From b28dc08ad8f38011bab31ede3584d275cd22ced8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Remi=20Andr=C3=A9=20L=C3=B8voll?=
<56019927+lovoll@users.noreply.github.com>
Date: Wed, 11 Dec 2024 12:14:31 +0100
Subject: [PATCH] Add Bruno test and fix max limit in revoke all (#157)
* Bruno test revoke all instance delegation single instance
Fix and negative test for revoke 11 delegations
* Fix test name
* Revrote all test to have a descriptive name for each test step and use assert instead of axpect
Revrote all test testing multiple iterations of delegations to use for loop
Revrote al test to expect to to be in alist to not be vulnerable to difrent sorting from server and not using sorting on client as this would only fix it for one environment but could be difrent in other environment based on the uuid of that user.
* Fixed expected path according to code change as it is instanceId that will make the number of policies handled not ResourceId
* Fix expected after change in code
---
.../AppsInstanceDelegationSettings.cs | 13 ++
.../Errors/ValidationErrors.cs | 2 +-
.../Services/AppsInstanceDelegationService.cs | 18 ++-
.../AccessManagementHost.cs | 1 +
.../Altinn.AccessManagement/appsettings.json | 3 +
.../AppsInstanceDelegationControllerTest.cs | 16 +++
.../TestDataAppsInstanceDelegation.cs | 12 ++
.../response.json | 16 +++
.../N/000000000010/delegationpolicy.xml | 42 ++++++
.../N/000000000012/delegationpolicy.xml | 79 +++++++++++
.../N/000000000014/delegationpolicy.xml | 42 ++++++
.../N/000000000016/delegationpolicy.xml | 42 ++++++
.../N/000000000018/delegationpolicy.xml | 42 ++++++
.../N/000000000020/delegationpolicy.xml | 42 ++++++
.../N/000000000022/delegationpolicy.xml | 42 ++++++
.../N/000000000024/delegationpolicy.xml | 42 ++++++
.../N/000000000026/delegationpolicy.xml | 42 ++++++
.../N/313FB3847FA1/delegationpolicy.xml | 42 ++++++
.../N/D90B16D527EA/delegationpolicy.xml | 79 +++++++++++
.../Mocks/DelegationMetadataRepositoryMock.cs | 13 ++
.../1. DelegateInstanceRights.bru | 2 +-
.../2. GetInstanceRights.bru | 2 +-
.../3. RevokeInstanceRead.bru | 2 +-
.../4. GetInstanceRights.bru | 2 +-
.../5. RevokeInstanceSign.bru | 2 +-
.../6. GetInstanceRights.bru | 2 +-
.../1.DelegatePerson1.bru | 109 ++++++++++++++
.../2.DelegatePerson3.bru | 109 ++++++++++++++
.../3.DelegateOrg3.bru | 109 ++++++++++++++
.../4.GetAllDelegations.bru | 119 ++++++++++++++++
.../5.RevokeAllDelegationsForInstance.bru | 119 ++++++++++++++++
.../6.GetAllDelegationsAfterRevoke.bru | 95 +++++++++++++
.../DelegateExistingAppNoRightsDelegable.bru | 11 +-
.../1.DelegatePerson1.bru | 109 ++++++++++++++
.../10.DelegateOrg10.bru | 109 ++++++++++++++
.../11.DelegateOrg11.bru | 109 ++++++++++++++
.../12.GetAllDelegations.bru | 128 +++++++++++++++++
.../13.RevokeAllDelegationsForInstance.bru | 99 +++++++++++++
.../14.GetAllDelegationsAfterRevoke.bru | 133 ++++++++++++++++++
.../2.DelegatePerson3.bru | 109 ++++++++++++++
.../3.DelegateOrg3.bru | 109 ++++++++++++++
.../3.DelegateOrg4.bru | 109 ++++++++++++++
.../5.DelegateOrg5.bru | 109 ++++++++++++++
.../6.DelegateOrg6.bru | 109 ++++++++++++++
.../7.DelegateOrg7.bru | 109 ++++++++++++++
.../8.DelegateOrg8.bru | 109 ++++++++++++++
.../9.DelegateOrg9.bru | 109 ++++++++++++++
.../DelegateNonExistingResource.bru | 11 +-
.../NegativeTests/DelegateWrongFrom.bru | 11 +-
.../NegativeTests/DelegateWrongTo.bru | 11 +-
...etInstanceDelegationNoRightsToDelegate.bru | 11 +-
...tInstanceDelegationNonExistingResource.bru | 11 +-
.../Testdata/instance-delegation/at22.json | 42 ++++++
.../Testdata/instance-delegation/tt02.json | 41 ++++++
54 files changed, 2965 insertions(+), 45 deletions(-)
create mode 100644 src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Configuration/AppsInstanceDelegationSettings.cs
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/Json/AppsInstanceDelegation/Revoke/app_ttd_am-devtest-instancedelegation/00000000-0000-0000-0000-000000000011/response.json
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000010/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000012/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000014/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000016/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000018/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000020/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000022/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000024/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000026/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/313FB3847FA1/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/D90B16D527EA/delegationpolicy.xml
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/4.GetAllDelegations.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/5.RevokeAllDelegationsForInstance.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/6.GetAllDelegationsAfterRevoke.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/10.DelegateOrg10.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/11.DelegateOrg11.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/12.GetAllDelegations.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/13.RevokeAllDelegationsForInstance.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/14.GetAllDelegationsAfterRevoke.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg4.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/5.DelegateOrg5.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/6.DelegateOrg6.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/7.DelegateOrg7.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/8.DelegateOrg8.bru
create mode 100644 src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/9.DelegateOrg9.bru
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Configuration/AppsInstanceDelegationSettings.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Configuration/AppsInstanceDelegationSettings.cs
new file mode 100644
index 00000000..c07ca327
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Configuration/AppsInstanceDelegationSettings.cs
@@ -0,0 +1,13 @@
+namespace Altinn.AccessManagement.Core.Configuration
+{
