summaryrefslogtreecommitdiffstats
path: root/authz-test/TestSuite/expected/TC_Cred1.expected
blob: 8d310d91b845e6217493dd0320d62fa8b7d727cd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
set testid@aaf.att.com <pass>
set testunused@aaf.att.com <pass>
set bogus boguspass
set XX@NS <pass>
#delay 10
set NFR 0
as testid@aaf.att.com
# TC_Cred1.10.0.POS List NS to prove ok
ns list name com.test.TC_Cred1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace

# TC_Cred1.10.10.POS Create role to assign mechid perm to
role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
** Expect 201 **
Created Role
Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]

role create com.test.TC_Cred1.@[user.name].pw_reset 
** Expect 201 **
Created Role

# TC_Cred1.10.11.POS Assign roles to perms
as XX@NS
perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
** Expect 201 **
Created Permission
Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset]

perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin 
** Expect 201 **
Created Permission
Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]

perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
** Expect 201 **
Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]

as testid@aaf.att.com
# TC_Cred1.10.30.POS Assign user for creating creds
user cred add m99999@@[user.name].TC_Cred1.test.com password123
** Expect 201 **
Added Credential [m99999@@[THE_USER].TC_Cred1.test.com]

set m99999@@[THE_USER].TC_Cred1.test.com password123
# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
** Expect 201 **
Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com]
Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.10.32.POS Remove create rights for testing
user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin 
** Expect 200 **
Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]

# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
as testunused@aaf.att.com
user cred add m99990@@[user.name].TC_Cred1.test.com password123
** Expect 403 **
Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T

# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
as m99999@@[THE_USER].TC_Cred1.test.com
user cred add m99990@@[user.name].TC_Cred1.test.com password123
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
as testunused@aaf.att.com
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 403 **
Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER]

# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
as m99999@@[THE_USER].TC_Cred1.test.com
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
as testid@aaf.att.com
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.15.20.POS Admin, delete
user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.30.1.NEG Multiple options available to delete
as XX@NS
user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]

as testid@aaf.att.com
user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.30.2.POS Succeeds when we choose last option
user cred del m99990@@[user.name].TC_Cred1.test.com 2
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.30.10.POS Add another credential
user cred add m99990@@[user.name].TC_Cred1.test.com password123
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.30.11.NEG Multiple options available to reset
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 300 **
Failed [SVC1300]: Choice - Select which cred to update:
       Id                                Type  Expires
    1) m99990@@[THE_USER].TC_Cred1.test.com    2    [Placeholder]
    2) m99990@@[THE_USER].TC_Cred1.test.com    2    [Placeholder]
Run same command again with chosen entry as last parameter

# TC_Cred1.30.12.NEG Fails when we choose a bad option
user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 
** Expect 406 **
Failed [SVC1406]: Not Acceptable - User chose invalid credential selection

# TC_Cred1.30.13.POS Succeeds when we choose last option
user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]

#TC_Cred1.30.30.NEG Fails when we don't have specific property
user cred extend m99990@@[user.name].TC_Cred1.test.com 
** Expect 403 **
Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T

#### EXTENDS behavior ####
#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
as XX@NS
role create com.test.TC_Cred1.@[user.name].extendTemp
** Expect 201 **
Created Role

#TC_Cred1.30.33.POS Grant Extends Permission to Role
perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp 
** Expect 201 **
Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]

#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
** Expect 201 **
Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]

#TC_Cred1.30.36.POS Extend Password, expecting Single Response
user cred extend m99990@@[user.name].TC_Cred1.test.com 1
** Expect 200 **
Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com]

#TC_Cred1.30.39.POS Remove Role
set force true
role delete com.test.TC_Cred1.@[user.name].extendTemp
** Expect 200 **
Deleted Role

#### MULTI CLEANUP #####
role list user m99990@@[user.name].TC_Cred1.test.com 
** Expect 200 **

List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------

# TC_Cred1.30.80.POS Delete all entries for this cred
set force true
user cred del m99990@@[user.name].TC_Cred1.test.com 
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]

# TC_Cred1.30.99.POS List ns shows no creds attached
ns list name com.test.TC_Cred1.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Cred1.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Cred1.@[THE_USER].admin                                          
        com.test.TC_Cred1.@[THE_USER].cred_admin                                     
        com.test.TC_Cred1.@[THE_USER].owner                                          
        com.test.TC_Cred1.@[THE_USER].pw_reset                                       
    Permissions
        com.test.TC_Cred1.@[THE_USER].access *                        *              
        com.test.TC_Cred1.@[THE_USER].access *                        read           
    Credentials
        m99999@@[THE_USER].TC_Cred1.test.com                                         

as testid@aaf.att.com
# TC_Cred1.99.1.POS Delete credentials
force user cred del m99990@@[user.name].TC_Cred1.test.com 
** Expect 200,404 **
Failed [SVC5404]: Not Found - Credential does not exist

#TC_Cred1.99.2.POS Ensure Remove Role 
set force true
role delete com.test.TC_Cred1.@[user.name].extendTemp
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist

# TC_Cred1.99.10.POS Remove ability to create creds
force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
** Expect 200,404 **
Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ]

as XX@NS
perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
** Expect 200,404 **
UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin]

force perm delete com.att.aaf.password com.test reset
** Expect 200,404 **
Deleted Permission

force perm delete com.att.aaf.mechid com.test create
** Expect 200,404 **
Deleted Permission

as testid@aaf.att.com
force role delete com.test.TC_Cred1.@[user.name].cred_admin
** Expect 200,404 **
Deleted Role

force role delete com.test.TC_Cred1.@[user.name].pw_reset
** Expect 200,404 **
Deleted Role

# TC_Cred1.99.99.POS Delete Namespace for TestSuite 
set force true
set force=true ns delete com.test.TC_Cred1.@[user.name] 
** Expect 200,404 **
Deleted Namespace

as XX@NS
force ns delete com.test.TC_Cred1.@[user.name]
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist

force ns delete com.test.TC_Cred1
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist