blob: 8d310d91b845e6217493dd0320d62fa8b7d727cd [file] [log] [blame]
sg481nbd890c52017-08-28 12:11:35 -04001set testid@aaf.att.com <pass>
2set testunused@aaf.att.com <pass>
3set bogus boguspass
4set XX@NS <pass>
5#delay 10
6set NFR 0
7as testid@aaf.att.com
8# TC_Cred1.10.0.POS List NS to prove ok
9ns list name com.test.TC_Cred1.@[user.name]
10** Expect 200 **
11
12List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
13--------------------------------------------------------------------------------
14 *** Namespace Not Found ***
15
16# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
17ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
18** Expect 201 **
19Created Namespace
20
21# TC_Cred1.10.10.POS Create role to assign mechid perm to
22role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
23** Expect 201 **
24Created Role
25Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
26
27role create com.test.TC_Cred1.@[user.name].pw_reset
28** Expect 201 **
29Created Role
30
31# TC_Cred1.10.11.POS Assign roles to perms
32as XX@NS
33perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
34** Expect 201 **
35Created Permission
36Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset]
37
38perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin
39** Expect 201 **
40Created Permission
41Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
42
43perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
44** Expect 201 **
45Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
46
47as testid@aaf.att.com
48# TC_Cred1.10.30.POS Assign user for creating creds
49user cred add m99999@@[user.name].TC_Cred1.test.com password123
50** Expect 201 **
51Added Credential [m99999@@[THE_USER].TC_Cred1.test.com]
52
53set m99999@@[THE_USER].TC_Cred1.test.com password123
54# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
55user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
56** Expect 201 **
57Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com]
58Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com]
59
60# TC_Cred1.10.32.POS Remove create rights for testing
61user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
62** Expect 200 **
63Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
64
65# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
66as testunused@aaf.att.com
67user cred add m99990@@[user.name].TC_Cred1.test.com password123
68** Expect 403 **
69Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T
70
71# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
72as m99999@@[THE_USER].TC_Cred1.test.com
73user cred add m99990@@[user.name].TC_Cred1.test.com password123
74** Expect 201 **
75Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
76
77# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
78as testunused@aaf.att.com
79user cred reset m99990@@[user.name].TC_Cred1.test.com password123
80** Expect 403 **
81Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER]
82
83# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
84as m99999@@[THE_USER].TC_Cred1.test.com
85user cred reset m99990@@[user.name].TC_Cred1.test.com password123
86** Expect 200 **
87Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
88
89# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
90as testid@aaf.att.com
91user cred reset m99990@@[user.name].TC_Cred1.test.com password123
92** Expect 200 **
93Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
94
95# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
96user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
97** Expect 200 **
98Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
99
100# TC_Cred1.15.20.POS Admin, delete
101user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
102** Expect 200 **
103Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
104
105# TC_Cred1.30.1.NEG Multiple options available to delete
106as XX@NS
107user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
108** Expect 201 **
109Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
110
111as testid@aaf.att.com
112user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
113** Expect 201 **
114Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
115
116# TC_Cred1.30.2.POS Succeeds when we choose last option
117user cred del m99990@@[user.name].TC_Cred1.test.com 2
118** Expect 200 **
119Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
120
121# TC_Cred1.30.10.POS Add another credential
122user cred add m99990@@[user.name].TC_Cred1.test.com password123
123** Expect 201 **
124Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
125
126# TC_Cred1.30.11.NEG Multiple options available to reset
127user cred reset m99990@@[user.name].TC_Cred1.test.com password123
128** Expect 300 **
129Failed [SVC1300]: Choice - Select which cred to update:
130 Id Type Expires
131 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
132 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
133Run same command again with chosen entry as last parameter
134
135# TC_Cred1.30.12.NEG Fails when we choose a bad option
136user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0
137** Expect 406 **
138Failed [SVC1406]: Not Acceptable - User chose invalid credential selection
139
140# TC_Cred1.30.13.POS Succeeds when we choose last option
141user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
142** Expect 200 **
143Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
144
145#TC_Cred1.30.30.NEG Fails when we don't have specific property
146user cred extend m99990@@[user.name].TC_Cred1.test.com
147** Expect 403 **
148Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T
149
150#### EXTENDS behavior ####
151#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
152as XX@NS
153role create com.test.TC_Cred1.@[user.name].extendTemp
154** Expect 201 **
155Created Role
156
157#TC_Cred1.30.33.POS Grant Extends Permission to Role
158perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp
159** Expect 201 **
160Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
161
162#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
163role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
164** Expect 201 **
165Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
166
167#TC_Cred1.30.36.POS Extend Password, expecting Single Response
168user cred extend m99990@@[user.name].TC_Cred1.test.com 1
169** Expect 200 **
170Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com]
171
172#TC_Cred1.30.39.POS Remove Role
173set force true
174role delete com.test.TC_Cred1.@[user.name].extendTemp
175** Expect 200 **
176Deleted Role
177
178#### MULTI CLEANUP #####
179role list user m99990@@[user.name].TC_Cred1.test.com
180** Expect 200 **
181
182List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com]
183--------------------------------------------------------------------------------
184ROLE Name
185 PERM Type Instance Action
186--------------------------------------------------------------------------------
187
188# TC_Cred1.30.80.POS Delete all entries for this cred
189set force true
190user cred del m99990@@[user.name].TC_Cred1.test.com
191** Expect 200 **
192Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
193
194# TC_Cred1.30.99.POS List ns shows no creds attached
195ns list name com.test.TC_Cred1.@[user.name]
196** Expect 200 **
197
198List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
199--------------------------------------------------------------------------------
200com.test.TC_Cred1.@[THE_USER]
201 Administrators
202 testid@aaf.att.com
203 Responsible Parties
204 @[THE_USER]@csp.att.com
205 Roles
206 com.test.TC_Cred1.@[THE_USER].admin
207 com.test.TC_Cred1.@[THE_USER].cred_admin
208 com.test.TC_Cred1.@[THE_USER].owner
209 com.test.TC_Cred1.@[THE_USER].pw_reset
210 Permissions
211 com.test.TC_Cred1.@[THE_USER].access * *
212 com.test.TC_Cred1.@[THE_USER].access * read
213 Credentials
214 m99999@@[THE_USER].TC_Cred1.test.com
215
216as testid@aaf.att.com
217# TC_Cred1.99.1.POS Delete credentials
218force user cred del m99990@@[user.name].TC_Cred1.test.com
219** Expect 200,404 **
220Failed [SVC5404]: Not Found - Credential does not exist
221
222#TC_Cred1.99.2.POS Ensure Remove Role
223set force true
224role delete com.test.TC_Cred1.@[user.name].extendTemp
225** Expect 200,404 **
226Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist
227
228# TC_Cred1.99.10.POS Remove ability to create creds
229force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
230** Expect 200,404 **
231Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ]
232
233as XX@NS
234perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
235** Expect 200,404 **
236UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
237
238force perm delete com.att.aaf.password com.test reset
239** Expect 200,404 **
240Deleted Permission
241
242force perm delete com.att.aaf.mechid com.test create
243** Expect 200,404 **
244Deleted Permission
245
246as testid@aaf.att.com
247force role delete com.test.TC_Cred1.@[user.name].cred_admin
248** Expect 200,404 **
249Deleted Role
250
251force role delete com.test.TC_Cred1.@[user.name].pw_reset
252** Expect 200,404 **
253Deleted Role
254
255# TC_Cred1.99.99.POS Delete Namespace for TestSuite
256set force true
257set force=true ns delete com.test.TC_Cred1.@[user.name]
258** Expect 200,404 **
259Deleted Namespace
260
261as XX@NS
262force ns delete com.test.TC_Cred1.@[user.name]
263** Expect 200,404 **
264Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist
265
266force ns delete com.test.TC_Cred1
267** Expect 200,404 **
268Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist
269