+ ///
+ /// AppsInstanceDelegationSettings
+ ///
+ public class AppsInstanceDelegationSettings
+ {
+ ///
+ /// Sets the maximum policy files to handle under revoke all calls
+ ///
+ public int MaxPolicyFilesToRevoke { get; set; }
+ }
+}
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs
index 92689022..18c2e19b 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Errors/ValidationErrors.cs
@@ -40,5 +40,5 @@ private static readonly ValidationErrorDescriptorFactory _factory
/// Gets a validation error descriptor for when a Resource not has any delegable rights for the app
///
public static ValidationErrorDescriptor ToManyDelegationsToRevoke { get; }
- = _factory.Create(5, $"There must be 10 or less policy files to update.");
+ = _factory.Create(5, $"There is to many policy files to update. Must delete individual delegations.");
}
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs
index d44ea1c1..d313ce92 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement.Core/Services/AppsInstanceDelegationService.cs
@@ -1,6 +1,7 @@
using System.ComponentModel.DataAnnotations;
using System.Formats.Asn1;
using Altinn.AccessManagement.Core.Clients.Interfaces;
+using Altinn.AccessManagement.Core.Configuration;
using Altinn.AccessManagement.Core.Constants;
using Altinn.AccessManagement.Core.Enums;
using Altinn.AccessManagement.Core.Errors;
@@ -16,7 +17,7 @@
using Altinn.Platform.Register.Models;
using Altinn.Urn;
using Altinn.Urn.Json;
-using static System.Runtime.InteropServices.JavaScript.JSType;
+using Microsoft.Extensions.Options;
namespace Altinn.AccessManagement.Core.Services.Implementation;
@@ -29,17 +30,19 @@ public class AppsInstanceDelegationService : IAppsInstanceDelegationService
private readonly IPolicyInformationPoint _pip;
private readonly IPolicyAdministrationPoint _pap;
private readonly IResourceRegistryClient _resourceRegistryClient;
+ private readonly AppsInstanceDelegationSettings _appsInstanceDelegationSettings;
private readonly string appInstanceResourcePath = "appInstanceDelegationRequest.Resource";
///
/// Initializes a new instance of the class.
///
- public AppsInstanceDelegationService(IPartiesClient partiesClient, IResourceRegistryClient resourceRegistryClient, IPolicyInformationPoint pip, IPolicyAdministrationPoint pap)
+ public AppsInstanceDelegationService(IPartiesClient partiesClient, IOptions appsInstanceDelegationSettings, IResourceRegistryClient resourceRegistryClient, IPolicyInformationPoint pip, IPolicyAdministrationPoint pap)
{
_partiesClient = partiesClient;
_pip = pip;
_resourceRegistryClient = resourceRegistryClient;
_pap = pap;
+ _appsInstanceDelegationSettings = appsInstanceDelegationSettings.Value;
}
private async Task<(UuidType DelegationType, Guid? Uuid)> TranslatePartyUuidToPersonOrganizationUuid(PartyUrn partyId)
@@ -306,6 +309,17 @@ public async Task>> RevokeAll(AppsInstan
}
}
+ int limit = _appsInstanceDelegationSettings.MaxPolicyFilesToRevoke;
+ if (rightsToRevoke.Count > limit)
+ {
+ errors.Add(ValidationErrors.ToManyDelegationsToRevoke, "InstanceId");
+
+ if (errors.TryBuild(out errorResult))
+ {
+ return errorResult;
+ }
+ }
+
// Perform Revoke
List revokedResult = await _pap.TryWriteInstanceRevokeAllPolicyRules(rightsToRevoke, cancellationToken);
List result = TransformInstanceRightListToAppsInstanceDelegationResponseList(revokedResult);
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs
index c5c889a2..85cb1bab 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/AccessManagementHost.cs
@@ -124,6 +124,7 @@ private static void ConfigureAppsettings(this WebApplicationBuilder builder)
builder.Services.Configure(config.GetSection("kvSetting"));
builder.Services.Configure(config.GetSection("OidcProviders"));
builder.Services.Configure(config.GetSection("UserProfileLookupSettings"));
+ builder.Services.Configure(config.GetSection("AppsInstanceDelegationSettings"));
}
private static void ConfigureAuthorization(this WebApplicationBuilder builder)
diff --git a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json
index 17165cb7..5bdb156f 100644
--- a/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json
+++ b/src/apps/Altinn.AccessManagement/src/Altinn.AccessManagement/appsettings.json
@@ -65,5 +65,8 @@
"RightsDelegationApi": false,
"OpenTelementry": false,
"UseNewQueryRepo": true
+ },
+ "AppsInstanceDelegationSettings": {
+ "MaxPolicyFilesToRevoke": 10
}
}
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs
index d1f45e40..07b9f47c 100644
--- a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Controllers/ResourceOwnerAPI/AppsInstanceDelegationControllerTest.cs
@@ -125,6 +125,22 @@ public async Task AppsInstanceDelegationController_ValidToken_RevokeAll_OK(strin
AssertionUtil.AssertPagination(expected, actual, AssertionUtil.AssertAppsInstanceRevokeResponseDto);
}
+ [Theory]
+ [MemberData(nameof(TestDataAppsInstanceDelegation.RevokeAllToManyPolicyFiles), MemberType = typeof(TestDataAppsInstanceDelegation))]
+ public async Task AppsInstanceDelegationController_ValidToken_RevokeAll_ToManyPolicyFilesToUpdate(string platformToken, string resourceId, string instanceId, AltinnProblemDetails expected)
+ {
+ var client = GetTestClient(platformToken);
+
+ // Act
+ HttpResponseMessage response = await client.DeleteAsync($"accessmanagement/api/v1/app/delegationrevoke/resource/{resourceId}/instance/{instanceId}");
+
+ // Assert
+ Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+
+ AltinnProblemDetails actual = JsonSerializer.Deserialize(await response.Content.ReadAsStringAsync(), options);
+ TestDataAppsInstanceDelegation.AssertAltinnProblemDetailsEqual(expected, actual);
+ }
+
[Theory]
[MemberData(nameof(TestDataAppsInstanceDelegation.RevokeAllUnathorized), MemberType = typeof(TestDataAppsInstanceDelegation))]
public async Task AppsInstanceDelegationController_NoToken_RevokeAll_Unauthorized(string resourceId, string instanceId)
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs
index d98522e5..08550617 100644
--- a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/AuthorizedParties/TestDataAppsInstanceDelegation.cs
@@ -33,6 +33,8 @@ public static class TestDataAppsInstanceDelegation
