expect 200,404 ** -Deleted Permission - -set force true -set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case -** Expect 200,404 ** -Deleted Permission - -# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles -force role delete com.test.TC_Role1.@[user.name].r.A -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Role1.@[user.name].r.B -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Role1.@[user.name].r.C -** Expect 200,404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist - -# TC_Role1.99.15.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin -** Expect 200,404 ** -Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -role delete com.test.TC_Role1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials -perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction -** Expect 200,404 ** -Deleted Permission - -set force true -user cred del m00001@@[user.name].TC_Role1.test.com -** Expect 200,404 ** -Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com] - -# TC_Role1.99.90.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Role1.@[user.name].r -** Expect 200,404 ** -Deleted Namespace - -force ns delete com.test.TC_Role1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_Role1.99.99.POS List to prove clean Namespaces -ns list name com.test.TC_Role1.@[user.name].r -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Role1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Role2.expected b/authz-test/TestSuite/expected/TC_Role2.expected deleted file mode 100644 index 45abf9fd..00000000 --- a/authz-test/TestSuite/expected/TC_Role2.expected +++ /dev/null @@ -1,447 +0,0 @@ -set XX@NS <pass> -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_Role2.10.0.POS Print NS to prove ok -ns list name com.test.TC_Role2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -############## -# Testing Model -# We are making a Testing model based loosely on George Orwell's Animal Farm -# In Animal Farm, Animals did all the work but didn't get any priviledges. -# In our test, the animals can't see anything but their own role, etc -# Dogs were supervisors, and ostensibly did something, though mostly laid around -# In our test, they have Implicit Permissions by being Admins -# Pigs were the Elite. They did nothing, but watch everyone and eat the produce -# In our test, they have Explicit Permissions to see everything they want -############## -as testid@aaf.att.com -# TC_Role2.20.1.POS List Data on non-Empty NS -ns list name com.test.TC_Role2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role2.@[THE_USER].admin - com.test.TC_Role2.@[THE_USER].owner - Permissions - com.test.TC_Role2.@[THE_USER].access * * - com.test.TC_Role2.@[THE_USER].access * read - -# TC_Role2.20.10.POS Create Orwellian Roles -role create com.test.TC_Role2.@[user.name].r.animals -** Expect 201 ** -Created Role - -role create com.test.TC_Role2.@[user.name].r.dogs -** Expect 201 ** -Created Role - -role create com.test.TC_Role2.@[user.name].r.pigs -** Expect 201 ** -Created Role - -# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles -perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals] - -perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] - -perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] - -perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] - -# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs -as XX@NS -perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] - -perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] - -# TC_Role2.20.60.POS List Data on non-Empty NS -as testid@aaf.att.com -ns list name com.test.TC_Role2.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Role2.@[THE_USER].admin - com.test.TC_Role2.@[THE_USER].owner - com.test.TC_Role2.@[THE_USER].r.animals - com.test.TC_Role2.@[THE_USER].r.dogs - com.test.TC_Role2.@[THE_USER].r.pigs - Permissions - com.test.TC_Role2.@[THE_USER].access * * - com.test.TC_Role2.@[THE_USER].access * read - com.test.TC_Role2.@[THE_USER].r.A * * - com.test.TC_Role2.@[THE_USER].r.A garbage eat - com.test.TC_Role2.@[THE_USER].r.A grain * - com.test.TC_Role2.@[THE_USER].r.A grain eat - -as XX@NS -# TC_Role2.40.1.POS List Data on Role -role list role com.test.TC_Role2.@[user.name].r.animals -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.animals - com.test.TC_Role2.@[THE_USER].r.A garbage eat - -role list role com.test.TC_Role2.@[user.name].r.dogs -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.dogs - com.test.TC_Role2.@[THE_USER].r.A * * - com.test.TC_Role2.@[THE_USER].r.A grain * - com.test.TC_Role2.@[THE_USER].r.A grain eat - -role list role com.test.TC_Role2.@[user.name].r.pigs -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.pigs - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view - -# TC_Role2.40.10.POS Add testunused to animals -as testid@aaf.att.com -user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals -** Expect 201 ** -Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com] - -# TC_Role2.40.11.POS List by Name when part of role -as testunused@aaf.att.com -role list role com.test.TC_Role2.@[user.name].r.animals -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.animals - com.test.TC_Role2.@[THE_USER].r.A garbage eat - -# TC_Role2.40.12.NEG List by Name when not part of Role -role list role com.test.TC_Role2.@[user.name].r.dogs -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] - -role list role com.test.TC_Role2.@[user.name].r.pigs -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs] - -# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace -as testid@aaf.att.com -role list role com.test.TC_Role2.@[user.name].r.animals -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.animals - com.test.TC_Role2.@[THE_USER].r.A garbage eat - -role list role com.test.TC_Role2.@[user.name].r.dogs -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.dogs - com.test.TC_Role2.@[THE_USER].r.A * * - com.test.TC_Role2.@[THE_USER].r.A grain * - com.test.TC_Role2.@[THE_USER].r.A grain eat - -role list role com.test.TC_Role2.