--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set bogus@aaf.att.com boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_NS1.01.0.POS Expect Clean Namespace to start
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS1.01.1.NEG Create Namespace with mechID as Responsible Party
+ns create com.test.TC_NS1.@[user.name] testunused@aaf.att.com testid@aaf.att.com,XX@NS
+** Expect 403 **
+Failed [SVC3403]: Forbidden - testunused@aaf.att.com does not have permission to assume test status at AT&T
+
+# TC_NS1.01.2.NEG Create Namespace with Bad ID for Admin
+ns create com.test.TC_NS1.@[user.name] @[user.name] bogus@aaf.att.com,XX@NS
+** Expect 403 **
+Failed [SVC2403]: Forbidden - bogus@aaf.att.com is not a valid AAF Credential
+
+as testid@aaf.att.com
+# TC_NS1.10.0.POS Check for Existing Data
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_NS1.10.1.POS Create Namespace with valid IDs and Responsible Parties
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_NS1.10.40.POS Expect Namespace to be created
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.10.41.POS Expect Namespace to be created
+perm list role com.test.TC_NS1.@[user.name].admin
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS1.@[THE_USER].admin]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].access * *
+
+
+# TC_NS1.10.42.POS Expect Namespace to be created
+perm list role com.test.TC_NS1.@[user.name].owner
+** Expect 200 **
+
+List Perms by Role [com.test.TC_NS1.@[THE_USER].owner]
+--------------------------------------------------------------------------------
+PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].access * read
+
+
+# TC_NS1.10.43.POS Expect Namespace to be created
+role list perm com.test.TC_NS1.@[user.name].access * *
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|*
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].access * *
+
+# TC_NS1.10.44.POS Expect Namespace to be created
+role list perm com.test.TC_NS1.@[user.name].access * read
+** Expect 200 **
+
+List Roles by Perm com.test.TC_NS1.@[THE_USER].access|*|read
+--------------------------------------------------------------------------------
+ROLE Name
+ PERM Type Instance Action
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER].owner
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.11.1.NEG Create Namespace when exists
+ns create com.test.TC_NS1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - Target Namespace already exists
+
+# TC_NS1.20.1.NEG Too Few Args for Create 1
+ns create
+** Expect -1 **
+Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)]
+
+# TC_NS1.20.2.NEG Too Few Args for Create 2
+ns create bogus
+** Expect -1 **
+Too few args: create <name> <responsible (id[,id]*)> [admin (id[,id]*)]
+
+# TC_NS1.30.10.NEG Non-admins can't change description
+as testunused@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+** Expect 403 **
+Failed [SVC1403]: Forbidden - You do not have approval to change com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.30.11.NEG Namespace must exist to change description
+as testid@aaf.att.com
+ns describe com.test.TC_NS1.@[user.name].project1 Description for my project
+** Expect 404 **
+Failed [SVC1404]: Not Found - Namespace [com.test.TC_NS1.@[THE_USER].project1] does not exist
+
+# TC_NS1.30.12.POS Admin can change description
+ns describe com.test.TC_NS1.@[user.name] Description for my Namespace
+** Expect 200 **
+Description added to Namespace
+
+# TC_NS1.50.1.NEG Adding a Bogus ID
+ns admin add com.test.TC_NS1.@[user.name] bogus
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID
+
+# TC_NS1.50.2.NEG Adding a Bogus ID, full Domain
+ns admin add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - AT&T reports that bogus@csp.att.com is a faulty ID
+
+# TC_NS1.50.3.NEG Adding an OK ID, bad domain
+ns admin add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+** Expect 403 **
+Failed [SVC2403]: Forbidden - xz9914@bogus.test.com is not a valid AAF Credential
+
+# TC_NS1.50.4.NEG Deleting an OK ID, but not an admin
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin]
+
+sleep 0
+# TC_NS1.50.10.POS Adding an OK ID
+ns admin add com.test.TC_NS1.@[user.name] XX@NS
+** Expect 201 **
+Admin XX@NS added to com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.11.POS Deleting One of Two
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 200 **
+Admin testid@aaf.att.com deleted from com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.12.NEG testid@aaf.att.com no longer Admin
+ns admin del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].admin]
+
+# TC_NS1.50.13.POS Add ID back in
