set testid@aaf.att.com set testunused@aaf.att.com set bogus boguspass set XX@NS #delay 10 set NFR 0 as testid@aaf.att.com # TC_Cred1.10.0.POS List NS to prove ok ns list name com.test.TC_Cred1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found *** # TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com ** Expect 201 ** Created Namespace # TC_Cred1.10.10.POS Create role to assign mechid perm to role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com ** Expect 201 ** Created Role Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] role create com.test.TC_Cred1.@[user.name].pw_reset ** Expect 201 ** Created Role # TC_Cred1.10.11.POS Assign roles to perms as XX@NS perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset ** Expect 201 ** Created Permission Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset] perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin ** Expect 201 ** Created Permission Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin ** Expect 201 ** Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] as testid@aaf.att.com # TC_Cred1.10.30.POS Assign user for creating creds user cred add m99999@@[user.name].TC_Cred1.test.com password123 ** Expect 201 ** Added Credential [m99999@@[THE_USER].TC_Cred1.test.com] set m99999@@[THE_USER].TC_Cred1.test.com password123 # TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin ** Expect 201 ** Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com] Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.10.32.POS Remove create rights for testing user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin ** Expect 200 ** Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] # TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID as testunused@aaf.att.com user cred add m99990@@[user.name].TC_Cred1.test.com password123 ** Expect 403 ** Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T # TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID as m99999@@[THE_USER].TC_Cred1.test.com user cred add m99990@@[user.name].TC_Cred1.test.com password123 ** Expect 201 ** Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID as testunused@aaf.att.com user cred reset m99990@@[user.name].TC_Cred1.test.com password123 ** Expect 403 ** Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER] # TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID as m99999@@[THE_USER].TC_Cred1.test.com user cred reset m99990@@[user.name].TC_Cred1.test.com password123 ** Expect 200 ** Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.15.12.POS Admin, without reset permission can reset Password as testid@aaf.att.com user cred reset m99990@@[user.name].TC_Cred1.test.com password123 ** Expect 200 ** Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.15.15.POS Admin, without reset permission can reset mechID user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 ** Expect 200 ** Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.15.20.POS Admin, delete user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 ** Expect 200 ** Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.30.1.NEG Multiple options available to delete as XX@NS user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word ** Expect 201 ** Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] as testid@aaf.att.com user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD ** Expect 201 ** Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.30.2.POS Succeeds when we choose last option user cred del m99990@@[user.name].TC_Cred1.test.com 2 ** Expect 200 ** Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.30.10.POS Add another credential user cred add m99990@@[user.name].TC_Cred1.test.com password123 ** Expect 201 ** Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.30.11.NEG Multiple options available to reset user cred reset m99990@@[user.name].TC_Cred1.test.com password123 ** Expect 300 ** Failed [SVC1300]: Choice - Select which cred to update: Id Type Expires 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] Run same command again with chosen entry as last parameter # TC_Cred1.30.12.NEG Fails when we choose a bad option user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 ** Expect 406 ** Failed [SVC1406]: Not Acceptable - User chose invalid credential selection # TC_Cred1.30.13.POS Succeeds when we choose last option user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 ** Expect 200 ** Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] #TC_Cred1.30.30.NEG Fails when we don't have specific property user cred extend m99990@@[user.name].TC_Cred1.test.com ** Expect 403 ** Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T #### EXTENDS behavior #### #TC_Cred1.30.32.POS Setup Temp Role for Extend Permission as XX@NS role create com.test.TC_Cred1.@[user.name].extendTemp ** Expect 201 ** Created Role #TC_Cred1.30.33.POS Grant Extends Permission to Role perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp ** Expect 201 ** Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] #TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS ** Expect 201 ** Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] #TC_Cred1.30.36.POS Extend Password, expecting Single Response user cred extend m99990@@[user.name].TC_Cred1.test.com 1 ** Expect 200 ** Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com] #TC_Cred1.30.39.POS Remove Role set force true role delete com.test.TC_Cred1.@[user.name].extendTemp ** Expect 200 ** Deleted Role #### MULTI CLEANUP ##### role list user m99990@@[user.name].TC_Cred1.test.com ** Expect 200 ** List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- # TC_Cred1.30.80.POS Delete all entries for this cred set force true user cred del m99990@@[user.name].TC_Cred1.test.com ** Expect 200 ** Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] # TC_Cred1.30.99.POS List ns shows no creds attached ns list name com.test.TC_Cred1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Cred1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Cred1.@[THE_USER].admin com.test.TC_Cred1.@[THE_USER].cred_admin com.test.TC_Cred1.@[THE_USER].owner com.test.TC_Cred1.@[THE_USER].pw_reset Permissions com.test.TC_Cred1.@[THE_USER].access * * com.test.TC_Cred1.@[THE_USER].access * read Credentials m99999@@[THE_USER].TC_Cred1.test.com as testid@aaf.att.com # TC_Cred1.99.1.POS Delete credentials force user cred del m99990@@[user.name].TC_Cred1.test.com ** Expect 200,404 ** Failed [SVC5404]: Not Found - Credential does not exist #TC_Cred1.99.2.POS Ensure Remove Role set force true role delete com.test.TC_Cred1.@[user.name].extendTemp ** Expect 200,404 ** Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist # TC_Cred1.99.10.POS Remove ability to create creds force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin ** Expect 200,404 ** Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ] as XX@NS perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin ** Expect 200,404 ** UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin] force perm delete com.att.aaf.password com.test reset ** Expect 200,404 ** Deleted Permission force perm delete com.att.aaf.mechid com.test create ** Expect 200,404 ** Deleted Permission as testid@aaf.att.com force role delete com.test.TC_Cred1.@[user.name].cred_admin ** Expect 200,404 ** Deleted Role force role delete com.test.TC_Cred1.@[user.name].pw_reset ** Expect 200,404 ** Deleted Role # TC_Cred1.99.99.POS Delete Namespace for TestSuite set force true set force=true ns delete com.test.TC_Cred1.@[user.name] ** Expect 200,404 ** Deleted Namespace as XX@NS force ns delete com.test.TC_Cred1.@[user.name] ** Expect 200,404 ** Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist force ns delete com.test.TC_Cred1 ** Expect 200,404 ** Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist