set XX@NS set testid@aaf.att.com set testunused@aaf.att.com set bogus@aaf.att.com boguspass set m99990@@[THE_USER].TC_User1.test.com password123 set m99995@@[THE_USER].TC_User1.test.com password123 #delay 10 set NFR 0 as testid@aaf.att.com # TC_User1.10.0.POS Check for Existing Data ns list name com.test.TC_User1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_User1.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found *** # TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com ** Expect 201 ** Created Namespace # TC_User1.10.10.POS Create role to assign mechid perm to role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com ** Expect 201 ** Created Role Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin] as XX@NS # TC_User1.10.11.POS Assign role to mechid perm perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin ** Expect 201 ** Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin] perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin ** Expect 201 ** Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin] as testid@aaf.att.com # TC_User1.01.99.POS Expect Namespace to be created ns list name com.test.TC_User1.@[user.name] ** Expect 200 ** List Namespaces by Name[com.test.TC_User1.@[THE_USER]] -------------------------------------------------------------------------------- com.test.TC_User1.@[THE_USER] Administrators testid@aaf.att.com Responsible Parties @[THE_USER]@csp.att.com Roles com.test.TC_User1.@[THE_USER].admin com.test.TC_User1.@[THE_USER].cred_admin com.test.TC_User1.@[THE_USER].owner Permissions com.test.TC_User1.@[THE_USER].access * * com.test.TC_User1.@[THE_USER].access * read as testid@aaf.att.com # TC_User1.20.1.POS Create roles role create com.test.TC_User1.@[user.name].manager ** Expect 201 ** Created Role role create com.test.TC_User1.@[user.name].worker ** Expect 201 ** Created Role # TC_User1.20.2.POS Create permissions perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker ** Expect 201 ** Created Permission Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker] perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker ** Expect 201 ** Created Permission Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker] perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager ** Expect 201 ** Created Permission Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager] perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager ** Expect 201 ** Created Permission Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager] # TC_User1.20.3.POS Create mechid user cred add m99990@@[user.name].TC_User1.test.com password123 ** Expect 201 ** Added Credential [m99990@@[THE_USER].TC_User1.test.com] user cred add m99995@@[user.name].TC_User1.test.com password123 ** Expect 201 ** Added Credential [m99995@@[THE_USER].TC_User1.test.com] as XX@NS # TC_User1.20.10.POS Add users to roles user role add @[user.name] com.test.TC_User1.@[user.name].manager ** Expect 201 ** Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com] user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker ** Expect 201 ** Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com] # TC_User1.20.20.POS Add Delegate as XX@NS # TC_User1.20.20.POS Create delegates force user delegate add @[user.name] @[user.name] ** Expect 201 ** Delegate Added # TC_User1.40.1.NEG Non-admin, user not in role should not view as testunused@aaf.att.com user list role com.test.TC_User1.@[user.name].manager ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] user list role com.test.TC_User1.@[user.name].worker ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker] as m99990@@[THE_USER].TC_User1.test.com # TC_User1.40.2.NEG Non-admin, user in role should not view user list role com.test.TC_User1.@[user.name].manager ** Expect 403 ** Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager] sleep 0 # TC_User1.40.3.POS Non-admin, user in role can view himself user list role com.test.TC_User1.@[user.name].worker ** Expect 200 ** List Users for Role[com.test.TC_User1.@[THE_USER].worker] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX as testid@aaf.att.com # TC_User1.40.10.POS admin should view user list role com.test.TC_User1.@[user.name].manager ** Expect 200 ** List Users for Role[com.test.TC_User1.@[THE_USER].manager] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- @[THE_USER]@csp.att.com XXXX-XX-XX user list role com.test.TC_User1.@[user.name].worker ** Expect 200 ** List Users for Role[com.test.TC_User1.@[THE_USER].worker] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX as testunused@aaf.att.com # TC_User1.41.1.NEG Non-admin, user not in perm should not view user list perm com.test.TC_User1.@[user.name].supplies * move ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- user list perm com.test.TC_User1.@[user.name].supplies * stock ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- user list perm com.test.TC_User1.@[user.name].schedule worker create ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- user list perm com.test.TC_User1.@[user.name].worker * annoy ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- as m99990@@[THE_USER].TC_User1.test.com # TC_User1.41.2.POS Non-admin, user in perm can view himself user list perm com.test.TC_User1.@[user.name].supplies * move ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].supplies * stock ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX as m99990@@[THE_USER].TC_User1.test.com # TC_User1.41.3.NEG Non-admin, user in perm should not view user list perm com.test.TC_User1.@[user.name].schedule worker create ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- user list perm com.test.TC_User1.