private static readonly string RevokeAllInstance = "00000000-0000-0000-0000-000000000010";
+ private static readonly string RevokeAllInstanceToManyPolicyFiles = "00000000-0000-0000-0000-000000000011";
+
///
/// Test case: GET v1/apps/instancedelegation/{resourceId}/{instanceId}/delegationcheck
/// with:
@@ -129,6 +131,16 @@ public static class TestDataAppsInstanceDelegation
}
};
+ public static TheoryData RevokeAllToManyPolicyFiles() => new()
+ {
+ {
+ PrincipalUtil.GetAccessToken("ttd", "am-devtest-instancedelegation"),
+ AppId,
+ RevokeAllInstanceToManyPolicyFiles,
+ GetExpectedResponse("Revoke", AppId, RevokeAllInstanceToManyPolicyFiles)
+ }
+ };
+
public static TheoryData RevokeAllUnathorized() => new()
{
{
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/Json/AppsInstanceDelegation/Revoke/app_ttd_am-devtest-instancedelegation/00000000-0000-0000-0000-000000000011/response.json b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/Json/AppsInstanceDelegation/Revoke/app_ttd_am-devtest-instancedelegation/00000000-0000-0000-0000-000000000011/response.json
new file mode 100644
index 00000000..8f821834
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/Json/AppsInstanceDelegation/Revoke/app_ttd_am-devtest-instancedelegation/00000000-0000-0000-0000-000000000011/response.json
@@ -0,0 +1,16 @@
+{
+ "type": "https://tools.ietf.org/html/rfc9110#section-15.5.1",
+ "title": "Bad Request",
+ "status": 400,
+ "detail": "One or more validation errors occurred.",
+ "code": "STD-00000",
+ "validationErrors": [
+ {
+ "code": "AM.VLD-00005",
+ "detail": "There is to many policy files to update. Must delete individual delegations.",
+ "paths": [
+ "InstanceId"
+ ]
+ }
+ ]
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000010/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000010/delegationpolicy.xml
new file mode 100644
index 00000000..248b2d5e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000010/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ CE4BA72B-D111-404F-95B5-313FB3847FA1
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000012/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000012/delegationpolicy.xml
new file mode 100644
index 00000000..18e99382
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000012/delegationpolicy.xml
@@ -0,0 +1,79 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ sign
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000014/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000014/delegationpolicy.xml
new file mode 100644
index 00000000..e2c36dbd
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000014/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000014, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000014, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000014
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000016/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000016/delegationpolicy.xml
new file mode 100644
index 00000000..a1a56017
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000016/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000016, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000016, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000016
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000018/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000018/delegationpolicy.xml
new file mode 100644
index 00000000..75bfb0e0
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000018/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000018, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000018, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000018
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000020/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000020/delegationpolicy.xml
new file mode 100644
index 00000000..6df43440
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000020/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000020, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000020, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000020
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000022/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000022/delegationpolicy.xml
new file mode 100644
index 00000000..3f370d11
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000022/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000022, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000022, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000022
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000024/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000024/delegationpolicy.xml
new file mode 100644
index 00000000..0d01d9fd
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000024/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000024, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000024, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000024
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000026/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000026/delegationpolicy.xml
new file mode 100644
index 00000000..78847ec6
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/000000000026/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:00000000-0000-0000-0001-000000000026, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:b537c953-03c4-4822-b028-c15182adc356 to urn:altinn:organization:uuid:00000000-0000-0000-0001-000000000026, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 00000000-0000-0000-0001-000000000026
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/313FB3847FA1/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/313FB3847FA1/delegationpolicy.xml
new file mode 100644
index 00000000..248b2d5e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/313FB3847FA1/delegationpolicy.xml
@@ -0,0 +1,42 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ CE4BA72B-D111-404F-95B5-313FB3847FA1
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/D90B16D527EA/delegationpolicy.xml b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/D90B16D527EA/delegationpolicy.xml
new file mode 100644
index 00000000..18e99382
