From 43854a9e3310ff7a92257d16c4fc0a8321eaec68 Mon Sep 17 00:00:00 2001 From: sg481n Date: Thu, 3 Aug 2017 17:27:34 -0400 Subject:  [AAF-21] Initial code import MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a Signed-off-by: sg481n --- authz-test/TestSuite/expected/TC_Role2.expected | 447 ++++++++++++++++++++++++ 1 file changed, 447 insertions(+) create mode 100644 authz-test/TestSuite/expected/TC_Role2.expected (limited to 'authz-test/TestSuite/expected/TC_Role2.expected') diff --git a/authz-test/TestSuite/expected/TC_Role2.expected b/authz-test/TestSuite/expected/TC_Role2.expected new file mode 100644 index 00000000..45abf9fd --- /dev/null +++ b/authz-test/TestSuite/expected/TC_Role2.expected @@ -0,0 +1,447 @@ +set XX@NS +set testid@aaf.att.com +set testunused@aaf.att.com +set bogus boguspass +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_Role2.10.0.POS Print NS to prove ok +ns list name com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +############## +# Testing Model +# We are making a Testing model based loosely on George Orwell's Animal Farm +# In Animal Farm, Animals did all the work but didn't get any priviledges. +# In our test, the animals can't see anything but their own role, etc +# Dogs were supervisors, and ostensibly did something, though mostly laid around +# In our test, they have Implicit Permissions by being Admins +# Pigs were the Elite. They did nothing, but watch everyone and eat the produce +# In our test, they have Explicit Permissions to see everything they want +############## +as testid@aaf.att.com +# TC_Role2.20.1.POS List Data on non-Empty NS +ns list name com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role2.@[THE_USER].admin + com.test.TC_Role2.@[THE_USER].owner + Permissions + com.test.TC_Role2.@[THE_USER].access * * + com.test.TC_Role2.@[THE_USER].access * read + +# TC_Role2.20.10.POS Create Orwellian Roles +role create com.test.TC_Role2.@[user.name].r.animals +** Expect 201 ** +Created Role + +role create com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Role + +role create com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Created Role + +# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles +perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals] + +perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs +as XX@NS +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] + +perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] + +# TC_Role2.20.60.POS List Data on non-Empty NS +as testid@aaf.att.com +ns list name com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_Role2.@[THE_USER].admin + com.test.TC_Role2.@[THE_USER].owner + com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.pigs + Permissions + com.test.TC_Role2.@[THE_USER].access * * + com.test.TC_Role2.@[THE_USER].access * read + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A garbage eat + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +as XX@NS +# TC_Role2.40.1.POS List Data on Role +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat + +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.40.10.POS Add testunused to animals +as testid@aaf.att.com +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals +** Expect 201 ** +Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com] + +# TC_Role2.40.11.POS List by Name when part of role +as testunused@aaf.att.com +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat + +# TC_Role2.40.12.NEG List by Name when not part of Role +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs] + +# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace +as testid@aaf.att.com +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat + +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.40.50.POS Change testunused to Pigs +as testid@aaf.att.com +user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals +** Expect 200 ** +Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com] + +user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs +** Expect 201 ** +Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com] + +# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions +as testunused@aaf.att.com +role list role com.test.TC_Role2.@[user.name].r.animals +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals] + +role list role com.test.TC_Role2.@[user.name].r.dogs +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] + +role list role com.test.TC_Role2.@[user.name].r.pigs +** Expect 200 ** + +List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.10.POS List by User when Same as Caller +as testunused@aaf.att.com +role list user testunused@aaf.att.com +** Expect 200 ** + +List Roles for User [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles +as testid@aaf.att.com +role list user testunused@aaf.att.com +** Expect 200 ** + +List Roles for User [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace +as XX@NS +role list user testunused@aaf.att.com +** Expect 200 ** + +List Roles for User [testunused@aaf.att.com] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) +as testunused@aaf.att.com +role list user XX@NS +** Expect 200 ** + +List Roles for User [XX@NS] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- + +# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS +as testid@aaf.att.com +role list ns com.test.TC_Role2.@[user.name] +** Expect 200 ** + +List Roles by NS [com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].admin + com.test.TC_Role2.@[THE_USER].access * * +com.test.TC_Role2.@[THE_USER].owner + com.test.TC_Role2.@[THE_USER].access * read +com.test.TC_Role2.@[THE_USER].r.animals + com.test.TC_Role2.@[THE_USER].r.A garbage eat +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat +com.test.TC_Role2.@[THE_USER].r.pigs + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view + com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view + +# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS +as testunused@aaf.att.com +role list ns com.test.TC_Role2.@[user.name] +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]] + +# TC_Role2.43.10.POS List Roles when allowed to see Perm +as testid@aaf.att.com +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +** Expect 200 ** + +List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list perm com.test.TC_Role2.@[user.name].r.A grain * +** Expect 200 ** + +List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|* +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +role list perm com.test.TC_Role2.@[user.name].r.A * * +** Expect 200 ** + +List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|* +-------------------------------------------------------------------------------- +ROLE Name + PERM Type Instance Action +-------------------------------------------------------------------------------- +com.test.TC_Role2.@[THE_USER].r.dogs + com.test.TC_Role2.@[THE_USER].r.A * * + com.test.TC_Role2.@[THE_USER].r.A grain * + com.test.TC_Role2.@[THE_USER].r.A grain eat + +# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm +as testunused@aaf.att.com +role list perm com.test.TC_Role2.@[user.name].r.A grain eat +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] + +role list perm com.test.TC_Role2.@[user.name].r.A grain * +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*] + +role list perm com.test.TC_Role2.@[user.name].r.A * * +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*] + +as XX@NS +# TC_Role2.99.1.POS Delete Roles +force role delete com.test.TC_Role2.@[user.name].r.animals +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Role2.@[user.name].r.dogs +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_Role2.@[user.name].r.pigs +** Expect 200,404 ** +Deleted Role + +# TC_Role2.99.2.POS Delete Perms +force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Role2.@[user.name].r.A grain eat +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Role2.@[user.name].r.A grain * +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_Role2.@[user.name].r.A * * +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view +** Expect 200,404 ** +Deleted Permission + +force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view +** Expect 200,404 ** +Deleted Permission + +# TC_Role2.99.2.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_Role2.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +# TC_Role2.99.3.POS Print Namespaces +ns list name com.test.TC_Role2.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + -- cgit 1.2.3-korg