set XX@NS <pass>
set testid@aaf.att.com <pass>
set testunused@aaf.att.com <pass>
set bogus@aaf.att.com boguspass
#delay 10
set NFR 0
as testid@aaf.att.com
# TC_NS2.10.0.POS Check for Existing Data
ns list name com.test.TC_NS2.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

# TC_NS2.10.1.POS Create Namespace with valid IDs and Responsible Parties
ns create com.test.TC_NS2.@[user.name] @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace

ns create com.test.TC_NS2.@[user.name].project @[user.name] testunused@aaf.att.com
** Expect 201 **
Created Namespace

# TC_NS2.10.10.POS Create role to assign mechid perm to
role create com.test.TC_NS2.@[user.name].cred_admin testid@aaf.att.com
** Expect 201 **
Created Role
Added User [testid@aaf.att.com] to Role [com.test.TC_NS2.@[THE_USER].cred_admin]

as XX@NS
# TC_NS2.10.11.POS Assign role to mechid perm
perm grant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
** Expect 201 **
Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_NS2.@[THE_USER].cred_admin]

as testid@aaf.att.com
# TC_NS2.10.70.POS Expect Namespace to be created
ns list name com.test.TC_NS2.@[user.name] 
** Expect 200 **

List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_NS2.@[THE_USER].admin                                            
        com.test.TC_NS2.@[THE_USER].cred_admin                                       
        com.test.TC_NS2.@[THE_USER].owner                                            
    Permissions
        com.test.TC_NS2.@[THE_USER].access  *                        *              
        com.test.TC_NS2.@[THE_USER].access  *                        read           

as testid@aaf.att.com
# TC_NS2.10.70.POS Expect Namespace to be created
perm list role com.test.TC_NS2.@[user.name].admin
** Expect 200 **

List Perms by Role [com.test.TC_NS2.@[THE_USER].admin]
--------------------------------------------------------------------------------
PERM Type                      Instance                       Action    
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].access  *                              *         


as testid@aaf.att.com
# TC_NS2.10.70.POS Expect Namespace to be created
perm list role com.test.TC_NS2.@[user.name].owner
** Expect 200 **

List Perms by Role [com.test.TC_NS2.@[THE_USER].owner]
--------------------------------------------------------------------------------
PERM Type                      Instance                       Action    
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].access  *                              read      


as testid@aaf.att.com
# TC_NS2.10.70.POS Expect Namespace to be created
role list perm com.test.TC_NS2.@[user.name].access * *
** Expect 200 **

List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|*
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].admin                      
   com.test.TC_NS2.@[THE_USER].access  *                              *              

as testid@aaf.att.com
# TC_NS2.10.70.POS Expect Namespace to be created
role list perm com.test.TC_NS2.@[user.name].access * read
** Expect 200 **

List Roles by Perm com.test.TC_NS2.@[THE_USER].access|*|read
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].owner                      
   com.test.TC_NS2.@[THE_USER].access  *                              read           

as testid@aaf.att.com
# TC_NS2.10.80.POS Expect Namespace to be created
ns list name com.test.TC_NS2.@[user.name].project
** Expect 200 **

List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project
    Administrators
        testunused@aaf.att.com                                                  
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_NS2.@[THE_USER].project.admin                                    
        com.test.TC_NS2.@[THE_USER].project.owner                                    
    Permissions
        com.test.TC_NS2.@[THE_USER].project.access *                        *              
        com.test.TC_NS2.@[THE_USER].project.access *                        read           

as testid@aaf.att.com
# TC_NS2.10.80.POS Expect Namespace to be created
perm list role com.test.TC_NS2.@[user.name].project.admin
** Expect 200 **

List Perms by Role [com.test.TC_NS2.@[THE_USER].project.admin]
--------------------------------------------------------------------------------
PERM Type                      Instance                       Action    
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project.access *                              *         


as testid@aaf.att.com
# TC_NS2.10.80.POS Expect Namespace to be created
perm list role com.test.TC_NS2.@[user.name].project.owner
** Expect 200 **

