Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / 5c30b7fc8fcbf049fea01d6484505812b6bceabf / . / authz-test / TestSuite / expected / TC_Role2.expected
blob: 45abf9fdd8f76f7626b30c88cddf9018c737fb04 [file] [log] [blame]
sg481nbd890c52017-08-28 12:11:35 -0400[diff] [blame]1set XX@NS <pass>
2set testid@aaf.att.com <pass>
3set testunused@aaf.att.com <pass>
4set bogus boguspass
5#delay 10
6set NFR 0
7as testid@aaf.att.com
8# TC_Role2.10.0.POS Print NS to prove ok
9ns list name com.test.TC_Role2.@[user.name]
10** Expect 200 **
11
12List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
13--------------------------------------------------------------------------------
14 *** Namespace Not Found ***
15
16# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
17ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
18** Expect 201 **
19Created Namespace
20
21##############
22# Testing Model
23# We are making a Testing model based loosely on George Orwell's Animal Farm
24# In Animal Farm, Animals did all the work but didn't get any priviledges.
25# In our test, the animals can't see anything but their own role, etc
26# Dogs were supervisors, and ostensibly did something, though mostly laid around
27# In our test, they have Implicit Permissions by being Admins
28# Pigs were the Elite. They did nothing, but watch everyone and eat the produce
29# In our test, they have Explicit Permissions to see everything they want
30##############
31as testid@aaf.att.com
32# TC_Role2.20.1.POS List Data on non-Empty NS
33ns list name com.test.TC_Role2.@[user.name]
34** Expect 200 **
35
36List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
37--------------------------------------------------------------------------------
38com.test.TC_Role2.@[THE_USER]
39 Administrators
40 testid@aaf.att.com
41 Responsible Parties
42 @[THE_USER]@csp.att.com
43 Roles
44 com.test.TC_Role2.@[THE_USER].admin
45 com.test.TC_Role2.@[THE_USER].owner
46 Permissions
47 com.test.TC_Role2.@[THE_USER].access * *
48 com.test.TC_Role2.@[THE_USER].access * read
49
50# TC_Role2.20.10.POS Create Orwellian Roles
51role create com.test.TC_Role2.@[user.name].r.animals
52** Expect 201 **
53Created Role
54
55role create com.test.TC_Role2.@[user.name].r.dogs
56** Expect 201 **
57Created Role
58
59role create com.test.TC_Role2.@[user.name].r.pigs
60** Expect 201 **
61Created Role
62
63# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
64perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
65** Expect 201 **
66Created Permission
67Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals]
68
69perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
70** Expect 201 **
71Created Permission
72Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
73
74perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
75** Expect 201 **
76Created Permission
77Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
78
79perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
80** Expect 201 **
81Created Permission
82Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]
83
84# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
85as XX@NS
86perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
87** Expect 201 **
88Created Permission
89Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
90
91perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
92** Expect 201 **
93Created Permission
94Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]
95
96# TC_Role2.20.60.POS List Data on non-Empty NS
97as testid@aaf.att.com
98ns list name com.test.TC_Role2.@[user.name]
99** Expect 200 **
100
101List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
102--------------------------------------------------------------------------------
103com.test.TC_Role2.@[THE_USER]
104 Administrators
105 testid@aaf.att.com
106 Responsible Parties
107 @[THE_USER]@csp.att.com
108 Roles
109 com.test.TC_Role2.@[THE_USER].admin
110 com.test.TC_Role2.@[THE_USER].owner
111 com.test.TC_Role2.@[THE_USER].r.animals
112 com.test.TC_Role2.@[THE_USER].r.dogs
113 com.test.TC_Role2.@[THE_USER].r.pigs
114 Permissions
115 com.test.TC_Role2.@[THE_USER].access * *
116 com.test.TC_Role2.@[THE_USER].access * read
117 com.test.TC_Role2.@[THE_USER].r.A * *
118 com.test.TC_Role2.@[THE_USER].r.A garbage eat
119 com.test.TC_Role2.@[THE_USER].r.A grain *
120 com.test.TC_Role2.@[THE_USER].r.A grain eat
121
122as XX@NS
123# TC_Role2.40.1.POS List Data on Role
124role list role com.test.TC_Role2.@[user.name].r.animals
125** Expect 200 **
126
127List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
128--------------------------------------------------------------------------------
129ROLE Name
130 PERM Type Instance Action
131--------------------------------------------------------------------------------
132com.test.TC_Role2.@[THE_USER].r.animals
133 com.test.TC_Role2.@[THE_USER].r.A garbage eat
134
135role list role com.test.TC_Role2.@[user.name].r.dogs
136** Expect 200 **
137
138List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
139--------------------------------------------------------------------------------
140ROLE Name
141 PERM Type Instance Action
142--------------------------------------------------------------------------------
143com.test.TC_Role2.@[THE_USER].r.dogs
144 com.test.TC_Role2.@[THE_USER].r.A * *
145 com.test.TC_Role2.@[THE_USER].r.A grain *
146 com.test.TC_Role2.@[THE_USER].r.A grain eat
147
148role list role com.test.TC_Role2.@[user.name].r.pigs
149** Expect 200 **
150
151List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
152--------------------------------------------------------------------------------