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Data/blobs/input/Instance/app_ttd_am-devtest-instancedelegation/000000000011/N/D90B16D527EA/delegationpolicy.xml
@@ -0,0 +1,79 @@
+
+
+ Delegation policy containing all delegated rights/actions from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource; app_ttd_am-devtest-instancedelegation
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ read
+
+
+
+
+
+
+
+ Delegation of a right/action from urn:altinn:organization:uuid:0268b99a-5817-4bbf-9b62-d90b16d527ea to urn:altinn:person:uuid:ce4ba72b-d111-404f-95b5-313fb3847fa1, for the resource: app_ttd_am-devtest-instancedelegation, by: urn:altinn:resource:app_ttd_am-devtest-instancedelegation
+
+
+
+
+ 0268B99A-5817-4BBF-9B62-D90B16D527EA
+
+
+
+
+
+
+
+ app_ttd_am-devtest-instancedelegation
+
+
+
+ task_1
+
+
+
+ 00000000-0000-0000-0000-000000000011
+
+
+
+
+
+
+
+ sign
+
+
+
+
+
+
+
diff --git a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs
index 831581ba..4cb18324 100644
--- a/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs
+++ b/src/apps/Altinn.AccessManagement/test/Altinn.AccessManagement.Tests/Mocks/DelegationMetadataRepositoryMock.cs
@@ -604,6 +604,19 @@ public Task> GetAllLatestInstanceDelegationChange
result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000012")));
result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000010")));
return Task.FromResult(result);
+ case "00000000-0000-0000-0000-000000000011":
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("CE4BA72B-D111-404F-95B5-313FB3847FA1")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("0268B99A-5817-4BBF-9B62-D90B16D527EA")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000012")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000010")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000014")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000016")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000018")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000020")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000022")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000024")));
+ result.Add(CreateInstanceDelegationChange(source, resourceID, instanceID, Guid.Parse("00000000-0000-0000-0001-000000000026")));
+ return Task.FromResult(result);
default:
return Task.FromResult(result);
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru
index 0f60d6f8..93d85432 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/1. DelegateInstanceRights.bru
@@ -82,7 +82,7 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation ReadSign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke post DelegateReadSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru
index 921aa4d7..72eba42f 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/2. GetInstanceRights.bru
@@ -33,7 +33,7 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation ReadSign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke get GetReadSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru
index 864a6549..9b2a6f2a 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/3. RevokeInstanceRead.bru
@@ -64,7 +64,7 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation RevokeRead", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke post RevokeRead", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru
index ebce9fec..49f45ceb 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/4. GetInstanceRights.bru
@@ -33,7 +33,7 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation Sign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke get GetSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru
index 7dec4fa7..7f8c4add 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/5. RevokeInstanceSign.bru
@@ -64,7 +64,7 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation RevokeSign", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke post RevokeSign", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru
index 6ee4543e..5a0c4da2 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateGetRevokeSeries/6. GetInstanceRights.bru
@@ -33,7 +33,7 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation EmptyResponce", function() {
+ test("InstanceDelegation DelegateRightsAndRevoke get GetEmptyResponce", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/1.DelegatePerson1.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
new file mode 100644
index 00000000..1e19977e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 1.DelegatePerson1
+ type: http
+ seq: 1
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person1.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post DelegateReadSignPolicy1", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'Incorect fromId');
+ assert.equal(data.to.value, testdata.person1.partyuuid, 'Incorect toId');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'Incorect sign delegation resorceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/2.DelegatePerson3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
new file mode 100644
index 00000000..9f8f9f6d
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 2.DelegatePerson3
+ type: http
+ seq: 2
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post DelegateReadSignPolicy2", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'Incorect fromId');
+ assert.equal(data.to.value, testdata.person3.partyuuid, 'Incorect toId');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'Incorect sign delegation resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/3.DelegateOrg3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
new file mode 100644
index 00000000..1ab2052a
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 3.DelegateOrg3
+ type: http
+ seq: 3
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post DelegateReadSignPolicy3", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.resourceId, resource, 'Incorect resourceId');
+ expect(data.instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'Incorect fromId');
