1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
|
set testid@aaf.att.com <pass>
set testunused@aaf.att.com <pass>
set XX@NS <pass>
set bogus boguspass
#delay 10
set NFR 0
as testid@aaf.att.com
# TC_Role1.10.0.POS Validate NS ok
ns list name com.test.TC_Role1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
# TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties
ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace
# TC_Role1.10.10.POS Create role to assign mechid perm to
role create com.test.TC_Role1.@[user.name].cred_admin
** Expect 201 **
Created Role
as XX@NS
# TC_Role1.10.11.POS Assign role to mechid perm
perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
** Expect 201 **
Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin]
as testid@aaf.att.com
# TC_Role1.10.12.POS Assign user for creating creds
user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
** Expect 201 **
Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
# TC_Role1.20.1.POS List Data on non-Empty NS
ns list name com.test.TC_Role1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Role1.@[THE_USER].admin
com.test.TC_Role1.@[THE_USER].cred_admin
com.test.TC_Role1.@[THE_USER].owner
Permissions
com.test.TC_Role1.@[THE_USER].access * *
com.test.TC_Role1.@[THE_USER].access * read
# TC_Role1.20.2.POS Add Roles
role create com.test.TC_Role1.@[user.name].r.A
** Expect 201 **
Created Role
role create com.test.TC_Role1.@[user.name].r.B
** Expect 201 **
Created Role
# TC_Role1.20.3.POS List Data on non-Empty NS
ns list name com.test.TC_Role1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Role1.@[THE_USER].admin
com.test.TC_Role1.@[THE_USER].cred_admin
com.test.TC_Role1.@[THE_USER].owner
com.test.TC_Role1.@[THE_USER].r.A
com.test.TC_Role1.@[THE_USER].r.B
Permissions
com.test.TC_Role1.@[THE_USER].access * *
com.test.TC_Role1.@[THE_USER].access * read
# TC_Role1.20.4.NEG Don't write over Role
role create com.test.TC_Role1.@[user.name].r.A
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists
# TC_Role1.20.5.NEG Don't allow non-user to create
as bogus
role create com.test.TC_Role1.@[user.name].r.No
** Expect 401 **
Failed with code 401, Unauthorized
# TC_Role1.20.6.NEG Don't allow non-user to create without Approval
as testunused@aaf.att.com
role create com.test.TC_Role1.@[user.name].r.No
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No]
# TC_Role1.20.10.NEG Non-admins can't change description
as testunused@aaf.att.com
role describe com.test.TC_Role1.@[user.name].r.A Description A
** Expect 403 **
Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A
# TC_Role1.20.11.NEG Role must exist to change description
as testid@aaf.att.com
role describe com.test.TC_Role1.@[user.name].r.C Description C
** Expect 404 **
Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
# TC_Role1.20.12.POS Admin can change description
role describe com.test.TC_Role1.@[user.name].r.A Description A
** Expect 200 **
Description added to role
# TC_Role1.30.1.POS List Data on non-Empty NS
as testid@aaf.att.com
ns list name com.test.TC_Role1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Role1.@[THE_USER].admin
com.test.TC_Role1.@[THE_USER].cred_admin
com.test.TC_Role1.@[THE_USER].owner
com.test.TC_Role1.@[THE_USER].r.A
com.test.TC_Role1.@[THE_USER].r.B
Permissions
com.test.TC_Role1.@[THE_USER].access * *
com.test.TC_Role1.@[THE_USER].access * read
# TC_Role1.30.2.POS Create Sub-ns when Roles that exist
ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace
# TC_Role1.30.3.POS List Data on NS with sub-roles
ns list name com.test.TC_Role1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Role1.@[THE_USER].admin
com.test.TC_Role1.@[THE_USER].cred_admin
com.test.TC_Role1.@[THE_USER].owner
Permissions
com.test.TC_Role1.@[THE_USER].access * *
com.test.TC_Role1.@[THE_USER].access * read
ns list name com.test.TC_Role1.@[user.name].r
** Expect 200 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER].r
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Role1.@[THE_USER].r.A
com.test.TC_Role1.@[THE_USER].r.B
com.test.TC_Role1.@[THE_USER].r.admin
com.test.TC_Role1.@[THE_USER].r.owner
Permissions
com.test.TC_Role1.@[THE_USER].r.access * *
com.test.TC_Role1.@[THE_USER].r.access * read
# TC_Role1.40.01.POS List Data on non-Empty NS
role list role com.test.TC_Role1.@[user.name].r.A
** Expect 200 **
List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
--------------------------------------------------------------------------------
ROLE Name
PERM Type Instance Action
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER].r.A
# TC_Role1.40.20.POS Create a Perm, and add to Role
perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A
** Expect 201 **
Created Permission
Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A]
