Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / dcf76988526af8e15181a29987383af2e1d64156 / . / authz-test / TestSuite / expected / TC_Perm1.expected
blob: d099990c057cc74e32401f349aa895c6b0fb6a43 [file] [log] [blame]
set testid <pass>
set testid@aaf.att.com <pass>
set XX@NS <pass>
set testunused <pass>
set bogus boguspass
#delay 10
set NFR 0
# TC_Perm1.10.0.POS Validate Namespace is empty first
as testid@aaf.att.com
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties
ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace
# TC_Perm1.10.10.POS Create role to assign mechid perm to
role create com.test.TC_Perm1.@[user.name].cred_admin
** Expect 201 **
Created Role
as XX@NS
# TC_Perm1.10.11.POS Assign role to mechid perm
perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
** Expect 201 **
Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Perm1.@[THE_USER].cred_admin]
as testid@aaf.att.com
# TC_Perm1.10.12.POS Assign user for creating creds
user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin
** Expect 201 **
Added Role [com.test.TC_Perm1.@[THE_USER].cred_admin] to User [XX@NS]
# TC_Perm1.20.1.POS List Data on non-Empty NS
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
# TC_Perm1.20.2.POS Add Perm
perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 201 **
Created Permission
# TC_Perm1.20.3.NEG Already Added Perm
perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] already exists.
# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well
force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
** Expect 201 **
Created Role [com.test.TC_Perm1.@[THE_USER].r.A]
Created Role [com.test.TC_Perm1.@[THE_USER].r.B]
Created Permission
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.B]
# TC_Perm1.20.8.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well
perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] already exists.
# TC_Perm1.20.10.NEG Non-admins can't change description
as testunused
perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
** Expect 403 **
Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction]
# TC_Perm1.20.11.NEG Permission must exist to change description
as testid
perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C
** Expect 404 **
Failed [SVC1404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist
# TC_Perm1.20.12.POS Admin can change description
perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
** Expect 200 **
Description added to Permission
# TC_Perm1.22.1.NEG Try to rename permission without changing anything
perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - New Permission must be different than original permission
# TC_Perm1.22.2.NEG Try to rename parent ns
perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 403 **
Failed [SVC1403]: Forbidden - You do not have approval to change Permission [com.att.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.22.10.POS View permission in original state
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
# TC_Perm1.22.11.POS Rename permission instance
perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
** Expect 200 **
Updated Permission
# TC_Perm1.22.12.POS Verify change in permission instance
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B yourInstance myAction
# TC_Perm1.22.13.POS Rename permission action
perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
** Expect 200 **
Updated Permission
# TC_Perm1.22.14.POS Verify change in permission action
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B yourInstance yourAction
# TC_Perm1.22.15.POS Rename permission type
perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
** Expect 200 **
Updated Permission
# TC_Perm1.22.16.POS Verify change in permission type
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction
# TC_Perm1.22.20.POS See permission is attached to this role
role list role com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
--------------------------------------------------------------------------------
ROLE Name
PERM Type Instance Action
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].p.yourB yourInstance yourAction
# TC_Perm1.22.21.POS Rename permission type, instance and action
perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 200 **
Updated Permission
# TC_Perm1.22.22.POS See permission stays attached after rename
role list role com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
List Roles for Role[com.test.TC_Perm1.@[THE_USER].r.A]
--------------------------------------------------------------------------------
ROLE Name
PERM Type Instance Action
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
# TC_Perm1.22.23.POS Verify permission is back to original state
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
# TC_Perm1.25.1.POS Create another Role in This namespace
role create com.test.TC_Perm1.@[user.name].r.C
** Expect 201 **
Created Role
# TC_Perm1.25.2.POS Create another Perm in This namespace
perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 201 **
Created Permission
# TC_Perm1.25.3.NEG Permission must Exist to Add to Role
perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.NO|myInstance|myAction] does not exist
# TC_Perm1.25.4.POS Grant individual new Perm to new Role
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]
# TC_Perm1.25.5.NEG Already Granted Perm
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]
# TC_Perm1.25.6.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
com.test.TC_Perm1.@[THE_USER].r.C
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 200 **
UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER].r.C]
# TC_Perm1.25.11.NEG Already UnGranted Perm
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role
# TC_Perm1.25.20.POS Reset roles attached to permision with setTo
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]
# TC_Perm1.25.21.POS Owner of permission can reset roles
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200 **
Set Permission's Roles to []
# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
as XX@NS
ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
** Expect 201 **
Created Namespace
ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
** Expect 201 **
Created Namespace
# TC_Perm1.26.2.POS Create ID in other Namespace
user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Perm1.test2.com]
# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
role create com.test2.TC_Perm1.@[user.name].r.C
** Expect 201 **
Created Role
role create com.test2.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Created Role
# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
as m99990@@[THE_USER].TC_Perm1.test2.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
as m99990@@[THE_USER].TC_Perm1.test2.com
set request true
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing
# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
as testid@aaf.att.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [testid@aaf.att.com] may not write Role [com.test2.TC_Perm1.@[THE_USER].r.C]
# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
as testid@aaf.att.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist
# TC_Perm1.26.14.POS Create Role
as testid@aaf.att.com
role create com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Created Role
# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
# TC_Perm1.26.16.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
com.test.TC_Perm1.@[THE_USER].r.C
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
# TC_Perm1.26.17.POS Grant individual new Perm to new Role
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.C]
# TC_Perm1.26.18.NEG Already Granted Perm
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 409 **
Failed [SVC1409]: Conflict Already Exists - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] already granted to Role [com.test.TC_Perm1.@[THE_USER].r.C]
# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
as m99990@@[THE_USER].TC_Perm1.test2.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
set request true
as m99990@@[THE_USER].TC_Perm1.test2.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing
# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
set request true
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing
# TC_Perm1.26.30.POS Add ID to Role
as XX@NS
ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
** Expect 201 **
Admin m99990@@[THE_USER].TC_Perm1.test2.com added to com.test2.TC_Perm1.@[THE_USER]
as m99990@@[THE_USER].TC_Perm1.test2.com
sleep 0
# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
set request true
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
** Expect 202 **
Permission Role Granted Accepted, but requires Approvals before actualizing
# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
as testid@aaf.att.com
perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
# TC_Perm1.26.34.POS Print Info for Validation
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
com.test.TC_Perm1.@[THE_USER].r.C
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
as XX@NS
# TC_Perm1.26.35.POS Print Info for Validation
ns list name com.test2.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test2.TC_Perm1.@[THE_USER]
Administrators
XX@NS
m99990@@[THE_USER].TC_Perm1.test2.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test2.TC_Perm1.@[THE_USER].admin
com.test2.TC_Perm1.@[THE_USER].owner
com.test2.TC_Perm1.@[THE_USER].r.C
Permissions
com.test2.TC_Perm1.@[THE_USER].access * *
com.test2.TC_Perm1.@[THE_USER].access * read
Credentials
m99990@@[THE_USER].TC_Perm1.test2.com
as testid@aaf.att.com
# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
as testid@aaf.att.com
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
UnGranted Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] from Role [com.test.TC_Perm1.@[THE_USER]_2.r.C]
# TC_Perm1.26.37.NEG Already UnGranted Perm
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] not associated with any Role
# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
Set Permission's Roles to [com.test.TC_Perm1.@[THE_USER].r.C,com.test.TC_Perm1.@[THE_USER].r.A]
# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
as m99990@@[THE_USER].TC_Perm1.test2.com
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 403 **
Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_Perm1.test2.com] may not write Perm [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction]
# TC_Perm1.26.45.POS Owner of permission can reset roles
as testid@aaf.att.com
perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200 **
Set Permission's Roles to []
as XX@NS
# TC_Perm1.26.97.POS List the Namespaces
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.B
com.test.TC_Perm1.@[THE_USER].r.C
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.B myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.C myInstance myAction
ns list name com.test2.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test2.TC_Perm1.@[THE_USER]
Administrators
XX@NS
m99990@@[THE_USER].TC_Perm1.test2.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test2.TC_Perm1.@[THE_USER].admin
com.test2.TC_Perm1.@[THE_USER].owner
com.test2.TC_Perm1.@[THE_USER].r.C
Permissions
com.test2.TC_Perm1.@[THE_USER].access * *
com.test2.TC_Perm1.@[THE_USER].access * read
Credentials
m99990@@[THE_USER].TC_Perm1.test2.com
as testid@aaf.att.com
# TC_Perm1.26.98.POS Cleanup
role delete com.test.TC_Perm1.@[user.name].r.A
** Expect 200 **
Deleted Role
role delete com.test.TC_Perm1.@[user.name].r.B
** Expect 200 **
Deleted Role
role delete com.test.TC_Perm1.@[user.name].r.C
** Expect 200 **
Deleted Role
role delete com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
Deleted Role
as XX@NS
role delete com.test2.TC_Perm1.@[user.name]_2.r.C
** Expect 200 **
Deleted Role
role delete com.test2.TC_Perm1.@[user.name].r.C
** Expect 200 **
Deleted Role
as testid@aaf.att.com
perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 200 **
Deleted Permission
perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 200 **
Deleted Permission
perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200 **
Deleted Permission
force ns delete com.test.TC_Perm1.@[user.name]_2
** Expect 200 **
Deleted Namespace
as XX@NS
set force true
set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Perm1.test2.com]
ns delete com.test2.TC_Perm1.@[user.name]
** Expect 200 **
Deleted Namespace
# TC_Perm1.26.99.POS List the Now Empty Namespaces
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
ns list name com.test2.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
# TC_Perm1.27.1.POS Create Permission
perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 201 **
