authz-test/TestSuite/expected/TC_User1.expected

   1 set XX@NS <pass>
   2 set testid@aaf.att.com <pass>
   3 set testunused@aaf.att.com <pass>
   4 set bogus@aaf.att.com boguspass
   5 set m99990@@[THE_USER].TC_User1.test.com password123
   6 set m99995@@[THE_USER].TC_User1.test.com password123
   7 #delay 10
   8 set NFR 0
   9 as testid@aaf.att.com
  10 # TC_User1.10.0.POS Check for Existing Data
  11 ns list name com.test.TC_User1.@[user.name]
  12 ** Expect 200 **
  13
  14 List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
  15 --------------------------------------------------------------------------------
  16     *** Namespace Not Found ***
  17
  18 # TC_User1.10.1.POS Create Namespace with valid IDs and Responsible Parties
  19 ns create com.test.TC_User1.@[user.name] @[user.name] testid@aaf.att.com
  20 ** Expect 201 **
  21 Created Namespace
  22
  23 # TC_User1.10.10.POS Create role to assign mechid perm to
  24 role create com.test.TC_User1.@[user.name].cred_admin testid@aaf.att.com
  25 ** Expect 201 **
  26 Created Role
  27 Added User [testid@aaf.att.com] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
  28
  29 as XX@NS
  30 # TC_User1.10.11.POS Assign role to mechid perm
  31 perm grant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
  32 ** Expect 201 **
  33 Granted Permission [com.att.aaf.mechid|com.att|create] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
  34
  35 perm grant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
  36 ** Expect 201 **
  37 Granted Permission [com.att.aaf.delg|com.att|change] to Role [com.test.TC_User1.@[THE_USER].cred_admin]
  38
  39 as testid@aaf.att.com
  40 # TC_User1.01.99.POS Expect Namespace to be created
  41 ns list name com.test.TC_User1.@[user.name]
  42 ** Expect 200 **
  43
  44 List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
  45 --------------------------------------------------------------------------------
  46 com.test.TC_User1.@[THE_USER]
  47     Administrators
  48         testid@aaf.att.com
  49     Responsible Parties
  50         @[THE_USER]@csp.att.com
  51     Roles
  52         com.test.TC_User1.@[THE_USER].admin
  53         com.test.TC_User1.@[THE_USER].cred_admin
  54         com.test.TC_User1.@[THE_USER].owner
  55     Permissions
  56         com.test.TC_User1.@[THE_USER].access *                        *
  57         com.test.TC_User1.@[THE_USER].access *                        read
  58
  59 as testid@aaf.att.com
  60 # TC_User1.20.1.POS Create roles
  61 role create com.test.TC_User1.@[user.name].manager
  62 ** Expect 201 **
  63 Created Role
  64
  65 role create com.test.TC_User1.@[user.name].worker
  66 ** Expect 201 **
  67 Created Role
  68
  69 # TC_User1.20.2.POS Create permissions
  70 perm create com.test.TC_User1.@[user.name].supplies * move com.test.TC_User1.@[user.name].worker
  71 ** Expect 201 **
  72 Created Permission
  73 Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|move] to Role [com.test.TC_User1.@[THE_USER].worker]
  74
  75 perm create com.test.TC_User1.@[user.name].supplies * stock com.test.TC_User1.@[user.name].worker
  76 ** Expect 201 **
  77 Created Permission
  78 Granted Permission [com.test.TC_User1.@[THE_USER].supplies|*|stock] to Role [com.test.TC_User1.@[THE_USER].worker]
  79
  80 perm create com.test.TC_User1.@[user.name].schedule worker create com.test.TC_User1.@[user.name].manager
  81 ** Expect 201 **
  82 Created Permission
  83 Granted Permission [com.test.TC_User1.@[THE_USER].schedule|worker|create] to Role [com.test.TC_User1.@[THE_USER].manager]
  84
  85 perm create com.test.TC_User1.@[user.name].worker * annoy com.test.TC_User1.@[user.name].manager
  86 ** Expect 201 **
  87 Created Permission
  88 Granted Permission [com.test.TC_User1.@[THE_USER].worker|*|annoy] to Role [com.test.TC_User1.@[THE_USER].manager]
  89
  90 # TC_User1.20.3.POS Create mechid
  91 user cred add m99990@@[user.name].TC_User1.test.com password123
  92 ** Expect 201 **
  93 Added Credential [m99990@@[THE_USER].TC_User1.test.com]
  94
  95 user cred add m99995@@[user.name].TC_User1.test.com password123
  96 ** Expect 201 **
  97 Added Credential [m99995@@[THE_USER].TC_User1.test.com]
  98
  99 as XX@NS
 100 # TC_User1.20.10.POS Add users to roles
 101 user role add @[user.name] com.test.TC_User1.@[user.name].manager
 102 ** Expect 201 **
 103 Added Role [com.test.TC_User1.@[THE_USER].manager] to User [@[THE_USER]@csp.att.com]
 104
 105 user role add m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
 106 ** Expect 201 **
 107 Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99990@@[THE_USER].TC_User1.test.com]
 108
 109 # TC_User1.20.20.POS Add Delegate
 110 as XX@NS
 111 # TC_User1.20.20.POS Create delegates
 112 force user delegate add @[user.name] @[user.name]
 113 ** Expect 201 **
 114 Delegate Added
 115
 116 # TC_User1.40.1.NEG Non-admin, user not in role should not view
 117 as testunused@aaf.att.com
 118 user list role com.test.TC_User1.@[user.name].manager
 119 ** Expect 403 **
 120 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
 121
 122 user list role com.test.TC_User1.@[user.name].worker
 123 ** Expect 403 **
 124 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read Role [com.test.TC_User1.@[THE_USER].worker]
 125
 126 as m99990@@[THE_USER].TC_User1.test.com
 127 # TC_User1.40.2.NEG Non-admin, user in role should not view
 128 user list role com.test.TC_User1.@[user.name].manager
 129 ** Expect 403 **
 130 Failed [SVC1403]: Forbidden - [m99990@@[THE_USER].TC_User1.test.com] may not read Role [com.test.TC_User1.@[THE_USER].manager]
 131
 132 sleep 0
 133 # TC_User1.40.3.POS Non-admin, user in role can view himself
 134 user list role com.test.TC_User1.@[user.name].worker
 135 ** Expect 200 **
 136
 137 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
 138 --------------------------------------------------------------------------------
 139 User                                               Expires
 140 --------------------------------------------------------------------------------
 141 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 142
 143
 144 as testid@aaf.att.com
 145 # TC_User1.40.10.POS admin should view
 146 user list role com.test.TC_User1.@[user.name].manager
 147 ** Expect 200 **
 148
 149 List Users for Role[com.test.TC_User1.@[THE_USER].manager]
 150 --------------------------------------------------------------------------------
 151 User                                               Expires
 152 --------------------------------------------------------------------------------
 153 @[THE_USER]@csp.att.com                                 XXXX-XX-XX
 154
 155
 156 user list role com.test.TC_User1.@[user.name].worker
 157 ** Expect 200 **
 158
 159 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
 160 --------------------------------------------------------------------------------
 161 User                                               Expires
 162 --------------------------------------------------------------------------------
 163 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 164
 165
 166 as testunused@aaf.att.com
 167 # TC_User1.41.1.NEG Non-admin, user not in perm should not view
 168 user list perm com.test.TC_User1.@[user.name].supplies * move
 169 ** Expect 200 **
 170
 171 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
 172 --------------------------------------------------------------------------------
 173 User                                               Expires
 174 --------------------------------------------------------------------------------
 175
 176
 177 user list perm com.test.TC_User1.@[user.name].supplies * stock
 178 ** Expect 200 **
 179
 180 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
 181 --------------------------------------------------------------------------------
 182 User                                               Expires
 183 --------------------------------------------------------------------------------
 184
 185
 186 user list perm com.test.TC_User1.@[user.name].schedule worker create
 187 ** Expect 200 **
 188
 189 List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
 190 --------------------------------------------------------------------------------
 191 User                                               Expires
 192 --------------------------------------------------------------------------------
 193
 194
 195 user list perm com.test.TC_User1.@[user.name].worker * annoy
 196 ** Expect 200 **
 197
 198 List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
