Proposers

• Pelayo Torres (TID)

Description

Cert verification isn't used in some operations of the Discover, Events, and Provider Management services. Check why and determine whether or not it needs to be added.

Demo or definition of done

Certification.validation is a useful process that needs to be present on all APIs to perform authorization and control access functionalities.

The CAPIF APIs that did not have cert_validation on all their functions were:

• Provider Management
• Discover
• Events
• Logging
• Audit

The Provider Management API did not need any change as the only API without certification validation was the onboarding of a Provider (POST method) which is using access token for authorization (and the functionality is already implemented)

For the Discover, Logging and Audit APIs the certification validation process was implemented from scratch, based on the implementation of other APIs. 

Only on Audit API, the validation only checks if the not using the API has AMF rights (because no AMF id is included on the request)

On the Events API, certification validation process was not enabled on all APIs. It was added. 

Also, the robots tests needed some fixes, as there were some misalignments on the certifications imported and the API arguments concerning 

Acknowledgements

This work is funded by the European Commission through the project with Grant Agreement number . example HORIZON-JU-SNS-2022 FLEX-SCALE project with Grant Agreement number 101096909.