+++ /dev/null
-set testid@aaf.att.com <pass>
-set testunused@aaf.att.com <pass>
-set bogus boguspass
-set XX@NS <pass>
-#delay 10
-set NFR 0
-as testid@aaf.att.com
-# TC_Cred1.10.0.POS List NS to prove ok
-ns list name com.test.TC_Cred1.@[user.name]
-** Expect 200 **
-
-List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
---------------------------------------------------------------------------------
- *** Namespace Not Found ***
-
-# TC_Cred1.10.1.POS Create Personalized Namespace to add Credentials
-ns create com.test.TC_Cred1.@[user.name] @[user.name] testid@aaf.att.com
-** Expect 201 **
-Created Namespace
-
-# TC_Cred1.10.10.POS Create role to assign mechid perm to
-role create com.test.TC_Cred1.@[user.name].cred_admin testid@aaf.att.com
-** Expect 201 **
-Created Role
-Added User [testid@aaf.att.com] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
-
-role create com.test.TC_Cred1.@[user.name].pw_reset
-** Expect 201 **
-Created Role
-
-# TC_Cred1.10.11.POS Assign roles to perms
-as XX@NS
-perm create com.att.aaf.password com.test reset com.test.TC_Cred1.@[user.name].pw_reset
-** Expect 201 **
-Created Permission
-Granted Permission [com.att.aaf.password|com.test|reset] to Role [com.test.TC_Cred1.@[THE_USER].pw_reset]
-
-perm create com.att.aaf.mechid com.test create com.test.TC_Cred1.@[user.name].cred_admin
-** Expect 201 **
-Created Permission
-Granted Permission [com.att.aaf.mechid|com.test|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
-
-perm grant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
-** Expect 201 **
-Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
-
-as testid@aaf.att.com
-# TC_Cred1.10.30.POS Assign user for creating creds
-user cred add m99999@@[user.name].TC_Cred1.test.com password123
-** Expect 201 **
-Added Credential [m99999@@[THE_USER].TC_Cred1.test.com]
-
-set m99999@@[THE_USER].TC_Cred1.test.com password123
-# TC_Cred1.10.31.POS Credential used to similate non-admin Tier1 user with reset and create permissions
-user role add m99999@@[user.name].TC_Cred1.test.com com.test.TC_Cred1.@[user.name].pw_reset,com.test.TC_Cred1.@[user.name].cred_admin
-** Expect 201 **
-Added Role [com.test.TC_Cred1.@[THE_USER].pw_reset] to User [m99999@@[THE_USER].TC_Cred1.test.com]
-Added Role [com.test.TC_Cred1.@[THE_USER].cred_admin] to User [m99999@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.10.32.POS Remove create rights for testing
-user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
-** Expect 200 **
-Removed Role [com.test.TC_Cred1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
-
-# TC_Cred1.15.1.NEG Non-Admin, no permission user cannot create mechID
-as testunused@aaf.att.com
-user cred add m99990@@[user.name].TC_Cred1.test.com password123
-** Expect 403 **
-Failed [SVC1403]: Forbidden - testunused@aaf.att.com does not have permission to create MechIDs at AT&T
-
-# TC_Cred1.15.3.POS Non-Admin, with create permission user can create mechID
-as m99999@@[THE_USER].TC_Cred1.test.com
-user cred add m99990@@[user.name].TC_Cred1.test.com password123
-** Expect 201 **
-Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.15.10.NEG Non-Admin, no reset permission cannot reset mechID
-as testunused@aaf.att.com
-user cred reset m99990@@[user.name].TC_Cred1.test.com password123
-** Expect 403 **
-Failed [SVC1403]: Forbidden - testunused@aaf.att.com is not allowed to change m99990@@[THE_USER].TC_Cred1.test.com in com.test.TC_Cred1.@[THE_USER]
-
-# TC_Cred1.15.11.POS Non-Admin, with reset permission can reset mechID
-as m99999@@[THE_USER].TC_Cred1.test.com
-user cred reset m99990@@[user.name].TC_Cred1.test.com password123
-** Expect 200 **
-Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.15.12.POS Admin, without reset permission can reset Password
-as testid@aaf.att.com
-user cred reset m99990@@[user.name].TC_Cred1.test.com password123
-** Expect 200 **
-Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.15.15.POS Admin, without reset permission can reset mechID
-user cred reset m99990@@[user.name].TC_Cred1.test.com password123 1
-** Expect 200 **
-Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.15.20.POS Admin, delete
-user cred del m99990@@[user.name].TC_Cred1.test.com password123 1
-** Expect 200 **
-Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.30.1.NEG Multiple options available to delete
-as XX@NS
-user cred add m99990@@[user.name].TC_Cred1.test.com pass23Word
-** Expect 201 **
-Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-as testid@aaf.att.com
-user cred add m99990@@[user.name].TC_Cred1.test.com pass23worD
-** Expect 201 **
-Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.30.2.POS Succeeds when we choose last option
-user cred del m99990@@[user.name].TC_Cred1.test.com 2
-** Expect 200 **
-Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.30.10.POS Add another credential
-user cred add m99990@@[user.name].TC_Cred1.test.com password123
-** Expect 201 **
-Added Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.30.11.NEG Multiple options available to reset
-user cred reset m99990@@[user.name].TC_Cred1.test.com password123