153ROLE Name
154 PERM Type Instance Action
155--------------------------------------------------------------------------------
156com.test.TC_Role2.@[THE_USER].r.pigs
157 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
158 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
159
160# TC_Role2.40.10.POS Add testunused to animals
161as testid@aaf.att.com
162user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
163** Expect 201 **
164Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com]
165
166# TC_Role2.40.11.POS List by Name when part of role
167as testunused@aaf.att.com
168role list role com.test.TC_Role2.@[user.name].r.animals
169** Expect 200 **
170
171List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
172--------------------------------------------------------------------------------
173ROLE Name
174 PERM Type Instance Action
175--------------------------------------------------------------------------------
176com.test.TC_Role2.@[THE_USER].r.animals
177 com.test.TC_Role2.@[THE_USER].r.A garbage eat
178
179# TC_Role2.40.12.NEG List by Name when not part of Role
180role list role com.test.TC_Role2.@[user.name].r.dogs
181** Expect 403 **
182Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
183
184role list role com.test.TC_Role2.@[user.name].r.pigs
185** Expect 403 **
186Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs]
187
188# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
189as testid@aaf.att.com
190role list role com.test.TC_Role2.@[user.name].r.animals
191** Expect 200 **
192
193List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
194--------------------------------------------------------------------------------
195ROLE Name
196 PERM Type Instance Action
197--------------------------------------------------------------------------------
198com.test.TC_Role2.@[THE_USER].r.animals
199 com.test.TC_Role2.@[THE_USER].r.A garbage eat
200
201role list role com.test.TC_Role2.@[user.name].r.dogs
202** Expect 200 **
203
204List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
205--------------------------------------------------------------------------------
206ROLE Name
207 PERM Type Instance Action
208--------------------------------------------------------------------------------
209com.test.TC_Role2.@[THE_USER].r.dogs
210 com.test.TC_Role2.@[THE_USER].r.A * *
211 com.test.TC_Role2.@[THE_USER].r.A grain *
212 com.test.TC_Role2.@[THE_USER].r.A grain eat
213
214role list role com.test.TC_Role2.@[user.name].r.pigs
215** Expect 200 **
216
217List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
218--------------------------------------------------------------------------------
219ROLE Name
220 PERM Type Instance Action
221--------------------------------------------------------------------------------
222com.test.TC_Role2.@[THE_USER].r.pigs
223 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
224 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
225
226# TC_Role2.40.50.POS Change testunused to Pigs
227as testid@aaf.att.com
228user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
229** Expect 200 **
230Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com]
231
232user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
233** Expect 201 **
234Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com]
235
236# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
237as testunused@aaf.att.com
238role list role com.test.TC_Role2.@[user.name].r.animals
239** Expect 403 **
240Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals]
241
242role list role com.test.TC_Role2.@[user.name].r.dogs
243** Expect 403 **
244Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]
245
246role list role com.test.TC_Role2.@[user.name].r.pigs
247** Expect 200 **
248
249List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
250--------------------------------------------------------------------------------
251ROLE Name
252 PERM Type Instance Action
253--------------------------------------------------------------------------------
254com.test.TC_Role2.@[THE_USER].r.pigs
255 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
256 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
257
258# TC_Role2.41.10.POS List by User when Same as Caller
259as testunused@aaf.att.com
260role list user testunused@aaf.att.com
261** Expect 200 **
262
263List Roles for User [testunused@aaf.att.com]
264--------------------------------------------------------------------------------
265ROLE Name
266 PERM Type Instance Action
267--------------------------------------------------------------------------------
268com.test.TC_Role2.@[THE_USER].r.pigs
269 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
270 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
271
272# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
273as testid@aaf.att.com
274role list user testunused@aaf.att.com
275** Expect 200 **
276
277List Roles for User [testunused@aaf.att.com]
278--------------------------------------------------------------------------------
279ROLE Name
280 PERM Type Instance Action
281--------------------------------------------------------------------------------
282com.test.TC_Role2.@[THE_USER].r.pigs
283 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
284 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
285
286# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
287as XX@NS
288role list user testunused@aaf.att.com
289** Expect 200 **
290
291List Roles for User [testunused@aaf.att.com]
292--------------------------------------------------------------------------------
293ROLE Name
294 PERM Type Instance Action
295--------------------------------------------------------------------------------
296com.test.TC_Role2.@[THE_USER].r.pigs
297 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
298 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
299
300# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
301as testunused@aaf.att.com
302role list user XX@NS
303** Expect 200 **
304
305List Roles for User [XX@NS]
306--------------------------------------------------------------------------------
307ROLE Name
308 PERM Type Instance Action
309--------------------------------------------------------------------------------
310
311# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
312as testid@aaf.att.com
313role list ns com.test.TC_Role2.@[user.name]
314** Expect 200 **
315
316List Roles by NS [com.test.TC_Role2.@[THE_USER]]
317--------------------------------------------------------------------------------
318ROLE Name
319 PERM Type Instance Action
320--------------------------------------------------------------------------------
321com.test.TC_Role2.@[THE_USER].admin
322 com.test.TC_Role2.@[THE_USER].access * *
323com.test.TC_Role2.@[THE_USER].owner
324 com.test.TC_Role2.@[THE_USER].access * read
325com.test.TC_Role2.@[THE_USER].r.animals
326 com.test.TC_Role2.@[THE_USER].r.A garbage eat
327com.test.TC_Role2.@[THE_USER].r.dogs
328 com.test.TC_Role2.@[THE_USER].r.A * *
329 com.test.TC_Role2.@[THE_USER].r.A grain *
330 com.test.TC_Role2.@[THE_USER].r.A grain eat
331com.test.TC_Role2.@[THE_USER].r.pigs
332 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.animals view
333 com.att.aaf.role com.test.TC_Role2.@[THE_USER].r.dogs view
334
335# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
336as testunused@aaf.att.com
337role list ns com.test.TC_Role2.@[user.name]
338** Expect 403 **
339Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]]
340
341# TC_Role2.43.10.POS List Roles when allowed to see Perm
342as testid@aaf.att.com
343role list perm com.test.TC_Role2.@[user.name].r.A grain eat
344** Expect 200 **
345
346List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat
347--------------------------------------------------------------------------------
348ROLE Name
349 PERM Type Instance Action
350--------------------------------------------------------------------------------
351com.test.TC_Role2.@[THE_USER].r.dogs
352 com.test.TC_Role2.@[THE_USER].r.A * *
353 com.test.TC_Role2.@[THE_USER].r.A grain *
354 com.test.TC_Role2.@[THE_USER].r.A grain eat
355
356role list perm com.test.TC_Role2.@[user.name].r.A grain *
357** Expect 200 **
358
359List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|*
360--------------------------------------------------------------------------------
361ROLE Name
362 PERM Type Instance Action
363--------------------------------------------------------------------------------
364com.test.TC_Role2.@[THE_USER].r.dogs
365 com.test.TC_Role2.@[THE_USER].r.A * *
366 com.test.TC_Role2.@[THE_USER].r.A grain *
367 com.test.TC_Role2.@[THE_USER].r.A grain eat
368
369role list perm com.test.TC_Role2.@[user.name].r.A * *
370** Expect 200 **
371
372List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|*
373--------------------------------------------------------------------------------
374ROLE Name
375 PERM Type Instance Action
376--------------------------------------------------------------------------------
377com.test.TC_Role2.@[THE_USER].r.dogs
378 com.test.TC_Role2.@[THE_USER].r.A * *
379 com.test.TC_Role2.@[THE_USER].r.A grain *
380 com.test.TC_Role2.@[THE_USER].r.A grain eat
381
382# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
383as testunused@aaf.att.com
384role list perm com.test.TC_Role2.@[user.name].r.A grain eat
385** Expect 403 **
386Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat]
387
388role list perm com.test.TC_Role2.@[user.name].r.A grain *
389** Expect 403 **
390Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*]
391
392role list perm com.test.TC_Role2.@[user.name].r.A * *
393** Expect 403 **
394Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*]
395
396as XX@NS
397# TC_Role2.99.1.POS Delete Roles
398force role delete com.test.TC_Role2.@[user.name].r.animals
399** Expect 200,404 **
400Deleted Role
401
402force role delete com.test.TC_Role2.@[user.name].r.dogs
403** Expect 200,404 **
404Deleted Role
405
406force role delete com.test.TC_Role2.@[user.name].r.pigs
407** Expect 200,404 **
408Deleted Role
409
410# TC_Role2.99.2.POS Delete Perms
411force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
412** Expect 200,404 **
413Deleted Permission
414
415force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
416** Expect 200,404 **
417Deleted Permission
418
419force perm delete com.test.TC_Role2.@[user.name].r.A grain *
420** Expect 200,404 **
421Deleted Permission
422
423force perm delete com.test.TC_Role2.@[user.name].r.A * *
424** Expect 200,404 **
425Deleted Permission
426
427force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
428** Expect 200,404 **
429Deleted Permission
430
431force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
432** Expect 200,404 **
433Deleted Permission
434
435# TC_Role2.99.2.POS Namespace Admin can delete Namespace
436force ns delete com.test.TC_Role2.@[user.name]
437** Expect 200,404 **
438Deleted Namespace
439
440# TC_Role2.99.3.POS Print Namespaces
441ns list name com.test.TC_Role2.@[user.name]
442** Expect 200,404 **
443
444List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
445--------------------------------------------------------------------------------
446 *** Namespace Not Found ***
447