List Perms by Role [com.test.TC_NS2.@[THE_USER].project.owner]
--------------------------------------------------------------------------------
PERM Type                      Instance                       Action    
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project.access *                              read      


as testid@aaf.att.com
# TC_NS2.10.80.POS Expect Namespace to be created
role list perm com.test.TC_NS2.@[user.name].project.access * *
** Expect 200 **

List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|*
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project.admin              
   com.test.TC_NS2.@[THE_USER].project.access *                              *              

as testid@aaf.att.com
# TC_NS2.10.80.POS Expect Namespace to be created
role list perm com.test.TC_NS2.@[user.name].project.access * read
** Expect 200 **

List Roles by Perm com.test.TC_NS2.@[THE_USER].project.access|*|read
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project.owner              
   com.test.TC_NS2.@[THE_USER].project.access *                              read           

as testid@aaf.att.com
# TC_NS2.20.1.POS Create roles
role create com.test.TC_NS2.@[user.name].watcher
** Expect 201 **
Created Role

role create com.test.TC_NS2.@[user.name].myRole
** Expect 201 **
Created Role

# TC_NS2.20.2.POS Create permissions
perm create com.test.TC_NS2.@[user.name].myType myInstance myAction
** Expect 201 **
Created Permission

perm create com.test.TC_NS2.@[user.name].myType * *
** Expect 201 **
Created Permission

# TC_NS2.20.3.POS Create mechid
user cred add m99990@@[user.name].TC_NS2.test.com password123
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_NS2.test.com]

as XX@NS
# TC_NS2.20.10.POS Grant view perms to watcher role
perm create com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read com.test.TC_NS2.@[user.name].watcher
** Expect 201 **
Created Permission
Granted Permission [com.att.aaf.ns|:com.test.TC_NS2.@[THE_USER]:ns|read] to Role [com.test.TC_NS2.@[THE_USER].watcher]

as testunused@aaf.att.com
# TC_NS2.40.1.NEG Non-admin, not granted user should not view
ns list name com.test.TC_NS2.@[user.name]
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_NS2.@[THE_USER]]

as testid@aaf.att.com
# Tens test user granted to permission
# TC_NS2.40.10.POS Add user to watcher role
user role add testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
** Expect 201 **
Added Role [com.test.TC_NS2.@[THE_USER].watcher] to User [testunused@aaf.att.com]

as testunused@aaf.att.com
# TC_NS2.40.11.POS Non-admin, granted user should view
ns list name com.test.TC_NS2.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_NS2.@[THE_USER].admin                                            
        com.test.TC_NS2.@[THE_USER].cred_admin                                       
        com.test.TC_NS2.@[THE_USER].myRole                                           
        com.test.TC_NS2.@[THE_USER].owner                                            
        com.test.TC_NS2.@[THE_USER].watcher                                          
    Permissions
        com.test.TC_NS2.@[THE_USER].access  *                        *              
        com.test.TC_NS2.@[THE_USER].access  *                        read           
        com.test.TC_NS2.@[THE_USER].myType  *                        *              
        com.test.TC_NS2.@[THE_USER].myType  myInstance               myAction       
    Credentials
        m99990@@[THE_USER].TC_NS2.test.com                                           

as testid@aaf.att.com
# TC_NS2.40.19.POS Remove user from watcher role
user role del testunused@aaf.att.com com.test.TC_NS2.@[user.name].watcher
** Expect 200 **
Removed Role [com.test.TC_NS2.@[THE_USER].watcher] from User [testunused@aaf.att.com]

