Upgrade to latest oparent

[aaf/authz.git] / authz-test / TestSuite / expected / TC_Role2.expected

set XX@NS <pass>
set testid@aaf.att.com <pass>
set testunused@aaf.att.com <pass>
set bogus boguspass
#delay 10
set NFR 0
as testid@aaf.att.com
# TC_Role2.10.0.POS Print NS to prove ok
ns list name com.test.TC_Role2.@[user.name] 
** Expect 200 **

List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***

# TC_Role2.10.1.POS Create Namespace with valid IDs and Responsible Parties
ns create com.test.TC_Role2.@[user.name] @[user.name] testid@aaf.att.com
** Expect 201 **
Created Namespace

##############
# Testing Model
# We are making a Testing model based loosely on George Orwell's Animal Farm
# In Animal Farm, Animals did all the work but didn't get any priviledges.
#   In our test, the animals can't see anything but their own role, etc
# Dogs were supervisors, and ostensibly did something, though mostly laid around
#   In our test, they have Implicit Permissions by being Admins
# Pigs were the Elite.  They did nothing, but watch everyone and eat the produce
#   In our test, they have Explicit Permissions to see everything they want
##############
as testid@aaf.att.com
# TC_Role2.20.1.POS List Data on non-Empty NS
ns list name com.test.TC_Role2.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Role2.@[THE_USER].admin                                          
        com.test.TC_Role2.@[THE_USER].owner                                          
    Permissions
        com.test.TC_Role2.@[THE_USER].access *                        *              
        com.test.TC_Role2.@[THE_USER].access *                        read           

# TC_Role2.20.10.POS Create Orwellian Roles
role create com.test.TC_Role2.@[user.name].r.animals 
** Expect 201 **
Created Role

role create com.test.TC_Role2.@[user.name].r.dogs
** Expect 201 **
Created Role

role create com.test.TC_Role2.@[user.name].r.pigs 
** Expect 201 **
Created Role

# TC_Role2.20.20.POS Create and Grant Perms to Dog Roles
perm create com.test.TC_Role2.@[user.name].r.A garbage eat com.test.TC_Role2.@[user.name].r.animals
** Expect 201 **
Created Permission
Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|garbage|eat] to Role [com.test.TC_Role2.@[THE_USER].r.animals]

perm create com.test.TC_Role2.@[user.name].r.A grain eat com.test.TC_Role2.@[user.name].r.dogs
** Expect 201 **
Created Permission
Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|eat] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]

perm create com.test.TC_Role2.@[user.name].r.A grain * com.test.TC_Role2.@[user.name].r.dogs
** Expect 201 **
Created Permission
Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|grain|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]

perm create com.test.TC_Role2.@[user.name].r.A * * com.test.TC_Role2.@[user.name].r.dogs
** Expect 201 **
Created Permission
Granted Permission [com.test.TC_Role2.@[THE_USER].r.A|*|*] to Role [com.test.TC_Role2.@[THE_USER].r.dogs]

# TC_Role2.20.25.POS Create and Grant Animal Farm Priviledges to Pigs
as XX@NS
perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view com.test.TC_Role2.@[user.name].r.pigs
** Expect 201 **
Created Permission
Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.animals|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]

perm create com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view com.test.TC_Role2.@[user.name].r.pigs
** Expect 201 **
Created Permission
Granted Permission [com.att.aaf.role|com.test.TC_Role2.@[THE_USER].r.dogs|view] to Role [com.test.TC_Role2.@[THE_USER].r.pigs]

# TC_Role2.20.60.POS List Data on non-Empty NS
as testid@aaf.att.com
ns list name com.test.TC_Role2.@[user.name]
** Expect 200 **

List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER]
    Administrators
        testid@aaf.att.com                                                      
    Responsible Parties
        @[THE_USER]@csp.att.com                                                      
    Roles
        com.test.TC_Role2.@[THE_USER].admin                                          
        com.test.TC_Role2.@[THE_USER].owner                                          
        com.test.TC_Role2.@[THE_USER].r.animals                                      
        com.test.TC_Role2.@[THE_USER].r.dogs                                         
        com.test.TC_Role2.@[THE_USER].r.pigs                                         
    Permissions
        com.test.TC_Role2.@[THE_USER].access *                        *              
        com.test.TC_Role2.@[THE_USER].access *                        read           
        com.test.TC_Role2.@[THE_USER].r.A   *                        *              
        com.test.TC_Role2.@[THE_USER].r.A   garbage                  eat            
        com.test.TC_Role2.@[THE_USER].r.A   grain                    *              
        com.test.TC_Role2.@[THE_USER].r.A   grain                    eat            

