From bd890c575163e4d87ac24198b9c68a39cf4bbc4d Mon Sep 17 00:00:00 2001 From: sg481n Date: Mon, 28 Aug 2017 12:11:35 -0400 Subject: Update project structure to org.onap.aaf Update project structure of authz module in aaf from com.att to org.onap.aaf and add distribution management and repositories. Issue-id: AAF-21 Change-Id: Ia2486954e99f2bd60f18122ed60d32d5590781e9 Signed-off-by: sg481n --- authz-test/TestSuite/expected/TC_User1.expected | 485 ++++++++++++++++++++++++ 1 file changed, 485 insertions(+) create mode 100644 authz-test/TestSuite/expected/TC_User1.expected (limited to 'authz-test/TestSuite/expected/TC_User1.expected') diff --git a/authz-test/TestSuite/expected/TC_User1.expected b/authz-test/TestSuite/expected/TC_User1.expected new file mode 100644 index 00000000..e1d304f5 --- /dev/null +++ b/authz-test/TestSuite/expected/TC_User1.expected @@ -0,0 +1,485 @@ +set XX@NS +set testid@aaf.att.com +set testunused@aaf.att.com +set bogus@aaf.att.com boguspass +set m99990@@[THE_USER].TC_User1.test.com password123 +set m99995@@[THE_USER].TC_User1.test.com password123 +#delay 10 +set NFR 0 +as testid@aaf.att.com +# TC_User1.10.0.POS Check for Existing Data +ns list name com.test.TC_User1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_User1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + +# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties +ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com +** Expect 201 ** +Created Namespace + +# TC_User1.10.10.POS Create role to assign mechid perm to +role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com +** Expect 201 ** +Created Role +Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin] + +as XX@NS +# TC_User1.10.11.POS Assign role to mechid perm +perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin] + +perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin +** Expect 201 ** +Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin] + +as testid@aaf.att.com +# TC_User1.01.99.POS Expect Namespace to be created +ns list name com.test.TC_User1.@[user.name] +** Expect 200 ** + +List Namespaces by Name[com.test.TC_User1.@[THE_USER]] +-------------------------------------------------------------------------------- +com.test.TC_User1.@[THE_USER] + Administrators + testid@aaf.att.com + Responsible Parties + @[THE_USER]@csp.att.com + Roles + com.test.TC_User1.@[THE_USER].admin + com.test.TC_User1.@[THE_USER].cred_admin + com.test.TC_User1.@[THE_USER].owner + Permissions + com.test.TC_User1.@[THE_USER].access * * + com.test.TC_User1.@[THE_USER].access * read + +as testid@aaf.att.com +# TC_User1.20.1.POS Create roles +role create com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Created Role + +role create com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Role + +# TC_User1.20.2.POS Create permissions +perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker] + +perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker] + +perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager] + +perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Created Permission +Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager] + +# TC_User1.20.3.POS Create mechid +user cred add m99990@@[user.name].TC_User1.test.com password123 +** Expect 201 ** +Added Credential [m99990@@[THE_USER].TC_User1.test.com] + +user cred add m99995@@[user.name].TC_User1.test.com password123 +** Expect 201 ** +Added Credential [m99995@@[THE_USER].TC_User1.test.com] + +as XX@NS +# TC_User1.20.10.POS Add users to roles +user role add @[user.name] com.test.TC_User1.@[user.name].manager +** Expect 201 ** +Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com] + +user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com] + +# TC_User1.20.20.POS Add Delegate +as XX@NS +# TC_User1.20.20.POS Create delegates +force user delegate add @[user.name] @[user.name] +** Expect 201 ** +Delegate Added + +# TC_User1.40.1.NEG Non-admin, user not in role should not view +as testunused@aaf.att.com +user list role com.test.TC_User1.@[user.name].manager +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] + +user list role com.test.TC_User1.@[user.name].worker +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker] + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.40.2.NEG Non-admin, user in role should not view +user list role com.test.TC_User1.@[user.name].manager +** Expect 403 ** +Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] + +sleep 0 +# TC_User1.40.3.POS Non-admin, user in role can view himself +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as testid@aaf.att.com +# TC_User1.40.10.POS admin should view +user list role com.test.TC_User1.@[user.name].manager +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].manager] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +@[THE_USER]@csp.att.com XXXX-XX-XX + + +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as testunused@aaf.att.com +# TC_User1.41.1.NEG Non-admin, user not in perm should not view +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].schedule worker create +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].worker * annoy +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.41.2.POS Non-admin, user in perm can view himself +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.41.3.NEG Non-admin, user in perm should not view +user list perm com.test.TC_User1.