 199 --------------------------------------------------------------------------------
 200 User                                               Expires
 201 --------------------------------------------------------------------------------
 202
 203
 204 as m99990@@[THE_USER].TC_User1.test.com
 205 # TC_User1.41.2.POS Non-admin, user in perm can view himself
 206 user list perm com.test.TC_User1.@[user.name].supplies * move
 207 ** Expect 200 **
 208
 209 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
 210 --------------------------------------------------------------------------------
 211 User                                               Expires
 212 --------------------------------------------------------------------------------
 213 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 214
 215
 216 user list perm com.test.TC_User1.@[user.name].supplies * stock
 217 ** Expect 200 **
 218
 219 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
 220 --------------------------------------------------------------------------------
 221 User                                               Expires
 222 --------------------------------------------------------------------------------
 223 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 224
 225
 226 as m99990@@[THE_USER].TC_User1.test.com
 227 # TC_User1.41.3.NEG Non-admin, user in perm should not view
 228 user list perm com.test.TC_User1.@[user.name].schedule worker create
 229 ** Expect 200 **
 230
 231 List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
 232 --------------------------------------------------------------------------------
 233 User                                               Expires
 234 --------------------------------------------------------------------------------
 235
 236
 237 user list perm com.test.TC_User1.@[user.name].worker * annoy
 238 ** Expect 200 **
 239
 240 List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
 241 --------------------------------------------------------------------------------
 242 User                                               Expires
 243 --------------------------------------------------------------------------------
 244
 245
 246 as testid@aaf.att.com
 247 # TC_User1.41.10.POS admin should view
 248 user list perm com.test.TC_User1.@[user.name].supplies * move
 249 ** Expect 200 **
 250
 251 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
 252 --------------------------------------------------------------------------------
 253 User                                               Expires
 254 --------------------------------------------------------------------------------
 255 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 256
 257
 258 user list perm com.test.TC_User1.@[user.name].supplies * stock
 259 ** Expect 200 **
 260
 261 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
 262 --------------------------------------------------------------------------------
 263 User                                               Expires
 264 --------------------------------------------------------------------------------
 265 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 266
 267
 268 user list perm com.test.TC_User1.@[user.name].schedule worker create
 269 ** Expect 200 **
 270
 271 List Users for Permission[com.test.TC_User1.@[THE_USER].schedule|worker|create]
 272 --------------------------------------------------------------------------------
 273 User                                               Expires
 274 --------------------------------------------------------------------------------
 275 @[THE_USER]@csp.att.com                                 XXXX-XX-XX
 276
 277
 278 user list perm com.test.TC_User1.@[user.name].worker * annoy
 279 ** Expect 200 **
 280
 281 List Users for Permission[com.test.TC_User1.@[THE_USER].worker|*|annoy]
 282 --------------------------------------------------------------------------------
 283 User                                               Expires
 284 --------------------------------------------------------------------------------
 285 @[THE_USER]@csp.att.com                                 XXXX-XX-XX
 286
 287
 288 as testunused@aaf.att.com
 289 # TC_User1.42.1.NEG Unrelated user can't view delegates
 290 user list delegates user m99990@@[user.name].TC_User1.test.com
