From 43854a9e3310ff7a92257d16c4fc0a8321eaec68 Mon Sep 17 00:00:00 2001 From: sg481n Date: Thu, 3 Aug 2017 17:27:34 -0400 Subject:  [AAF-21] Initial code import MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a Signed-off-by: sg481n --- authz-test/TestSuite/TC_User1/00_ids | 12 +++++++ authz-test/TestSuite/TC_User1/10_init | 25 +++++++++++++++ authz-test/TestSuite/TC_User1/20_add_data | 26 +++++++++++++++ authz-test/TestSuite/TC_User1/40_viewByRole | 23 ++++++++++++++ authz-test/TestSuite/TC_User1/41_viewByPerm | 29 +++++++++++++++++ authz-test/TestSuite/TC_User1/42_viewByDelegates | 12 +++++++ .../TestSuite/TC_User1/43_viewsExplicitiPerm | 27 ++++++++++++++++ authz-test/TestSuite/TC_User1/99_cleanup | 37 ++++++++++++++++++++++ authz-test/TestSuite/TC_User1/Description | 6 ++++ 9 files changed, 197 insertions(+) create mode 100644 authz-test/TestSuite/TC_User1/00_ids create mode 100644 authz-test/TestSuite/TC_User1/10_init create mode 100644 authz-test/TestSuite/TC_User1/20_add_data create mode 100644 authz-test/TestSuite/TC_User1/40_viewByRole create mode 100644 authz-test/TestSuite/TC_User1/41_viewByPerm create mode 100644 authz-test/TestSuite/TC_User1/42_viewByDelegates create mode 100644 authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm create mode 100644 authz-test/TestSuite/TC_User1/99_cleanup create mode 100644 authz-test/TestSuite/TC_User1/Description (limited to 'authz-test/TestSuite/TC_User1') diff --git a/authz-test/TestSuite/TC_User1/00_ids b/authz-test/TestSuite/TC_User1/00_ids new file mode 100644 index 00000000..b989aa3b --- /dev/null +++ b/authz-test/TestSuite/TC_User1/00_ids @@ -0,0 +1,12 @@ +expect 0 +set XX@NS= +set testid@aaf.att.com= +set testunused@aaf.att.com= +set bogus@aaf.att.com=boguspass +set m99990@@[user.name].TC_User1.test.com=password123 +set m99995@@[user.name].TC_User1.test.com=password123 + +#delay 10 +set NFR=0 + + diff --git a/authz-test/TestSuite/TC_User1/10_init b/authz-test/TestSuite/TC_User1/10_init new file mode 100644 index 00000000..0cad5595 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/10_init @@ -0,0 +1,25 @@ + +as testid@aaf.att.com +# TC_User1.10.0.POS Check for Existing Data +expect 200 +ns list name com.test.TC_User1.@[user.name] + +# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties +expect 201 +ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com + +# TC_User1.10.10.POS Create role to assign mechid perm to +expect 201 +role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com + +as XX@NS: +# TC_User1.10.11.POS Assign role to mechid perm +expect 201 +perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin + +as testid@aaf.att.com +# TC_User1.01.99.POS Expect Namespace to be created +expect 200 +ns list name com.test.TC_User1.@[user.name] + diff --git a/authz-test/TestSuite/TC_User1/20_add_data b/authz-test/TestSuite/TC_User1/20_add_data new file mode 100644 index 00000000..9a9acec5 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/20_add_data @@ -0,0 +1,26 @@ +as testid@aaf.att.com +# TC_User1.20.1.POS Create roles +expect 201 +role create com.test.TC_User1.@[user.name].manager +role create com.test.TC_User1.@[user.name].worker + +# TC_User1.20.2.POS Create permissions +perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker +perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker +perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager +perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager + +# TC_User1.20.3.POS Create mechid +user cred add m99990@@[user.name].TC_User1.test.com password123 +user cred add m99995@@[user.name].TC_User1.test.com password123 + +as XX@NS +# TC_User1.20.10.POS Add users to roles +expect 201 +user role add @[user.name] com.test.TC_User1.@[user.name].manager +user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker + +# TC_User1.20.20.POS Add Delegate +as XX@NS +# TC_User1.20.20.POS Create delegates +force user delegate add @[user.name] @[user.name] diff --git a/authz-test/TestSuite/TC_User1/40_viewByRole b/authz-test/TestSuite/TC_User1/40_viewByRole new file mode 100644 index 00000000..824f01e2 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/40_viewByRole @@ -0,0 +1,23 @@ + +# TC_User1.40.1.NEG Non-admin, user not in role should not view +expect 403 +as testunused@aaf.att.com +user list role com.test.TC_User1.@[user.name].manager +user list role com.test.TC_User1.@[user.name].worker + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.40.2.NEG Non-admin, user in role should not view +expect 403 +user list role com.test.TC_User1.@[user.name].manager + +sleep @[NFR] +# TC_User1.40.3.POS Non-admin, user in role can view himself +expect 200 +user list role com.test.TC_User1.@[user.name].worker + +as testid@aaf.att.com +# TC_User1.40.10.POS admin should view +expect 200 +user list role com.test.TC_User1.