set XX@NS set testid@aaf.att.com set testunused@aaf.att.com set bogus boguspass #delay 10 set NFR 0 as testid@aaf.att.com # TC_Role2.10.0.POS Print NS to prove ok ns list name com.test.TC_Role2.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found *** # TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com ** Expect 201 ** Created Namespace ############## # Testing Model # We are making a Testing model based loosely on George Orwell's Animal Farm # In Animal Farm, Animals did all the work but didn't get any priviledges. # In our test, the animals can't see anything but their own role, etc # Dogs were supervisors, and ostensibly did something, though mostly laid around # In our test, they have Implicit Permissions by being Admins # Pigs were the Elite. They did nothing, but watch everyone and eat the produce # In our test, they have Explicit Permissions to see everything they want ############## as testid@aaf.att.com # TC_Role2.20.1.POS List Data on non-Empty NS ns list name com.test.TC_Role2.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Role2.@[THE_USER].admin com.test.TC_Role2.@[THE_USER].owner Permissions com.test.TC_Role2.@[THE_USER].access * * com.test.TC_Role2.@[THE_USER].access * read # TC_Role2.20.10.POS Create Orwellian Roles role create com.test.TC_Role2.@[user.name].r.animals ** Expect 201 ** Created Role role create com.test.TC_Role2.@[user.name].r.dogs ** Expect 201 ** Created Role role create com.test.TC_Role2.@[user.name].r.pigs ** Expect 201 ** Created Role # TC_Role2.20.20.POS Create and Grant Perms to Dog Roles perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals ** Expect 201 ** Created Permission Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals] perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs ** Expect 201 ** Created Permission Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs ** Expect 201 ** Created Permission Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs ** Expect 201 ** Created Permission Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs] # TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs as XX@NS perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs ** Expect 201 ** Created Permission Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs ** Expect 201 ** Created Permission Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs] # TC_Role2.20.60.POS List Data on non-Empty NS as testid@aaf.att.com ns list name com.test.TC_Role2.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_Role2.@[THE_USER].admin com.test.TC_Role2.@[THE_USER].owner com.test.TC_Role2.@[THE_USER].r.animals com.test.TC_Role2.@[THE_USER].r.dogs com.test.TC_Role2.@[THE_USER].r.pigs Permissions com.test.TC_Role2.@[THE_USER].access * * com.test.TC_Role2.@[THE_USER].access * read com.test.TC_Role2.@[THE_USER].r.A * * com.test.TC_Role2.@[THE_USER].r.A garbage eat com.test.TC_Role2.@[THE_USER].r.A grain * com.test.TC_Role2.@[THE_USER].r.A grain eat as XX@NS # TC_Role2.40.1.POS List Data on Role role list role com.test.TC_Role2.@[user.name].r.animals ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.animals com.test.TC_Role2.@[THE_USER].r.A garbage eat role list role com.test.TC_Role2.@[user.name].r.dogs ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.dogs com.test.TC_Role2.@[THE_USER].r.A * * com.test.TC_Role2.@[THE_USER].r.A grain * com.test.TC_Role2.@[THE_USER].r.A grain eat role list role com.test.TC_Role2.@[user.name].r.pigs ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.pigs com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view # TC_Role2.40.10.POS Add testunused to animals as testid@aaf.att.com user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals ** Expect 201 ** Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com] # TC_Role2.40.11.POS List by Name when part of role as testunused@aaf.att.com role list role com.test.TC_Role2.@[user.name].r.animals ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.animals com.test.TC_Role2.@[THE_USER].r.A garbage eat # TC_Role2.40.12.NEG List by Name when not part of Role role list role com.test.TC_Role2.@[user.name].r.dogs ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] role list role com.test.TC_Role2.@[user.name].r.pigs ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs] # TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace as testid@aaf.att.com role list role com.test.TC_Role2.@[user.name].r.animals ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.animals com.test.TC_Role2.@[THE_USER].r.A garbage eat role list role com.test.TC_Role2.@[user.name].r.dogs ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.dogs com.test.TC_Role2.@[THE_USER].r.A * * com.test.TC_Role2.@[THE_USER].r.A grain * com.test.TC_Role2.@[THE_USER].r.A grain eat role list role com.test.TC_Role2.@[user.name].r.pigs ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.pigs com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view # TC_Role2.40.50.POS Change testunused to Pigs as testid@aaf.att.com user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals ** Expect 200 ** Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com] user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs ** Expect 201 ** Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com] # TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions as testunused@aaf.att.com role list role com.test.TC_Role2.