sg481n | bd890c5 | 2017-08-28 12:11:35 -0400 | [diff] [blame] | 1 | set testid@aaf.att.com <pass> |
| 2 | set testunused@aaf.att.com <pass> |
| 3 | set XX@NS <pass> |
| 4 | set bogus boguspass |
| 5 | #delay 10 |
| 6 | set NFR 0 |
| 7 | as testid@aaf.att.com |
| 8 | # TC_Role1.10.0.POS Validate NS ok |
| 9 | ns list name com.test.TC_Role1.@[user.name] |
| 10 | ** Expect 200 ** |
| 11 | |
| 12 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] |
| 13 | -------------------------------------------------------------------------------- |
| 14 | *** Namespace Not Found *** |
| 15 | |
| 16 | # TC_Role1.10.1.POS Create Namespace with valid IDs and Responsible Parties |
| 17 | ns create com.test.TC_Role1.@[user.name] @[user.name] testid@aaf.att.com |
| 18 | ** Expect 201 ** |
| 19 | Created Namespace |
| 20 | |
| 21 | # TC_Role1.10.10.POS Create role to assign mechid perm to |
| 22 | role create com.test.TC_Role1.@[user.name].cred_admin |
| 23 | ** Expect 201 ** |
| 24 | Created Role |
| 25 | |
| 26 | as XX@NS |
| 27 | # TC_Role1.10.11.POS Assign role to mechid perm |
| 28 | perm grant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin |
| 29 | ** Expect 201 ** |
| 30 | Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Role1.@[THE_USER].cred_admin] |
| 31 | |
| 32 | as testid@aaf.att.com |
| 33 | # TC_Role1.10.12.POS Assign user for creating creds |
| 34 | user role add testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin |
| 35 | ** Expect 201 ** |
| 36 | Added Role [com.test.TC_Role1.@[THE_USER].cred_admin] to User [testid@aaf.att.com] |
| 37 | |
| 38 | # TC_Role1.20.1.POS List Data on non-Empty NS |
| 39 | ns list name com.test.TC_Role1.@[user.name] |
| 40 | ** Expect 200 ** |
| 41 | |
| 42 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] |
| 43 | -------------------------------------------------------------------------------- |
| 44 | com.test.TC_Role1.@[THE_USER] |
| 45 | Administrators |
| 46 | testid@aaf.att.com |
| 47 | Responsible Parties |
| 48 | @[THE_USER]@csp.att.com |
| 49 | Roles |
| 50 | com.test.TC_Role1.@[THE_USER].admin |
| 51 | com.test.TC_Role1.@[THE_USER].cred_admin |
| 52 | com.test.TC_Role1.@[THE_USER].owner |
| 53 | Permissions |
| 54 | com.test.TC_Role1.@[THE_USER].access * * |
| 55 | com.test.TC_Role1.@[THE_USER].access * read |
| 56 | |
| 57 | # TC_Role1.20.2.POS Add Roles |
| 58 | role create com.test.TC_Role1.@[user.name].r.A |
| 59 | ** Expect 201 ** |
| 60 | Created Role |
| 61 | |
| 62 | role create com.test.TC_Role1.@[user.name].r.B |
| 63 | ** Expect 201 ** |
| 64 | Created Role |
| 65 | |
| 66 | # TC_Role1.20.3.POS List Data on non-Empty NS |
| 67 | ns list name com.test.TC_Role1.@[user.name] |
| 68 | ** Expect 200 ** |
| 69 | |
| 70 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] |
| 71 | -------------------------------------------------------------------------------- |
| 72 | com.test.TC_Role1.@[THE_USER] |
| 73 | Administrators |
| 74 | testid@aaf.att.com |
| 75 | Responsible Parties |
| 76 | @[THE_USER]@csp.att.com |
| 77 | Roles |
| 78 | com.test.TC_Role1.@[THE_USER].admin |
| 79 | com.test.TC_Role1.@[THE_USER].cred_admin |
| 80 | com.test.TC_Role1.@[THE_USER].owner |
| 81 | com.test.TC_Role1.@[THE_USER].r.A |
| 82 | com.test.TC_Role1.@[THE_USER].r.B |
| 83 | Permissions |
| 84 | com.test.TC_Role1.@[THE_USER].access * * |
| 85 | com.test.TC_Role1.@[THE_USER].access * read |
| 86 | |
| 87 | # TC_Role1.20.4.NEG Don't write over Role |
| 88 | role create com.test.TC_Role1.@[user.name].r.A |
| 89 | ** Expect 409 ** |
| 90 | Failed [SVC1409]: Conflict Already Exists - Role [com.test.TC_Role1.@[THE_USER].r.A] already exists |
| 91 | |
| 92 | # TC_Role1.20.5.NEG Don't allow non-user to create |
| 93 | as bogus |
| 94 | role create com.test.TC_Role1.@[user.name].r.No |
| 95 | ** Expect 401 ** |
| 96 | Failed with code 401, Unauthorized |
| 97 | |
| 98 | # TC_Role1.20.6.NEG Don't allow non-user to create without Approval |
| 99 | as testunused@aaf.att.com |
| 100 | role create com.test.TC_Role1.@[user.name].r.No |
| 101 | ** Expect 403 ** |
| 102 | Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_Role1.@[THE_USER].r.No] |
| 103 | |
| 104 | # TC_Role1.20.10.NEG Non-admins can't change description |
| 105 | as testunused@aaf.att.com |
| 106 | role describe com.test.TC_Role1.@[user.name].r.A Description A |
| 107 | ** Expect 403 ** |
| 108 | Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_Role1.@[THE_USER].r.A |
| 109 | |
| 110 | # TC_Role1.20.11.NEG Role must exist to change description |
| 111 | as testid@aaf.att.com |
| 112 | role describe com.test.TC_Role1.@[user.name].r.C Description C |
| 113 | ** Expect 404 ** |
| 114 | Failed [SVC1404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist |
| 115 | |
| 116 | # TC_Role1.20.12.POS Admin can change description |
| 117 | role describe com.test.TC_Role1.@[user.name].r.A Description A |
| 118 | ** Expect 200 ** |
| 119 | Description added to role |
| 120 | |
| 121 | # TC_Role1.30.1.POS List Data on non-Empty NS |
| 122 | as testid@aaf.att.com |
| 123 | ns list name com.test.TC_Role1.@[user.name] |
| 124 | ** Expect 200 ** |
| 125 | |
| 126 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] |
| 127 | -------------------------------------------------------------------------------- |
| 128 | com.test.TC_Role1.@[THE_USER] |
| 129 | Administrators |
| 130 | testid@aaf.att.com |
| 131 | Responsible Parties |
| 132 | @[THE_USER]@csp.att.com |
| 133 | Roles |
| 134 | com.test.TC_Role1.@[THE_USER].admin |
| 135 | com.test.TC_Role1.@[THE_USER].cred_admin |
| 136 | com.test.TC_Role1.@[THE_USER].owner |
| 137 | com.test.TC_Role1.@[THE_USER].r.A |
| 138 | com.test.TC_Role1.@[THE_USER].r.B |
| 139 | Permissions |
| 140 | com.test.TC_Role1.@[THE_USER].access * * |
| 141 | com.test.TC_Role1.@[THE_USER].access * read |
| 142 | |
| 143 | # TC_Role1.30.2.POS Create Sub-ns when Roles that exist |
| 144 | ns create com.test.TC_Role1.@[user.name].r @[user.name] testid@aaf.att.com |
| 145 | ** Expect 201 ** |
| 146 | Created Namespace |
| 147 | |
| 148 | # TC_Role1.30.3.POS List Data on NS with sub-roles |
| 149 | ns list name com.test.TC_Role1.@[user.name] |
| 150 | ** Expect 200 ** |
| 151 | |
| 152 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] |
| 153 | -------------------------------------------------------------------------------- |
| 154 | com.test.TC_Role1.@[THE_USER] |
| 155 | Administrators |
| 156 | testid@aaf.att.com |