@[user.name].manager +user list role com.test.TC_User1.@[user.name].worker + diff --git a/authz-test/TestSuite/TC_User1/41_viewByPerm b/authz-test/TestSuite/TC_User1/41_viewByPerm new file mode 100644 index 00000000..6813cb15 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/41_viewByPerm @@ -0,0 +1,29 @@ +as testunused@aaf.att.com +# TC_User1.41.1.NEG Non-admin, user not in perm should not view +expect 200 +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock +user list perm com.test.TC_User1.@[user.name].schedule worker create +user list perm com.test.TC_User1.@[user.name].worker * annoy + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.41.2.POS Non-admin, user in perm can view himself +expect 200 +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.41.3.NEG Non-admin, user in perm should not view +expect 200 +user list perm com.test.TC_User1.@[user.name].schedule worker create +user list perm com.test.TC_User1.@[user.name].worker * annoy + +as testid@aaf.att.com +# TC_User1.41.10.POS admin should view +expect 200 +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock +user list perm com.test.TC_User1.@[user.name].schedule worker create +user list perm com.test.TC_User1.@[user.name].worker * annoy + + diff --git a/authz-test/TestSuite/TC_User1/42_viewByDelegates b/authz-test/TestSuite/TC_User1/42_viewByDelegates new file mode 100644 index 00000000..7d16cb3c --- /dev/null +++ b/authz-test/TestSuite/TC_User1/42_viewByDelegates @@ -0,0 +1,12 @@ +as testunused@aaf.att.com +# TC_User1.42.1.NEG Unrelated user can't view delegates +expect 403 +user list delegates user m99990@@[user.name].TC_User1.test.com +user list delegates delegate m99995@@[user.name].TC_User1.test.com + +as XX@NS +# TC_User1.42.10.POS Admin of domain NS can view +expect 200 +user list delegates user @[user.name] +user list delegates delegate @[user.name] + diff --git a/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm new file mode 100644 index 00000000..8f4ffd05 --- /dev/null +++ b/authz-test/TestSuite/TC_User1/43_viewsExplicitiPerm @@ -0,0 +1,27 @@ + +as testid@aaf.att.com +# TC_User1.43.1.POS Add another user to worker role +expect 201 +user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker + + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.43.2.POS User should only see himself here +expect 200 +user list role com.test.TC_User1.@[user.name].worker +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock + + +as XX@NS +# TC_User1.43.10.POS Grant explicit user perm to user +expect 201 +perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker + +as m99990@@[user.name].TC_User1.test.com +# TC_User1.43.11.POS User should see all users of test domain now +expect 200 +user list role com.test.TC_User1.@[user.name].worker +user list perm com.test.TC_User1.@[user.name].supplies * move +user list perm com.test.TC_User1.@[user.name].supplies * stock + diff --git a/authz-test/TestSuite/TC_User1/99_cleanup b/authz-test/TestSuite/TC_User1/99_cleanup new file mode 100644 index 00000000..f6e9724e --- /dev/null +++ b/authz-test/TestSuite/TC_User1/99_cleanup @@ -0,0 +1,37 @@ +expect 200,404 +as testid@aaf.att.com + +# TC_User1.99.0.POS Remove user roles +user role del @[user.name] com.test.TC_User1.@[user.name].manager +user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker + +# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms +force perm delete com.test.TC_User1.@[user.name].supplies * move +force perm delete com.test.TC_User1.@[user.name].supplies * stock +force perm delete com.test.TC_User1.@[user.name].schedule worker create +force perm delete com.test.TC_User1.@[user.name].worker * annoy +force role delete com.test.TC_User1.@[user.name].manager +force role delete com.test.TC_User1.@[user.name].worker + +# TC_User1.99.10.POS Creds and delegate +user delegate del @[user.name] +user cred del m99990@@[user.name].TC_User1.test.com +user cred del m99995@@[user.name].TC_User1.test.com + +as XX@NS +# TC_User1.99.15.POS Remove ability to create creds +perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin +perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view + +as testid@aaf.att.com: +force role delete com.test.TC_User1.@[user.name].cred_admin + +# TC_User1.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_User1.@[user.name] +sleep @[NFR] + +# TC_User1.99.99.POS Check Clean Namespace +ns list name com.test.TC_User1.@[user.name] + diff --git a/authz-test/TestSuite/TC_User1/Description b/authz-test/TestSuite/TC_User1/Description new file mode 100644 index 00000000..9f74081d --- /dev/null +++ b/authz-test/TestSuite/TC_User1/Description @@ -0,0 +1,6 @@ +This Testcase Tests the viewability of different user commands + +APIs: + +CLI: + -- cgit 1.2.3-korg