 291 ** Expect 403 **
 292 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99990@@[THE_USER].TC_User1.test.com]
 293
 294 user list delegates delegate m99995@@[user.name].TC_User1.test.com
 295 ** Expect 403 **
 296 Failed [SVC1403]: Forbidden - [testunused@aaf.att.com] may not read delegates for [m99995@@[THE_USER].TC_User1.test.com]
 297
 298 as XX@NS
 299 # TC_User1.42.10.POS Admin of domain NS can view
 300 user list delegates user @[user.name]
 301 ** Expect 200 **
 302
 303 List Delegates by user[@[THE_USER]@csp.att.com]
 304 --------------------------------------------------------------------------------
 305  User                      Delegate                   Expires
 306 --------------------------------------------------------------------------------
 307  @[THE_USER]@csp.att.com        @[THE_USER]@csp.att.com         XXXX-XX-XX
 308
 309 user list delegates delegate @[user.name]
 310 ** Expect 200 **
 311
 312 List Delegates by delegate[@[THE_USER]@csp.att.com]
 313 --------------------------------------------------------------------------------
 314  User                      Delegate                   Expires
 315 --------------------------------------------------------------------------------
 316  @[THE_USER]@csp.att.com        @[THE_USER]@csp.att.com         XXXX-XX-XX
 317
 318 as testid@aaf.att.com
 319 # TC_User1.43.1.POS Add another user to worker role
 320 user role add m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
 321 ** Expect 201 **
 322 Added Role [com.test.TC_User1.@[THE_USER].worker] to User [m99995@@[THE_USER].TC_User1.test.com]
 323
 324 as m99990@@[THE_USER].TC_User1.test.com
 325 # TC_User1.43.2.POS User should only see himself here
 326 user list role com.test.TC_User1.@[user.name].worker
 327 ** Expect 200 **
 328
 329 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
 330 --------------------------------------------------------------------------------
 331 User                                               Expires
 332 --------------------------------------------------------------------------------
 333 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 334 m99995@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 335
 336
 337 user list perm com.test.TC_User1.@[user.name].supplies * move
 338 ** Expect 200 **
 339
 340 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
 341 --------------------------------------------------------------------------------
 342 User                                               Expires
 343 --------------------------------------------------------------------------------
 344 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 345 m99995@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 346
 347
 348 user list perm com.test.TC_User1.@[user.name].supplies * stock
 349 ** Expect 200 **
 350
 351 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
 352 --------------------------------------------------------------------------------
 353 User                                               Expires
 354 --------------------------------------------------------------------------------
 355 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 356 m99995@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 357
 358
 359 as XX@NS
 360 # TC_User1.43.10.POS Grant explicit user perm to user
 361 perm create com.att.aaf.user :com.test.TC_User1.@[user.name] view com.test.TC_User1.@[user.name].worker
 362 ** Expect 201 **
 363 Created Permission
 364 Granted Permission [com.att.aaf.user|:com.test.TC_User1.@[THE_USER]|view] to Role [com.test.TC_User1.@[THE_USER].worker]
 365
 366 as m99990@@[THE_USER].TC_User1.test.com
 367 # TC_User1.43.11.POS User should see all users of test domain now
 368 user list role com.test.TC_User1.@[user.name].worker
 369 ** Expect 200 **
 370
 371 List Users for Role[com.test.TC_User1.@[THE_USER].worker]
 372 --------------------------------------------------------------------------------
 373 User                                               Expires
 374 --------------------------------------------------------------------------------
 375 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 376 m99995@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 377
 378
 379 user list perm com.test.TC_User1.@[user.name].supplies * move