@[user.name].schedule worker create +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +user list perm com.test.TC_User1.@[user.name].worker * annoy +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- + + +as testid@aaf.att.com +# TC_User1.41.10.POS admin should view +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].schedule worker create +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +@[THE_USER]@csp.att.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].worker * annoy +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +@[THE_USER]@csp.att.com XXXX-XX-XX + + +as testunused@aaf.att.com +# TC_User1.42.1.NEG Unrelated user can't view delegates +user list delegates user m99990@@[user.name].TC_User1.test.com +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com] + +user list delegates delegate m99995@@[user.name].TC_User1.test.com +** Expect 403 ** +Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com] + +as XX@NS +# TC_User1.42.10.POS Admin of domain NS can view +user list delegates user @[user.name] +** Expect 200 ** + +List Delegates by user[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +user list delegates delegate @[user.name] +** Expect 200 ** + +List Delegates by delegate[@[THE_USER]@csp.att.com] +-------------------------------------------------------------------------------- + User Delegate Expires +-------------------------------------------------------------------------------- + @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX + +as testid@aaf.att.com +# TC_User1.43.1.POS Add another user to worker role +user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com] + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.43.2.POS User should only see himself here +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as XX@NS +# TC_User1.43.10.POS Grant explicit user perm to user +perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker +** Expect 201 ** +Created Permission +Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker] + +as m99990@@[THE_USER].TC_User1.test.com +# TC_User1.43.11.POS User should see all users of test domain now +user list role com.test.TC_User1.@[user.name].worker +** Expect 200 ** + +List Users for Role[com.test.TC_User1.@[THE_USER].worker] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * move +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +user list perm com.test.TC_User1.@[user.name].supplies * stock +** Expect 200 ** + +List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] +-------------------------------------------------------------------------------- +User Expires +-------------------------------------------------------------------------------- +m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX +m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX + + +as testid@aaf.att.com +# TC_User1.99.0.POS Remove user roles +user role del @[user.name] com.test.TC_User1.@[user.name].manager +** Expect 200,404 ** +Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com] + +user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 200,404 ** +Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com] + +user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker +** Expect 200,404 ** +Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com] + +# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms +force perm delete com.test.TC_User1.@[user.name].supplies * move +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_User1.@[user.name].supplies * stock +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_User1.@[user.name].schedule worker create +** Expect 200,404 ** +Deleted Permission + +force perm delete com.test.TC_User1.@[user.name].worker * annoy +** Expect 200,404 ** +Deleted Permission + +force role delete com.test.TC_User1.@[user.name].manager +** Expect 200,404 ** +Deleted Role + +force role delete com.test.TC_User1.@[user.name].worker +** Expect 200,404 ** +Deleted Role + +# TC_User1.99.10.POS Creds and delegate +user delegate del @[user.name] +** Expect 200,404 ** +Delegate Deleted + +user cred del m99990@@[user.name].TC_User1.test.com +** Expect 200,404 ** +Deleted Credential [m99990@@[THE_USER].TC_User1.test.com] + +user cred del m99995@@[user.name].TC_User1.test.com +** Expect 200,404 ** +Deleted Credential [m99995@@[THE_USER].TC_User1.test.com] + +as XX@NS +# TC_User1.99.15.POS Remove ability to create creds +perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin] + +perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin +** Expect 200,404 ** +UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin] + +perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view +** Expect 200,404 ** +Deleted Permission + +as testid@aaf.att.com +force role delete com.test.TC_User1.@[user.name].cred_admin +** Expect 200,404 ** +Deleted Role + +# TC_User1.99.90.POS Namespace Admin can delete Namespace +force ns delete com.test.TC_User1.@[user.name] +** Expect 200,404 ** +Deleted Namespace + +sleep 0 +# TC_User1.99.99.POS Check Clean Namespace +ns list name com.test.TC_User1.@[user.name] +** Expect 200,404 ** + +List Namespaces by Name[com.test.TC_User1.@[THE_USER]] +-------------------------------------------------------------------------------- + *** Namespace Not Found *** + -- cgit 1.2.3-korg