sg481n | bd890c5 | 2017-08-28 12:11:35 -0400 | [diff] [blame] | 1 | set testid@aaf.att.com <pass> |
| 2 | set testunused@aaf.att.com <pass> |
| 3 | set bogus boguspass |
| 4 | set XX@NS <pass> |
| 5 | #delay 10 |
| 6 | set NFR 0 |
| 7 | as testid@aaf.att.com |
| 8 | # TC_Cred1.10.0.POS List NS to prove ok |
| 9 | ns list name com.test.TC_Cred1.@[user.name] |
| 10 | ** Expect 200 ** |
| 11 | |
| 12 | List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] |
| 13 | -------------------------------------------------------------------------------- |
| 14 | *** Namespace Not Found *** |
| 15 | |
| 16 | # TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials |
| 17 | ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com |
| 18 | ** Expect 201 ** |
| 19 | Created Namespace |
| 20 | |
| 21 | # TC_Cred1.10.10.POS Create role to assign mechid perm to |
| 22 | role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com |
| 23 | ** Expect 201 ** |
| 24 | Created Role |
| 25 | Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| 26 | |
| 27 | role create com.test.TC_Cred1.@[user.name].pw_reset |
| 28 | ** Expect 201 ** |
| 29 | Created Role |
| 30 | |
| 31 | # TC_Cred1.10.11.POS Assign roles to perms |
| 32 | as XX@NS |
| 33 | perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset |
| 34 | ** Expect 201 ** |
| 35 | Created Permission |
| 36 | Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset] |
| 37 | |
| 38 | perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin |
| 39 | ** Expect 201 ** |
| 40 | Created Permission |
| 41 | Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| 42 | |
| 43 | perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin |
| 44 | ** Expect 201 ** |
| 45 | Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| 46 | |
| 47 | as testid@aaf.att.com |
| 48 | # TC_Cred1.10.30.POS Assign user for creating creds |
| 49 | user cred add m99999@@[user.name].TC_Cred1.test.com password123 |
| 50 | ** Expect 201 ** |
| 51 | Added Credential [m99999@@[THE_USER].TC_Cred1.test.com] |
| 52 | |
| 53 | set m99999@@[THE_USER].TC_Cred1.test.com password123 |
| 54 | # TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions |
| 55 | user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin |
| 56 | ** Expect 201 ** |
| 57 | Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com] |
| 58 | Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com] |
| 59 | |
| 60 | # TC_Cred1.10.32.POS Remove create rights for testing |
| 61 | user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin |
| 62 | ** Expect 200 ** |
| 63 | Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com] |
| 64 | |
| 65 | # TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID |
| 66 | as testunused@aaf.att.com |
| 67 | user cred add m99990@@[user.name].TC_Cred1.test.com password123 |
| 68 | ** Expect 403 ** |
| 69 | Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T |
| 70 | |
| 71 | # TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID |
| 72 | as m99999@@[THE_USER].TC_Cred1.test.com |
| 73 | user cred add m99990@@[user.name].TC_Cred1.test.com password123 |
| 74 | ** Expect 201 ** |
| 75 | Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 76 | |
| 77 | # TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID |
| 78 | as testunused@aaf.att.com |
| 79 | user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| 80 | ** Expect 403 ** |
| 81 | Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER] |
| 82 | |
| 83 | # TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID |
| 84 | as m99999@@[THE_USER].TC_Cred1.test.com |
| 85 | user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| 86 | ** Expect 200 ** |
| 87 | Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 88 | |
| 89 | # TC_Cred1.15.12.POS Admin, without reset permission can reset Password |
| 90 | as testid@aaf.att.com |
| 91 | user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| 92 | ** Expect 200 ** |
| 93 | Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 94 | |
| 95 | # TC_Cred1.15.15.POS Admin, without reset permission can reset mechID |
| 96 | user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1 |
| 97 | ** Expect 200 ** |
| 98 | Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 99 | |
| 100 | # TC_Cred1.15.20.POS Admin, delete |
| 101 | user cred del m99990@@[user.name].TC_Cred1.test.com password123 1 |
| 102 | ** Expect 200 ** |
| 103 | Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 104 | |
| 105 | # TC_Cred1.30.1.NEG Multiple options available to delete |
| 106 | as XX@NS |
| 107 | user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word |
| 108 | ** Expect 201 ** |
| 109 | Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 110 | |
| 111 | as testid@aaf.att.com |
| 112 | user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD |
| 113 | ** Expect 201 ** |
| 114 | Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 115 | |
| 116 | # TC_Cred1.30.2.POS Succeeds when we choose last option |
| 117 | user cred del m99990@@[user.name].TC_Cred1.test.com 2 |
| 118 | ** Expect 200 ** |
| 119 | Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 120 | |
| 121 | # TC_Cred1.30.10.POS Add another credential |
| 122 | user cred add m99990@@[user.name].TC_Cred1.test.com password123 |
| 123 | ** Expect 201 ** |
| 124 | Added Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 125 | |
| 126 | # TC_Cred1.30.11.NEG Multiple options available to reset |
| 127 | user cred reset m99990@@[user.name].TC_Cred1.test.com password123 |
| 128 | ** Expect 300 ** |
| 129 | Failed [SVC1300]: Choice - Select which cred to update: |
| 130 | Id Type Expires |
| 131 | 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] |