as XX@NS
# TC_Role2.40.1.POS List Data on Role
role list role com.test.TC_Role2.@[user.name].r.animals
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.animals                
   com.test.TC_Role2.@[THE_USER].r.A   garbage                        eat            

role list role com.test.TC_Role2.@[user.name].r.dogs
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.dogs                   
   com.test.TC_Role2.@[THE_USER].r.A   *                              *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          eat            

role list role com.test.TC_Role2.@[user.name].r.pigs
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.pigs                   
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.animals view           
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.dogs view           

# TC_Role2.40.10.POS Add testunused to animals
as testid@aaf.att.com
user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
** Expect 201 **
Added Role [com.test.TC_Role2.@[THE_USER].r.animals] to User [testunused@aaf.att.com]

# TC_Role2.40.11.POS List by Name when part of role
as testunused@aaf.att.com
role list role com.test.TC_Role2.@[user.name].r.animals
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.animals                
   com.test.TC_Role2.@[THE_USER].r.A   garbage                        eat            

# TC_Role2.40.12.NEG List by Name when not part of Role
role list role com.test.TC_Role2.@[user.name].r.dogs
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]

role list role com.test.TC_Role2.@[user.name].r.pigs
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.pigs]

# TC_Role2.40.30.POS Read various Roles based on being Admin in Namespace
as testid@aaf.att.com
role list role com.test.TC_Role2.@[user.name].r.animals
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.animals]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.animals                
   com.test.TC_Role2.@[THE_USER].r.A   garbage                        eat            

role list role com.test.TC_Role2.@[user.name].r.dogs
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.dogs]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.dogs                   
   com.test.TC_Role2.@[THE_USER].r.A   *                              *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          eat            

role list role com.test.TC_Role2.@[user.name].r.pigs
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.pigs                   
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.animals view           
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.dogs view           

# TC_Role2.40.50.POS Change testunused to Pigs
as testid@aaf.att.com
user role del testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.animals
** Expect 200 **
Removed Role [com.test.TC_Role2.@[THE_USER].r.animals] from User [testunused@aaf.att.com]

user role add testunused@aaf.att.com com.test.TC_Role2.@[user.name].r.pigs
** Expect 201 **
Added Role [com.test.TC_Role2.@[THE_USER].r.pigs] to User [testunused@aaf.att.com]

# TC_Role2.40.51.POS Read various Roles based on having Explicit Permissions
as testunused@aaf.att.com
role list role com.test.TC_Role2.@[user.name].r.animals
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.animals]

role list role com.test.TC_Role2.@[user.name].r.dogs
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_Role2.@[THE_USER].r.dogs]

role list role com.test.TC_Role2.@[user.name].r.pigs
** Expect 200 **

List Roles for Role[com.test.TC_Role2.@[THE_USER].r.pigs]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.pigs                   
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.animals view           
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.dogs view           

# TC_Role2.41.10.POS List by User when Same as Caller
as testunused@aaf.att.com
role list user testunused@aaf.att.com
** Expect 200 **

List Roles for User [testunused@aaf.att.com]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.pigs                   
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.animals view           
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.dogs view           

# TC_Role2.41.15.POS List by User when not same as Caller, but own/admin namespace of Roles
as testid@aaf.att.com
role list user testunused@aaf.att.com
** Expect 200 **

List Roles for User [testunused@aaf.att.com]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.pigs                   
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.animals view           
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.dogs view           

# TC_Role2.41.20.POS List by User when not same as Caller, but parent owner of Namespace
as XX@NS
role list user testunused@aaf.att.com
** Expect 200 **

List Roles for User [testunused@aaf.att.com]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.pigs                   
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.animals view           
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.dogs view           

# TC_Role2.41.80.NEG List by User when not Caller nor associated to Namespace (nothing should be shown)
as testunused@aaf.att.com
role list user XX@NS
** Expect 200 **

List Roles for User [XX@NS]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------

