Update project structure to org.onap.aaf
Update project structure of authz module in aaf from
com.att to org.onap.aaf and add distribution management
and repositories.
Issue-id: AAF-21
Change-Id: Ia2486954e99f2bd60f18122ed60d32d5590781e9
Signed-off-by: sg481n <sg481n@att.com>
diff --git a/authz-test/TestSuite/TC_Perm1/00_ids b/authz-test/TestSuite/TC_Perm1/00_ids
new file mode 100644
index 0000000..0e7a40a
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/00_ids
@@ -0,0 +1,9 @@
+expect 0
+set testid=<pass>
+set testid@aaf.att.com=<pass>
+set XX@NS=<pass>
+set testunused=<pass>
+set bogus=boguspass
+
+#delay 10
+set NFR=0
diff --git a/authz-test/TestSuite/TC_Perm1/10_init b/authz-test/TestSuite/TC_Perm1/10_init
new file mode 100644
index 0000000..08a9d17
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/10_init
@@ -0,0 +1,23 @@
+# TC_Perm1.10.0.POS Validate Namespace is empty first
+as testid@aaf.att.com
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+expect 201
+ns create com.test.TC_Perm1.@[user.name] @[user.name] testid@aaf.att.com
+
+# TC_Perm1.10.10.POS Create role to assign mechid perm to
+expect 201
+role create com.test.TC_Perm1.@[user.name].cred_admin
+
+as XX@NS
+# TC_Perm1.10.11.POS Assign role to mechid perm
+expect 201
+perm grant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+
+as testid@aaf.att.com
+# TC_Perm1.10.12.POS Assign user for creating creds
+expect 201
+user role add XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+
diff --git a/authz-test/TestSuite/TC_Perm1/20_add_data b/authz-test/TestSuite/TC_Perm1/20_add_data
new file mode 100644
index 0000000..308170f
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/20_add_data
@@ -0,0 +1,38 @@
+# TC_Perm1.20.1.POS List Data on non-Empty NS
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.20.2.POS Add Perm
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.20.3.NEG Already Added Perm
+expect 409
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.20.4.POS Add Perm with non-existent Roles as well
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.20.8.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.20.9.NEG Already Added Perm with some Roles as well
+expect 409
+perm create com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].r.A,com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.20.10.NEG Non-admins can't change description
+expect 403
+as testunused
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+
+# TC_Perm1.20.11.NEG Permission must exist to change description
+expect 404
+as testid
+perm describe com.test.TC_Perm1.@[user.name].p.C myInstance myAction Description for C
+
+# TC_Perm1.20.12.POS Admin can change description
+expect 200
+perm describe com.test.TC_Perm1.@[user.name].p.A myInstance myAction Description for A
+
diff --git a/authz-test/TestSuite/TC_Perm1/22_rename b/authz-test/TestSuite/TC_Perm1/22_rename
new file mode 100644
index 0000000..e249560
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/22_rename
@@ -0,0 +1,52 @@
+# TC_Perm1.22.1.NEG Try to rename permission without changing anything
+expect 409
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.2.NEG Try to rename parent ns
+expect 403
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.att.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.22.10.POS View permission in original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.11.POS Rename permission instance
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B myInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance myAction
+
+# TC_Perm1.22.12.POS Verify change in permission instance
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.13.POS Rename permission action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance myAction com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction
+
+# TC_Perm1.22.14.POS Verify change in permission action
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.15.POS Rename permission type
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.B yourInstance yourAction com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction
+
+# TC_Perm1.22.16.POS Verify change in permission type
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.22.20.POS See permission is attached to this role
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.21.POS Rename permission type, instance and action
+expect 200
+perm rename com.test.TC_Perm1.@[user.name].p.yourB yourInstance yourAction com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+
+# TC_Perm1.22.22.POS See permission stays attached after rename
+expect 200
+role list role com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.22.23.POS Verify permission is back to original state
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/25_grant_owned b/authz-test/TestSuite/TC_Perm1/25_grant_owned
new file mode 100644
index 0000000..3085ace
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/25_grant_owned
@@ -0,0 +1,40 @@
+# TC_Perm1.25.1.POS Create another Role in This namespace
+expect 201
+role create com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.2.POS Create another Perm in This namespace