@[user.name].r.pigs -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.pigs - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view - -# TC_Role2.40.50.POS Change testunused to Pigs -as testid@aaf.att.com -user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals -** Expect 200 ** -Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com] - -user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs -** Expect 201 ** -Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com] - -# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions -as testunused@aaf.att.com -role list role com.test.TC_Role2.@[user.name].r.animals -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals] - -role list role com.test.TC_Role2.@[user.name].r.dogs -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] - -role list role com.test.TC_Role2.@[user.name].r.pigs -** Expect 200 ** - -List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.pigs - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view - -# TC_Role2.41.10.POS List by User when Same as Caller -as testunused@aaf.att.com -role list user testunused@aaf.att.com -** Expect 200 ** - -List Roles for User [testunused@aaf.att.com] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.pigs - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view - -# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles -as testid@aaf.att.com -role list user testunused@aaf.att.com -** Expect 200 ** - -List Roles for User [testunused@aaf.att.com] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.pigs - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view - -# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace -as XX@NS -role list user testunused@aaf.att.com -** Expect 200 ** - -List Roles for User [testunused@aaf.att.com] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.pigs - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view - -# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) -as testunused@aaf.att.com -role list user XX@NS -** Expect 200 ** - -List Roles for User [XX@NS] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- - -# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS -as testid@aaf.att.com -role list ns com.test.TC_Role2.@[user.name] -** Expect 200 ** - -List Roles by NS [com.test.TC_Role2.@[THE_USER]] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].admin - com.test.TC_Role2.@[THE_USER].access * * -com.test.TC_Role2.@[THE_USER].owner - com.test.TC_Role2.@[THE_USER].access * read -com.test.TC_Role2.@[THE_USER].r.animals - com.test.TC_Role2.@[THE_USER].r.A garbage eat -com.test.TC_Role2.@[THE_USER].r.dogs - com.test.TC_Role2.@[THE_USER].r.A * * - com.test.TC_Role2.@[THE_USER].r.A grain * - com.test.TC_Role2.@[THE_USER].r.A grain eat -com.test.TC_Role2.@[THE_USER].r.pigs - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view - com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view - -# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS -as testunused@aaf.att.com -role list ns com.test.TC_Role2.@[user.name] -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]] - -# TC_Role2.43.10.POS List Roles when allowed to see Perm -as testid@aaf.att.com -role list perm com.test.TC_Role2.@[user.name].r.A grain eat -** Expect 200 ** - -List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.dogs - com.test.TC_Role2.@[THE_USER].r.A * * - com.test.TC_Role2.@[THE_USER].r.A grain * - com.test.TC_Role2.@[THE_USER].r.A grain eat - -role list perm com.test.TC_Role2.@[user.name].r.A grain * -** Expect 200 ** - -List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|* --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.dogs - com.test.TC_Role2.@[THE_USER].r.A * * - com.test.TC_Role2.@[THE_USER].r.A grain * - com.test.TC_Role2.@[THE_USER].r.A grain eat - -role list perm com.test.TC_Role2.@[user.name].r.A * * -** Expect 200 ** - -List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|* --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.test.TC_Role2.@[THE_USER].r.dogs - com.test.TC_Role2.@[THE_USER].r.A * * - com.test.TC_Role2.@[THE_USER].r.A grain * - com.test.TC_Role2.@[THE_USER].r.A grain eat - -# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm -as testunused@aaf.att.com -role list perm com.test.TC_Role2.@[user.name].r.A grain eat -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] - -role list perm com.test.TC_Role2.@[user.name].r.A grain * -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*] - -role list perm com.test.TC_Role2.@[user.name].r.A * * -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*] - -as XX@NS -# TC_Role2.99.1.POS Delete Roles -force role delete com.test.TC_Role2.@[user.name].r.animals -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Role2.@[user.name].r.dogs -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_Role2.@[user.name].r.pigs -** Expect 200,404 ** -Deleted Role - -# TC_Role2.99.2.POS Delete Perms -force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_Role2.@[user.name].r.A grain eat -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_Role2.@[user.name].r.A grain * -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_Role2.@[user.name].r.A * * -** Expect 200,404 ** -Deleted Permission - -force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view -** Expect 200,404 ** -Deleted Permission - -force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view -** Expect 200,404 ** -Deleted Permission - -# TC_Role2.99.2.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_Role2.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_Role2.99.3.POS Print Namespaces -ns list name com.test.TC_Role2.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_UR1.expected b/authz-test/TestSuite/expected/TC_UR1.expected deleted file mode 100644 index 7630488f..00000000 --- a/authz-test/TestSuite/expected/TC_UR1.expected +++ /dev/null @@ -1,266 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set XX@NS <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_UR1.10.0.POS Validate no NS -ns list name com.test.TC_UR1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_UR1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_UR1.10.1.POS Create Namespace to add IDs -ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Role1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_UR1.