Loading services/helper/helper_service/services/visibility_control/openapi/openapi.yaml +10 −4 Original line number Diff line number Diff line Loading @@ -9,11 +9,17 @@ info: - Provider selector is mandatory in rules and must contain at least one selector field (createdByUser is mandatory). title: OpenCAPIF Visibility Control version: 1.0.0 # servers: # - description: Production # url: https://capif.example.com/access-control # - description: Sandbox # url: https://sandbox.capif.example.com/access-control servers: - description: Production url: https://capif.example.com/access-control - description: Sandbox url: https://sandbox.capif.example.com/access-control - url: "{apiRoot}/visibility-control" variables: apiRoot: default: http://localhost:8080 description: Base URL of the Helper service. tags: - description: Manage visibility rules name: Rules Loading services/nginx/nginx.conf +11 −10 Original line number Diff line number Diff line Loading @@ -14,7 +14,7 @@ http { } map "$request_method:$uri:$ssl_client_s_dn_cn" $helper_error_message { default 'SUCCESS'; "~*(GET|DELETE):.*:(?!(superadmin))(.*)" '{"status":401, "title":"Unauthorized" ,"detail":"Role not authorized for this API route", "cause":"User role must be superadmin"}'; "~*(GET|DELETE|POST):.*:(?!(superadmin))(.*)" '{"status":401, "title":"Unauthorized" ,"detail":"Role not authorized for this API route", "cause":"User role must be superadmin"}'; } map "$request_method:$uri:$ssl_client_s_dn_cn" $invoker_error_message { default 'SUCCESS'; Loading Loading @@ -177,18 +177,19 @@ http { add_header Content-Type 'application/problem+json'; return 401 $helper_error_message; } proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-SSL-Client-Cert $ssl_client_cert; proxy_pass http://helper:8080/; } location /visibility-control/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://helper:8080/visibility-control/; } # location /visibility-control/ { # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://helper:8080/visibility-control/; # } } } Loading tests/features/Helper/visibility_control.robot 0 → 100644 +96 −0 Original line number Diff line number Diff line *** Settings *** Resource /opt/robot-tests/tests/resources/common.resource Library /opt/robot-tests/tests/libraries/bodyRequests.py Library XML Library String Resource /opt/robot-tests/tests/resources/common/basicRequests.robot Resource ../../resources/common.resource Resource ../../resources/common/basicRequests.robot Suite Teardown Reset Testing Environment Test Setup Reset Testing Environment Test Teardown Reset Testing Environment *** Variables *** ${API_INVOKER_NOT_REGISTERED} not-valid ${SUBSCRIBER_ID_NOT_VALID} not-valid ${SUBSCRIPTION_ID_NOT_VALID} not-valid *** Test Cases *** Get Visibility Control Rules as Superadmin [Tags] visibility_control_1 ${resp}= Get Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Length Should Be ${resp.json()['rules']} 0 Create Visibility Control Rule Invalid Dates as Superadmin [Tags] visibility_control_2 ${body}= Create Visibility Control Rule Body Invalid Dates ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} Status Should Be ${resp} 400 Create Visibility Control Rule [Tags] visibility_control_3 ${body}= Create Visibility Control Rule Body ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} ${rule_id}= Set Variable ${resp.json()['ruleId']} ${resp}= Get Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Length Should Be ${resp.json()['rules']} 1 ${resp}= Delete Request Capif ... /helper/visibility-control/rules/${rule_id} ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ${resp}= Get Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Length Should Be ${resp.json()['rules']} 0 Create Visibility Control Rule by Provider [Tags] visibility_control_4 ${register_user_info}= Provider Default Registration ${body}= Create Visibility Control Rule Body ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${AMF_PROVIDER_USERNAME} ... json=${body} tests/libraries/bodyRequests.py +1 −0 Original line number Diff line number Diff line Loading @@ -7,3 +7,4 @@ from security_api.bodyRequests import * from api_provider_management.bodyRequests import * from vendor_extensibility.bodyRequests import * from vault_requests.bodyRequests import * from helper_service.bodyRequests import * tests/libraries/helper_service/bodyRequests.py 0 → 100644 +28 −0 Original line number Diff line number Diff line def create_visibility_control_rule_body_invalid_dates(): return { "default_access": "ALLOW", "enabled": True, "startsAt": "2026-01-23T12:00:00Z", "endsAt": "2025-01-23T08:00:00Z", "providerSelector": { "apiName": ["api-test-error"], "createdByUser": "claudia" } } def create_visibility_control_rule_body(): return { "default_access": "ALLOW", "enabled": True, "invokerExceptions": { "apiInvokerId": ["invk-X77"] }, "providerSelector": { "aefId": ["aef-002"], "apiId": ["apiId-999"], "apiName": ["api-test-cli"], "apiProviderId": ["capif-prov-01"], "createdByUser": "claudia" } } Loading