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.25.3.NEG Permission must Exist to Add to Role
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.NO myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.4.POS Grant individual new Perm to new Role
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.5.NEG Already Granted Perm
+expect 409
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.6.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.25.10.POS UnGrant individual new Perm to new Role
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.11.NEG Already UnGranted Perm
+expect 404
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.25.20.POS Reset roles attached to permision with setTo
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.25.21.POS Owner of permission can reset roles
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
diff --git a/authz-test/TestSuite/TC_Perm1/26_grant_unowned b/authz-test/TestSuite/TC_Perm1/26_grant_unowned
new file mode 100644
index 0000000..4449624
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/26_grant_unowned
@@ -0,0 +1,175 @@
+# TC_Perm1.26.1.POS Create another Namespace, not owned by testid, one in company, one not
+as XX@NS
+expect 201
+ns create com.test2.TC_Perm1.@[user.name] @[user.name] XX@NS
+ns create com.test.TC_Perm1.@[user.name]_2 @[user.name] XX@NS
+
+# TC_Perm1.26.2.POS Create ID in other Namespace
+expect 201
+user cred add m99990@@[user.name].TC_Perm1.test2.com aRealPass7
+
+# TC_Perm1.26.3.POS Create a Role in other Namespaces, not owned by testid
+expect 201
+role create com.test2.TC_Perm1.@[user.name].r.C
+role create com.test2.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.11.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.11a.NEG Grant Perm to Role in Other Namespace, when Role ID
+expect 202
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.12.NEG Grant Perm to Role in Other Namespace, when Perm ID, but different Company
+as testid@aaf.att.com
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.13.NEG Fail Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+as testid@aaf.att.com
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.14.POS Create Role
+as testid@aaf.att.com
+expect 201
+role create com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.15.POS Fail Create/Grant Perm to Role in Other Namespace, when Perm ID, but same Company
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.16.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.17.POS Grant individual new Perm to new Role
+expect 201
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.18.NEG Already Granted Perm
+expect 409
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.19.POS UnGrant Perm from Role in Other Namespace, when Perm ID
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.21.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.22.NEG No Permission to Grant Perm to Role with Unrelated ID
+expect 202
+set request=true
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.25.NEG No Permission to UnGrant with Unrelated ID
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+# TC_Perm1.26.26.NEG No Permission to UnGrant with Unrelated ID
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.B
+
+
+# TC_Perm1.26.30.POS Add ID to Role
+as XX@NS:<pass>
+expect 201
+ns admin add com.test2.TC_Perm1.@[user.name] m99990@@[user.name].TC_Perm1.test2.com
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+sleep @[NFR]
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 403
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.31.NEG No Permission Grant Perm to Role if not Perm Owner
+expect 202
+set request=true
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test2.TC_Perm1.@[user.name].r.C
+
+
+# TC_Perm1.26.32.POS Grant individual new Perm to Role in Other Namespace
+expect 201
+as testid@aaf.att.com
+perm grant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.34.POS Print Info for Validation
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+as XX@NS
+# TC_Perm1.26.35.POS Print Info for Validation
+expect 200
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.36.POS UnGrant individual new Perm to new Role
+as testid@aaf.att.com
+expect 200
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.37.NEG Already UnGranted Perm
+expect 404
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.26.40.POS Reset roles attached to permision with setTo
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C,com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.26.41.NEG Non-owner of permission cannot reset roles
+expect 403
+as m99990@@[user.name].TC_Perm1.test2.com:aRealPass7
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.42.NEG Non-owner of permission cannot ungrant
+expect 403
+perm ungrant com.test.TC_Perm1.@[user.name].p.C myInstance myAction com.test.TC_Perm1.@[user.name].r.C
+
+# TC_Perm1.26.43.NEG Non-owner of permission cannot delete
+expect 403
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+# TC_Perm1.26.45.POS Owner of permission can reset roles
+as testid@aaf.att.com
+expect 200