@[user.name].cred_admin -** Expect 201 ** -Created Role - -as XX@NS -# TC_Role1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_UR1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_Role1.10.12.POS Assign user for creating creds -user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin -** Expect 201 ** -Added Role [com.test.TC_UR1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] - -# TC_UR1.10.20.POS Create two Credentials -user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd" -** Expect 201 ** -Added Credential [m00001@@[THE_USER].TC_UR1.test.com] - -user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd" -** Expect 201 ** -Added Credential [m00002@@[THE_USER].TC_UR1.test.com] - -# TC_UR1.10.21.POS Create two Roles -role create com.test.TC_UR1.@[user.name].r1 -** Expect 201 ** -Created Role - -role create com.test.TC_UR1.@[user.name].r2 -** Expect 201 ** -Created Role - -# TC_UR1.23.1.NEG Too Few Args for User Role 1 -user -** Expect 0 ** -user role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)] - cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)] - delegate <add|upd|del> <from> [to REQ A&U] [until (YYYY-MM-DD) REQ A] - list role <role> - perm <type> <instance> <action> - cred <ns|id> <value> - delegates <user|delegate> <id> - approvals <user|approver|ticket> <value> - activity <user> - -# TC_UR1.23.2.NEG Too Few Args for user role -user role -** Expect -1 ** -Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)] - -# TC_UR1.23.3.NEG Too Few Args for user role add -user role add -** Expect -1 ** -Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)] - -# TC_UR1.30.10.POS Create a UserRole -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 -** Expect 201 ** -Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com] - -# TC_UR1.30.11.NEG Created UserRole Exists -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - User Role exists - -# TC_UR1.30.13.POS Delete UserRole -sleep 0 -user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 -** Expect 200 ** -Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com] - -# TC_UR1.30.20.POS Create multiple UserRoles -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 -** Expect 201 ** -Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com] -Added Role [com.test.TC_UR1.@[THE_USER].r2] to User [m00001@@[THE_USER].TC_UR1.test.com] - -# TC_UR1.30.21.NEG Created UserRole Exists -user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - User Role exists -Failed [SVC1409]: Conflict Already Exists - User Role exists - -# TC_UR1.30.23.POS Delete UserRole -sleep 0 -user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 -** Expect 200 ** -Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com] -Removed Role [com.test.TC_UR1.@[THE_USER].r2] from User [m00001@@[THE_USER].TC_UR1.test.com] - -# TC_UR1.30.30.POS Create a Role User -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com -** Expect 201 ** -Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1] - -# TC_UR1.30.31.NEG Created Role User Exists -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - User Role exists - -# TC_UR1.30.33.POS Delete Role User -sleep 0 -role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com -** Expect 200 ** -Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1] - -# TC_UR1.30.40.POS Create multiple Role Users -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com -** Expect 201 ** -Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1] -Added User [m00002@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1] - -# TC_UR1.30.41.NEG Created Role User Exists -role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com -** Expect 409 ** -Failed [SVC1409]: Conflict Already Exists - User Role exists -Failed [SVC1409]: Conflict Already Exists - User Role exists - -# TC_UR1.30.43.POS Delete Role Users -sleep 0 -role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com -** Expect 200 ** -Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1] -Removed User [m00002@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1] - -# TC_UR1.40.10.POS Create multiple UserRoles -user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2 -** Expect 200 ** -Set User's Roles to [com.test.TC_UR1.@[THE_USER].r1,com.test.TC_UR1.@[THE_USER].r2] - -# TC_UR1.40.11.POS Reset userrole for a user -user role setTo m00001@@[user.name].TC_UR1.test.com -** Expect 200 ** -Set User's Roles to [] - -# TC_UR1.40.12.NEG Create userrole where Role doesn't exist -user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5 -** Expect 404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist - -# TC_UR1.40.13.NEG Create userrole where User doesn't exist -user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 -** Expect 403 ** -Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential - -as testunused@aaf.att.com -# TC_UR1.40.19.NEG User without permission tries to add userrole -user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1 -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1] - -# TC_UR1.40.20.NEG User without permission tries to add userrole -role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1] - -as testid@aaf.att.com -# TC_UR1.40.22.POS Reset userrole for a user -role user setTo com.test.TC_UR1.@[user.name].r1 -** Expect 200 ** -Set the Role to Users [] - -sleep 0 -# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist -role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com -** Expect 404 ** -Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist - -sleep 0 -# TC_UR1.40.24.NEG Create UserRole where User doesn't exist -role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com -** Expect 403 ** -Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential - -# Need to let DB catch up on deletes -sleep 0 -as testid@aaf.att.com -# TC_UR1.99.1.POS Remove User from Role -role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com -** Expect 200,404 ** -Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ] -Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ] - -role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com -** Expect 200,404 ** -Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ] -Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ] - -role user setTo com.test.TC_UR1.@[user.name].r1 -** Expect 200,404 ** -Set the Role to Users [] - -# TC_UR1.99.2.POS Remove ability to create creds -user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin -** Expect 200,404 ** -Removed Role [com.test.TC_UR1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] - -as XX@NS -perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_UR1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -role delete com.test.TC_UR1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -# TC_UR1.99.3.POS Delete Creds -set force true -user cred del m00001@@[user.name].TC_UR1.test.com -** Expect 200,404 ** -Deleted Credential [m00001@@[THE_USER].TC_UR1.test.com] - -set force true -user cred del m00002@@[user.name].TC_UR1.test.com -** Expect 200,404 ** -Deleted Credential [m00002@@[THE_USER].TC_UR1.test.com] - -# TC_UR1.99.4.POS Delete Roles -set force true -set force=true role delete com.test.TC_UR1.@[user.name].r1 -** Expect 200,404 ** -Deleted Role - -set force true -set force=true role delete com.test.TC_UR1.@[user.name].r2 -** Expect 200,404 ** -Deleted Role - -# TC_UR1.99.5.POS Delete Namespace -set force true -set force=true ns delete com.test.TC_UR1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_UR1.99.99.POS Verify Cleaned NS -ns list name com.test.TC_UR1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_UR1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_User1.expected b/authz-test/TestSuite/expected/TC_User1.expected deleted file mode 100644 index e1d304f5..00000000 --- a/authz-test/TestSuite/expected/TC_User1.expected +++ /dev/null @@ -1,485 +0,0 @@ -set XX@NS <pass> -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set bogus@aaf.att.com boguspass -set m99990@@[THE_USER].TC_User1.test.com password123 -set m99995@@[THE_USER].TC_User1.test.com password123 -#delay 10 -set NFR 0 -as testid@aaf.att.com -# TC_User1.10.0.POS Check for Existing Data -ns list name com.test.TC_User1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_User1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_User1.10.10.POS Create role to assign mechid perm to -role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com -** Expect 201 ** -Created Role -Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin] - -as XX@NS -# TC_User1.10.11.POS Assign role to mechid perm -perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin] - -perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin -** Expect 201 ** -Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin] - -as testid@aaf.att.com -# TC_User1.01.99.POS Expect Namespace to be created -ns list name com.test.TC_User1.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_User1.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_User1.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_User1.@[THE_USER].admin - com.test.TC_User1.@[THE_USER].cred_admin - com.test.TC_User1.@[THE_USER].owner - Permissions - com.test.TC_User1.@[THE_USER].access * * - com.test.TC_User1.@[THE_USER].access * read - -as testid@aaf.att.com -# TC_User1.20.1.POS Create roles -role create com.test.TC_User1.@[user.name].manager -** Expect 201 ** -Created Role - -role create com.test.TC_User1.@[user.name].worker -** Expect 201 ** -Created Role - -# TC_User1.20.2.POS Create permissions -perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker] - -perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker] - -perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager] - -perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager -** Expect 201 ** -Created Permission -Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager] - -# TC_User1.20.3.POS Create mechid -user cred add m99990@@[user.name].TC_User1.test.com password123 -** Expect 201 ** -Added Credential [m99990@@[THE_USER].TC_User1.test.com] - -user cred add m99995@@[user.name].TC_User1.test.com password123 -** Expect 201 ** -Added Credential [m99995@@[THE_USER].TC_User1.test.com] - -as XX@NS -# TC_User1.20.10.POS Add users to roles -user role add @[user.name] com.test.TC_User1.@[user.name].manager -** Expect 201 ** -Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com] - -user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker -** Expect 201 ** -Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com] - -# TC_User1.20.20.POS Add Delegate -as XX@NS -# TC_User1.20.20.POS Create delegates -force user delegate add @[user.name] @[user.name] -** Expect 201 ** -Delegate Added - -# TC_User1.40.1.NEG Non-admin, user not in role should not view -as testunused@aaf.att.com -user list role com.test.TC_User1.@[user.name].manager -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] - -user list role com.test.TC_User1.@[user.name].worker -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker] - -as m99990@@[THE_USER].TC_User1.test.com -# TC_User1.40.2.NEG Non-admin, user in role should not view -user list role com.test.TC_User1.@[user.name].manager -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] - -sleep 0 -# TC_User1.40.3.POS Non-admin, user in role can view himself -user list role com.test.TC_User1.@[user.name].worker -** Expect 200 ** - -List Users for Role[com.test.TC_User1.@[THE_USER].worker] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -as testid@aaf.att.com -# TC_User1.40.10.POS admin should view -user list role com.test.TC_User1.@[user.name].manager -** Expect 200 ** - -List Users for Role[com.test.TC_User1.@[THE_USER].manager] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -@[THE_USER]@csp.att.com XXXX-XX-XX - - -user list role com.test.TC_User1.@[user.name].worker -** Expect 200 ** - -List Users for Role[com.test.TC_User1.@[THE_USER].worker] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -as testunused@aaf.att.com -# TC_User1.41.1.NEG Non-admin, user not in perm should not view -user list perm com.test.TC_User1.@[user.name].supplies * move -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- - - -user list perm com.test.TC_User1.@[user.name].supplies * stock -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- - - -user list perm com.test.TC_User1.@[user.name].schedule worker create -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- - - -user list perm com.test.TC_User1.