--- /dev/null
+set testid@aaf.att.com <pass>
+set testunused@aaf.att.com <pass>
+set XX@NS <pass>
+set bogus boguspass
+#delay 10
+set NFR 0
+as testid@aaf.att.com
+# TC_UR1.10.0.POS Validate no NS
+ns list name com.test.TC_UR1.@[user.name]
+** Expect 200 **
+
+List Namespaces by Name[com.test.TC_UR1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
+# TC_UR1.10.1.POS Create Namespace to add IDs
+ns create com.test.TC_UR1.@[user.name] @[user.name] testid@aaf.att.com
+** Expect 201 **
+Created Namespace
+
+# TC_Role1.10.10.POS Create role to assign mechid perm to
+role create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Created Role
+
+as XX@NS
+# TC_Role1.10.11.POS Assign role to mechid perm
+perm grant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_UR1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+# TC_Role1.10.12.POS Assign user for creating creds
+user role add testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].cred_admin] to User [testid@aaf.att.com]
+
+# TC_UR1.10.20.POS Create two Credentials
+user cred add m00001@@[user.name].TC_UR1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m00001@@[THE_USER].TC_UR1.test.com]
+
+user cred add m00002@@[user.name].TC_UR1.test.com "abc123sd"
+** Expect 201 **
+Added Credential [m00002@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.10.21.POS Create two Roles
+role create com.test.TC_UR1.@[user.name].r1
+** Expect 201 **
+Created Role
+
+role create com.test.TC_UR1.@[user.name].r2
+** Expect 201 **
+Created Role
+
+# TC_UR1.23.1.NEG Too Few Args for User Role 1
+user
+** Expect 0 **
+user role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+ cred <add|del|reset|extend> <id> [password (! D|E)] [entry# (if multi)]
+ delegate <add|upd|del> <from> [to REQ A&U] [until (YYYY-MM-DD) REQ A]
+ list role <role>
+ perm <type> <instance> <action>
+ cred <ns|id> <value>
+ delegates <user|delegate> <id>
+ approvals <user|approver|ticket> <value>
+ activity <user>
+
+# TC_UR1.23.2.NEG Too Few Args for user role
+user role
+** Expect -1 **
+Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+
+# TC_UR1.23.3.NEG Too Few Args for user role add
+user role add
+** Expect -1 **
+Too few args: role <add|del|setTo|extend> <user> [role[,role]* (!REQ S)]
+
+# TC_UR1.30.10.POS Create a UserRole
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.11.NEG Created UserRole Exists
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.13.POS Delete UserRole
+sleep 0
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 200 **
+Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.20.POS Create multiple UserRoles
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 201 **
+Added Role [com.test.TC_UR1.@[THE_USER].r1] to User [m00001@@[THE_USER].TC_UR1.test.com]
+Added Role [com.test.TC_UR1.@[THE_USER].r2] to User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.21.NEG Created UserRole Exists
+user role add m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.23.POS Delete UserRole
+sleep 0
+user role del m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 200 **
+Removed Role [com.test.TC_UR1.@[THE_USER].r1] from User [m00001@@[THE_USER].TC_UR1.test.com]
+Removed Role [com.test.TC_UR1.@[THE_USER].r2] from User [m00001@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.30.30.POS Create a Role User
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 201 **
+Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.31.NEG Created Role User Exists
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.33.POS Delete Role User
+sleep 0
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.40.POS Create multiple Role Users
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 201 **
+Added User [m00001@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+Added User [m00002@@[THE_USER].TC_UR1.test.com] to Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.30.41.NEG Created Role User Exists
+role user add com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 409 **
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+Failed [SVC1409]: Conflict Already Exists - User Role exists
+
+# TC_UR1.30.43.POS Delete Role Users
+sleep 0