Created Permission
# TC_Perm1.27.2.POS Create Role
role create com.test.TC_Perm1.@[user.name].r.A
** Expect 201 **
Created Role
# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force
perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
** Expect 404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.unknown] does not exist
# TC_Perm1.27.11.POS Role is created with force
force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
** Expect 201 **
Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown]
Created Permission
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.A|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown]
# TC_Perm1.27.12.NEG Perm must Exist to Grant without force
perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
** Expect 404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] does not exist
# TC_Perm1.27.13.POS Perm is created with force
force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
** Expect 201 **
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.A]
# TC_Perm1.27.14.POS Role and perm are created with force
force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2
** Expect 201 **
Created Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]
Created Permission
Granted Permission [com.test.TC_Perm1.@[THE_USER].p.unknown2|myInstance|myAction] to Role [com.test.TC_Perm1.@[THE_USER].r.unknown2]
# TC_Perm1.30.1.POS List Data on non-Empty NS
as testid
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.unknown
com.test.TC_Perm1.@[THE_USER].r.unknown2
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction
# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist
ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace
# TC_Perm1.30.3.POS List Data on NS with sub-roles
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].admin
com.test.TC_Perm1.@[THE_USER].cred_admin
com.test.TC_Perm1.@[THE_USER].owner
Permissions
com.test.TC_Perm1.@[THE_USER].access * *
com.test.TC_Perm1.@[THE_USER].access * read
com.test.TC_Perm1.@[THE_USER].p.A myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.unknown myInstance myAction
com.test.TC_Perm1.@[THE_USER].p.unknown2 myInstance myAction
ns list name com.test.TC_Perm1.@[user.name].r
** Expect 200 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
--------------------------------------------------------------------------------
com.test.TC_Perm1.@[THE_USER].r
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Perm1.@[THE_USER].r.A
com.test.TC_Perm1.@[THE_USER].r.admin
com.test.TC_Perm1.@[THE_USER].r.owner
com.test.TC_Perm1.@[THE_USER].r.unknown
com.test.TC_Perm1.@[THE_USER].r.unknown2
Permissions
com.test.TC_Perm1.@[THE_USER].r.access * *
com.test.TC_Perm1.@[THE_USER].r.access * read
as XX@NS
# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles
set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
** Expect 200,404 **
Deleted Permission
set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
** Expect 200,404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.B|myInstance|myAction] does not exist
set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
** Expect 200,404 **
Failed [SVC4404]: Not Found - Permission [com.test.TC_Perm1.@[THE_USER].p.C|myInstance|myAction] does not exist
set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction
** Expect 200,404 **
Deleted Permission
set force true
set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction
** Expect 200,404 **
Deleted Permission
role delete com.test.TC_Perm1.@[user.name].r.A
** Expect 200,404 **
Deleted Role
role delete com.test.TC_Perm1.@[user.name].r.B
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.B] does not exist
role delete com.test.TC_Perm1.@[user.name].r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER].r.C] does not exist
role delete com.test.TC_Perm1.@[user.name].r.unknown
** Expect 200,404 **
Deleted Role
role delete com.test.TC_Perm1.@[user.name].r.unknown2
** Expect 200,404 **
Deleted Role
role delete com.test2.TC_Perm1.@[user.name].r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER].r.C] does not exist
role delete com.test.TC_Perm1.@[user.name]_2.r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Perm1.@[THE_USER]_2.r.C] does not exist
role delete com.test2.TC_Perm1.@[user.name]_2.r.C
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test2.TC_Perm1.@[THE_USER]_2.r.C] does not exist
# TC_Perm1.99.2.POS Remove ability to create creds
user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin
** Expect 200,404 **
Removed Role [com.test.TC_Perm1.@[THE_USER].cred_admin] from User [XX@NS]
as XX@NS
perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
** Expect 200,404 **
UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Perm1.@[THE_USER].cred_admin]
as testid@aaf.att.com
role delete com.test.TC_Perm1.@[user.name].cred_admin
** Expect 200,404 **
Deleted Role
sleep 0
as XX@NS
# TC_Perm1.99.98.POS Namespace Admin can delete Namespace
set force true
set force=true ns delete com.test2.TC_Perm1.@[user.name]
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist
as testid
force ns delete com.test.TC_Perm1.@[user.name].r
** Expect 200,404 **
Deleted Namespace
force ns delete com.test.TC_Perm1.@[user.name]_2
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test.TC_Perm1.@[THE_USER]_2 does not exist
force ns delete com.test.TC_Perm1.@[user.name]
** Expect 200,404 **
Deleted Namespace
force ns delete com.test2.TC_Perm1.@[user.name]
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test2.TC_Perm1.@[THE_USER] does not exist
# TC_Perm1.99.99.POS List to prove removed
ns list name com.test.TC_Perm1.@[user.name]
** Expect 200,404 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
ns list name com.test.TC_Perm1.@[user.name].r
** Expect 200,404 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER].r]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
ns list name com.test.TC_Perm1.@[user.name]_2
** Expect 200,404 **
List Namespaces by Name[com.test.TC_Perm1.@[THE_USER]_2]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
ns list name com.test2.TC_Perm1.@[user.name]
** Expect 200,404 **
List Namespaces by Name[com.test2.TC_Perm1.@[THE_USER]]
--------------------------------------------------------------------------------
*** Namespace Not Found ***