+ assert.equal(data.to.value, testdata.org3.partyuuid, 'Incorect toId');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'Incorect sign delegation resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/4.GetAllDelegations.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/4.GetAllDelegations.bru
new file mode 100644
index 00000000..dfcca746
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/4.GetAllDelegations.bru
@@ -0,0 +1,119 @@
+meta {
+ name: 4.GetAllDelegations
+ type: http
+ seq: 4
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll get GetAllInstanceDelegationsBeforeRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ let toList = [3];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+
+ assert.equal(data.data.length, toList.length, 'expected result contains not expected count of data');
+
+ for(var i = 0; i < toList.length; i++) {
+ assert.equal(data.data[i].resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.data[i].instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'Incorect fromId');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Delegated', 'Incorect read delegation status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.data[i].rights[1].status, 'Delegated', 'Incorect sign delegation status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'Incorect sign delegation action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'Incorect sign delegation resourceId');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'Incorect sign delegation taskId');
+ }
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/5.RevokeAllDelegationsForInstance.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/5.RevokeAllDelegationsForInstance.bru
new file mode 100644
index 00000000..2f86c6f2
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/5.RevokeAllDelegationsForInstance.bru
@@ -0,0 +1,119 @@
+meta {
+ name: 5.RevokeAllDelegationsForInstance
+ type: http
+ seq: 5
+}
+
+delete {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegationrevoke/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll post RevokeAllDelegationsInstance", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ let toList = [3];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+
+ assert.equal(data.data.length, toList.length, 'expected result contains not expected count of data');
+
+ for(var i = 0; i < toList.length; i++) {
+ assert.equal(data.data[i].resourceId, resource, 'Incorect resourceId');
+ assert.equal(data.data[i].instanceId, testdata.revokeallinstanceid, 'Incorect instanceId');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'Incorect fromId');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Revoked', 'Incorect read delegation status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'Incorect read delegation action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+
+ assert.equal(data.data[i].rights[1].status, 'Revoked', 'Incorect read delegation status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'Incorect read delegation action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'Incorect read delegation resourceId');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'Incorect read delegation taskId');
+ }
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/6.GetAllDelegationsAfterRevoke.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/6.GetAllDelegationsAfterRevoke.bru
new file mode 100644
index 00000000..03eaf142
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/DelegateMultipleRevokeAll/6.GetAllDelegationsAfterRevoke.bru
@@ -0,0 +1,95 @@
+meta {
+ name: 6.GetAllDelegationsAfterRevoke
+ type: http
+ seq: 6
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation DelegateRightsAndRevokeAll get GetEmtyDelegationsAfterRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'Incorect http status');
+
+ assert.equal(data.data.length, 0, 'After revoke no rights should remain');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru
index 45985887..262ee9a6 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateExistingAppNoRightsDelegable.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NoRights", function() {
+ test("InstanceDelegation DelegateDelegaterHasNoRights post InstanceDelegation NoRights", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00004");
- expect(data.validationErrors[0].paths[0]).to.equal("appInstanceDelegationRequest.Resource");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00004', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'appInstanceDelegationRequest.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/1.DelegatePerson1.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
new file mode 100644
index 00000000..8539751b
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/1.DelegatePerson1.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 1.DelegatePerson1
+ type: http
+ seq: 1
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person1.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile01", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.person1.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/10.DelegateOrg10.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/10.DelegateOrg10.bru
new file mode 100644
index 00000000..87c43d56
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/10.DelegateOrg10.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 10.DelegateOrg10
+ type: http
+ seq: 10
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org10.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile10", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org11.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/11.DelegateOrg11.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/11.DelegateOrg11.bru
new file mode 100644
index 00000000..922d445f
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/11.DelegateOrg11.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 11.DelegateOrg11
+ type: http
+ seq: 11
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org11.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile11", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org11.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/12.GetAllDelegations.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/12.GetAllDelegations.bru