| 157 | Responsible Parties |
| 158 | @[THE_USER]@csp.att.com |
| 159 | Roles |
| 160 | com.test.TC_Role1.@[THE_USER].admin |
| 161 | com.test.TC_Role1.@[THE_USER].cred_admin |
| 162 | com.test.TC_Role1.@[THE_USER].owner |
| 163 | Permissions |
| 164 | com.test.TC_Role1.@[THE_USER].access * * |
| 165 | com.test.TC_Role1.@[THE_USER].access * read |
| 166 | |
| 167 | ns list name com.test.TC_Role1.@[user.name].r |
| 168 | ** Expect 200 ** |
| 169 | |
| 170 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] |
| 171 | -------------------------------------------------------------------------------- |
| 172 | com.test.TC_Role1.@[THE_USER].r |
| 173 | Administrators |
| 174 | testid@aaf.att.com |
| 175 | Responsible Parties |
| 176 | @[THE_USER]@csp.att.com |
| 177 | Roles |
| 178 | com.test.TC_Role1.@[THE_USER].r.A |
| 179 | com.test.TC_Role1.@[THE_USER].r.B |
| 180 | com.test.TC_Role1.@[THE_USER].r.admin |
| 181 | com.test.TC_Role1.@[THE_USER].r.owner |
| 182 | Permissions |
| 183 | com.test.TC_Role1.@[THE_USER].r.access * * |
| 184 | com.test.TC_Role1.@[THE_USER].r.access * read |
| 185 | |
| 186 | # TC_Role1.40.01.POS List Data on non-Empty NS |
| 187 | role list role com.test.TC_Role1.@[user.name].r.A |
| 188 | ** Expect 200 ** |
| 189 | |
| 190 | List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] |
| 191 | -------------------------------------------------------------------------------- |
| 192 | ROLE Name |
| 193 | PERM Type Instance Action |
| 194 | -------------------------------------------------------------------------------- |
| 195 | com.test.TC_Role1.@[THE_USER].r.A |
| 196 | |
| 197 | # TC_Role1.40.20.POS Create a Perm, and add to Role |
| 198 | perm create com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT com.test.TC_Role1.@[user.name].r.A |
| 199 | ** Expect 201 ** |
| 200 | Created Permission |
| 201 | Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.long(involved).text|SELECT] to Role [com.test.TC_Role1.@[THE_USER].r.A] |
| 202 | |
| 203 | # TC_Role1.40.25.POS List |
| 204 | role list role com.test.TC_Role1.@[user.name].r.A |
| 205 | ** Expect 200 ** |
| 206 | |
| 207 | List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] |
| 208 | -------------------------------------------------------------------------------- |
| 209 | ROLE Name |
| 210 | PERM Type Instance Action |
| 211 | -------------------------------------------------------------------------------- |
| 212 | com.test.TC_Role1.@[THE_USER].r.A |
| 213 | com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT |
| 214 | |
| 215 | # TC_Role1.40.30.POS Create a Perm |
| 216 | perm create com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case |
| 217 | ** Expect 201 ** |
| 218 | Created Permission |
| 219 | |
| 220 | # TC_Role1.40.32.POS Separately Grant Perm |
| 221 | perm grant com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case com.test.TC_Role1.@[user.name].r.A |
| 222 | ** Expect 201 ** |
| 223 | Granted Permission [com.test.TC_Role1.@[THE_USER].samplePerm1|some.other_long(less.involved).text|lower_case] to Role [com.test.TC_Role1.@[THE_USER].r.A] |
| 224 | |
| 225 | # TC_Role1.40.35.POS List |
| 226 | role list role com.test.TC_Role1.@[user.name].r.A |