+ns admin add com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 201 **
+Admin testid@aaf.att.com added to com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.14.POS Deleting original
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 200 **
+Admin XX@NS deleted from com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.50.15.NEG Can't remove twice
+ns admin del com.test.TC_NS1.@[user.name] XX@NS
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [XX@NS] [com.test.TC_NS1.@[THE_USER].admin]
+
+# TC_NS1.50.20.NEG User Role Add should obey same "addAdmin" restrictions
+role user add com.test.TC_NS1.@[user.name].admin m88888@i.have.no.domain
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential
+
+# TC_NS1.50.21.NEG Role User Add should obey same "addAdmin" restrictions
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].admin
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m88888@i.have.no.domain is not a valid AAF Credential
+
+# TC_NS1.60.1.NEG Adding a Bogus ID
+ns responsible add com.test.TC_NS1.@[user.name] bogus
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.2.NEG Adding a Bogus ID, full Domain
+ns responsible add com.test.TC_NS1.@[user.name] bogus@csp.att.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.3.NEG Adding an OK ID, bad domain
+ns responsible add com.test.TC_NS1.@[user.name] xz9914@bogus.test.com
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.4.NEG Deleting an OK ID, short, but not existent
+ns responsible del com.test.TC_NS1.@[user.name] testid
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+# TC_NS1.60.5.NEG Deleting an OK ID, long, but not existent
+ns responsible del com.test.TC_NS1.@[user.name] testid@aaf.att.com
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [testid@aaf.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+sleep 0
+# TC_NS1.60.10.POS Adding an OK ID
+# Note: mw9749 used because we must have employee as responsible
+ns responsible add com.test.TC_NS1.@[user.name] mw9749
+** Expect 201 **
+mw9749@csp.att.com is now responsible for com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.60.11.POS Deleting One of Two
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+** Expect 200 **
+mw9749@csp.att.com is no longer responsible for com.test.TC_NS1.@[THE_USER]
+
+# TC_NS1.60.12.NEG mw9749 no longer Admin
+ns responsible del com.test.TC_NS1.@[user.name] mw9749
+** Expect 404 **
+Failed [SVC6404]: Not Found - UserRole [mw9749@csp.att.com] [com.test.TC_NS1.@[THE_USER].owner]
+
+# TC_NS1.60.20.NEG User Role Add should obey same "addResponsible" restrictions
+role user add com.test.TC_NS1.@[user.name].owner m88888@i.have.no.domain
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+# TC_NS1.60.21.NEG Role User Add should obey same "addResponsible" restrictions
+user role add m88888@i.have.no.domain com.test.TC_NS1.@[user.name].owner
+** Expect 403 **
+Failed [SVC3403]: Forbidden - AT&T reports that this is not a valid credential
+
+sleep 0
+# TC_NS1.80.1.POS List Data on Empty NS
+as testid@aaf.att.com
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.80.2.POS Add Roles to NS for Listing
+role create com.test.TC_NS1.@[user.name].r.A
+** Expect 201 **
+Created Role
+
+role create com.test.TC_NS1.@[user.name].r.B
+** Expect 201 **
+Created Role
+
+# TC_NS1.80.3.POS List Data on non-Empty NS
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+com.test.TC_NS1.@[THE_USER]
+ Administrators
+ testid@aaf.att.com
+ Responsible Parties
+ @[THE_USER]@csp.att.com
+ Roles
+ com.test.TC_NS1.@[THE_USER].admin
+ com.test.TC_NS1.@[THE_USER].owner
+ com.test.TC_NS1.@[THE_USER].r.A
+ com.test.TC_NS1.@[THE_USER].r.B
+ Permissions
+ com.test.TC_NS1.@[THE_USER].access * *
+ com.test.TC_NS1.@[THE_USER].access * read
+
+# TC_NS1.90.1.NEG Non Namespace Admin Delete Namespace
+as testunused@aaf.att.com
+ns delete com.test.TC_NS1.@[user.name]
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write in NS [com.test.TC_NS1.@[THE_USER]]
+
+sleep 0
+as testid@aaf.att.com
+# TC_NS1.99.1.POS Namespace Admin can delete Namepace defined Roles
+role delete com.test.TC_NS1.@[user.name].r.A
+** Expect 200,404 **
+Deleted Role
+
+role delete com.test.TC_NS1.@[user.name].r.B
+** Expect 200,404 **
+Deleted Role
+
+# TC_NS1.99.2.POS Namespace Admin can delete Namespace
+ns delete com.test.TC_NS1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+sleep 0
+# TC_NS1.99.99.POS Check Clean Namespace
+ns list name com.test.TC_NS1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_NS1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
Code Review / aaf / authz.git / blobdiff