@[user.name].worker * annoy -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- - - -as m99990@@[THE_USER].TC_User1.test.com -# TC_User1.41.2.POS Non-admin, user in perm can view himself -user list perm com.test.TC_User1.@[user.name].supplies * move -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].supplies * stock -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -as m99990@@[THE_USER].TC_User1.test.com -# TC_User1.41.3.NEG Non-admin, user in perm should not view -user list perm com.test.TC_User1.@[user.name].schedule worker create -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- - - -user list perm com.test.TC_User1.@[user.name].worker * annoy -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- - - -as testid@aaf.att.com -# TC_User1.41.10.POS admin should view -user list perm com.test.TC_User1.@[user.name].supplies * move -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].supplies * stock -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].schedule worker create -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -@[THE_USER]@csp.att.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].worker * annoy -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -@[THE_USER]@csp.att.com XXXX-XX-XX - - -as testunused@aaf.att.com -# TC_User1.42.1.NEG Unrelated user can't view delegates -user list delegates user m99990@@[user.name].TC_User1.test.com -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com] - -user list delegates delegate m99995@@[user.name].TC_User1.test.com -** Expect 403 ** -Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com] - -as XX@NS -# TC_User1.42.10.POS Admin of domain NS can view -user list delegates user @[user.name] -** Expect 200 ** - -List Delegates by user[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -user list delegates delegate @[user.name] -** Expect 200 ** - -List Delegates by delegate[@[THE_USER]@csp.att.com] --------------------------------------------------------------------------------- - User Delegate Expires --------------------------------------------------------------------------------- - @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX - -as testid@aaf.att.com -# TC_User1.43.1.POS Add another user to worker role -user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker -** Expect 201 ** -Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com] - -as m99990@@[THE_USER].TC_User1.test.com -# TC_User1.43.2.POS User should only see himself here -user list role com.test.TC_User1.@[user.name].worker -** Expect 200 ** - -List Users for Role[com.test.TC_User1.@[THE_USER].worker] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX -m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].supplies * move -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX -m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].supplies * stock -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX -m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -as XX@NS -# TC_User1.43.10.POS Grant explicit user perm to user -perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker] - -as m99990@@[THE_USER].TC_User1.test.com -# TC_User1.43.11.POS User should see all users of test domain now -user list role com.test.TC_User1.@[user.name].worker -** Expect 200 ** - -List Users for Role[com.test.TC_User1.@[THE_USER].worker] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX -m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].supplies * move -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX -m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -user list perm com.test.TC_User1.@[user.name].supplies * stock -** Expect 200 ** - -List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] --------------------------------------------------------------------------------- -User Expires --------------------------------------------------------------------------------- -m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX -m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX - - -as testid@aaf.att.com -# TC_User1.99.0.POS Remove user roles -user role del @[user.name] com.test.TC_User1.@[user.name].manager -** Expect 200,404 ** -Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com] - -user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker -** Expect 200,404 ** -Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com] - -user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker -** Expect 200,404 ** -Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com] - -# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms -force perm delete com.test.TC_User1.@[user.name].supplies * move -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_User1.@[user.name].supplies * stock -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_User1.@[user.name].schedule worker create -** Expect 200,404 ** -Deleted Permission - -force perm delete com.test.TC_User1.@[user.name].worker * annoy -** Expect 200,404 ** -Deleted Permission - -force role delete com.test.TC_User1.@[user.name].manager -** Expect 200,404 ** -Deleted Role - -force role delete com.test.TC_User1.@[user.name].worker -** Expect 200,404 ** -Deleted Role - -# TC_User1.99.10.POS Creds and delegate -user delegate del @[user.name] -** Expect 200,404 ** -Delegate Deleted - -user cred del m99990@@[user.name].TC_User1.test.com -** Expect 200,404 ** -Deleted Credential [m99990@@[THE_USER].TC_User1.test.com] - -user cred del m99995@@[user.name].TC_User1.test.com -** Expect 200,404 ** -Deleted Credential [m99995@@[THE_USER].TC_User1.test.com] - -as XX@NS -# TC_User1.99.15.POS Remove ability to create creds -perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin] - -perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin -** Expect 200,404 ** -UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin] - -perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view -** Expect 200,404 ** -Deleted Permission - -as testid@aaf.att.com -force role delete com.test.TC_User1.@[user.name].cred_admin -** Expect 200,404 ** -Deleted Role - -# TC_User1.99.90.POS Namespace Admin can delete Namespace -force ns delete com.test.TC_User1.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -sleep 0 -# TC_User1.99.99.POS Check Clean Namespace -ns list name com.test.TC_User1.