Loading tests/features/Helper/Visibility Control Api/visibility_control.robot +165 −0 Original line number Diff line number Diff line Loading @@ -283,3 +283,168 @@ Create and Get Specific Visibility Control Rule # After deletion, the server must return 404 Not Found. # This is the correct way to confirm the resource is gone. Status Should Be 404 ${resp} # ==================== DECISION ENDPOINT TESTS ==================== Decision Endpoint Without Active Rules Returns All APIs [Tags] visibility_control-9 [Documentation] Test that without any active rules, the decision endpoint returns ALL APIs (default ALLOW) # 1. Create a request with test API ${test_api}= Create Test Api Description api_id=api-001 api_name=test-api @{apis}= Create List ${test_api} ${body}= Create Discovery Decision Request apis=${apis} # 2. Call decision endpoint (no rules exist) # Note: Endpoint is called by internal services (Discovery Service), using superadmin credentials for testing ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/test-invoker-001/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} # 3. Verify response: should return all APIs (default ALLOW) Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 1 Should Be Equal As Strings ${resp.json()['serviceAPIDescriptions'][0]['apiId']} api-001 Decision Endpoint With Empty API List [Tags] visibility_control-10 [Documentation] Test decision endpoint with empty API list # 1. Create request with empty APIs @{apis}= Create List ${body}= Create Discovery Decision Request apis=${apis} # 2. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/test-invoker-002/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} # 3. Verify response: should return empty list Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 0 Decision Endpoint With Multiple APIs Without Rules [Tags] visibility_control-11 [Documentation] Test that multiple APIs are returned when no rules exist (default ALLOW) # 1. Create multiple test APIs ${api_1}= Create Test Api Description api_id=api-001 api_name=api-alpha ${api_2}= Create Test Api Description api_id=api-002 api_name=api-beta provider_name=capif-prov-02 ${api_3}= Create Test Api Description api_id=api-003 api_name=api-gamma provider_name=capif-prov-03 @{apis}= Create List ${api_1} ${api_2} ${api_3} ${body}= Create Discovery Decision Request apis=${apis} # 2. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/test-invoker-003/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} # 3. Verify all APIs returned (default ALLOW without rules) Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 3 Decision Endpoint With DENY Rule Filtering APIs [Tags] visibility_control-12 [Documentation] Test that DENY rules filter out specific APIs # 1. Use a test invoker ID ${invoker_id}= Set Variable test-invoker-allow-rule # 2. Create a DENY rule for specific API ${rule_body}= Create Visibility Control Rule Deny Specific Api ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${rule_body} Status Should Be 201 ${resp} ${rule_id}= Set Variable ${resp.json()['ruleId']} # 3. Create test APIs: one that should be denied, others allowed ${api_test}= Create Test Api Description api_id=test-api-001 api_name=test-api provider_name=capif-prov-01 ${api_other}= Create Test Api Description api_id=other-api-001 api_name=other-api provider_name=capif-prov-02 @{apis}= Create List ${api_test} ${api_other} ${decision_body}= Create Discovery Decision Request apis=${apis} # 4. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/${invoker_id}/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${decision_body} # 5. Verify: test-api should be filtered out (DENY), other-api should be returned Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 1 Should Be Equal As Strings ${resp.json()['serviceAPIDescriptions'][0]['apiName']} other-api # 6. Cleanup ${resp}= Delete Request Capif ... /helper/visibility-control/rules/${rule_id} ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Decision Endpoint With ALLOW Rule And Provider Selector [Tags] visibility_control-13 [Documentation] Test that ALLOW rules correctly filter APIs based on provider selectors # 1. Use a test invoker ID ${invoker_id}= Set Variable test-invoker-provider-filter # 2. Create an ALLOW rule specific to a provider ${rule_body}= Create Visibility Control Rule Allow Specific Api ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${rule_body} Status Should Be 201 ${resp} ${rule_id}= Set Variable ${resp.json()['ruleId']} # 3. Create test APIs: matching and non-matching provider/api ${api_allowed}= Create Test Api Description api_id=test-api-001 api_name=test-api provider_name=capif-prov-01 ${api_blocked}= Create Test Api Description api_id=other-api-001 api_name=other-api provider_name=capif-prov-02 @{apis}= Create List ${api_allowed} ${api_blocked} ${decision_body}= Create Discovery Decision Request apis=${apis} # 4. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/${invoker_id}/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${decision_body} # 5. Verify: only test-api (capif-prov-01) should be returned, other-api filtered out Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 1 Should Be Equal As Strings ${resp.json()['serviceAPIDescriptions'][0]['apiId']} test-api-001 # 6. Cleanup ${resp}= Delete Request Capif ... /helper/visibility-control/rules/${rule_id} ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} tests/libraries/helper_service/bodyRequests.py +83 −1 Original line number Diff line number Diff line Loading @@ -42,3 +42,85 @@ def create_visibility_control_rule_body_2(): "userName": "AMF_ROBOT_TESTING_PROVIDER" } } # def create_test_api_description(api_id="test-api-001", api_name="test-api", provider_name="capif-prov-01", aef_id="aef-001"): # """Create a test API description for filtering tests""" # return { # "apiId": api_id, # "apiName": api_name, # "apiProvName": provider_name, # "apiStatus": { # "aefIds": [aef_id] # }, # "description": "Test API for visibility filtering", # "aefProfiles": [ # { # "aefId": aef_id, # "protocol": "HTTP_1_1", # "grantTypes": ["CLIENT_CREDENTIALS"], # "ueIpRange": { # "ueIpv4AddrRanges": [ # {"start": "10.0.0.1", "end": "10.0.0.255"} # ] # }, # "securityMethods": ["PSK"], # "versions": [ # { # "apiVersion": "v1", # "resources": [ # { # "resourceName": "resource1", # "commType": "REQUEST_RESPONSE", # "description": "Resource description", # "custOpName": "cust-op-1", # "uri": "/resource1", # "operations": ["GET"] # } # ] # } # ] # } # ], # "supportedFeatures": "0" # } # def create_discovery_decision_request(apis=None): # """Create a request body for the decision endpoint""" # if apis is None: # apis = [create_test_api_description()] # return { # "serviceAPIDescriptions": apis # } # def create_visibility_control_rule_allow_all(): # """Create a rule that allows all APIs (default ALLOW without specific selectors)""" # return { # "default_access": "ALLOW", # "enabled": True, # "providerSelector": { # "apiName": ["*"] # } # } # def create_visibility_control_rule_deny_specific_api(): # """Create a rule that denies access to a specific API""" # return { # "default_access": "DENY", # "enabled": True, # "providerSelector": { # "apiId": ["test-api-001"], # "userName": "capif-prov-01" # } # } # def create_visibility_control_rule_allow_specific_api(): # """Create a rule that allows access only to APIs from a specific provider""" # return { # "default_access": "ALLOW", # "enabled": True, # "providerSelector": { # "apiProviderId": ["capif-prov-01"], # "userName": "capif-prov-01" # } # } Loading
tests/features/Helper/Visibility Control Api/visibility_control.robot +165 −0 Original line number Diff line number Diff line Loading @@ -283,3 +283,168 @@ Create and Get Specific Visibility Control Rule # After deletion, the server must return 404 Not Found. # This is the correct way to confirm the resource is gone. Status Should Be 404 ${resp} # ==================== DECISION ENDPOINT TESTS ==================== Decision Endpoint Without Active Rules Returns All APIs [Tags] visibility_control-9 [Documentation] Test that without any active rules, the decision endpoint returns ALL APIs (default ALLOW) # 1. Create a request with test API ${test_api}= Create Test Api Description api_id=api-001 api_name=test-api @{apis}= Create List ${test_api} ${body}= Create Discovery Decision Request apis=${apis} # 2. Call decision endpoint (no rules exist) # Note: Endpoint is called by internal services (Discovery Service), using superadmin credentials for testing ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/test-invoker-001/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} # 3. Verify response: should return all APIs (default ALLOW) Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 1 Should Be Equal As Strings ${resp.json()['serviceAPIDescriptions'][0]['apiId']} api-001 Decision Endpoint With Empty API List [Tags] visibility_control-10 [Documentation] Test decision endpoint with empty API list # 1. Create request with empty APIs @{apis}= Create List ${body}= Create Discovery Decision Request apis=${apis} # 2. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/test-invoker-002/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} # 3. Verify response: should return empty list Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 0 Decision Endpoint With Multiple APIs Without Rules [Tags] visibility_control-11 [Documentation] Test that multiple APIs are returned when no rules exist (default ALLOW) # 1. Create multiple test APIs ${api_1}= Create Test Api Description api_id=api-001 api_name=api-alpha ${api_2}= Create Test Api Description api_id=api-002 api_name=api-beta provider_name=capif-prov-02 ${api_3}= Create Test Api Description api_id=api-003 api_name=api-gamma provider_name=capif-prov-03 @{apis}= Create List ${api_1} ${api_2} ${api_3} ${body}= Create Discovery Decision Request apis=${apis} # 2. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/test-invoker-003/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${body} # 3. Verify all APIs returned (default ALLOW without rules) Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 3 Decision Endpoint With DENY Rule Filtering APIs [Tags] visibility_control-12 [Documentation] Test that DENY rules filter out specific APIs # 1. Use a test invoker ID ${invoker_id}= Set Variable test-invoker-allow-rule # 2. Create a DENY rule for specific API ${rule_body}= Create Visibility Control Rule Deny Specific Api ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${rule_body} Status Should Be 201 ${resp} ${rule_id}= Set Variable ${resp.json()['ruleId']} # 3. Create test APIs: one that should be denied, others allowed ${api_test}= Create Test Api Description api_id=test-api-001 api_name=test-api provider_name=capif-prov-01 ${api_other}= Create Test Api Description api_id=other-api-001 api_name=other-api provider_name=capif-prov-02 @{apis}= Create List ${api_test} ${api_other} ${decision_body}= Create Discovery Decision Request apis=${apis} # 4. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/${invoker_id}/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${decision_body} # 5. Verify: test-api should be filtered out (DENY), other-api should be returned Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 1 Should Be Equal As Strings ${resp.json()['serviceAPIDescriptions'][0]['apiName']} other-api # 6. Cleanup ${resp}= Delete Request Capif ... /helper/visibility-control/rules/${rule_id} ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} Decision Endpoint With ALLOW Rule And Provider Selector [Tags] visibility_control-13 [Documentation] Test that ALLOW rules correctly filter APIs based on provider selectors # 1. Use a test invoker ID ${invoker_id}= Set Variable test-invoker-provider-filter # 2. Create an ALLOW rule specific to a provider ${rule_body}= Create Visibility Control Rule Allow Specific Api ${resp}= Post Request Capif ... /helper/visibility-control/rules ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${rule_body} Status Should Be 201 ${resp} ${rule_id}= Set Variable ${resp.json()['ruleId']} # 3. Create test APIs: matching and non-matching provider/api ${api_allowed}= Create Test Api Description api_id=test-api-001 api_name=test-api provider_name=capif-prov-01 ${api_blocked}= Create Test Api Description api_id=other-api-001 api_name=other-api provider_name=capif-prov-02 @{apis}= Create List ${api_allowed} ${api_blocked} ${decision_body}= Create Discovery Decision Request apis=${apis} # 4. Call decision endpoint ${resp}= Post Request Capif ... /helper/visibility-control/decision/invokers/${invoker_id}/discoverable-apis ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME} ... json=${decision_body} # 5. Verify: only test-api (capif-prov-01) should be returned, other-api filtered out Status Should Be 200 ${resp} Length Should Be ${resp.json()['serviceAPIDescriptions']} 1 Should Be Equal As Strings ${resp.json()['serviceAPIDescriptions'][0]['apiId']} test-api-001 # 6. Cleanup ${resp}= Delete Request Capif ... /helper/visibility-control/rules/${rule_id} ... server=${CAPIF_HTTPS_URL} ... verify=ca.crt ... username=${SUPERADMIN_USERNAME}
tests/libraries/helper_service/bodyRequests.py +83 −1 Original line number Diff line number Diff line Loading @@ -42,3 +42,85 @@ def create_visibility_control_rule_body_2(): "userName": "AMF_ROBOT_TESTING_PROVIDER" } } # def create_test_api_description(api_id="test-api-001", api_name="test-api", provider_name="capif-prov-01", aef_id="aef-001"): # """Create a test API description for filtering tests""" # return { # "apiId": api_id, # "apiName": api_name, # "apiProvName": provider_name, # "apiStatus": { # "aefIds": [aef_id] # }, # "description": "Test API for visibility filtering", # "aefProfiles": [ # { # "aefId": aef_id, # "protocol": "HTTP_1_1", # "grantTypes": ["CLIENT_CREDENTIALS"], # "ueIpRange": { # "ueIpv4AddrRanges": [ # {"start": "10.0.0.1", "end": "10.0.0.255"} # ] # }, # "securityMethods": ["PSK"], # "versions": [ # { # "apiVersion": "v1", # "resources": [ # { # "resourceName": "resource1", # "commType": "REQUEST_RESPONSE", # "description": "Resource description", # "custOpName": "cust-op-1", # "uri": "/resource1", # "operations": ["GET"] # } # ] # } # ] # } # ], # "supportedFeatures": "0" # } # def create_discovery_decision_request(apis=None): # """Create a request body for the decision endpoint""" # if apis is None: # apis = [create_test_api_description()] # return { # "serviceAPIDescriptions": apis # } # def create_visibility_control_rule_allow_all(): # """Create a rule that allows all APIs (default ALLOW without specific selectors)""" # return { # "default_access": "ALLOW", # "enabled": True, # "providerSelector": { # "apiName": ["*"] # } # } # def create_visibility_control_rule_deny_specific_api(): # """Create a rule that denies access to a specific API""" # return { # "default_access": "DENY", # "enabled": True, # "providerSelector": { # "apiId": ["test-api-001"], # "userName": "capif-prov-01" # } # } # def create_visibility_control_rule_allow_specific_api(): # """Create a rule that allows access only to APIs from a specific provider""" # return { # "default_access": "ALLOW", # "enabled": True, # "providerSelector": { # "apiProviderId": ["capif-prov-01"], # "userName": "capif-prov-01" # } # }