Commit e51e456e authored by Cesar Cajas's avatar Cesar Cajas
Browse files

OCF176: add tests for reference

parent 38f6127b
Loading
Loading
Loading
Loading
Loading
+165 −0
Original line number Diff line number Diff line
@@ -283,3 +283,168 @@ Create and Get Specific Visibility Control Rule
    # After deletion, the server must return 404 Not Found.
    # This is the correct way to confirm the resource is gone.
    Status Should Be    404    ${resp}


# ==================== DECISION ENDPOINT TESTS ====================

Decision Endpoint Without Active Rules Returns All APIs
    [Tags]    visibility_control-9
    [Documentation]    Test that without any active rules, the decision endpoint returns ALL APIs (default ALLOW)
    
    # 1. Create a request with test API
    ${test_api}=    Create Test Api Description    api_id=api-001    api_name=test-api
    @{apis}=    Create List    ${test_api}
    ${body}=    Create Discovery Decision Request    apis=${apis}
    
    # 2. Call decision endpoint (no rules exist)
    # Note: Endpoint is called by internal services (Discovery Service), using superadmin credentials for testing
    ${resp}=    Post Request Capif
    ...    /helper/visibility-control/decision/invokers/test-invoker-001/discoverable-apis
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
    ...    json=${body}
    
    # 3. Verify response: should return all APIs (default ALLOW)
    Status Should Be    200    ${resp}
    Length Should Be    ${resp.json()['serviceAPIDescriptions']}    1
    Should Be Equal As Strings    ${resp.json()['serviceAPIDescriptions'][0]['apiId']}    api-001


Decision Endpoint With Empty API List
    [Tags]    visibility_control-10
    [Documentation]    Test decision endpoint with empty API list
    
    # 1. Create request with empty APIs
    @{apis}=    Create List
    ${body}=    Create Discovery Decision Request    apis=${apis}
    
    # 2. Call decision endpoint
    ${resp}=    Post Request Capif
    ...    /helper/visibility-control/decision/invokers/test-invoker-002/discoverable-apis
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
    ...    json=${body}
    
    # 3. Verify response: should return empty list
    Status Should Be    200    ${resp}
    Length Should Be    ${resp.json()['serviceAPIDescriptions']}    0


Decision Endpoint With Multiple APIs Without Rules
    [Tags]    visibility_control-11
    [Documentation]    Test that multiple APIs are returned when no rules exist (default ALLOW)
    
    # 1. Create multiple test APIs
    ${api_1}=    Create Test Api Description    api_id=api-001    api_name=api-alpha
    ${api_2}=    Create Test Api Description    api_id=api-002    api_name=api-beta    provider_name=capif-prov-02
    ${api_3}=    Create Test Api Description    api_id=api-003    api_name=api-gamma    provider_name=capif-prov-03
    @{apis}=    Create List    ${api_1}    ${api_2}    ${api_3}
    ${body}=    Create Discovery Decision Request    apis=${apis}
    
    # 2. Call decision endpoint
    ${resp}=    Post Request Capif
    ...    /helper/visibility-control/decision/invokers/test-invoker-003/discoverable-apis
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
    ...    json=${body}
    
    # 3. Verify all APIs returned (default ALLOW without rules)
    Status Should Be    200    ${resp}
    Length Should Be    ${resp.json()['serviceAPIDescriptions']}    3


Decision Endpoint With DENY Rule Filtering APIs
    [Tags]    visibility_control-12
    [Documentation]    Test that DENY rules filter out specific APIs
    
    # 1. Use a test invoker ID
    ${invoker_id}=    Set Variable    test-invoker-allow-rule
    
    # 2. Create a DENY rule for specific API
    ${rule_body}=    Create Visibility Control Rule Deny Specific Api
    
    ${resp}=    Post Request Capif
    ...    /helper/visibility-control/rules
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
    ...    json=${rule_body}
    
    Status Should Be    201    ${resp}
    ${rule_id}=    Set Variable    ${resp.json()['ruleId']}
    
    # 3. Create test APIs: one that should be denied, others allowed
    ${api_test}=    Create Test Api Description    api_id=test-api-001    api_name=test-api    provider_name=capif-prov-01
    ${api_other}=    Create Test Api Description    api_id=other-api-001    api_name=other-api    provider_name=capif-prov-02
    @{apis}=    Create List    ${api_test}    ${api_other}
    ${decision_body}=    Create Discovery Decision Request    apis=${apis}
    
    # 4. Call decision endpoint
    ${resp}=    Post Request Capif
    ...    /helper/visibility-control/decision/invokers/${invoker_id}/discoverable-apis
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
    ...    json=${decision_body}
    
    # 5. Verify: test-api should be filtered out (DENY), other-api should be returned
    Status Should Be    200    ${resp}
    Length Should Be    ${resp.json()['serviceAPIDescriptions']}    1
    Should Be Equal As Strings    ${resp.json()['serviceAPIDescriptions'][0]['apiName']}    other-api
    