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_User1.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/expected/TC_Wild.expected b/authz-test/TestSuite/expected/TC_Wild.expected deleted file mode 100644 index 448efa1d..00000000 --- a/authz-test/TestSuite/expected/TC_Wild.expected +++ /dev/null @@ -1,520 +0,0 @@ -set testid@aaf.att.com <pass> -set testunused@aaf.att.com <pass> -set XX@NS <pass> -set bogus boguspass -#delay 10 -set NFR 0 -as XX@NS -# TC_Wild.10.0.POS Validate NS ok -ns list name com.att.test.TC_Wild.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.att.test.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -# TC_Wild.10.1.POS Create Namespace with valid IDs and Responsible Parties -ns create com.att.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Wild.10.10.POS Create a clean MechID -user cred add m99999@@[user.name].TC_Wild.att.com aNewPass8 -** Expect 201 ** -Added Credential [m99999@@[THE_USER].TC_Wild.att.com] - -set m99999@@[THE_USER].TC_Wild.att.com aNewPass8 -as XX@NS -# TC_Wild.10.11.POS Create role and assign MechID to -role create com.att.TC_Wild.@[user.name].service m99999@@[user.name].TC_Wild.att.com -** Expect 201 ** -Created Role -Added User [m99999@@[THE_USER].TC_Wild.att.com] to Role [com.att.TC_Wild.@[THE_USER].service] - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.20.1.NEG Fail to create a perm in NS -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction] - -# TC_Wild.20.3.POS Add "access perm" based Wild Card with specific Action -as XX@NS -perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:myAction|write] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.20.5.POS Print Perms -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write - - -# TC_Wild.20.7.POS Now able to create a perm in NS -as m99999@@[THE_USER].TC_Wild.att.com -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Wild.20.8.POS Print Perms -as XX@NS -perm list ns com.att.TC_Wild.@[user.name] -** Expect 200 ** - -List Perms by NS [com.att.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access * * -com.att.TC_Wild.@[THE_USER].access * read -com.att.TC_Wild.@[THE_USER].access :perm:myType:*:myAction write -com.att.TC_Wild.@[THE_USER].myType myInstance myAction - - -# TC_Wild.20.10.POS Delete Perms Created -force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:myAction write -** Expect 200 ** -Deleted Permission - -force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 200 ** -Deleted Permission - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.21.1.NEG Fail to create a perm in NS -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction] - -# TC_Wild.21.3.POS Add "access perm" based Wild Card with specific Action -as XX@NS -perm create com.att.TC_Wild.@[user.name].access :perm:myType:*:* write com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.TC_Wild.@[THE_USER].access|:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.21.5.POS Print Perms -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write - - -# TC_Wild.21.7.POS Now able to create a perm in NS -as m99999@@[THE_USER].TC_Wild.att.com -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Wild.21.8.POS Print Perms -as XX@NS -perm list ns com.att.TC_Wild.@[user.name] -** Expect 200 ** - -List Perms by NS [com.att.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access * * -com.att.TC_Wild.@[THE_USER].access * read -com.att.TC_Wild.@[THE_USER].access :perm:myType:*:* write -com.att.TC_Wild.@[THE_USER].myType myInstance myAction - - -# TC_Wild.21.10.POS Delete Perms Created -force perm delete com.att.TC_Wild.@[user.name].access :perm:myType:*:* write -** Expect 200 ** -Deleted Permission - -force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 200 ** -Deleted Permission - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.30.1.NEG Fail to create a role in NS -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] - -# TC_Wild.30.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -perm create com.att.TC_Wild.@[user.name].access :role:tool.* write com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.30.5.POS Print Perms -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access :role:tool.* write - - -# TC_Wild.30.7.POS Now able to create a role in NS -as m99999@@[THE_USER].TC_Wild.att.com -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 201 ** -Created Role - -# TC_Wild.30.8.POS Print Perms -as XX@NS -role list ns com.att.TC_Wild.@[user.name] -** Expect 200 ** - -List Roles by NS [com.att.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].admin - com.att.TC_Wild.@[THE_USER].access * * -com.att.TC_Wild.@[THE_USER].owner - com.att.TC_Wild.@[THE_USER].access * read -com.att.TC_Wild.@[THE_USER].service - com.att.TC_Wild.@[THE_USER].access :role:tool.* write -com.att.TC_Wild.@[THE_USER].tool.myRole - -# TC_Wild.30.10.POS Delete Perms Created -force perm delete com.att.TC_Wild.@[user.name].access :role:tool.* write -** Expect 200 ** -Deleted Permission - -force role delete com.att.TC_Wild.@[user.name].tool.myRole -** Expect 200 ** -Deleted Role - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.31.1.NEG Fail to create a role in NS -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] - -# TC_Wild.31.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -perm create com.att.TC_Wild.@[user.name].access :role:* write com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|write] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.31.5.POS Print Perms -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access :role:* write - - -# TC_Wild.31.7.POS Now able to create a role in NS -as m99999@@[THE_USER].TC_Wild.att.com -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 201 ** -Created Role - -# TC_Wild.31.8.POS Print Perms -as XX@NS -role list ns com.att.TC_Wild.@[user.name] -** Expect 200 ** - -List Roles by NS [com.att.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].admin - com.att.TC_Wild.@[THE_USER].access * * -com.att.TC_Wild.@[THE_USER].owner - com.att.TC_Wild.@[THE_USER].access * read -com.att.TC_Wild.@[THE_USER].service - com.att.TC_Wild.@[THE_USER].access :role:* write -com.att.TC_Wild.