| set testid@aaf.att.com <pass> |
| set testunused@aaf.att.com <pass> |
| set bogus boguspass |
| set XX@NS <pass> |
| #delay 10 |
| set NFR 0 |
| as testid@aaf.att.com |
| # TC_Cred1.10.0.POS List NS to prove ok |
| ns list name com.test.TC_Cred1.@[user.name] |
| ** Expect 200 ** |
| |
| List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] |
| -------------------------------------------------------------------------------- |
| *** Namespace Not Found *** |
| |
| # TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials |
| ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com |
| ** Expect 201 ** |
| Created Namespace |
| |
| # TC_Cred1.10.10.POS Create role to assign mechid perm to |
| role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com |
| ** Expect 201 ** |
| Created Role |
| Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| |
| role create com.test.TC_Cred1.@[user.name].pw_reset |
| ** Expect 201 ** |
| Created Role |
| |
| # TC_Cred1.10.11.POS Assign roles to perms |
| as XX@NS |
| perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset |
| ** Expect 201 ** |
| Created Permission |
| Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset] |
| |
| perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin |
| ** Expect 201 ** |
| Created Permission |
| Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| |
| perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin |
| ** Expect 201 ** |
| Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| |
| as testid@aaf.att.com |
| # TC_Cred1.10.30.POS Assign user for creating creds |
| user cred add m99999@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 201 ** |
| Added Credential [m99999@@[THE_USER].TC_Cred1.test.com] |
| |
| set m99999@@[THE_USER].TC_Cred1.test.com password123 |
| # TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions |
| user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin |
| ** Expect 201 ** |
| Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com] |
| Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.10.32.POS Remove create rights for testing |
| user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin |
| ** Expect 200 ** |
| Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] |
| |
| # TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID |
| as testunused@aaf.att.com |
| user cred add m99990@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 403 ** |
| Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T |
| |
| # TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID |
| as m99999@@[THE_USER].TC_Cred1.test.com |
| user cred add m99990@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 201 ** |
| Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID |
| as testunused@aaf.att.com |
| user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 403 ** |
| Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER] |
| |
| # TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID |
| as m99999@@[THE_USER].TC_Cred1.test.com |
| user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 200 ** |
| Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.15.12.POS Admin, without reset permission can reset Password |
| as testid@aaf.att.com |
| user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 200 ** |
| Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.15.15.POS Admin, without reset permission can reset mechID |
| user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 |
| ** Expect 200 ** |
| Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.15.20.POS Admin, delete |
| user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 |
| ** Expect 200 ** |
| Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.30.1.NEG Multiple options available to delete |
| as XX@NS |
| user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word |
| ** Expect 201 ** |
| Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| as testid@aaf.att.com |
| user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD |
| ** Expect 201 ** |
| Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.30.2.POS Succeeds when we choose last option |
| user cred del m99990@@[user.name].TC_Cred1.test.com 2 |
| ** Expect 200 ** |
| Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.30.10.POS Add another credential |
| user cred add m99990@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 201 ** |
| Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.30.11.NEG Multiple options available to reset |
| user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| ** Expect 300 ** |
| Failed [SVC1300]: Choice - Select which cred to update: |
| Id Type Expires |
| 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] |
| 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] |
