From 43854a9e3310ff7a92257d16c4fc0a8321eaec68 Mon Sep 17 00:00:00 2001 From: sg481n Date: Thu, 3 Aug 2017 17:27:34 -0400 Subject:  [AAF-21] Initial code import MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a Signed-off-by: sg481n --- authz-test/TestSuite/TC_Role1/00_ids | 8 ++++++ authz-test/TestSuite/TC_Role1/10_init | 23 +++++++++++++++ authz-test/TestSuite/TC_Role1/20_add_data | 40 +++++++++++++++++++++++++++ authz-test/TestSuite/TC_Role1/30_change_ns | 14 ++++++++++ authz-test/TestSuite/TC_Role1/40_reports | 24 ++++++++++++++++ authz-test/TestSuite/TC_Role1/50_force_delete | 28 +++++++++++++++++++ authz-test/TestSuite/TC_Role1/90_wait | 2 ++ authz-test/TestSuite/TC_Role1/99_cleanup | 34 +++++++++++++++++++++++ authz-test/TestSuite/TC_Role1/Description | 16 +++++++++++ 9 files changed, 189 insertions(+) create mode 100644 authz-test/TestSuite/TC_Role1/00_ids create mode 100644 authz-test/TestSuite/TC_Role1/10_init create mode 100644 authz-test/TestSuite/TC_Role1/20_add_data create mode 100644 authz-test/TestSuite/TC_Role1/30_change_ns create mode 100644 authz-test/TestSuite/TC_Role1/40_reports create mode 100644 authz-test/TestSuite/TC_Role1/50_force_delete create mode 100644 authz-test/TestSuite/TC_Role1/90_wait create mode 100644 authz-test/TestSuite/TC_Role1/99_cleanup create mode 100644 authz-test/TestSuite/TC_Role1/Description (limited to 'authz-test/TestSuite/TC_Role1') diff --git a/authz-test/TestSuite/TC_Role1/00_ids b/authz-test/TestSuite/TC_Role1/00_ids new file mode 100644 index 00000000..7fb0e054 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/00_ids @@ -0,0 +1,8 @@ +expect 0 +set testid@aaf.att.com= +set testunused@aaf.att.com= +set XX@NS= +set bogus=boguspass + +#delay 10 +set NFR=0 diff --git a/authz-test/TestSuite/TC_Role1/10_init b/authz-test/TestSuite/TC_Role1/10_init new file mode 100644 index 00000000..4af50879 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/10_init @@ -0,0 +1,23 @@ +as testid@aaf.att.com + +# TC_Role1.10.0.POS Validate NS ok +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_Role1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_Role1.@[user.name].cred_admin + +as XX@NS +# TC_Role1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_Role1.10.12.POS Assign user for creating creds +expect 201 +user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin diff --git a/authz-test/TestSuite/TC_Role1/20_add_data b/authz-test/TestSuite/TC_Role1/20_add_data new file mode 100644 index 00000000..43c97d92 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/20_add_data @@ -0,0 +1,40 @@ +# TC_Role1.20.1.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.20.2.POS Add Roles +expect 201 +role create com.test.TC_Role1.@[user.name].r.A +role create com.test.TC_Role1.@[user.name].r.B + +# TC_Role1.20.3.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.20.4.NEG Don't write over Role +expect 409 +role create com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.20.5.NEG Don't allow non-user to create +expect 401 +as bogus +role create com.test.TC_Role1.@[user.name].r.No + +# TC_Role1.20.6.NEG Don't allow non-user to create without Approval +expect 403 +as testunused@aaf.att.com +role create com.test.TC_Role1.@[user.name].r.No + +# TC_Role1.20.10.NEG Non-admins can't change description +expect 403 +as testunused@aaf.att.com +role describe com.test.TC_Role1.@[user.name].r.A Description A + +# TC_Role1.20.11.NEG Role must exist to change description +expect 404 +as testid@aaf.att.com +role describe com.test.TC_Role1.@[user.name].r.C Description C + +# TC_Role1.20.12.POS Admin can change description +expect 200 +role describe com.test.TC_Role1.@[user.name].r.A Description A diff --git a/authz-test/TestSuite/TC_Role1/30_change_ns b/authz-test/TestSuite/TC_Role1/30_change_ns new file mode 100644 index 00000000..4d32f656 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/30_change_ns @@ -0,0 +1,14 @@ +# TC_Role1.30.1.POS List Data on non-Empty NS +as testid@aaf.att.com +expect 200 +ns list name com.test.TC_Role1.@[user.name] + +# TC_Role1.30.2.POS Create Sub-ns when Roles that exist +expect 201 +ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com + +# TC_Role1.30.3.POS List Data on NS with sub-roles +expect 200 +ns list name com.test.TC_Role1.@[user.name] +ns list name com.test.TC_Role1.@[user.name].r + diff --git a/authz-test/TestSuite/TC_Role1/40_reports b/authz-test/TestSuite/TC_Role1/40_reports new file mode 100644 index 00000000..657d1c7c --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/40_reports @@ -0,0 +1,24 @@ +# TC_Role1.40.01.POS List Data on non-Empty NS +expect 200 +role list role com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.20.POS Create a Perm, and add to Role +expect 201 +perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.25.POS List +expect 200 +role list role com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.30.POS Create a Perm +expect 201 +perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case + +# TC_Role1.40.32.POS Separately Grant Perm +expect 201 +perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A + +# TC_Role1.40.35.POS List +expect 200 +role list role com.test.TC_Role1.@[user.name].r.A + diff --git a/authz-test/TestSuite/TC_Role1/50_force_delete b/authz-test/TestSuite/TC_Role1/50_force_delete new file mode 100644 index 00000000..ef334b24 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/50_force_delete @@ -0,0 +1,28 @@ +# TC_Role1.50.1.POS Create user to attach to role +expect 201 +user cred add m00001@@[user.name].TC_Role1.test.com password123 + +# TC_Role1.50.2.POS Create new role +expect 201 +role create com.test.TC_Role1.@[user.name].r.C + +# TC_Role1.50.3.POS Attach user to role +expect 201 +user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C + +# TC_Role1.50.4.POS Create permission and attach to role +expect 201 +perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C + +# TC_Role1.50.20.NEG Delete role with permission and user attached should fail +expect 424 +role delete com.test.TC_Role1.@[user.name].r.C + +# TC_Role1.50.21.POS Force delete role should work +expect 200 +set force=true role delete com.test.TC_Role1.@[user.name].r.C + +# TC_Role1.50.30.POS List Data on non-Empty NS +expect 200 +ns list name com.test.TC_Role1.@[user.name] + diff --git a/authz-test/TestSuite/TC_Role1/90_wait b/authz-test/TestSuite/TC_Role1/90_wait new file mode 100644 index 00000000..91d890f0 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/90_wait @@ -0,0 +1,2 @@ +# Need to let DB catch up on deletes +sleep @[NFR] diff --git a/authz-test/TestSuite/TC_Role1/99_cleanup b/authz-test/TestSuite/TC_Role1/99_cleanup new file mode 100644 index 00000000..63e240eb --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/99_cleanup @@ -0,0 +1,34 @@ +as testid@aaf.att.com +expect 200,404 + +# TC_Role1.99.05.POS Remove Permissions from "40_reports" +set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT +set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case + +# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles +force role delete com.test.TC_Role1.@[user.name].r.A +force role delete com.test.TC_Role1.@[user.name].r.B +force role delete com.test.TC_Role1.@[user.name].r.C + +# TC_Role1.99.15.POS Remove ability to create creds +user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin + +as XX@NS +perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin + +as testid@aaf.att.com +role delete com.test.TC_Role1.@[user.name].cred_admin + +# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials +perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction +set force=true +user cred del m00001@@[user.name].TC_Role1.test.com + +# TC_Role1.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Role1.@[user.name].r +force ns delete com.test.TC_Role1.@[user.name] + +# TC_Role1.99.99.POS List to prove clean Namespaces +ns list name com.test.TC_Role1.@[user.name].r +ns list name com.test.TC_Role1.@[user.name] + diff --git a/authz-test/TestSuite/TC_Role1/Description b/authz-test/TestSuite/TC_Role1/Description new file mode 100644 index 00000000..012a12b1 --- /dev/null +++ b/authz-test/TestSuite/TC_Role1/Description @@ -0,0 +1,16 @@ +This Testcase Tests the essentials of the Namespace, and the NS Commands + +APIs: + + + +CLI: + Target + role create :role + role delete + ns delete :ns + ns list :ns + Ancillary + role create :role + role list name :role.* + -- cgit 1.2.3-korg