+perm setTo com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+
+as XX@NS
+# TC_Perm1.26.97.POS List the Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
+as testid@aaf.att.com
+# TC_Perm1.26.98.POS Cleanup
+expect 200
+role delete com.test.TC_Perm1.@[user.name].r.A
+role delete com.test.TC_Perm1.@[user.name].r.B
+role delete com.test.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+as XX@NS
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+role delete com.test2.TC_Perm1.@[user.name].r.C
+as testid@aaf.att.com
+perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+force ns delete com.test.TC_Perm1.@[user.name]_2
+as XX@NS
+set force=true user cred del m99990@@[user.name].TC_Perm1.test2.com
+ns delete com.test2.TC_Perm1.@[user.name]
+
+# TC_Perm1.26.99.POS List the Now Empty Namespaces
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test2.TC_Perm1.@[user.name]
+
diff --git a/authz-test/TestSuite/TC_Perm1/27_grant_force b/authz-test/TestSuite/TC_Perm1/27_grant_force
new file mode 100644
index 0000000..12ee983
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/27_grant_force
@@ -0,0 +1,29 @@
+# TC_Perm1.27.1.POS Create Permission
+expect 201
+perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+
+# TC_Perm1.27.2.POS Create Role
+expect 201
+role create com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.10.NEG Role must Exist to Add to Role without force
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+
+# TC_Perm1.27.11.POS Role is created with force
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.A myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown
+
+# TC_Perm1.27.12.NEG Perm must Exist to Grant without force
+expect 404
+perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.13.POS Perm is created with force
+expect 201
+force perm grant com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction com.test.TC_Perm1.@[user.name].r.A
+
+# TC_Perm1.27.14.POS Role and perm are created with force
+expect 201
+force perm create com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction com.test.TC_Perm1.@[user.name].r.unknown2
+
+
diff --git a/authz-test/TestSuite/TC_Perm1/30_change_ns b/authz-test/TestSuite/TC_Perm1/30_change_ns
new file mode 100644
index 0000000..a92562a
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/30_change_ns
@@ -0,0 +1,14 @@
+# TC_Perm1.30.1.POS List Data on non-Empty NS
+as testid
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+
+# TC_Perm1.30.2.POS Create Sub-ns when Roles that exist
+expect 201
+ns create com.test.TC_Perm1.@[user.name].r @[user.name] testid@aaf.att.com
+
+# TC_Perm1.30.3.POS List Data on NS with sub-roles
+expect 200
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test.TC_Perm1.@[user.name].r
+
diff --git a/authz-test/TestSuite/TC_Perm1/99_cleanup b/authz-test/TestSuite/TC_Perm1/99_cleanup
new file mode 100644
index 0000000..222e2a4
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/99_cleanup
@@ -0,0 +1,42 @@
+as XX@NS:<pass>
+expect 200,404
+
+# TC_Perm1.99.1.POS Namespace Admin can delete Namepace defined Roles
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.A myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.B myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.C myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown myInstance myAction
+set force=true perm delete com.test.TC_Perm1.@[user.name].p.unknown2 myInstance myAction
+role delete com.test.TC_Perm1.@[user.name].r.A
+role delete com.test.TC_Perm1.@[user.name].r.B
+role delete com.test.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name].r.unknown
+role delete com.test.TC_Perm1.@[user.name].r.unknown2
+role delete com.test2.TC_Perm1.@[user.name].r.C
+role delete com.test.TC_Perm1.@[user.name]_2.r.C
+role delete com.test2.TC_Perm1.@[user.name]_2.r.C
+
+# TC_Perm1.99.2.POS Remove ability to create creds
+user role del XX@NS com.test.TC_Perm1.@[user.name].cred_admin
+
+as XX@NS:<pass>
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_Perm1.@[user.name].cred_admin
+
+as testid@aaf.att.com:<pass>
+role delete com.test.TC_Perm1.@[user.name].cred_admin
+
+sleep @[NFR]
+as XX@NS:<pass>
+# TC_Perm1.99.98.POS Namespace Admin can delete Namespace
+set force=true ns delete com.test2.TC_Perm1.@[user.name]
+as testid:<pass>
+force ns delete com.test.TC_Perm1.@[user.name].r
+force ns delete com.test.TC_Perm1.@[user.name]_2
+force ns delete com.test.TC_Perm1.@[user.name]
+force ns delete com.test2.TC_Perm1.@[user.name]
+
+# TC_Perm1.99.99.POS List to prove removed
+ns list name com.test.TC_Perm1.@[user.name]
+ns list name com.test.TC_Perm1.@[user.name].r
+ns list name com.test.TC_Perm1.@[user.name]_2
+ns list name com.test2.TC_Perm1.@[user.name]
diff --git a/authz-test/TestSuite/TC_Perm1/Description b/authz-test/TestSuite/TC_Perm1/Description
new file mode 100644
index 0000000..012a12b
--- /dev/null
+++ b/authz-test/TestSuite/TC_Perm1/Description
@@ -0,0 +1,16 @@
+This Testcase Tests the essentials of the Namespace, and the NS Commands
+
+APIs:
+
+
+
+CLI:
+ Target
+ role create :role
+ role delete
+ ns delete :ns
+ ns list :ns
+ Ancillary
+ role create :role
+ role list name :role.*
+