Commit 02fd8276 authored by Pelayo Torres's avatar Pelayo Torres
Browse files

Merge branch 'OCF123-interfacedetails-from-security-service' into 'staging' 

Resolve "interfaceDetails from security Service"

Closes #123

See merge request !109
parents 52c277d6 ab9c78b3

services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py

+59 −5
Original line number Diff line number Diff line
@@ -155,7 +155,31 @@ class SecurityOperations(Resource): 


            for service_instance in service_security.security_info:

                if service_instance.interface_details is not None:

                    security_methods = service_instance.interface_details.security_methods



                    # We look for if the passed interface exists for the given apiId

                    capif_service_col = self.db.get_col_by_name(

                        self.db.capif_service_col)

                    

                    aef_profile = capif_service_col.find_one(

                        {"api_id": service_instance.api_id, 

                         "aef_profiles.interface_descriptions":{

                            "$elemMatch": service_instance.interface_details.to_dict()

                        }

                        }, 

                        {"aef_profiles.interface_descriptions.$": 1, "_id": 0})

                    

                    current_app.logger.debug("Aef profile: " + str(aef_profile))



                    if aef_profile is None:

                        current_app.logger.error(

                            "Not found service with this interface description: " + json.dumps(clean_empty(service_instance.interface_details.to_dict())))

                        return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service")



                    # We obtain the interface security methods

                    security_methods = aef_profile["aef_profiles"][0]["interface_descriptions"][0]["security_methods"]



                    current_app.logger.debug("Interface security methods: " + str(security_methods))



                    pref_security_methods = service_instance.pref_security_methods

                    valid_security_method = set(

                        security_methods) & set(pref_security_methods)
@@ -333,12 +357,35 @@ class SecurityOperations(Resource): 
            update_acls=list()

            for service_instance in service_security.security_info:

                if service_instance.interface_details is not None:

                    security_methods = service_instance.interface_details.security_methods



                     # We look for if the passed interface exists for the given apiId

                    capif_service_col = self.db.get_col_by_name(

                        self.db.capif_service_col)

                    

                    aef_profile = capif_service_col.find_one(

                        {"api_id": service_instance.api_id, 

                         "aef_profiles.interface_descriptions":{

                            "$elemMatch": service_instance.interface_details.to_dict()

                        }

                        }, 

                        {"aef_profiles.interface_descriptions.$": 1, "_id": 0})

                    

                    current_app.logger.debug("Aef profile: " + str(aef_profile))



                    if aef_profile is None:

                        current_app.logger.error(

                            "Not found service with this interface description: " + json.dumps(clean_empty(service_instance.interface_details.to_dict())))

                        return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service")



                    # We obtain the interface security methods

                    security_methods = aef_profile["aef_profiles"][0]["interface_descriptions"][0]["security_methods"]



                    current_app.logger.debug("Interface security methods: " + str(security_methods))



                    pref_security_methods = service_instance.pref_security_methods

                    valid_security_method = set(

                        security_methods) & set(pref_security_methods)

                    service_instance.sel_security_method = list(

                        valid_security_method)[0]



                else:

                    capif_service_col = self.db.get_col_by_name(

                        self.db.capif_service_col)
@@ -355,6 +402,13 @@ class SecurityOperations(Resource): 
                                              for security_method in array_methods["security_methods"]]

                    valid_security_method = set(

                        valid_security_methods) & set(pref_security_methods)

                    

                    

                if len(list(valid_security_method)) == 0:

                    current_app.logger.error(

                        "Not found comptaible security method with pref security method")

                    return bad_request_error(detail="Not found compatible security method with pref security method", cause="Error pref security method", invalid_params=[{"param": "prefSecurityMethods", "reason": "pref security method not compatible with security method available"}])

                

                service_instance.sel_security_method = list(

                        valid_security_method)[0]

                update_acls.append({"api_id": service_instance.api_id, "aef_id": service_instance.aef_id})

tests/features/CAPIF Security Api/capif_security_api.robot

+233 −39
Original line number Diff line number Diff line
@@ -14,6 +14,7 @@ Test Teardown Reset Testing Environment 
${APF_ID_NOT_VALID}             apf-example

${SERVICE_API_ID_NOT_VALID}     not-valid

${API_INVOKER_NOT_VALID}        not-valid

${AEF_ID_NOT_VALID}             not-valid





*** Test Cases ***
@@ -22,8 +23,22 @@ Create a security context for an API invoker 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -41,10 +56,21 @@ Create a security context for an API invoker with Provider role 
    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    # Register Provider

    ${register_user_info_publisher}=    Provider Default Registration

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -62,10 +88,21 @@ Create a security context for an API invoker with Provider role 
Create a security context for an API invoker with Provider entity role and invalid apiInvokerId

    [Tags]    capif_security_api-3

    # Register APF

    ${register_user_info_publisher}=    Provider Default Registration

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}

    ...    json=${request_body}
@@ -85,7 +122,22 @@ Create a security context for an API invoker with Invalid apiInvokerID 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register APF

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}

    ...    json=${request_body}
@@ -105,7 +157,24 @@ Retrieve the Security Context of an API Invoker 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ...    authentication_info=authenticationInfo