@[THE_USER].tool.myRole - -# TC_Wild.31.10.POS Delete Perms Created -force perm delete com.att.TC_Wild.@[user.name].access :role:* write -** Expect 200 ** -Deleted Permission - -force role delete com.att.TC_Wild.@[user.name].tool.myRole -** Expect 200 ** -Deleted Role - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.32.1.NEG Fail to create a role in NS -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] - -# TC_Wild.32.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -perm create com.att.TC_Wild.@[user.name].access :role:* * com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.TC_Wild.@[THE_USER].access|:role:*|*] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.32.5.POS Print Perms -as m99999@@[THE_USER].TC_Wild.att.com -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access :role:* * - - -# TC_Wild.32.7.POS Now able to create a role in NS -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 201 ** -Created Role - -# TC_Wild.32.8.POS May Print Role -role list role com.att.TC_Wild.@[user.name].tool.myRole -** Expect 200 ** - -List Roles for Role[com.att.TC_Wild.@[THE_USER].tool.myRole] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].tool.myRole - -as XX@NS -# TC_Wild.32.10.POS Delete Perms Created -force perm delete com.att.TC_Wild.@[user.name].access :role:* * -** Expect 200 ** -Deleted Permission - -force role delete com.att.TC_Wild.@[user.name].tool.myRole -** Expect 200 ** -Deleted Role - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.50.1.NEG Fail to create a perm in NS -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Perm [com.att.TC_Wild.@[THE_USER].myType|myInstance|myAction] - -# TC_Wild.50.3.POS Add "access perm" based Wild Card with specific Action -as XX@NS -perm create com.att.aaf.ns :com.att.*:perm:myType:*:* write com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.ns|:com.att.*:perm:myType:*:*|write] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.50.5.POS Print Perms -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.aaf.ns :com.att.*:perm:myType:*:* write - - -# TC_Wild.50.7.POS Now able to create a perm in NS -as m99999@@[THE_USER].TC_Wild.att.com -perm create com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 201 ** -Created Permission - -# TC_Wild.50.8.POS Print Perms -as XX@NS -perm list ns com.att.TC_Wild.@[user.name] -** Expect 200 ** - -List Perms by NS [com.att.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].access * * -com.att.TC_Wild.@[THE_USER].access * read -com.att.TC_Wild.@[THE_USER].myType myInstance myAction - - -# TC_Wild.50.10.POS Delete Perms Created -force perm delete com.att.aaf.ns :com.att.*:perm:myType:*:* write -** Expect 200 ** -Deleted Permission - -force perm delete com.att.TC_Wild.@[user.name].myType myInstance myAction -** Expect 200 ** -Deleted Permission - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.51.1.NEG Fail to create a role in NS -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write Role [com.att.TC_Wild.@[THE_USER].tool.myRole] - -# TC_Wild.51.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -perm create com.att.aaf.ns :com.att.*:role:tool.* write com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.ns|:com.att.*:role:tool.*|write] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.51.5.POS Print Perms -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.aaf.ns :com.att.*:role:tool.* write - - -# TC_Wild.51.7.POS Now able to create a role in NS -as m99999@@[THE_USER].TC_Wild.att.com -role create com.att.TC_Wild.@[user.name].tool.myRole -** Expect 201 ** -Created Role - -# TC_Wild.51.8.POS Print Perms -as XX@NS -role list ns com.att.TC_Wild.@[user.name] -** Expect 200 ** - -List Roles by NS [com.att.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- -ROLE Name - PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.TC_Wild.@[THE_USER].admin - com.att.TC_Wild.@[THE_USER].access * * -com.att.TC_Wild.@[THE_USER].owner - com.att.TC_Wild.@[THE_USER].access * read -com.att.TC_Wild.@[THE_USER].service - com.att.aaf.ns :com.att.*:role:tool.* write -com.att.TC_Wild.@[THE_USER].tool.myRole - -# TC_Wild.51.10.POS Delete Perms Created -force perm delete com.att.aaf.ns :com.att.*:role:tool.* write -** Expect 200 ** -Deleted Permission - -force role delete com.att.TC_Wild.@[user.name].tool.myRole -** Expect 200 ** -Deleted Role - -as m99999@@[THE_USER].TC_Wild.att.com -# TC_Wild.52.1.NEG Fail to create a NS -ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com -** Expect 403 ** -Failed [SVC1403]: Forbidden - [m99999@@[THE_USER].TC_Wild.att.com] may not write in NS [com.test] - -# TC_Wild.52.3.POS Add "access role" based Wild Card with specific Action -as XX@NS -perm create com.att.aaf.ns :com.test:ns write com.att.TC_Wild.@[user.name].service -** Expect 201 ** -Created Permission -Granted Permission [com.att.aaf.ns|:com.test:ns|write] to Role [com.att.TC_Wild.@[THE_USER].service] - -# TC_Wild.52.5.POS Print Perms -perm list user m99999@@[user.name].TC_Wild.att.com -** Expect 200 ** - -List Permissions by User[m99999@@[THE_USER].TC_Wild.att.com] --------------------------------------------------------------------------------- -PERM Type Instance Action --------------------------------------------------------------------------------- -com.att.aaf.ns :com.test:ns write - - -# TC_Wild.52.7.POS Now able to create an NS -as m99999@@[THE_USER].TC_Wild.att.com -ns create com.test.TC_Wild.@[user.name] @[user.name] testid@aaf.att.com -** Expect 201 ** -Created Namespace - -# TC_Wild.52.8.POS Print Perms -as XX@NS -ns list name com.test.TC_Wild.@[user.name] -** Expect 200 ** - -List Namespaces by Name[com.test.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- -com.test.TC_Wild.@[THE_USER] - Administrators - testid@aaf.att.com - Responsible Parties - @[THE_USER]@csp.att.com - Roles - com.test.TC_Wild.@[THE_USER].admin - com.test.TC_Wild.@[THE_USER].owner - Permissions - com.test.TC_Wild.@[THE_USER].access * * - com.test.TC_Wild.@[THE_USER].access * read - -# TC_Wild.52.10.POS Delete Perms Created -force perm delete com.att.aaf.ns :com.test:ns write -** Expect 200 ** -Deleted Permission - -force ns delete com.test.TC_Wild.