# TC_Role2.42.10.POS List Roles from NS when not allowed to see NS
as testid@aaf.att.com
role list ns com.test.TC_Role2.@[user.name]
** Expect 200 **

List Roles by NS [com.test.TC_Role2.@[THE_USER]]
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].admin                    
   com.test.TC_Role2.@[THE_USER].access *                              *              
com.test.TC_Role2.@[THE_USER].owner                    
   com.test.TC_Role2.@[THE_USER].access *                              read           
com.test.TC_Role2.@[THE_USER].r.animals                
   com.test.TC_Role2.@[THE_USER].r.A   garbage                        eat            
com.test.TC_Role2.@[THE_USER].r.dogs                   
   com.test.TC_Role2.@[THE_USER].r.A   *                              *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          eat            
com.test.TC_Role2.@[THE_USER].r.pigs                   
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.animals view           
   com.att.aaf.role               com.test.TC_Role2.@[THE_USER].r.dogs view           

# TC_Role2.42.20.NEG Don't List Roles from NS when not allowed to see NS
as testunused@aaf.att.com
role list ns com.test.TC_Role2.@[user.name]
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read in NS [com.test.TC_Role2.@[THE_USER]]

# TC_Role2.43.10.POS List Roles when allowed to see Perm
as testid@aaf.att.com
role list perm com.test.TC_Role2.@[user.name].r.A grain eat
** Expect 200 **

List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|eat
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.dogs                   
   com.test.TC_Role2.@[THE_USER].r.A   *                              *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          eat            

role list perm com.test.TC_Role2.@[user.name].r.A grain *
** Expect 200 **

List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|grain|*
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.dogs                   
   com.test.TC_Role2.@[THE_USER].r.A   *                              *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          eat            

role list perm com.test.TC_Role2.@[user.name].r.A * *
** Expect 200 **

List Roles by Perm com.test.TC_Role2.@[THE_USER].r.A|*|*
--------------------------------------------------------------------------------
ROLE Name                                         
   PERM Type                      Instance                       Action         
--------------------------------------------------------------------------------
com.test.TC_Role2.@[THE_USER].r.dogs                   
   com.test.TC_Role2.@[THE_USER].r.A   *                              *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          *              
   com.test.TC_Role2.@[THE_USER].r.A   grain                          eat            

# TC_Role2.43.15.NEG Don't List Roles when not allowed to see Perm
as testunused@aaf.att.com
role list perm com.test.TC_Role2.@[user.name].r.A grain eat
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|eat]

role list perm com.test.TC_Role2.@[user.name].r.A grain *
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|grain|*]

role list perm com.test.TC_Role2.@[user.name].r.A * *
** Expect 403 **
Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Perm [com.test.TC_Role2.@[THE_USER].r.A|*|*]

as XX@NS
# TC_Role2.99.1.POS Delete Roles
force role delete com.test.TC_Role2.@[user.name].r.animals
** Expect 200,404 **
Deleted Role

force role delete com.test.TC_Role2.@[user.name].r.dogs
** Expect 200,404 **
Deleted Role

force role delete com.test.TC_Role2.@[user.name].r.pigs
** Expect 200,404 **
Deleted Role

# TC_Role2.99.2.POS Delete Perms
force perm delete com.test.TC_Role2.@[user.name].r.A garbage eat
** Expect 200,404 **
Deleted Permission

force perm delete com.test.TC_Role2.@[user.name].r.A grain eat
** Expect 200,404 **
Deleted Permission

force perm delete com.test.TC_Role2.@[user.name].r.A grain *
** Expect 200,404 **
Deleted Permission

force perm delete com.test.TC_Role2.@[user.name].r.A * *
** Expect 200,404 **
Deleted Permission

force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.animals view
** Expect 200,404 **
Deleted Permission

force perm delete com.att.aaf.role com.test.TC_Role2.@[user.name].r.dogs view
** Expect 200,404 **
Deleted Permission

# TC_Role2.99.2.POS Namespace Admin can delete Namespace
force ns delete com.test.TC_Role2.@[user.name]
** Expect 200,404 **
Deleted Namespace

# TC_Role2.99.3.POS Print Namespaces
ns list name com.test.TC_Role2.@[user.name]
** Expect 200,404 **

List Namespaces by Name[com.test.TC_Role2.@[THE_USER]]
--------------------------------------------------------------------------------
    *** Namespace Not Found ***