services/helper/helper_service/services/visibility_control/openapi/openapi.yaml +10 −4 Original line number Diff line number Diff line Loading @@ -9,11 +9,17 @@ info: - Provider selector is mandatory in rules and must contain at least one selector field (createdByUser is mandatory). title: OpenCAPIF Visibility Control version: 1.0.0 # servers: # - description: Production # url: https://capif.example.com/access-control # - description: Sandbox # url: https://sandbox.capif.example.com/access-control servers: - description: Production url: https://capif.example.com/access-control - description: Sandbox url: https://sandbox.capif.example.com/access-control - url: "{apiRoot}/visibility-control" variables: apiRoot: default: http://localhost:8080 description: Base URL of the Helper service. tags: - description: Manage visibility rules name: Rules Loading
services/nginx/nginx.conf +11 −10 Original line number Diff line number Diff line Loading @@ -14,7 +14,7 @@ http { } map "$request_method:$uri:$ssl_client_s_dn_cn" $helper_error_message { default 'SUCCESS'; "~*(GET|DELETE):.*:(?!(superadmin))(.*)" '{"status":401, "title":"Unauthorized" ,"detail":"Role not authorized for this API route", "cause":"User role must be superadmin"}'; "~*(GET|DELETE|POST):.*:(?!(superadmin))(.*)" '{"status":401, "title":"Unauthorized" ,"detail":"Role not authorized for this API route", "cause":"User role must be superadmin"}'; } map "$request_method:$uri:$ssl_client_s_dn_cn" $invoker_error_message { default 'SUCCESS'; Loading Loading @@ -177,18 +177,19 @@ http { add_header Content-Type 'application/problem+json'; return 401 $helper_error_message; } proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-SSL-Client-Cert $ssl_client_cert; proxy_pass http://helper:8080/; } location /visibility-control/ { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://helper:8080/visibility-control/; } # location /visibility-control/ { # proxy_set_header Host $host; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_pass http://helper:8080/visibility-control/; # } } } Loading
tests/features/Helper/visibility_control.robot 0 → 100644 +96 −0 Original line number Diff line number Diff line *** Settings *** Resource /opt/robot-tests/tests/resources/common.resource Library /opt/robot-tests/tests/libraries/bodyRequests.py Library XML Library String Resource /opt/robot-tests/tests/resources/common/basicRequests.robot Resource ../../resources/common.resource Resource ../../resources/common/basicRequests.robot Suite Teardown Reset Testing Environment Test Setup Reset Testing Environment Test Teardown Reset Testing Environment *** Variables *** ${API_INVOKER_NOT_REGISTERED} not-valid ${SUBSCRIBER_ID_NOT_VALID} not-valid ${SUBSCRIPTION_ID_NOT_VALID} not-valid *** Test Cases *** Get Visibility Control Rules as Superadmin [Tags] visibility_control_1 ${resp}= Get Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Length Should Be ${resp.json()['rules']} 0 Create Visibility Control Rule Invalid Dates as Superadmin [Tags] visibility_control_2 ${body}= Create Visibility Control Rule Body Invalid Dates ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} Status Should Be ${resp} 400 Create Visibility Control Rule [Tags] visibility_control_3 ${body}= Create Visibility Control Rule Body ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} ${rule_id}= Set Variable ${resp.json()['ruleId']} ${resp}= Get Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Length Should Be ${resp.json()['rules']} 1 ${resp}= Delete Request Capif ... /helper/visibility-control/rules/${rule_id} ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ${resp}= Get Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Length Should Be ${resp.json()['rules']} 0 Create Visibility Control Rule by Provider [Tags] visibility_control_4 ${register_user_info}= Provider Default Registration ${body}= Create Visibility Control Rule Body ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${AMF_PROVIDER_USERNAME} ... json=${body}
tests/libraries/bodyRequests.py +1 −0 Original line number Diff line number Diff line Loading @@ -7,3 +7,4 @@ from security_api.bodyRequests import * from api_provider_management.bodyRequests import * from vendor_extensibility.bodyRequests import * from vault_requests.bodyRequests import * from helper_service.bodyRequests import *
tests/libraries/helper_service/bodyRequests.py 0 → 100644 +28 −0 Original line number Diff line number Diff line def create_visibility_control_rule_body_invalid_dates(): return { "default_access": "ALLOW", "enabled": True, "startsAt": "2026-01-23T12:00:00Z", "endsAt": "2025-01-23T08:00:00Z", "providerSelector": { "apiName": ["api-test-error"], "createdByUser": "claudia" } } def create_visibility_control_rule_body(): return { "default_access": "ALLOW", "enabled": True, "invokerExceptions": { "apiInvokerId": ["invk-X77"] }, "providerSelector": { "aefId": ["aef-002"], "apiId": ["apiId-999"], "apiName": ["api-test-cli"], "apiProviderId": ["capif-prov-01"], "createdByUser": "claudia" } }