| 132 | 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder] |
| 133 | Run same command again with chosen entry as last parameter |
| 134 | |
| 135 | # TC_Cred1.30.12.NEG Fails when we choose a bad option |
| 136 | user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0 |
| 137 | ** Expect 406 ** |
| 138 | Failed [SVC1406]: Not Acceptable - User chose invalid credential selection |
| 139 | |
| 140 | # TC_Cred1.30.13.POS Succeeds when we choose last option |
| 141 | user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2 |
| 142 | ** Expect 200 ** |
| 143 | Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 144 | |
| 145 | #TC_Cred1.30.30.NEG Fails when we don't have specific property |
| 146 | user cred extend m99990@@[user.name].TC_Cred1.test.com |
| 147 | ** Expect 403 ** |
| 148 | Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T |
| 149 | |
| 150 | #### EXTENDS behavior #### |
| 151 | #TC_Cred1.30.32.POS Setup Temp Role for Extend Permission |
| 152 | as XX@NS |
| 153 | role create com.test.TC_Cred1.@[user.name].extendTemp |
| 154 | ** Expect 201 ** |
| 155 | Created Role |
| 156 | |
| 157 | #TC_Cred1.30.33.POS Grant Extends Permission to Role |
| 158 | perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp |
| 159 | ** Expect 201 ** |
| 160 | Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] |
| 161 | |
| 162 | #TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission |
| 163 | role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS |
| 164 | ** Expect 201 ** |
| 165 | Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp] |
| 166 | |
| 167 | #TC_Cred1.30.36.POS Extend Password, expecting Single Response |
| 168 | user cred extend m99990@@[user.name].TC_Cred1.test.com 1 |
| 169 | ** Expect 200 ** |
| 170 | Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 171 | |
| 172 | #TC_Cred1.30.39.POS Remove Role |
| 173 | set force true |
| 174 | role delete com.test.TC_Cred1.@[user.name].extendTemp |
| 175 | ** Expect 200 ** |
| 176 | Deleted Role |
| 177 | |
| 178 | #### MULTI CLEANUP ##### |
| 179 | role list user m99990@@[user.name].TC_Cred1.test.com |
| 180 | ** Expect 200 ** |
| 181 | |
| 182 | List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com] |
| 183 | -------------------------------------------------------------------------------- |
| 184 | ROLE Name |
| 185 | PERM Type Instance Action |
| 186 | -------------------------------------------------------------------------------- |
| 187 | |
| 188 | # TC_Cred1.30.80.POS Delete all entries for this cred |
| 189 | set force true |
| 190 | user cred del m99990@@[user.name].TC_Cred1.test.com |
| 191 | ** Expect 200 ** |
| 192 | Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com] |
| 193 | |
| 194 | # TC_Cred1.30.99.POS List ns shows no creds attached |
| 195 | ns list name com.test.TC_Cred1.@[user.name] |
| 196 | ** Expect 200 ** |
| 197 | |
| 198 | List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]] |
| 199 | -------------------------------------------------------------------------------- |
| 200 | com.test.TC_Cred1.@[THE_USER] |
| 201 | Administrators |
| 202 | testid@aaf.att.com |
| 203 | Responsible Parties |
| 204 | @[THE_USER]@csp.att.com |
| 205 | Roles |
| 206 | com.test.TC_Cred1.@[THE_USER].admin |
| 207 | com.test.TC_Cred1.@[THE_USER].cred_admin |
| 208 | com.test.TC_Cred1.@[THE_USER].owner |
| 209 | com.test.TC_Cred1.@[THE_USER].pw_reset |
| 210 | Permissions |
| 211 | com.test.TC_Cred1.@[THE_USER].access * * |
| 212 | com.test.TC_Cred1.@[THE_USER].access * read |
| 213 | Credentials |
| 214 | m99999@@[THE_USER].TC_Cred1.test.com |
| 215 | |
| 216 | as testid@aaf.att.com |
| 217 | # TC_Cred1.99.1.POS Delete credentials |
| 218 | force user cred del m99990@@[user.name].TC_Cred1.test.com |
| 219 | ** Expect 200,404 ** |
| 220 | Failed [SVC5404]: Not Found - Credential does not exist |
| 221 | |
| 222 | #TC_Cred1.99.2.POS Ensure Remove Role |
| 223 | set force true |
| 224 | role delete com.test.TC_Cred1.@[user.name].extendTemp |
| 225 | ** Expect 200,404 ** |
| 226 | Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist |
| 227 | |
| 228 | # TC_Cred1.99.10.POS Remove ability to create creds |
| 229 | force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin |
| 230 | ** Expect 200,404 ** |
| 231 | Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ] |
| 232 | |
| 233 | as XX@NS |
| 234 | perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin |
| 235 | ** Expect 200,404 ** |
| 236 | UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin] |
| 237 | |
| 238 | force perm delete com.att.aaf.password com.test reset |
| 239 | ** Expect 200,404 ** |
| 240 | Deleted Permission |
| 241 | |
| 242 | force perm delete com.att.aaf.mechid com.test create |
| 243 | ** Expect 200,404 ** |
| 244 | Deleted Permission |
| 245 | |
| 246 | as testid@aaf.att.com |
| 247 | force role delete com.test.TC_Cred1.@[user.name].cred_admin |
| 248 | ** Expect 200,404 ** |
| 249 | Deleted Role |
| 250 | |
| 251 | force role delete com.test.TC_Cred1.@[user.name].pw_reset |
| 252 | ** Expect 200,404 ** |
| 253 | Deleted Role |
| 254 | |
| 255 | # TC_Cred1.99.99.POS Delete Namespace for TestSuite |
| 256 | set force true |
| 257 | set force=true ns delete com.test.TC_Cred1.@[user.name] |
| 258 | ** Expect 200,404 ** |
| 259 | Deleted Namespace |
| 260 | |
| 261 | as XX@NS |
| 262 | force ns delete com.test.TC_Cred1.@[user.name] |
| 263 | ** Expect 200,404 ** |
| 264 | Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist |
| 265 | |
| 266 | force ns delete com.test.TC_Cred1 |
| 267 | ** Expect 200,404 ** |
| 268 | Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist |
| 269 | |