@[user.name].r.animals ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals] role list role com.test.TC_Role2.@[user.name].r.dogs ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs] role list role com.test.TC_Role2.@[user.name].r.pigs ** Expect 200 ** List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.pigs com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view # TC_Role2.41.10.POS List by User when Same as Caller as testunused@aaf.att.com role list user testunused@aaf.att.com ** Expect 200 ** List Roles for User [testunused@aaf.att.com] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.pigs com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view # TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles as testid@aaf.att.com role list user testunused@aaf.att.com ** Expect 200 ** List Roles for User [testunused@aaf.att.com] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.pigs com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view # TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace as XX@NS role list user testunused@aaf.att.com ** Expect 200 ** List Roles for User [testunused@aaf.att.com] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.pigs com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view # TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown) as testunused@aaf.att.com role list user XX@NS ** Expect 200 ** List Roles for User [XX@NS] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- # TC_Role2.42.10.POS List Roles from NS when not allowed to see NS as testid@aaf.att.com role list ns com.test.TC_Role2.@[user.name] ** Expect 200 ** List Roles by NS [com.test.TC_Role2.@[THE_USER]] -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].admin com.test.TC_Role2.@[THE_USER].access * * com.test.TC_Role2.@[THE_USER].owner com.test.TC_Role2.@[THE_USER].access * read com.test.TC_Role2.@[THE_USER].r.animals com.test.TC_Role2.@[THE_USER].r.A garbage eat com.test.TC_Role2.@[THE_USER].r.dogs com.test.TC_Role2.@[THE_USER].r.A * * com.test.TC_Role2.@[THE_USER].r.A grain * com.test.TC_Role2.@[THE_USER].r.A grain eat com.test.TC_Role2.@[THE_USER].r.pigs com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view # TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS as testunused@aaf.att.com role list ns com.test.TC_Role2.@[user.name] ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]] # TC_Role2.43.10.POS List Roles when allowed to see Perm as testid@aaf.att.com role list perm com.test.TC_Role2.@[user.name].r.A grain eat ** Expect 200 ** List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.dogs com.test.TC_Role2.@[THE_USER].r.A * * com.test.TC_Role2.@[THE_USER].r.A grain * com.test.TC_Role2.@[THE_USER].r.A grain eat role list perm com.test.TC_Role2.@[user.name].r.A grain * ** Expect 200 ** List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|* -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.dogs com.test.TC_Role2.@[THE_USER].r.A * * com.test.TC_Role2.@[THE_USER].r.A grain * com.test.TC_Role2.@[THE_USER].r.A grain eat role list perm com.test.TC_Role2.@[user.name].r.A * * ** Expect 200 ** List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|* -------------------------------------------------------------------------------- ROLE Name PERM Type Instance Action -------------------------------------------------------------------------------- com.test.TC_Role2.@[THE_USER].r.dogs com.test.TC_Role2.@[THE_USER].r.A * * com.test.TC_Role2.@[THE_USER].r.A grain * com.test.TC_Role2.@[THE_USER].r.A grain eat # TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm as testunused@aaf.att.com role list perm com.test.TC_Role2.@[user.name].r.A grain eat ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] role list perm com.test.TC_Role2.@[user.name].r.A grain * ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*] role list perm com.test.TC_Role2.@[user.name].r.A * * ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*] as XX@NS # TC_Role2.99.1.POS Delete Roles force role delete com.test.TC_Role2.@[user.name].r.animals ** Expect 200,404 ** Deleted Role force role delete com.test.TC_Role2.@[user.name].r.dogs ** Expect 200,404 ** Deleted Role force role delete com.test.TC_Role2.@[user.name].r.pigs ** Expect 200,404 ** Deleted Role # TC_Role2.99.2.POS Delete Perms force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat ** Expect 200,404 ** Deleted Permission force perm delete com.test.TC_Role2.@[user.name].r.A grain eat ** Expect 200,404 ** Deleted Permission force perm delete com.test.TC_Role2.@[user.name].r.A grain * ** Expect 200,404 ** Deleted Permission force perm delete com.test.TC_Role2.@[user.name].r.A * * ** Expect 200,404 ** Deleted Permission force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view ** Expect 200,404 ** Deleted Permission force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view ** Expect 200,404 ** Deleted Permission # TC_Role2.99.2.POS Namespace Admin can delete Namespace force ns delete com.test.TC_Role2.@[user.name] ** Expect 200,404 ** Deleted Namespace # TC_Role2.99.3.POS Print Namespaces ns list name com.test.TC_Role2.@[user.name] ** Expect 200,404 ** List Namespaces by Name[com.test.TC_Role2.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found ***