-** Expect 300 **
-Failed [SVC1300]: Choice - Select which cred to update:
- Id Type Expires
- 1) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
- 2) m99990@@[THE_USER].TC_Cred1.test.com 2 [Placeholder]
-Run same command again with chosen entry as last parameter
-
-# TC_Cred1.30.12.NEG Fails when we choose a bad option
-user cred reset m99990@@[user.name].TC_Cred1.test.com password123 0
-** Expect 406 **
-Failed [SVC1406]: Not Acceptable - User chose invalid credential selection
-
-# TC_Cred1.30.13.POS Succeeds when we choose last option
-user cred reset m99990@@[user.name].TC_Cred1.test.com password123 2
-** Expect 200 **
-Reset Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-#TC_Cred1.30.30.NEG Fails when we don't have specific property
-user cred extend m99990@@[user.name].TC_Cred1.test.com
-** Expect 403 **
-Failed [SVC3403]: Forbidden - testid@aaf.att.com does not have permission to extend passwords at AT&T
-
-#### EXTENDS behavior ####
-#TC_Cred1.30.32.POS Setup Temp Role for Extend Permission
-as XX@NS
-role create com.test.TC_Cred1.@[user.name].extendTemp
-** Expect 201 **
-Created Role
-
-#TC_Cred1.30.33.POS Grant Extends Permission to Role
-perm grant com.att.aaf.password com.att extend com.test.TC_Cred1.@[user.name].extendTemp
-** Expect 201 **
-Granted Permission [com.att.aaf.password|com.att|extend] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
-
-#TC_Cred1.30.35.POS Add current User to Temp Role for Extend Permission
-role user add com.test.TC_Cred1.@[user.name].extendTemp XX@NS
-** Expect 201 **
-Added User [XX@NS] to Role [com.test.TC_Cred1.@[THE_USER].extendTemp]
-
-#TC_Cred1.30.36.POS Extend Password, expecting Single Response
-user cred extend m99990@@[user.name].TC_Cred1.test.com 1
-** Expect 200 **
-Extended Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-#TC_Cred1.30.39.POS Remove Role
-set force true
-role delete com.test.TC_Cred1.@[user.name].extendTemp
-** Expect 200 **
-Deleted Role
-
-#### MULTI CLEANUP #####
-role list user m99990@@[user.name].TC_Cred1.test.com
-** Expect 200 **
-
-List Roles for User [m99990@@[THE_USER].TC_Cred1.test.com]
---------------------------------------------------------------------------------
-ROLE Name
- PERM Type Instance Action
---------------------------------------------------------------------------------
-
-# TC_Cred1.30.80.POS Delete all entries for this cred
-set force true
-user cred del m99990@@[user.name].TC_Cred1.test.com
-** Expect 200 **
-Deleted Credential [m99990@@[THE_USER].TC_Cred1.test.com]
-
-# TC_Cred1.30.99.POS List ns shows no creds attached
-ns list name com.test.TC_Cred1.@[user.name]
-** Expect 200 **
-
-List Namespaces by Name[com.test.TC_Cred1.@[THE_USER]]
---------------------------------------------------------------------------------
-com.test.TC_Cred1.@[THE_USER]
- Administrators
- testid@aaf.att.com
- Responsible Parties
- @[THE_USER]@csp.att.com
- Roles
- com.test.TC_Cred1.@[THE_USER].admin
- com.test.TC_Cred1.@[THE_USER].cred_admin
- com.test.TC_Cred1.@[THE_USER].owner
- com.test.TC_Cred1.@[THE_USER].pw_reset
- Permissions
- com.test.TC_Cred1.@[THE_USER].access * *
- com.test.TC_Cred1.@[THE_USER].access * read
- Credentials
- m99999@@[THE_USER].TC_Cred1.test.com
-
-as testid@aaf.att.com
-# TC_Cred1.99.1.POS Delete credentials
-force user cred del m99990@@[user.name].TC_Cred1.test.com
-** Expect 200,404 **
-Failed [SVC5404]: Not Found - Credential does not exist
-
-#TC_Cred1.99.2.POS Ensure Remove Role
-set force true
-role delete com.test.TC_Cred1.@[user.name].extendTemp
-** Expect 200,404 **
-Failed [SVC3404]: Not Found - Role [com.test.TC_Cred1.@[THE_USER].extendTemp] does not exist
-
-# TC_Cred1.99.10.POS Remove ability to create creds
-force user role del testid@aaf.att.com com.test.TC_Cred1.@[user.name].cred_admin
-** Expect 200,404 **
-Failed [SVC6404]: Not Found - User [ testid@aaf.att.com ] is not Assigned to the Role [ com.test.TC_Cred1.@[THE_USER].cred_admin ]
-
-as XX@NS
-perm ungrant com.att.aaf.mechid com.att create com.test.TC_Cred1.@[user.name].cred_admin
-** Expect 200,404 **
-UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_Cred1.@[THE_USER].cred_admin]
-
-force perm delete com.att.aaf.password com.test reset
-** Expect 200,404 **
-Deleted Permission
-
-force perm delete com.att.aaf.mechid com.test create
-** Expect 200,404 **
-Deleted Permission
-
-as testid@aaf.att.com
-force role delete com.test.TC_Cred1.@[user.name].cred_admin
-** Expect 200,404 **
-Deleted Role
-
-force role delete com.test.TC_Cred1.@[user.name].pw_reset
-** Expect 200,404 **
-Deleted Role
-
-# TC_Cred1.99.99.POS Delete Namespace for TestSuite
-set force true
-set force=true ns delete com.test.TC_Cred1.@[user.name]
-** Expect 200,404 **
-Deleted Namespace
-
-as XX@NS
-force ns delete com.test.TC_Cred1.@[user.name]
-** Expect 200,404 **
-Failed [SVC2404]: Not Found - com.test.TC_Cred1.@[THE_USER] does not exist
-
-force ns delete com.test.TC_Cred1
-** Expect 200,404 **
-Failed [SVC2404]: Not Found - com.test.TC_Cred1 does not exist
-
Code Review / aaf / authz.git / blobdiff