new file mode 100644
index 00000000..d8e56e69
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/12.GetAllDelegations.bru
@@ -0,0 +1,128 @@
+meta {
+ name: 12.GetAllDelegations
+ type: http
+ seq: 12
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallbeyondlimitinstanceid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit get GetBeforeDeniedRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ let toList = [11];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+ toList[3] = testdata.org4.partyuuid;
+ toList[4] = testdata.org5.partyuuid;
+ toList[5] = testdata.org6.partyuuid;
+ toList[6] = testdata.org7.partyuuid;
+ toList[7] = testdata.org8.partyuuid;
+ toList[8] = testdata.org9.partyuuid;
+ toList[9] = testdata.org10.partyuuid;
+ toList[10] = testdata.org11.partyuuid;
+
+ for(var i = 0; i < toList.length; i++) {
+
+ assert.equal(data.data[i].resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.data[i].instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ assert.equal(data.data[i].rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ }
+
+
+
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/13.RevokeAllDelegationsForInstance.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/13.RevokeAllDelegationsForInstance.bru
new file mode 100644
index 00000000..91348a9e
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/13.RevokeAllDelegationsForInstance.bru
@@ -0,0 +1,99 @@
+meta {
+ name: 13.RevokeAllDelegationsForInstance
+ type: http
+ seq: 13
+}
+
+delete {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegationrevoke/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit delete RevokeAllDeniedToManyPolicies", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status,400, 'httpstatus is incorect');
+
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
+
+ assert.equal(data.validationErrors[0].code,'AM.VLD-00005', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'InstanceId', 'Incorect path');
+
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/14.GetAllDelegationsAfterRevoke.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/14.GetAllDelegationsAfterRevoke.bru
new file mode 100644
index 00000000..fbd61f71
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/14.GetAllDelegationsAfterRevoke.bru
@@ -0,0 +1,133 @@
+meta {
+ name: 14.GetAllDelegationsAfterRevoke
+ type: http
+ seq: 14
+}
+
+get {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllinstanceId}}
+ body: none
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllinstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit get GetBeforeDeniedRevoke", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.data.length, 11, 'There is less than eqpected delegations')
+
+ let toList = [11];
+ toList[0] = testdata.person1.partyuuid;
+ toList[1] = testdata.person3.partyuuid;
+ toList[2] = testdata.org3.partyuuid;
+ toList[3] = testdata.org4.partyuuid;
+ toList[4] = testdata.org5.partyuuid;
+ toList[5] = testdata.org6.partyuuid;
+ toList[6] = testdata.org7.partyuuid;
+ toList[7] = testdata.org8.partyuuid;
+ toList[8] = testdata.org9.partyuuid;
+ toList[9] = testdata.org10.partyuuid;
+ toList[10] = testdata.org11.partyuuid;
+
+ for(var i = 0; i < 11; i++)
+ {
+
+ assert.equal(data.data[i].resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.data[i].instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.data[i].from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+
+ assert.include(toList, data.data[i].to.value, 'Expect current (to) to be in expected result list');
+
+ assert.equal(data.data[i].rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.data[i].rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.data[i].rights[0].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[0].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ assert.equal(data.data[i].rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.data[i].rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.data[i].rights[1].resource[0].value, resource, 'read right has incorrect resource');
+ assert.equal(data.data[i].rights[1].resource[1].value, 'task_1', 'read right has incorrect task');
+
+ }
+
+
+
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/2.DelegatePerson3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
new file mode 100644
index 00000000..bc1c8e28
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/2.DelegatePerson3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 2.DelegatePerson3
+ type: http
+ seq: 2
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.person3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile02", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.person3.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg3.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
new file mode 100644
index 00000000..0deecaa4
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg3.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 3.DelegateOrg3
+ type: http
+ seq: 3
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org3.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile03", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org3.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg4.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg4.bru
new file mode 100644
index 00000000..b373c5de
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/3.DelegateOrg4.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 3.DelegateOrg4
+ type: http
+ seq: 4
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org4.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile04", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org4.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/5.DelegateOrg5.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/5.DelegateOrg5.bru
new file mode 100644
index 00000000..0b902d86
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/5.DelegateOrg5.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 5.DelegateOrg5
+ type: http
+ seq: 5
