blob: 8d310d91b845e6217493dd0320d62fa8b7d727cd [file] [log] [blame]
set testid@aaf.att.com <pass>
set testunused@aaf.att.com <pass>
set bogus boguspass
set XX@NS <pass>
#delay 10
set NFR 0
as testid@aaf.att.com
# TC_Cred1.10.0.POS List NS to prove ok
ns list name com.test.TC_Cred1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
--------------------------------------------------------------------------------
*** Namespace Not Found ***
# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace
# TC_Cred1.10.10.POS Create role to assign mechid perm to
role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
** Expect 201 **
Created Role
Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
role create com.test.TC_Cred1.@[user.name].pw_reset
** Expect 201 **
Created Role
# TC_Cred1.10.11.POS Assign roles to perms
as XX@NS
perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
** Expect 201 **
Created Permission
Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset]
perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin
** Expect 201 **
Created Permission
Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
** Expect 201 **
Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
as testid@aaf.att.com
# TC_Cred1.10.30.POS Assign user for creating creds
user cred add m99999@@[user.name].TC_Cred1.test.com password123
** Expect 201 **
Added Credential [m99999@@[THE_USER].TC_Cred1.test.com]
set m99999@@[THE_USER].TC_Cred1.test.com password123
# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
** Expect 201 **
Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com]
Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.10.32.POS Remove create rights for testing
user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
** Expect 200 **
Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
as testunused@aaf.att.com
user cred add m99990@@[user.name].TC_Cred1.test.com password123
** Expect 403 **
Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T
# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
as m99999@@[THE_USER].TC_Cred1.test.com
user cred add m99990@@[user.name].TC_Cred1.test.com password123
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
as testunused@aaf.att.com
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 403 **
Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER]
# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
as m99999@@[THE_USER].TC_Cred1.test.com
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
as testid@aaf.att.com
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.15.20.POS Admin, delete
user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.30.1.NEG Multiple options available to delete
as XX@NS
user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
as testid@aaf.att.com
user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.30.2.POS Succeeds when we choose last option
user cred del m99990@@[user.name].TC_Cred1.test.com 2
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.30.10.POS Add another credential
user cred add m99990@@[user.name].TC_Cred1.test.com password123
** Expect 201 **
Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.30.11.NEG Multiple options available to reset
user cred reset m99990@@[user.name].TC_Cred1.test.com password123
** Expect 300 **
Failed [SVC1300]: Choice - Select which cred to update:
Id Type Expires
1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
Run same command again with chosen entry as last parameter
# TC_Cred1.30.12.NEG Fails when we choose a bad option
user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0
** Expect 406 **
Failed [SVC1406]: Not Acceptable - User chose invalid credential selection
# TC_Cred1.30.13.POS Succeeds when we choose last option
user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
** Expect 200 **
Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
#TC_Cred1.30.30.NEG Fails when we don't have specific property
user cred extend m99990@@[user.name].TC_Cred1.test.com
** Expect 403 **
Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T
#### EXTENDS behavior ####
#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
as XX@NS
role create com.test.TC_Cred1.@[user.name].extendTemp
** Expect 201 **
Created Role
#TC_Cred1.30.33.POS Grant Extends Permission to Role
perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp
** Expect 201 **
Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
** Expect 201 **
Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
#TC_Cred1.30.36.POS Extend Password, expecting Single Response
user cred extend m99990@@[user.name].TC_Cred1.test.com 1
** Expect 200 **
Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com]
#TC_Cred1.30.39.POS Remove Role
set force true
role delete com.test.TC_Cred1.@[user.name].extendTemp
** Expect 200 **
Deleted Role
#### MULTI CLEANUP #####
role list user m99990@@[user.name].TC_Cred1.test.com
** Expect 200 **
List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com]
--------------------------------------------------------------------------------
ROLE Name
PERM Type Instance Action
--------------------------------------------------------------------------------
# TC_Cred1.30.80.POS Delete all entries for this cred
set force true
user cred del m99990@@[user.name].TC_Cred1.test.com
** Expect 200 **
Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
# TC_Cred1.30.99.POS List ns shows no creds attached
ns list name com.test.TC_Cred1.@[user.name]
** Expect 200 **
List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Cred1.@[THE_USER]
Administrators
testid@aaf.att.com
Responsible Parties
@[THE_USER]@csp.att.com
Roles
com.test.TC_Cred1.@[THE_USER].admin
com.test.TC_Cred1.@[THE_USER].cred_admin
com.test.TC_Cred1.@[THE_USER].owner
com.test.TC_Cred1.@[THE_USER].pw_reset
Permissions
com.test.TC_Cred1.@[THE_USER].access * *
com.test.TC_Cred1.@[THE_USER].access * read
Credentials
m99999@@[THE_USER].TC_Cred1.test.com
as testid@aaf.att.com
# TC_Cred1.99.1.POS Delete credentials
force user cred del m99990@@[user.name].TC_Cred1.test.com
** Expect 200,404 **
Failed [SVC5404]: Not Found - Credential does not exist
#TC_Cred1.99.2.POS Ensure Remove Role
set force true
role delete com.test.TC_Cred1.@[user.name].extendTemp
** Expect 200,404 **
Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist
# TC_Cred1.99.10.POS Remove ability to create creds
force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
** Expect 200,404 **
Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ]
as XX@NS
perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
** Expect 200,404 **
UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
force perm delete com.att.aaf.password com.test reset
** Expect 200,404 **
Deleted Permission
force perm delete com.att.aaf.mechid com.test create
** Expect 200,404 **
Deleted Permission
as testid@aaf.att.com
force role delete com.test.TC_Cred1.@[user.name].cred_admin
** Expect 200,404 **
Deleted Role
force role delete com.test.TC_Cred1.@[user.name].pw_reset
** Expect 200,404 **
Deleted Role
# TC_Cred1.99.99.POS Delete Namespace for TestSuite
set force true
set force=true ns delete com.test.TC_Cred1.@[user.name]
** Expect 200,404 **
Deleted Namespace
as XX@NS
force ns delete com.test.TC_Cred1.@[user.name]
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist
force ns delete com.test.TC_Cred1
** Expect 200,404 **
Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist