Gitiles
Code Review Sign In
gerrit.nordix.org / onap / aaf / authz / 5c30b7fc8fcbf049fea01d6484505812b6bceabf / . / authz-test / TestSuite / expected / TC_User1.expected
blob: e1d304f57a52578732b66c5bed438bb28477e552 [file] [log] [blame]
sg481nbd890c52017-08-28 12:11:35 -0400[diff] [blame]1set XX@NS <pass>
2set testid@aaf.att.com <pass>
3set testunused@aaf.att.com <pass>
4set bogus@aaf.att.com boguspass
5set m99990@@[THE_USER].TC_User1.test.com password123
6set m99995@@[THE_USER].TC_User1.test.com password123
7#delay 10
8set NFR 0
9as testid@aaf.att.com
10# TC_User1.10.0.POS Check for Existing Data
11ns list name com.test.TC_User1.@[user.name]
12** Expect 200 **
13
14List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
15--------------------------------------------------------------------------------
16 *** Namespace Not Found ***
17
18# TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
19ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
20** Expect 201 **
21Created Namespace
22
23# TC_User1.10.10.POS Create role to assign mechid perm to
24role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
25** Expect 201 **
26Created Role
27Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
28
29as XX@NS
30# TC_User1.10.11.POS Assign role to mechid perm
31perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
32** Expect 201 **
33Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
34
35perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
36** Expect 201 **
37Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
38
39as testid@aaf.att.com
40# TC_User1.01.99.POS Expect Namespace to be created
41ns list name com.test.TC_User1.@[user.name]
42** Expect 200 **
43
44List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
45--------------------------------------------------------------------------------
46com.test.TC_User1.@[THE_USER]
47 Administrators
48 testid@aaf.att.com
49 Responsible Parties
50 @[THE_USER]@csp.att.com
51 Roles
52 com.test.TC_User1.@[THE_USER].admin
53 com.test.TC_User1.@[THE_USER].cred_admin
54 com.test.TC_User1.@[THE_USER].owner
55 Permissions
56 com.test.TC_User1.@[THE_USER].access * *
57 com.test.TC_User1.@[THE_USER].access * read
58
59as testid@aaf.att.com
60# TC_User1.20.1.POS Create roles
61role create com.test.TC_User1.@[user.name].manager
62** Expect 201 **
63Created Role
64
65role create com.test.TC_User1.@[user.name].worker
66** Expect 201 **
67Created Role
68
69# TC_User1.20.2.POS Create permissions
70perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
71** Expect 201 **
72Created Permission
73Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker]
74
75perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
76** Expect 201 **
77Created Permission
78Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker]
79
80perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
81** Expect 201 **
82Created Permission
83Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager]
84
85perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
86** Expect 201 **
87Created Permission
88Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager]
89
90# TC_User1.20.3.POS Create mechid
91user cred add m99990@@[user.name].TC_User1.test.com password123
92** Expect 201 **
93Added Credential [m99990@@[THE_USER].TC_User1.test.com]
94
95user cred add m99995@@[user.name].TC_User1.test.com password123
96** Expect 201 **
97Added Credential [m99995@@[THE_USER].TC_User1.test.com]
98
99as XX@NS
100# TC_User1.20.10.POS Add users to roles
101user role add @[user.name] com.test.TC_User1.@[user.name].manager
102** Expect 201 **
103Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com]
104
105user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
106** Expect 201 **
107Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com]
108
109# TC_User1.20.20.POS Add Delegate
110as XX@NS
111# TC_User1.20.20.POS Create delegates
112force user delegate add @[user.name] @[user.name]
113** Expect 201 **
114Delegate Added
115
116# TC_User1.40.1.NEG Non-admin, user not in role should not view
117as testunused@aaf.att.com
118user list role com.test.TC_User1.@[user.name].manager
119** Expect 403 **
120Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
121
122user list role com.test.TC_User1.@[user.name].worker
123** Expect 403 **
124Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker]
125
126as m99990@@[THE_USER].TC_User1.test.com
127# TC_User1.40.2.NEG Non-admin, user in role should not view
128user list role com.test.TC_User1.@[user.name].manager
129** Expect 403 **
130Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
131
132sleep 0
133# TC_User1.40.3.POS Non-admin, user in role can view himself
134user list role com.test.TC_User1.@[user.name].worker
135** Expect 200 **
136
137List Users for Role[com.test.TC_User1.@[THE_USER].worker]
138--------------------------------------------------------------------------------
139User Expires
140--------------------------------------------------------------------------------
141m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
142
143
144as testid@aaf.att.com
145# TC_User1.40.10.POS admin should view
146user list role com.test.TC_User1.@[user.name].manager
147** Expect 200 **
148
149List Users for Role[com.test.TC_User1.@[THE_USER].manager]
150--------------------------------------------------------------------------------
151User Expires
152--------------------------------------------------------------------------------
153@[THE_USER]@csp.att.com XXXX-XX-XX
154
155
156user list role com.test.TC_User1.@[user.name].worker
157** Expect 200 **
158
159List Users for Role[com.test.TC_User1.@[THE_USER].worker]
160--------------------------------------------------------------------------------
161User Expires
162--------------------------------------------------------------------------------
163m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
164
165
166as testunused@aaf.att.com
167# TC_User1.41.1.NEG Non-admin, user not in perm should not view
168user list perm com.test.TC_User1.@[user.name].supplies * move
169** Expect 200 **
170
171List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
172--------------------------------------------------------------------------------
173User Expires
174--------------------------------------------------------------------------------
175
176
177user list perm com.test.TC_User1.@[user.name].supplies * stock
178** Expect 200 **
179
180List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
181--------------------------------------------------------------------------------
182User Expires
183--------------------------------------------------------------------------------
184
185
186user list perm com.test.TC_User1.@[user.name].schedule worker create
187** Expect 200 **
188
189List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
190--------------------------------------------------------------------------------
191User Expires
192--------------------------------------------------------------------------------
193
194
195user list perm com.test.TC_User1.@[user.name].worker * annoy
196** Expect 200 **
197
198List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
199--------------------------------------------------------------------------------
200User Expires
201--------------------------------------------------------------------------------
202
203
204as m99990@@[THE_USER].TC_User1.test.com
205# TC_User1.41.2.POS Non-admin, user in perm can view himself
206user list perm com.test.TC_User1.@[user.name].supplies * move
207** Expect 200 **
208
209List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
210--------------------------------------------------------------------------------
211User Expires
212--------------------------------------------------------------------------------
213m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
214
215
216user list perm com.test.TC_User1.@[user.name].supplies * stock
217** Expect 200 **
218
219List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
220--------------------------------------------------------------------------------
221User Expires
222--------------------------------------------------------------------------------
223m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
224
225
226as m99990@@[THE_USER].TC_User1.test.com
227# TC_User1.41.3.NEG Non-admin, user in perm should not view
228user list perm com.test.TC_User1.@[user.name].schedule worker create
229** Expect 200 **
230
231List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
232--------------------------------------------------------------------------------
233User Expires
234--------------------------------------------------------------------------------
235
236
237user list perm com.test.TC_User1.@[user.name].worker * annoy
238** Expect 200 **
239
240List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
241--------------------------------------------------------------------------------
242User Expires
243--------------------------------------------------------------------------------
244
245
246as testid@aaf.att.com
247# TC_User1.41.10.POS admin should view
248user list perm com.test.TC_User1.@[user.name].supplies * move
249** Expect 200 **
250
251List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
252--------------------------------------------------------------------------------
253User Expires
254--------------------------------------------------------------------------------
255m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
256
257
258user list perm com.test.TC_User1.@[user.name].supplies * stock
259** Expect 200 **
260
261List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
262--------------------------------------------------------------------------------
263User Expires
264--------------------------------------------------------------------------------
265m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
266
267
268user list perm com.test.TC_User1.@[user.name].schedule worker create
269** Expect 200 **
270
271List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
272--------------------------------------------------------------------------------
273User Expires
274--------------------------------------------------------------------------------
275@[THE_USER]@csp.att.com XXXX-XX-XX
276
277
278user list perm com.test.TC_User1.@[user.name].worker * annoy
279** Expect 200 **
280
281List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
282--------------------------------------------------------------------------------
283User Expires
284--------------------------------------------------------------------------------
285@[THE_USER]@csp.att.com XXXX-XX-XX
286
287
288as testunused@aaf.att.com
289# TC_User1.42.1.NEG Unrelated user can't view delegates
290user list delegates user m99990@@[user.name].TC_User1.test.com
291** Expect 403 **
292Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com]
293
294user list delegates delegate m99995@@[user.name].TC_User1.test.com
295** Expect 403 **
296Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com]
297
298as XX@NS
299# TC_User1.42.10.POS Admin of domain NS can view
300user list delegates user @[user.name]
301** Expect 200 **
302
303List Delegates by user[@[THE_USER]@csp.att.com]
304--------------------------------------------------------------------------------
305 User Delegate Expires
306--------------------------------------------------------------------------------
307 @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
308
309user list delegates delegate @[user.name]
310** Expect 200 **
311
312List Delegates by delegate[@[THE_USER]@csp.att.com]
313--------------------------------------------------------------------------------
314 User Delegate Expires
315--------------------------------------------------------------------------------
316 @[THE_USER]@csp.att.com @[THE_USER]@csp.att.com XXXX-XX-XX
317
318as testid@aaf.att.com
319# TC_User1.43.1.POS Add another user to worker role
320user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
321** Expect 201 **
322Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com]
323
324as m99990@@[THE_USER].TC_User1.test.com
325# TC_User1.43.2.POS User should only see himself here
326user list role com.test.TC_User1.@[user.name].worker
327** Expect 200 **
328
329List Users for Role[com.test.TC_User1.@[THE_USER].worker]
330--------------------------------------------------------------------------------
331User Expires
332--------------------------------------------------------------------------------
333m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
334m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
335
336
337user list perm com.test.TC_User1.@[user.name].supplies * move
338** Expect 200 **
339
340List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
341--------------------------------------------------------------------------------
342User Expires
343--------------------------------------------------------------------------------
344m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
345m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
346
347
348user list perm com.test.TC_User1.@[user.name].supplies * stock
349** Expect 200 **
350
351List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
352--------------------------------------------------------------------------------
353User Expires
354--------------------------------------------------------------------------------
355m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
356m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
357
358
359as XX@NS
360# TC_User1.43.10.POS Grant explicit user perm to user
361perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
362** Expect 201 **
363Created Permission
364Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker]
365
366as m99990@@[THE_USER].TC_User1.test.com
367# TC_User1.43.11.POS User should see all users of test domain now
368user list role com.test.TC_User1.@[user.name].worker
369** Expect 200 **
370
371List Users for Role[com.test.TC_User1.@[THE_USER].worker]
372--------------------------------------------------------------------------------
373User Expires
374--------------------------------------------------------------------------------
375m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
376m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
377
378
379user list perm com.test.TC_User1.@[user.name].supplies * move
380** Expect 200 **
381
382List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
383--------------------------------------------------------------------------------
384User Expires
385--------------------------------------------------------------------------------
386m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
387m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
388
389
390user list perm com.test.TC_User1.@[user.name].supplies * stock
391** Expect 200 **
392
393List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
394--------------------------------------------------------------------------------
395User Expires
396--------------------------------------------------------------------------------
397m99990@@[THE_USER].TC_User1.test.com XXXX-XX-XX
398m99995@@[THE_USER].TC_User1.test.com XXXX-XX-XX
399
400
401as testid@aaf.att.com
402# TC_User1.99.0.POS Remove user roles
403user role del @[user.name] com.test.TC_User1.@[user.name].manager
404** Expect 200,404 **
405Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com]
406
407user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
408** Expect 200,404 **
409Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com]
410
411user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
412** Expect 200,404 **
413Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com]
414
415# TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
416force perm delete com.test.TC_User1.@[user.name].supplies * move
417** Expect 200,404 **
418Deleted Permission
419
420force perm delete com.test.TC_User1.@[user.name].supplies * stock
421** Expect 200,404 **
422Deleted Permission
423
424force perm delete com.test.TC_User1.@[user.name].schedule worker create
425** Expect 200,404 **
426Deleted Permission
427
428force perm delete com.test.TC_User1.@[user.name].worker * annoy
429** Expect 200,404 **
430Deleted Permission
431
432force role delete com.test.TC_User1.@[user.name].manager
433** Expect 200,404 **
434Deleted Role
435
436force role delete com.test.TC_User1.@[user.name].worker
437** Expect 200,404 **
438Deleted Role
439
440# TC_User1.99.10.POS Creds and delegate
441user delegate del @[user.name]
442** Expect 200,404 **
443Delegate Deleted
444
445user cred del m99990@@[user.name].TC_User1.test.com
446** Expect 200,404 **
447Deleted Credential [m99990@@[THE_USER].TC_User1.test.com]
448
449user cred del m99995@@[user.name].TC_User1.test.com
450** Expect 200,404 **
451Deleted Credential [m99995@@[THE_USER].TC_User1.test.com]
452
453as XX@NS
454# TC_User1.99.15.POS Remove ability to create creds
455perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
456** Expect 200,404 **
457UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
458
459perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
460** Expect 200,404 **
461UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
462
463perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
464** Expect 200,404 **
465Deleted Permission
466
467as testid@aaf.att.com
468force role delete com.test.TC_User1.@[user.name].cred_admin
469** Expect 200,404 **
470Deleted Role
471
472# TC_User1.99.90.POS Namespace Admin can delete Namespace
473force ns delete com.test.TC_User1.@[user.name]
474** Expect 200,404 **
475Deleted Namespace
476
477sleep 0
478# TC_User1.99.99.POS Check Clean Namespace
479ns list name com.test.TC_User1.@[user.name]
480** Expect 200,404 **
481
482List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
483--------------------------------------------------------------------------------
484 *** Namespace Not Found ***
485