@[user.name].worker * annoy ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- as testid@aaf.att.com # TC_User1.41.10.POS admin should view user list perm com.test.TC_User1.@[user.name].supplies * move ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].supplies * stock ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].schedule worker create ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- @[THE_USER]@csp.att.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].worker * annoy ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- @[THE_USER]@csp.att.com XXXX-XX-XX as testunused@aaf.att.com # TC_User1.42.1.NEG Unrelated user can't view delegates user list delegates user m99990@@[user.name].TC_User1.test.com ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com] user list delegates delegate m99995@@[user.name].TC_User1.test.com ** Expect 403 ** Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com] as XX@NS # TC_User1.42.10.POS Admin of domain NS can view user list delegates user @[user.name] ** Expect 200 ** List Delegates by user[@[THE_USER]@csp.att.com] -------------------------------------------------------------------------------- User Delegate Expires -------------------------------------------------------------------------------- @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX user list delegates delegate @[user.name] ** Expect 200 ** List Delegates by delegate[@[THE_USER]@csp.att.com] -------------------------------------------------------------------------------- User Delegate Expires -------------------------------------------------------------------------------- @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX as testid@aaf.att.com # TC_User1.43.1.POS Add another user to worker role user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker ** Expect 201 ** Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com] as m99990@@[THE_USER].TC_User1.test.com # TC_User1.43.2.POS User should only see himself here user list role com.test.TC_User1.@[user.name].worker ** Expect 200 ** List Users for Role[com.test.TC_User1.@[THE_USER].worker] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].supplies * move ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].supplies * stock ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX as XX@NS # TC_User1.43.10.POS Grant explicit user perm to user perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker ** Expect 201 ** Created Permission Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker] as m99990@@[THE_USER].TC_User1.test.com # TC_User1.43.11.POS User should see all users of test domain now user list role com.test.TC_User1.@[user.name].worker ** Expect 200 ** List Users for Role[com.test.TC_User1.@[THE_USER].worker] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].supplies * move ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX user list perm com.test.TC_User1.@[user.name].supplies * stock ** Expect 200 ** List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock] -------------------------------------------------------------------------------- User Expires -------------------------------------------------------------------------------- m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX as testid@aaf.att.com # TC_User1.99.0.POS Remove user roles user role del @[user.name] com.test.TC_User1.@[user.name].manager ** Expect 200,404 ** Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com] user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker ** Expect 200,404 ** Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com] user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker ** Expect 200,404 ** Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com] # TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms force perm delete com.test.TC_User1.@[user.name].supplies * move ** Expect 200,404 ** Deleted Permission force perm delete com.test.TC_User1.@[user.name].supplies * stock ** Expect 200,404 ** Deleted Permission force perm delete com.test.TC_User1.@[user.name].schedule worker create ** Expect 200,404 ** Deleted Permission force perm delete com.test.TC_User1.@[user.name].worker * annoy ** Expect 200,404 ** Deleted Permission force role delete com.test.TC_User1.@[user.name].manager ** Expect 200,404 ** Deleted Role force role delete com.test.TC_User1.@[user.name].worker ** Expect 200,404 ** Deleted Role # TC_User1.99.10.POS Creds and delegate user delegate del @[user.name] ** Expect 200,404 ** Delegate Deleted user cred del m99990@@[user.name].TC_User1.test.com ** Expect 200,404 ** Deleted Credential [m99990@@[THE_USER].TC_User1.test.com] user cred del m99995@@[user.name].TC_User1.test.com ** Expect 200,404 ** Deleted Credential [m99995@@[THE_USER].TC_User1.test.com] as XX@NS # TC_User1.99.15.POS Remove ability to create creds perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin ** Expect 200,404 ** UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin] perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin ** Expect 200,404 ** UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin] perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view ** Expect 200,404 ** Deleted Permission as testid@aaf.att.com force role delete com.test.TC_User1.@[user.name].cred_admin ** Expect 200,404 ** Deleted Role # TC_User1.99.90.POS Namespace Admin can delete Namespace force ns delete com.test.TC_User1.@[user.name] ** Expect 200,404 ** Deleted Namespace sleep 0 # TC_User1.99.99.POS Check Clean Namespace ns list name com.test.TC_User1.@[user.name] ** Expect 200,404 ** List Namespaces by Name[com.test.TC_User1.@[THE_USER]] -------------------------------------------------------------------------------- *** Namespace Not Found ***