| Run same command again with chosen entry as last parameter |
| |
| # TC_Cred1.30.12.NEG Fails when we choose a bad option |
| user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 |
| ** Expect 406 ** |
| Failed [SVC1406]: Not Acceptable - User chose invalid credential selection |
| |
| # TC_Cred1.30.13.POS Succeeds when we choose last option |
| user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 |
| ** Expect 200 ** |
| Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| #TC_Cred1.30.30.NEG Fails when we don't have specific property |
| user cred extend m99990@@[user.name].TC_Cred1.test.com |
| ** Expect 403 ** |
| Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T |
| |
| #### EXTENDS behavior #### |
| #TC_Cred1.30.32.POS Setup Temp Role for Extend Permission |
| as XX@NS |
| role create com.test.TC_Cred1.@[user.name].extendTemp |
| ** Expect 201 ** |
| Created Role |
| |
| #TC_Cred1.30.33.POS Grant Extends Permission to Role |
| perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp |
| ** Expect 201 ** |
| Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] |
| |
| #TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission |
| role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS |
| ** Expect 201 ** |
| Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] |
| |
| #TC_Cred1.30.36.POS Extend Password, expecting Single Response |
| user cred extend m99990@@[user.name].TC_Cred1.test.com 1 |
| ** Expect 200 ** |
| Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| #TC_Cred1.30.39.POS Remove Role |
| set force true |
| role delete com.test.TC_Cred1.@[user.name].extendTemp |
| ** Expect 200 ** |
| Deleted Role |
| |
| #### MULTI CLEANUP ##### |
| role list user m99990@@[user.name].TC_Cred1.test.com |
| ** Expect 200 ** |
| |
| List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com] |
| -------------------------------------------------------------------------------- |
| ROLE Name |
| PERM Type Instance Action |
| -------------------------------------------------------------------------------- |
| |
| # TC_Cred1.30.80.POS Delete all entries for this cred |
| set force true |
| user cred del m99990@@[user.name].TC_Cred1.test.com |
| ** Expect 200 ** |
| Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| |
| # TC_Cred1.30.99.POS List ns shows no creds attached |
| ns list name com.test.TC_Cred1.@[user.name] |
| ** Expect 200 ** |
| |
| List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] |
| -------------------------------------------------------------------------------- |
| com.test.TC_Cred1.@[THE_USER] |
| Administrators |
| testid@aaf.att.com |
| Responsible Parties |
| @[THE_USER]@csp.att.com |
| Roles |
| com.test.TC_Cred1.@[THE_USER].admin |
| com.test.TC_Cred1.@[THE_USER].cred_admin |
| com.test.TC_Cred1.@[THE_USER].owner |
| com.test.TC_Cred1.@[THE_USER].pw_reset |
| Permissions |
| com.test.TC_Cred1.@[THE_USER].access * * |
| com.test.TC_Cred1.@[THE_USER].access * read |
| Credentials |
| m99999@@[THE_USER].TC_Cred1.test.com |
| |
| as testid@aaf.att.com |
| # TC_Cred1.99.1.POS Delete credentials |
| force user cred del m99990@@[user.name].TC_Cred1.test.com |
| ** Expect 200,404 ** |
| Failed [SVC5404]: Not Found - Credential does not exist |
| |
| #TC_Cred1.99.2.POS Ensure Remove Role |
| set force true |
| role delete com.test.TC_Cred1.@[user.name].extendTemp |
| ** Expect 200,404 ** |
| Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist |
| |
| # TC_Cred1.99.10.POS Remove ability to create creds |
| force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin |
| ** Expect 200,404 ** |
| Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ] |
| |
| as XX@NS |
| perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin |
| ** Expect 200,404 ** |
| UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| |
| force perm delete com.att.aaf.password com.test reset |
| ** Expect 200,404 ** |
| Deleted Permission |
| |
| force perm delete com.att.aaf.mechid com.test create |
| ** Expect 200,404 ** |
| Deleted Permission |
| |
| as testid@aaf.att.com |
| force role delete com.test.TC_Cred1.@[user.name].cred_admin |
| ** Expect 200,404 ** |
| Deleted Role |
| |
| force role delete com.test.TC_Cred1.@[user.name].pw_reset |
| ** Expect 200,404 ** |
| Deleted Role |
| |
| # TC_Cred1.99.99.POS Delete Namespace for TestSuite |
| set force true |
| set force=true ns delete com.test.TC_Cred1.@[user.name] |
| ** Expect 200,404 ** |
| Deleted Namespace |
| |
| as XX@NS |
| force ns delete com.test.TC_Cred1.@[user.name] |
| ** Expect 200,404 ** |
| Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist |
| |
| force ns delete com.test.TC_Cred1 |
| ** Expect 200,404 ** |
| Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist |
| |