 380 ** Expect 200 **
 381
 382 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|move]
 383 --------------------------------------------------------------------------------
 384 User                                               Expires
 385 --------------------------------------------------------------------------------
 386 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 387 m99995@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 388
 389
 390 user list perm com.test.TC_User1.@[user.name].supplies * stock
 391 ** Expect 200 **
 392
 393 List Users for Permission[com.test.TC_User1.@[THE_USER].supplies|*|stock]
 394 --------------------------------------------------------------------------------
 395 User                                               Expires
 396 --------------------------------------------------------------------------------
 397 m99990@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 398 m99995@@[THE_USER].TC_User1.test.com                    XXXX-XX-XX
 399
 400
 401 as testid@aaf.att.com
 402 # TC_User1.99.0.POS Remove user roles
 403 user role del @[user.name] com.test.TC_User1.@[user.name].manager
 404 ** Expect 200,404 **
 405 Removed Role [com.test.TC_User1.@[THE_USER].manager] from User [@[THE_USER]@csp.att.com]
 406
 407 user role del m99990@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
 408 ** Expect 200,404 **
 409 Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99990@@[THE_USER].TC_User1.test.com]
 410
 411 user role del m99995@@[user.name].TC_User1.test.com com.test.TC_User1.@[user.name].worker
 412 ** Expect 200,404 **
 413 Removed Role [com.test.TC_User1.@[THE_USER].worker] from User [m99995@@[THE_USER].TC_User1.test.com]
 414
 415 # TC_User1.99.1.POS Namespace Admin can delete Namepace defined Roles & Perms
 416 force perm delete com.test.TC_User1.@[user.name].supplies * move
 417 ** Expect 200,404 **
 418 Deleted Permission
 419
 420 force perm delete com.test.TC_User1.@[user.name].supplies * stock
 421 ** Expect 200,404 **
 422 Deleted Permission
 423
 424 force perm delete com.test.TC_User1.@[user.name].schedule worker create
 425 ** Expect 200,404 **
 426 Deleted Permission
 427
 428 force perm delete com.test.TC_User1.@[user.name].worker * annoy
 429 ** Expect 200,404 **
 430 Deleted Permission
 431
 432 force role delete com.test.TC_User1.@[user.name].manager
 433 ** Expect 200,404 **
 434 Deleted Role
 435
 436 force role delete com.test.TC_User1.@[user.name].worker
 437 ** Expect 200,404 **
 438 Deleted Role
 439
 440 # TC_User1.99.10.POS Creds and delegate
 441 user delegate del @[user.name]
 442 ** Expect 200,404 **
 443 Delegate Deleted
 444
 445 user cred del m99990@@[user.name].TC_User1.test.com
 446 ** Expect 200,404 **
 447 Deleted Credential [m99990@@[THE_USER].TC_User1.test.com]
 448
 449 user cred del m99995@@[user.name].TC_User1.test.com
 450 ** Expect 200,404 **
 451 Deleted Credential [m99995@@[THE_USER].TC_User1.test.com]
 452
 453 as XX@NS
 454 # TC_User1.99.15.POS Remove ability to create creds
 455 perm ungrant com.att.aaf.mechid com.att create com.test.TC_User1.@[user.name].cred_admin
 456 ** Expect 200,404 **
 457 UnGranted Permission [com.att.aaf.mechid|com.att|create] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
 458
 459 perm ungrant com.att.aaf.delg com.att change com.test.TC_User1.@[user.name].cred_admin
 460 ** Expect 200,404 **
 461 UnGranted Permission [com.att.aaf.delg|com.att|change] from Role [com.test.TC_User1.@[THE_USER].cred_admin]
 462
 463 perm delete com.att.aaf.user :com.test.TC_User1.@[user.name] view
 464 ** Expect 200,404 **
 465 Deleted Permission
 466
 467 as testid@aaf.att.com
 468 force role delete com.test.TC_User1.@[user.name].cred_admin
 469 ** Expect 200,404 **
 470 Deleted Role
 471
 472 # TC_User1.99.90.POS Namespace Admin can delete Namespace
 473 force ns delete com.test.TC_User1.@[user.name]
 474 ** Expect 200,404 **
 475 Deleted Namespace
 476
 477 sleep 0
 478 # TC_User1.99.99.POS Check Clean Namespace
 479 ns list name com.test.TC_User1.@[user.name]
 480 ** Expect 200,404 **
 481
 482 List Namespaces by Name[com.test.TC_User1.@[THE_USER]]
 483 --------------------------------------------------------------------------------
 484     *** Namespace Not Found ***
 485