@[user.name] -** Expect 200 ** -Deleted Namespace - -as XX@NS -# TC_Wild.99.80.POS Cleanup -force perm delete com.att.aaf.ns :com.att.*:perm:*:* write -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|write] does not exist - -# TC_Wild.99.81.POS Cleanup -force perm delete com.att.aaf.ns :com.att.*:perm:*:* * -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:perm:*:*|*] does not exist - -# TC_Wild.99.82.POS Cleanup -force perm delete com.att.aaf.ns :com.att.*:role:* write -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.att.*:role:*|write] does not exist - -# TC_Wild.99.83.POS Cleanup -force perm delete com.att.aaf.ns :com.test:ns write -** Expect 200,404 ** -Failed [SVC4404]: Not Found - Permission [com.att.aaf.ns|:com.test:ns|write] does not exist - -# TC_Wild.99.90.POS Cleanup -force ns delete com.test.TC_Wild.@[user.name] -** Expect 200,404 ** -Failed [SVC2404]: Not Found - com.test.TC_Wild.@[THE_USER] does not exist - -# TC_Wild.99.91.POS Cleanup -force ns delete com.att.TC_Wild.@[user.name] -** Expect 200,404 ** -Deleted Namespace - -# TC_Wild.99.99.POS List to prove clean Namespaces -ns list name com.att.TC_Wild.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.att.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - -ns list name com.test.TC_Wild.@[user.name] -** Expect 200,404 ** - -List Namespaces by Name[com.test.TC_Wild.@[THE_USER]] --------------------------------------------------------------------------------- - *** Namespace Not Found *** - diff --git a/authz-test/TestSuite/list b/authz-test/TestSuite/list deleted file mode 100644 index 8742d971..00000000 --- a/authz-test/TestSuite/list +++ /dev/null @@ -1,2 +0,0 @@ -# /bin/sh -find . -maxdepth 1 -name "TC*" -exec sh cmds {} \; | grep \# diff --git a/authz-test/TestSuite/qc b/authz-test/TestSuite/qc deleted file mode 100644 index 83149a3a..00000000 --- a/authz-test/TestSuite/qc +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -# For Jenkins, we need to keep track of the exit code returned from each tc run; -# if it's ever non-zero (ie, a failure), must return that value when this script exits -# -STATUS=0 - -for DIR in `ls | grep ^TC_ | sort`; do - echo "**" | tee reports/$DIR.txt - echo "** TC Group: $DIR" | tee -a reports/$DIR.txt - echo "** Date : "`date` | tee -a reports/$DIR.txt - echo "** By : "`who | cut -d " " -f 1` | tee -a reports/$DIR.txt - echo "**" | tee -a reports/$DIR.txt - echo "" >> reports/$DIR.txt - echo "-- Description --" >> reports/$DIR.txt - cat $DIR/Description >> reports/$DIR.txt - echo -- Positive Cases -- >> reports/$DIR.txt - grep -h "^# $DIR.*POS " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt - echo >> reports/$DIR.txt - echo -- Negative Cases -- >> reports/$DIR.txt - grep -h "^# $DIR.*NEG " $DIR/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' >> reports/$DIR.txt - - - echo "" >> reports/$DIR.txt - echo "-- Results" | tee -a reports/$DIR.txt - echo "" | tee -a reports/$DIR.txt - - bash ./tc $DIR | tee -a reports/$DIR.txt - - if [[ ${PIPESTATUS[0]} -ne 0 ]]; then - STATUS=1 - fi -done - - -exit $STATUS - - diff --git a/authz-test/TestSuite/reset b/authz-test/TestSuite/reset deleted file mode 100644 index af9b1005..00000000 --- a/authz-test/TestSuite/reset +++ /dev/null @@ -1,4 +0,0 @@ -set m12345=<pass> -as m12345 -ns create com.test testid@test.com - diff --git a/authz-test/TestSuite/rpt1 b/authz-test/TestSuite/rpt1 deleted file mode 100644 index 4997ed83..00000000 --- a/authz-test/TestSuite/rpt1 +++ /dev/null @@ -1,22 +0,0 @@ -# /bin/bash -if [ "$1" == "" ]; then - echo "Usage: rpt1 <TestCase>" - exit 1 -fi - -echo "**" -echo "** TC Group: $1" -echo "** Date : "`date` -echo "** By : "`who | cut -d " " -f 1` -echo "**" -echo "" -echo "-- Description --" -cat $1/Description -echo -- Positive Cases -- -grep -h "^# $1.*POS " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' -echo -echo -- Negative Cases -- -grep -h "^# $1.*NEG " $1/[0-9]* | cut -d ' ' -f 2- | sed -e 's/ / /' - -cd .. -exit 0 diff --git a/authz-test/TestSuite/rpt2 b/authz-test/TestSuite/rpt2 deleted file mode 100644 index 45eb1e21..00000000 --- a/authz-test/TestSuite/rpt2 +++ /dev/null @@ -1,12 +0,0 @@ -# /bin/bash -if [ "$1" == "" ]; then - echo "Usage: rpt2 <TestCase>" - exit 1 -fi - -./rpt1 $1 -echo "" -echo "-- Results" -echo "" -./tc $1 - diff --git a/authz-test/TestSuite/tc b/authz-test/TestSuite/tc deleted file mode 100644 index ed21c64e..00000000 --- a/authz-test/TestSuite/tc +++ /dev/null @@ -1,82 +0,0 @@ -#!/bin/bash -TS=`echo $0 | sed "s/\/tc//"` - -mkdir -p runs - -function failed { - echo "FAILED TEST! $*" - exit 1 -} - -if [ "$1" == "-a" ]; then - OPTS=$OPTS" -a"; - shift -elif [ "$1" == "clean" ]; then - CLEAN="TRUE" - shift -fi - -if [[ -z $USER ]]; then - THE_USER=`whoami` -elif [[ -n "$SUDO_USER" ]]; then - THE_USER=$SUDO_USER -elif [[ -n "$USER" ]]; then - THE_USER=$USER -fi - -if [ "$1" == "" ]; then - DIRS=`find $TS -maxdepth 2 -type d -name "TC_*" | sed "s/^$TS\///" | sort` - if [ "$DIRS" == "" ] ; then - echo "Usage: tc <TestCase> [expected]" - echo " expected - create the expected response for future comparison" - exit 1 - fi -else - DIRS=$1 - shift -fi - -if [ "$1" == "-a" ]; then - OPTS=$OPTS" -a"; - shift -elif [ "$1" == "clean" ]; then - CLEAN="TRUE" - shift -fi - -if [ -e tc.delay ]; then - OPTS=$OPTS" -delayAll "`cat tc.delay` -fi - - -SUFFIX=`date "+%Y-%m-%d_%H:%M:%S"` -for TC in $DIRS; do - echo $TC - if [ "$CLEAN" = "TRUE" ]; then - cat $TS/$TC/00* $TS/$TC/99* | aafcli -i -a -t -n - rm -f last - ln -s runs/$TC.CLEAN.$SUFFIX last - elif [ "$1" = "expected" ]; then - SUFFIX=$1 - cat $TS/$TC/[0-9]* | aafcli -i -t 2>&1 | sed -e "/$THE_USER/s//@[THE_USER]/g" | tee $TS/expected/$TC.$SUFFIX - elif [ -d "$TS/$TC" ]; then - if [ "$1" = "dryrun" ]; then - cat $TS/$TC/[0-9]* > temp - cat $TS/$TC/[0-9]* | aafcli -i -t - else - rm -f last - > runs/$TC.$SUFFIX - ln -s runs/$TC.$SUFFIX last - cat $TS/$TC/[0-9]* | aafcli -i -t $OPTS | sed -e "/$THE_USER/s//@[THE_USER]/g" -e "s/
//" 2>&1 > runs/$TC.$SUFFIX - - diff --ignore-blank-lines -w runs/$TC.$SUFFIX $TS/expected/$TC.expected || failed "[$TC.$SUFFIX]" - echo "SUCCESS! [$TC.$SUFFIX]" - fi - elif [ -f "$TS/$TC" ]; then - cat $TS/$TC | aafcli -i -t $OPTS - else - echo missed dir - fi -done - -exit 0 |