| 227 | ** Expect 200 ** |
| 228 | |
| 229 | List Roles for Role[com.test.TC_Role1.@[THE_USER].r.A] |
| 230 | -------------------------------------------------------------------------------- |
| 231 | ROLE Name |
| 232 | PERM Type Instance Action |
| 233 | -------------------------------------------------------------------------------- |
| 234 | com.test.TC_Role1.@[THE_USER].r.A |
| 235 | com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT |
| 236 | com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case |
| 237 | |
| 238 | # TC_Role1.50.1.POS Create user to attach to role |
| 239 | user cred add m00001@@[user.name].TC_Role1.test.com password123 |
| 240 | ** Expect 201 ** |
| 241 | Added Credential [m00001@@[THE_USER].TC_Role1.test.com] |
| 242 | |
| 243 | # TC_Role1.50.2.POS Create new role |
| 244 | role create com.test.TC_Role1.@[user.name].r.C |
| 245 | ** Expect 201 ** |
| 246 | Created Role |
| 247 | |
| 248 | # TC_Role1.50.3.POS Attach user to role |
| 249 | user role add m00001@@[user.name].TC_Role1.test.com com.test.TC_Role1.@[user.name].r.C |
| 250 | ** Expect 201 ** |
| 251 | Added Role [com.test.TC_Role1.@[THE_USER].r.C] to User [m00001@@[THE_USER].TC_Role1.test.com] |
| 252 | |
| 253 | # TC_Role1.50.4.POS Create permission and attach to role |
| 254 | perm create com.test.TC_Role1.@[user.name].p.C myInstance myAction com.test.TC_Role1.@[user.name].r.C |
| 255 | ** Expect 201 ** |
| 256 | Created Permission |
| 257 | Granted Permission [com.test.TC_Role1.@[THE_USER].p.C|myInstance|myAction] to Role [com.test.TC_Role1.@[THE_USER].r.C] |
| 258 | |
| 259 | # TC_Role1.50.20.NEG Delete role with permission and user attached should fail |
| 260 | role delete com.test.TC_Role1.@[user.name].r.C |
| 261 | ** Expect 424 ** |
| 262 | Failed [SVC1424]: Failed Dependency - Role [com.test.TC_Role1.@[THE_USER].r.C] cannot be deleted as it is used by 1 or more Users. |
| 263 | |
| 264 | # TC_Role1.50.21.POS Force delete role should work |
| 265 | set force true |
| 266 | set force=true role delete com.test.TC_Role1.@[user.name].r.C |
| 267 | ** Expect 200 ** |
| 268 | Deleted Role |
| 269 | |
| 270 | # TC_Role1.50.30.POS List Data on non-Empty NS |
| 271 | ns list name com.test.TC_Role1.@[user.name] |
| 272 | ** Expect 200 ** |
| 273 | |
| 274 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] |
| 275 | -------------------------------------------------------------------------------- |
| 276 | com.test.TC_Role1.@[THE_USER] |
| 277 | Administrators |
| 278 | testid@aaf.att.com |
| 279 | Responsible Parties |
| 280 | @[THE_USER]@csp.att.com |
| 281 | Roles |
| 282 | com.test.TC_Role1.@[THE_USER].admin |
| 283 | com.test.TC_Role1.@[THE_USER].cred_admin |
| 284 | com.test.TC_Role1.@[THE_USER].owner |
| 285 | Permissions |
| 286 | com.test.TC_Role1.@[THE_USER].access * * |
| 287 | com.test.TC_Role1.@[THE_USER].access * read |
| 288 | com.test.TC_Role1.@[THE_USER].p.C myInstance myAction |
| 289 | com.test.TC_Role1.@[THE_USER].samplePerm1 some.long(involved).text SELECT |
| 290 | com.test.TC_Role1.@[THE_USER].samplePerm1 some.other_long(less.involved).text lower_case |
| 291 | Credentials |
| 292 | m00001@@[THE_USER].TC_Role1.test.com |
| 293 | |