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org5.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile05", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org5.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/6.DelegateOrg6.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/6.DelegateOrg6.bru
new file mode 100644
index 00000000..5d91c6dd
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/6.DelegateOrg6.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 6.DelegateOrg6
+ type: http
+ seq: 6
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org6.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile06", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org6.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/7.DelegateOrg7.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/7.DelegateOrg7.bru
new file mode 100644
index 00000000..b6364db0
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/7.DelegateOrg7.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 7.DelegateOrg7
+ type: http
+ seq: 7
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org7.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile07", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org7.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/8.DelegateOrg8.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/8.DelegateOrg8.bru
new file mode 100644
index 00000000..faddd855
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/8.DelegateOrg8.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 8.DelegateOrg8
+ type: http
+ seq: 8
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org8.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile08", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org8.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/9.DelegateOrg9.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/9.DelegateOrg9.bru
new file mode 100644
index 00000000..8f75c427
--- /dev/null
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateMultipleRevokeAll/9.DelegateOrg9.bru
@@ -0,0 +1,109 @@
+meta {
+ name: 9.DelegateOrg9
+ type: http
+ seq: 9
+}
+
+post {
+ url: {{baseUrl}}/accessmanagement/api/v1/app/delegations/resource/{{resourceId}}/instance/{{revokeAllBeyondLimitInstanceId}}
+ body: json
+ auth: none
+}
+
+headers {
+ PlatformAccessToken: {{platformAccessToken}}
+}
+
+body:json {
+ {
+ "from": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{fromUuid}}"
+ },
+ "to": {
+ "type": "urn:altinn:party:uuid",
+ "value": "{{toUuid}}"
+ },
+ "rights": [
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "read"
+ }
+ },
+ {
+ "resource": [
+ {
+ "type": "urn:altinn:resource",
+ "value": "{{resourceId}}"
+ },
+ {
+ "type": "urn:altinn:task",
+ "value": "task_1"
+ }
+ ],
+ "action": {
+ "type": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+ "value": "sign"
+ }
+ }
+ ]
+ }
+}
+
+script:pre-request {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ bru.setVar("resourceId", resource);
+ bru.setVar("revokeAllBeyondLimitInstanceId", testdata.revokeallbeyondlimitinstanceid);
+ bru.setVar("fromUuid", testdata.org1.partyuuid);
+ bru.setVar("toUuid", testdata.org9.partyuuid);
+
+ var getTokenParameters = {
+ auth_org: sharedtestdata.serviceOwners.ttd.org,
+ auth_app: testdata.app,
+ auth_tokenType: sharedtestdata.authTokenType.platformAccess
+ };
+
+ const token = await testTokenGenerator.getToken(getTokenParameters);
+ bru.setVar("platformAccessToken", token);
+}
+
+tests {
+ test("InstanceDelegation RevokeMoreThanLimit post DelegatePolicyFile09", function() {
+ const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
+ const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
+ const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
+
+ const data = res.getBody();
+ assert.equal(res.status, 200, 'httpstatus is incorect');
+
+ assert.equal(data.resourceId, resource, 'ResourceId is incorect');
+ assert.equal(data.instanceId, testdata.revokeallbeyondlimitinstanceid, 'InstanceId is incorect');
+
+ assert.equal(data.from.value, testdata.org1.partyuuid, 'FromId is inncorect');
+ assert.equal(data.to.value, testdata.org9.partyuuid, 'ToId is inncorect');
+
+ assert.equal(data.rights[0].status, 'Delegated', 'read right has incorrect status');
+ assert.equal(data.rights[0].action.value, 'read', 'read right has incorrect action');
+ assert.equal(data.rights[0].resource[0].value, resource, 'read right has incorrect resourceId');
+ assert.equal(data.rights[0].resource[1].value, 'task_1', 'read right has incorrect taskId');
+
+ assert.equal(data.rights[1].status, 'Delegated', 'sign right has incorrect status');
+ assert.equal(data.rights[1].action.value, 'sign', 'sign right has incorrect action');
+ assert.equal(data.rights[1].resource[0].value, resource, 'sign right has incorrect resourceId');
+ assert.equal(data.rights[1].resource[1].value, 'task_1', 'sign right has incorrect taskId');
+ });
+}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru
index cb1ec2ca..75283440 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateNonExistingResource.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NoResource", function() {
+ test("InstanceDelegation DelegateNonExistingResource post DelegateNoResource", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_NonExistingApp";
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status,400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status,400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00002");
- expect(data.validationErrors[0].paths[0]).to.equal("appInstanceDelegationRequest.Resource");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00002', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'appInstanceDelegationRequest.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru
index 096f697a..89333ee0 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongFrom.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NotExistFrom", function() {
+ test("InstanceDelegation DelegateNonExistingFrom post NotExistFrom", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00001");
- expect(data.validationErrors[0].paths[0]).to.equal("From");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00001', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'From', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru
index 57437365..84ab0a2a 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/DelegateWrongTo.bru
@@ -82,18 +82,17 @@ script:pre-request {
}
tests {
- test("post InstanceDelegation NotExistTo", function() {
+ test("InstanceDelegation DelegateNonExistingTo post NotExistTo", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + testdata.app;
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00001");
- expect(data.validationErrors[0].paths[0]).to.equal("To");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00001', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'To', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru
index d3567897..6c77bec3 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNoRightsToDelegate.bru
@@ -35,18 +35,17 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation NoRihts", function() {
+ test("InstanceDelegation DelegateNonExistingRights get InstanceDelegation NoRights", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + "ttd/authz-bruno-testapp1";
const data = res.getBody();
- expect(res.status).to.equal(400);
+ expect(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ expect(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00004");
- expect(data.validationErrors[0].paths[0]).to.equal("request.Resource");
-
+ expect(data.validationErrors[0].code,'AM.VLD-00004', 'Incorect error code');
+ expect(data.validationErrors[0].paths[0], 'request.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru
index fb058647..eba3185f 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Automatic Test Collection/AppsInstanceDelegation/NegativeTests/GetInstanceDelegationNonExistingResource.bru
@@ -35,18 +35,17 @@ script:pre-request {
}
tests {
- test("get InstanceDelegation NoResource", function() {
+ test("InstanceDelegation GetNonExistingResource get NoResource", function() {
const sharedtestdata = require(`./Testdata/sharedtestdata.json`);
const testdata = require(`./Testdata/instance-delegation/${bru.getEnvVar("tokenEnv")}.json`);
const resource = "app_" + sharedtestdata.serviceOwners.ttd.org + "_" + "authz-bruno-testapp1";
const data = res.getBody();
- expect(res.status).to.equal(400);
+ assert.equal(res.status, 400, 'httpstatus is incorect');
- expect(data.status).to.equal(400);
+ assert.equal(data.status, 400, 'error response httpstatus is incorect');
- expect(data.validationErrors[0].code).to.equal("AM.VLD-00002");
- expect(data.validationErrors[0].paths[0]).to.equal("request.Resource");
-
+ assert.equal(data.validationErrors[0].code, 'AM.VLD-00002', 'Incorect error code');
+ assert.equal(data.validationErrors[0].paths[0], 'request.Resource', 'Incorect path');
});
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json
index 9702ccb7..093d217f 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/at22.json
@@ -2,6 +2,8 @@
"env": "at22",
"app": "authz-bruno-instancedelegation",
"instanceid": "1cc971b6-c518-43ab-9345-21daab7e919e",
+ "revokeallinstanceid": "1646867c-2394-4575-aad3-0507efabe436",
+ "revokeallbeyondlimitinstanceid": "d80b8481-0dfa-4125-ac0b-e33565b5cd74",
"org1": {
"orgno": "310438707",
"partyid": 51350052,
@@ -18,6 +20,42 @@
"orgno": "405002701",
"partyuuid": "60610979-39fe-4997-90da-03069736d75d"
},
+ "org3": {
+ "orgno": "310001406",
+ "partyuuid": "56972f80-d3c1-4461-9cc6-357e98383e55"
+ },
+ "org4": {
+ "orgno": "310014540",
+ "partyuuid": "ede969ef-ca7b-4827-8d56-f1952f89bcda"
+ },
+ "org5": {
+ "orgno": "310014559",
+ "partyuuid": "3324b237-c91f-4f1b-8087-eff11501435f"
+ },
+ "org6": {
+ "orgno": "310014575",
+ "partyuuid": "408d803b-a541-48bf-8867-0b4cd5b5defb"
+ },
+ "org7": {
+ "orgno": "310014613",
+ "partyuuid": "d67a7e17-42cb-488c-8747-ff7a983f064a"
+ },
+ "org8": {
+ "orgno": "310014664",
+ "partyuuid": "3595c0ad-8963-42f0-9d21-5f3ddf9126a3"
+ },
+ "org9": {
+ "orgno": "310014702",
+ "partyuuid": "553700bd-5710-4321-b01e-6612c4446d6a"
+ },
+ "org10": {
+ "orgno": "310014745",
+ "partyuuid": "b9aac0ba-d6e9-4881-8375-a68e1dbe61f6"
+ },
+ "org11": {
+ "orgno": "310014796",
+ "partyuuid": "489c7896-1a96-4389-ba37-400dee571b68"
+ },
"person1": {
"pid": "23862849957",
"userid": 20002641,
@@ -28,5 +66,9 @@
"person2": {
"pid": "29907329133",
"partyuuid": "b35ba3e9-6c73-410c-abd8-4e0205837f88"
+ },
+ "person3": {
+ "pid": "08817498451",
+ "partyuuid": "a80aeedd-cfec-44f2-9761-91409d399900"
}
}
diff --git a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json
index 7345aabb..ffd7ffd5 100644
--- a/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json
+++ b/src/apps/Altinn.AccessManagement/test/Bruno/Altinn.AccessManagement/Testdata/instance-delegation/tt02.json
@@ -2,6 +2,7 @@
"env": "tt02",
"app": "authz-bruno-instancedelegation",
"instanceid": "1cc971b6-c518-43ab-9345-21daab7e919e",
+ "revokeallinstanceid": "1646867c-2394-4575-aad3-0507efabe436",
"org1": {
"orgno": "310438707",
"partyid": 51563583,
@@ -18,6 +19,42 @@
"orgno": "405002701",
"partyuuid": "60610979-39fe-4997-90da-03069736d75d"
},
+ "org3": {
+ "orgno": "310001406",
+ "partyuuid": "22d673ed-0703-4eac-8790-fa8601361a35"
+ },
+ "org4": {
+ "orgno": "310014540",
+ "partyuuid": "ee5774c6-f2ee-407f-8685-a8ebbb27768c"
+ },
+ "org5": {
+ "orgno": "310014559",
+ "partyuuid": "412fd60c-80ae-43e1-b4e8-3c4eb572567b"
+ },
+ "org6": {
+ "orgno": "310014575",
+ "partyuuid": "2b59ce5b-e677-4110-94a1-9f65b15e3588"
+ },
+ "org7": {
+ "orgno": "310014613",
+ "partyuuid": "c4ba72b3-502e-4b49-9ca1-4ce5f6f767ef"
+ },
+ "org8": {
+ "orgno": "310014664",
+ "partyuuid": "ae45d226-4499-4ee0-8720-b8e390ffe74c"
+ },
+ "org9": {
+ "orgno": "310014702",
+ "partyuuid": "b9d146d4-e187-4074-8bd2-94d0e243e945"
+ },
+ "org10": {
+ "orgno": "310014745",
+ "partyuuid": "822a516c-1d38-4392-8369-cd6e86c764d1"
+ },
+ "org11": {
+ "orgno": "310014796",
+ "partyuuid": "12512dd4-82a7-4ddd-b202-b0bd3d9dcb2e"
+ },
"person1": {
"pid": "23862849957",
"userid": 91561,
@@ -28,5 +65,9 @@
"person2": {
"pid": "29917329042",
"partyuuid": "b35ba3e9-6c73-410c-abd8-4e0205837f88"
+ },
+ "person3": {
+ "pid": "08817498451",
+ "partyuuid": "dadb268b-f4a0-4ba2-8900-a8420b8f2bf8"
}
}