    ...    authorization_info=authorizationInfo

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -118,9 +187,6 @@ Retrieve the Security Context of an API Invoker 


    ${service_security_context}=    Set Variable    ${resp.json()}



    # Register APF

    ${register_user_info_publisher}=    Provider Default Registration



    # Retrieve Security context can setup by parameters if authenticationInfo and authorizationInfo are needed at response.

    # ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}?authenticationInfo=true&authorizationInfo=true

    ${resp}=    Get Request Capif
@@ -161,7 +227,22 @@ Retrieve the Security Context of an API Invoker with invalid apfId 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -190,7 +271,22 @@ Delete the Security Context of an API Invoker 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -200,9 +296,6 @@ Delete the Security Context of an API Invoker 


    Check Response Variable Type And Values    ${resp}    201    ServiceSecurity



    # Register APF

    ${register_user_info_publisher}=    Provider Default Registration



    # Remove Security Context

    ${resp}=    Delete Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}
@@ -230,7 +323,22 @@ Delete the Security Context of an API Invoker with Invoker entity role 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -295,9 +403,22 @@ Update the Security Context of an API Invoker 
    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    # Register Provider

    ${register_user_info_publisher}=    Provider Default Registration

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -312,7 +433,12 @@ Update the Security Context of an API Invoker 
    ${security_context}=    Set Variable    ${resp.json()}



    # Update Security Context

    ${request_body}=    Create Service Security Body    http://robot.testing2

    ${request_body}=    Create Service Security Default Body

    ...    http://robot.testing2

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ...    authentication_info=authenticationInfo

    ...    authorization_info=authorizationInfo

    ${resp}=    Post Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}/update

    ...    json=${request_body}
@@ -341,7 +467,22 @@ Update the Security Context of an API Invoker with Provider entity role 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -351,9 +492,6 @@ Update the Security Context of an API Invoker with Provider entity role 


    Check Response Variable Type And Values    ${resp}    201    ServiceSecurity



    # Register Provider

    ${register_user_info_publisher}=    Provider Default Registration



    ${resp}=    Post Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}/update

    ...    json=${request_body}
@@ -371,9 +509,21 @@ Update the Security Context of an API Invoker with Provider entity role 
Update the Security Context of an API Invoker with AEF entity role and invalid apiInvokerId

    [Tags]    capif_security_api-14

    # Register Provider

    ${register_user_info_publisher}=    Provider Default Registration

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Post Request Capif

    ...    /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}/update

    ...    json=${request_body}
@@ -392,7 +542,22 @@ Update the Security Context of an API Invoker with invalid apiInvokerID 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ${resp}=    Post Request Capif

    ...    /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}/update

    ...    json=${request_body}
@@ -478,7 +643,24 @@ Revoke the authorization of the API invoker for APIs without valid apfID. 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ...    authorization_info=authorizationInfo

    ...    authentication_info=authenticationInfo

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -490,9 +672,6 @@ Revoke the authorization of the API invoker for APIs without valid apfID. 


    ${security_context}=    Set Variable    ${resp.json()}



    # Register Provider

    ${register_user_info_publisher}=    Provider Default Registration



    # Revoke Security Context by Invoker

    ${request_body}=    Create Security Notification Body    ${register_user_info_invoker['api_invoker_id']}    1234

    ${resp}=    Post Request Capif
@@ -528,7 +707,25 @@ Revoke the authorization of the API invoker for APIs with invalid apiInvokerId 
    # Default Invoker Registration and Onboarding

    ${register_user_info_invoker}    ${url}    ${request_body}=    Invoker Default Onboarding



    ${request_body}=    Create Service Security Body    ${NOTIFICATION_DESTINATION_URL}

    # Register Provider

    ${register_user_info_provider}=    Provider Default Registration



    # Publish Service API

    ${service_api_description_published_1}    ${resource_url}    ${request_body}=    Publish Service Api

    ...    ${register_user_info_provider}

    ...    service_1



    # Store apiId1

    ${service_api_id_1}=    Set Variable    ${service_api_description_published_1['apiId']}



    # Create Security Context

    ${request_body}=    Create Service Security Default Body

    ...    ${NOTIFICATION_DESTINATION_URL}

    ...    aef_id=${register_user_info_provider['aef_id']}

    ...    api_id=${service_api_id_1}

    ...    authentication_info=authenticationInfo

    ...    authorization_info=authorizationInfo

    ...    authorization_info=authorizationInfo

    ${resp}=    Put Request Capif

    ...    /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}

    ...    json=${request_body}
@@ -540,9 +737,6 @@ Revoke the authorization of the API invoker for APIs with invalid apiInvokerId 


    ${security_context}=    Set Variable    ${resp.json()}



    # Register Provider

    ${register_user_info_publisher}=    Provider Default Registration



    ${request_body}=    Create Security Notification Body    ${API_INVOKER_NOT_VALID}    1234

    ${resp}=    Post Request Capif

    ...    /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}/delete

tests/libraries/security_api/bodyRequests.py

+96 −8

File changed.

Preview size limit exceeded, changes collapsed.