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Removed User [m00001@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+Removed User [m00002@@[THE_USER].TC_UR1.test.com] from Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.40.10.POS Create multiple UserRoles
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1,com.test.TC_UR1.@[user.name].r2
+** Expect 200 **
+Set User's Roles to [com.test.TC_UR1.@[THE_USER].r1,com.test.TC_UR1.@[THE_USER].r2]
+
+# TC_UR1.40.11.POS Reset userrole for a user
+user role setTo m00001@@[user.name].TC_UR1.test.com
+** Expect 200 **
+Set User's Roles to []
+
+# TC_UR1.40.12.NEG Create userrole where Role doesn't exist
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r5
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist
+
+# TC_UR1.40.13.NEG Create userrole where User doesn't exist
+user role setTo m99999@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential
+
+as testunused@aaf.att.com
+# TC_UR1.40.19.NEG User without permission tries to add userrole
+user role setTo m00001@@[user.name].TC_UR1.test.com com.test.TC_UR1.@[user.name].r1
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1]
+
+# TC_UR1.40.20.NEG User without permission tries to add userrole
+role user setTo com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com
+** Expect 403 **
+Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not write Role [com.test.TC_UR1.@[THE_USER].r1]
+
+as testid@aaf.att.com
+# TC_UR1.40.22.POS Reset userrole for a user
+role user setTo com.test.TC_UR1.@[user.name].r1
+** Expect 200 **
+Set the Role to Users []
+
+sleep 0
+# TC_UR1.40.23.NEG Create UserRole where Role doesn't exist
+role user setTo com.test.TC_UR1.@[user.name].r5 m00001@@[user.name].TC_UR1.test.com
+** Expect 404 **
+Failed [SVC3404]: Not Found - Role [com.test.TC_UR1.@[THE_USER].r5] does not exist
+
+sleep 0
+# TC_UR1.40.24.NEG Create UserRole where User doesn't exist
+role user setTo com.test.TC_UR1.@[user.name].r1 m99999@@[user.name].TC_UR1.test.com
+** Expect 403 **
+Failed [SVC2403]: Forbidden - m99999@@[THE_USER].TC_UR1.test.com is not a valid AAF Credential
+
+# Need to let DB catch up on deletes
+sleep 0
+as testid@aaf.att.com
+# TC_UR1.99.1.POS Remove User from Role
+role user del com.test.TC_UR1.@[user.name].r1 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ]
+Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r1 ]
+
+role user del com.test.TC_UR1.@[user.name].r2 m00001@@[user.name].TC_UR1.test.com,m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Failed [SVC6404]: Not Found - User [ m00001@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ]
+Failed [SVC6404]: Not Found - User [ m00002@@[THE_USER].TC_UR1.test.com ] is not Assigned to the Role [ com.test.TC_UR1.@[THE_USER].r2 ]
+
+role user setTo com.test.TC_UR1.@[user.name].r1
+** Expect 200,404 **
+Set the Role to Users []
+
+# TC_UR1.99.2.POS Remove ability to create creds
+user role del testid@aaf.att.com com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+Removed Role [com.test.TC_UR1.@[THE_USER].cred_admin] from User [testid@aaf.att.com]
+
+as XX@NS
+perm ungrant com.att.aaf.mechid com.att create com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_UR1.@[THE_USER].cred_admin]
+
+as testid@aaf.att.com
+role delete com.test.TC_UR1.@[user.name].cred_admin
+** Expect 200,404 **
+Deleted Role
+
+# TC_UR1.99.3.POS Delete Creds
+set force true
+user cred del m00001@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Deleted Credential [m00001@@[THE_USER].TC_UR1.test.com]
+
+set force true
+user cred del m00002@@[user.name].TC_UR1.test.com
+** Expect 200,404 **
+Deleted Credential [m00002@@[THE_USER].TC_UR1.test.com]
+
+# TC_UR1.99.4.POS Delete Roles
+set force true
+set force=true role delete com.test.TC_UR1.@[user.name].r1
+** Expect 200,404 **
+Deleted Role
+
+set force true
+set force=true role delete com.test.TC_UR1.@[user.name].r2
+** Expect 200,404 **
+Deleted Role
+
+# TC_UR1.99.5.POS Delete Namespace
+set force true
+set force=true ns delete com.test.TC_UR1.@[user.name]
+** Expect 200,404 **
+Deleted Namespace
+
+# TC_UR1.99.99.POS Verify Cleaned NS
+ns list name com.test.TC_UR1.@[user.name]
+** Expect 200,404 **
+
+List Namespaces by Name[com.test.TC_UR1.@[THE_USER]]
+--------------------------------------------------------------------------------
+ *** Namespace Not Found ***
+
Code Review / aaf / authz.git / blobdiff