    # 6. Cleanup
    ${resp}=    Delete Request Capif
    ...    /helper/visibility-control/rules/${rule_id}
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}


Decision Endpoint With ALLOW Rule And Provider Selector
    [Tags]    visibility_control-13
    [Documentation]    Test that ALLOW rules correctly filter APIs based on provider selectors
    
    # 1. Use a test invoker ID
    ${invoker_id}=    Set Variable    test-invoker-provider-filter
    
    # 2. Create an ALLOW rule specific to a provider
    ${rule_body}=    Create Visibility Control Rule Allow Specific Api
    
    ${resp}=    Post Request Capif
    ...    /helper/visibility-control/rules
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
    ...    json=${rule_body}
    
    Status Should Be    201    ${resp}
    ${rule_id}=    Set Variable    ${resp.json()['ruleId']}
    
    # 3. Create test APIs: matching and non-matching provider/api
    ${api_allowed}=    Create Test Api Description    api_id=test-api-001    api_name=test-api    provider_name=capif-prov-01
    ${api_blocked}=    Create Test Api Description    api_id=other-api-001    api_name=other-api    provider_name=capif-prov-02
    @{apis}=    Create List    ${api_allowed}    ${api_blocked}
    ${decision_body}=    Create Discovery Decision Request    apis=${apis}
    
    # 4. Call decision endpoint
    ${resp}=    Post Request Capif
    ...    /helper/visibility-control/decision/invokers/${invoker_id}/discoverable-apis
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
    ...    json=${decision_body}
    
    # 5. Verify: only test-api (capif-prov-01) should be returned, other-api filtered out
    Status Should Be    200    ${resp}
    Length Should Be    ${resp.json()['serviceAPIDescriptions']}    1
    Should Be Equal As Strings    ${resp.json()['serviceAPIDescriptions'][0]['apiId']}    test-api-001
    
    # 6. Cleanup
    ${resp}=    Delete Request Capif
    ...    /helper/visibility-control/rules/${rule_id}
    ...    server=${CAPIF_HTTPS_URL}
    ...    verify=ca.crt
    ...    username=${SUPERADMIN_USERNAME}
+83 −1
Original line number Diff line number Diff line
@@ -42,3 +42,85 @@ def create_visibility_control_rule_body_2():
            "userName": "AMF_ROBOT_TESTING_PROVIDER"
        }
    }

# def create_test_api_description(api_id="test-api-001", api_name="test-api", provider_name="capif-prov-01", aef_id="aef-001"):
#     """Create a test API description for filtering tests"""
#     return {
#         "apiId": api_id,
#         "apiName": api_name,
#         "apiProvName": provider_name,
#         "apiStatus": {
#             "aefIds": [aef_id]
#         },
#         "description": "Test API for visibility filtering",
#         "aefProfiles": [
#             {
#                 "aefId": aef_id,
#                 "protocol": "HTTP_1_1",
#                 "grantTypes": ["CLIENT_CREDENTIALS"],
#                 "ueIpRange": {
#                     "ueIpv4AddrRanges": [
#                         {"start": "10.0.0.1", "end": "10.0.0.255"}
#                     ]
#                 },
#                 "securityMethods": ["PSK"],
#                 "versions": [
#                     {
#                         "apiVersion": "v1",
#                         "resources": [
#                             {
#                                 "resourceName": "resource1",
#                                 "commType": "REQUEST_RESPONSE",
#                                 "description": "Resource description",
#                                 "custOpName": "cust-op-1",
#                                 "uri": "/resource1",
#                                 "operations": ["GET"]
#                             }
#                         ]
#                     }
#                 ]
#             }
#         ],
#         "supportedFeatures": "0"
#     }

# def create_discovery_decision_request(apis=None):
#     """Create a request body for the decision endpoint"""
#     if apis is None:
#         apis = [create_test_api_description()]
    
#     return {
#         "serviceAPIDescriptions": apis
#     }

# def create_visibility_control_rule_allow_all():
#     """Create a rule that allows all APIs (default ALLOW without specific selectors)"""
#     return {
#         "default_access": "ALLOW",
#         "enabled": True,
#         "providerSelector": {
#             "apiName": ["*"]
#         }
#     }

# def create_visibility_control_rule_deny_specific_api():
#     """Create a rule that denies access to a specific API"""
#     return {
#         "default_access": "DENY",
#         "enabled": True,
#         "providerSelector": {
#             "apiId": ["test-api-001"],
#             "userName": "capif-prov-01"
#         }
#     }

# def create_visibility_control_rule_allow_specific_api():
#     """Create a rule that allows access only to APIs from a specific provider"""
#     return {
#         "default_access": "ALLOW",
#         "enabled": True,
#         "providerSelector": {
#             "apiProviderId": ["capif-prov-01"],
#             "userName": "capif-prov-01"
#         }
#     }