| 294 | # Need to let DB catch up on deletes |
| 295 | sleep 0 |
| 296 | as testid@aaf.att.com |
| 297 | # TC_Role1.99.05.POS Remove Permissions from "40_reports" |
| 298 | set force true |
| 299 | set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.long(involved).text SELECT |
| 300 | ** Expect 200,404 ** |
| 301 | Deleted Permission |
| 302 | |
| 303 | set force true |
| 304 | set force=true perm delete com.test.TC_Role1.@[user.name].samplePerm1 some.other_long(less.involved).text lower_case |
| 305 | ** Expect 200,404 ** |
| 306 | Deleted Permission |
| 307 | |
| 308 | # TC_Role1.99.10.POS Namespace Admin can delete Namepace defined Roles |
| 309 | force role delete com.test.TC_Role1.@[user.name].r.A |
| 310 | ** Expect 200,404 ** |
| 311 | Deleted Role |
| 312 | |
| 313 | force role delete com.test.TC_Role1.@[user.name].r.B |
| 314 | ** Expect 200,404 ** |
| 315 | Deleted Role |
| 316 | |
| 317 | force role delete com.test.TC_Role1.@[user.name].r.C |
| 318 | ** Expect 200,404 ** |
| 319 | Failed [SVC3404]: Not Found - Role [com.test.TC_Role1.@[THE_USER].r.C] does not exist |
| 320 | |
| 321 | # TC_Role1.99.15.POS Remove ability to create creds |
| 322 | user role del testid@aaf.att.com com.test.TC_Role1.@[user.name].cred_admin |
| 323 | ** Expect 200,404 ** |
| 324 | Removed Role [com.test.TC_Role1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] |
| 325 | |
| 326 | as XX@NS |
| 327 | perm ungrant com.att.aaf.mechid com.att create com.test.TC_Role1.@[user.name].cred_admin |
| 328 | ** Expect 200,404 ** |
| 329 | UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Role1.@[THE_USER].cred_admin] |
| 330 | |
| 331 | as testid@aaf.att.com |
| 332 | role delete com.test.TC_Role1.@[user.name].cred_admin |
| 333 | ** Expect 200,404 ** |
| 334 | Deleted Role |
| 335 | |
| 336 | # TC_Role1.99.20.POS Namespace Admin can delete permissions and credentials |
| 337 | perm delete com.test.TC_Role1.@[user.name].p.C myInstance myAction |
| 338 | ** Expect 200,404 ** |
| 339 | Deleted Permission |
| 340 | |
| 341 | set force true |
| 342 | user cred del m00001@@[user.name].TC_Role1.test.com |
| 343 | ** Expect 200,404 ** |
| 344 | Deleted Credential [m00001@@[THE_USER].TC_Role1.test.com] |
| 345 | |
| 346 | # TC_Role1.99.90.POS Namespace Admin can delete Namespace |
| 347 | force ns delete com.test.TC_Role1.@[user.name].r |
| 348 | ** Expect 200,404 ** |
| 349 | Deleted Namespace |
| 350 | |
| 351 | force ns delete com.test.TC_Role1.@[user.name] |
| 352 | ** Expect 200,404 ** |
| 353 | Deleted Namespace |
| 354 | |
| 355 | # TC_Role1.99.99.POS List to prove clean Namespaces |
| 356 | ns list name com.test.TC_Role1.@[user.name].r |
| 357 | ** Expect 200,404 ** |
| 358 | |
| 359 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER].r] |
| 360 | -------------------------------------------------------------------------------- |
| 361 | *** Namespace Not Found *** |
| 362 | |
| 363 | ns list name com.test.TC_Role1.@[user.name] |
| 364 | ** Expect 200,404 ** |
| 365 | |
| 366 | List Namespaces by Name[com.test.TC_Role1.@[THE_USER]] |
| 367 | -------------------------------------------------------------------------------- |
| 368 | *** Namespace Not Found *** |
| 369 | |