# TC_Role1.40.25.POS List
role list role com.test.TC_Role1.@[user.name].r.A
** Expect 200 **
List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
--------------------------------------------------------------------------------
ROLE Name
PERM Type Instance Action
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER].r.A
com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
# TC_Role1.40.30.POS Create a Perm
perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
** Expect 201 **
Created Permission
# TC_Role1.40.32.POS Separately Grant Perm
perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A
** Expect 201 **
Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A]
# TC_Role1.40.35.POS List
role list role com.test.TC_Role1.@[user.name].r.A
** Expect 200 **
List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A]
--------------------------------------------------------------------------------
ROLE Name
PERM Type Instance Action
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER].r.A
com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
# TC_Role1.50.1.POS Create user to attach to role
user cred add m00001@@[user.name].TC_Role1.test.com password123
** Expect 201 **
Added Credential [m00001@@[THE_USER].TC_Role1.test.com]
# TC_Role1.50.2.POS Create new role
role create com.test.TC_Role1.@[user.name].r.C
** Expect 201 **
Created Role
# TC_Role1.50.3.POS Attach user to role
user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C
** Expect 201 **
Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com]
# TC_Role1.50.4.POS Create permission and attach to role
perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C
** Expect 201 **
Created Permission
Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C]
# TC_Role1.50.20.NEG Delete role with permission and user attached should fail
role delete com.test.TC_Role1.@[user.name].r.C
** Expect 424 **
Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users.
# TC_Role1.50.21.POS Force delete role should work
set force true
set force=true role delete com.test.TC_Role1.@[user.name].r.C
** Expect 200 **
Deleted Role
# TC_Role1.50.30.POS List Data on non-Empty NS
ns list name com.test.TC_Role1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Role1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Role1.@[THE_USER].admin
com.test.TC_Role1.@[THE_USER].cred_admin
com.test.TC_Role1.@[THE_USER].owner
Permissions
com.test.TC_Role1.@[THE_USER].access * *
com.test.TC_Role1.@[THE_USER].access * read
com.test.TC_Role1.@[THE_USER].p.C myInstance myAction
com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT
com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case
Credentials
m00001@@[THE_USER].TC_Role1.test.com
# Need to let DB catch up on deletes
sleep 0
as testid@aaf.att.com
# TC_Role1.99.05.POS Remove Permissions from "40_reports"
set force true
set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT
** Expect 200,404 **
Deleted Permission
set force true
set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case
** Expect 200,404 **
Deleted Permission
# TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles
force role delete com.test.TC_Role1.@[user.name].r.A
** Expect 200,404 **
Deleted Role
force role delete com.test.TC_Role1.@[user.name].r.B
** Expect 200,404 **
Deleted Role
force role delete com.test.TC_Role1.@[user.name].r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist
# TC_Role1.99.15.POS Remove ability to create creds
user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin
** Expect 200,404 **
Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
as XX@NS
perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin
** Expect 200,404 **
UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin]
as testid@aaf.att.com
role delete com.test.TC_Role1.@[user.name].cred_admin
** Expect 200,404 **
Deleted Role
# TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials
perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction
** Expect 200,404 **
Deleted Permission
set force true
user cred del m00001@@[user.name].TC_Role1.test.com
** Expect 200,404 **
Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com]
# TC_Role1.99.90.POS Namespace Admin can delete Namespace
force ns delete com.test.TC_Role1.@[user.name].r
** Expect 200,404 **
Deleted Namespace
force ns delete com.test.TC_Role1.@[user.name]
** Expect 200,404 **
Deleted Namespace
# TC_Role1.99.99.POS List to prove clean Namespaces
ns list name com.test.TC_Role1.@[user.name].r
** Expect 200,404 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
ns list name com.test.TC_Role1.@[user.name]
** Expect 200,404 **
List Namespaces by Name[com.test.TC_Role1.@[THE_USER]]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
|
