@authorization @authorize Feature: Authorization
As the configuration service
I want to enforce authorization policies
In order to regulate client actions
Scenario: Allowed consumption
Given the specified configuration exists
And I am allowed to request configuration
When I request configuration data
Then I should be allowed to request configurations
Scenario: Denied consumption
Given I am not allowed to request configuration
When I request configuration data
Then I should be notified that my request is 'not authorized'
Scenario: Allowed publication
Given I am allowed to publish configurations
When I request publication of the configuration data
Then I should be allowed to publish configurations
Scenario: Denied publication
Given I am not allowed to publish configurations
When I request publication of the configuration data
Then I should be notified that my request is 'not authorized'
Scenario: Allowed to create credentials for consuming configuration
Given the specified configuration exists
And I am allowed to authorize consumption of configuration
When I authorize consumption of the configuration
Then I receive credentials that allow consumption of the configuration
Scenario: Allowed to create credentials for consuming referenced configurations
Given existing configuration data containing references
And the referenced configuration exists
And I am allowed to authorize consumption of configuration
When I authorize consumption of the configuration
Then I receive credentials that allow consumption of the referenced configurations
Scenario: Token-less request
Given I do not have a token
When I request configuration data
Then I should be notified that my request is 'not authorized'