# Thirties test admin user 
# TC_NS2.40.20.POS Admin should be able to view
ns list name com.test.TC_NS2.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_NS2.@[THE_USER].admin                                            
        com.test.TC_NS2.@[THE_USER].cred_admin                                       
        com.test.TC_NS2.@[THE_USER].myRole                                           
        com.test.TC_NS2.@[THE_USER].owner                                            
        com.test.TC_NS2.@[THE_USER].watcher                                          
    Permissions
        com.test.TC_NS2.@[THE_USER].access  *                        *              
        com.test.TC_NS2.@[THE_USER].access  *                        read           
        com.test.TC_NS2.@[THE_USER].myType  *                        *              
        com.test.TC_NS2.@[THE_USER].myType  myInstance               myAction       
    Credentials
        m99990@@[THE_USER].TC_NS2.test.com                                           

# TC_NS2.40.21.POS Admin of parent NS should be able to view
ns list name com.test.TC_NS2.@[user.name].project
** Expect 200 **

List Namespaces by Name[com.test.TC_NS2.@[THE_USER].project]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project
    Administrators
        testunused@aaf.att.com                                                  
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_NS2.@[THE_USER].project.admin                                    
        com.test.TC_NS2.@[THE_USER].project.owner                                    
    Permissions
        com.test.TC_NS2.@[THE_USER].project.access *                        *              
        com.test.TC_NS2.@[THE_USER].project.access *                        read           

# TC_NS2.41.10.POS List by User when Same as Caller
as testunused@aaf.att.com
ns list admin testunused@aaf.att.com
** Expect 200 **

List Namespaces with admin privileges for [testunused@aaf.att.com]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project

# TC_NS2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
as testid@aaf.att.com
ns list admin testunused@aaf.att.com
** Expect 200 **

List Namespaces with admin privileges for [testunused@aaf.att.com]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project

# TC_NS2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
as XX@NS
ns list admin testunused@aaf.att.com
** Expect 200 **

List Namespaces with admin privileges for [testunused@aaf.att.com]
--------------------------------------------------------------------------------
com.test.TC_NS2.@[THE_USER].project

# TC_NS2.41.80.NEG List by User when not Caller nor associated to Namespace 
as testunused@aaf.att.com
ns list admin XX@NS
** Expect 200 **

List Namespaces with admin privileges for [XX@NS]
--------------------------------------------------------------------------------
com
com.att
com.att.aaf
com.test

as testid@aaf.att.com
# TC_NS2.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
role delete com.test.TC_NS2.@[user.name].myRole
** Expect 200,404 **
Deleted Role

role delete com.test.TC_NS2.@[user.name].watcher
** Expect 200,404 **
Deleted Role

perm delete com.test.TC_NS2.@[user.name].myType myInstance myAction
** Expect 200,404 **
Deleted Permission

perm delete com.test.TC_NS2.@[user.name].myType * *
** Expect 200,404 **
Deleted Permission

user cred del m99990@@[user.name].TC_NS2.test.com
** Expect 200,404 **
Deleted Credential [m99990@@[THE_USER].TC_NS2.test.com]

as XX@NS
force perm delete com.att.aaf.ns :com.test.TC_NS2.@[user.name]:ns read
** Expect 200,404 **
Deleted Permission

# TC_NS2.99.15.POS Remove ability to create creds
perm ungrant com.att.aaf.mechid com.att create com.test.TC_NS2.@[user.name].cred_admin
** Expect 200,404 **
UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_NS2.@[THE_USER].cred_admin]

as testid@aaf.att.com
force role delete com.test.TC_NS2.@[user.name].cred_admin
** Expect 200,404 **
Deleted Role

# TC_NS2.99.90.POS Namespace Admin can delete Namespace
force ns delete com.test.TC_NS2.@[user.name].project
** Expect 200,404 **
Deleted Namespace

force ns delete com.test.TC_NS2.@[user.name]
** Expect 200,404 **
Deleted Namespace

sleep 0
# TC_NS2.99.99.POS Check Clean Namespace
ns list name com.test.TC_NS2.@[user.name]
** Expect 200,404 **

List Namespaces by Name[com.test.TC_NS2.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***