diff --git a/doc/releasenotes.md b/doc/releasenotes.md
index 7ea641d6b045b6983caaac543071fa35d7c09acd..87b6740322f9928a0f32aa28715d7359dd069990 100644
--- a/doc/releasenotes.md
+++ b/doc/releasenotes.md
@@ -1,3 +1,45 @@
+## **Release 2.0.0**
+
+### **New Features**
+
+#### 3GPP CAPIF release 18
+
+- Added new endpoints included in new release 18.
+ - New logic for PATCH endpoints.
+- New logic to support Vendor Extensibility
+ - 9 new tests to check this logic.
+- New logic to support API Status feature
+- Supported Features now are mandatory for all POST Requests as is described on TS 29.222.
+ - Possible Breaking change, all POST request now must include supported features attribute, default can me set to "0" to keep all features inactive.
+ - Possible Breaking change on Events API, if you need eventDetails information on notification you must activate Enhanced Event Report on supported features.
+- New 8 tests on Events API to check supported features support.
+
+
+### **Technical Debt Solved**
+
+#### **Issues**
+
+- REDIS scheduled on start to allow receive notification since service is deployed.
+- Problem removing service APIs published is provider register more than one APF.
+- Superadmin problem deleting service API published through helper service if provider is not present.
+
+#### Scripts upgraded
+
+- New local scripts
+- New remote scripts
+
+### **Documentation**
+
+#### New test included on documentation
+
+- New 9 test on Vendor Extensibility test plan.
+- New 8 tests on Events API test plan.
+- Test plan updated with default supported features for all request set to "0" (all inactive by default).
+
+
+
+--->>>> must be included - New tests to check PATCH request
+
## **Release 1.0.0**
### **New Features**
diff --git a/doc/testing/testplan/api_events_service/README.md b/doc/testing/testplan/api_events_service/README.md
index 17ce0b310d90a6be17e10abd2c4ed91f3ad024b3..bad8fbadd981a37f8d237d2bb4853ecdd159ab16 100644
--- a/doc/testing/testplan/api_events_service/README.md
+++ b/doc/testing/testplan/api_events_service/README.md
@@ -264,7 +264,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF Send **TO** logging service result of invocations to their APIs.
- If customer want to receive log information then Enhanced Event Report feature must be active.
+ Enhanced Event Report feature must be active.
**Pre-Conditions**:
@@ -338,7 +338,8 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check that a CAPIF Invoker subscribed to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE, receive the notification when AEF publish and remove it.
+ This test case will check that a CAPIF Invoker subscribed to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE, receive the notification when AEF publish and remove it.
+ Enhanced Event Report feature must be active.
**Pre-Conditions**:
@@ -413,6 +414,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_UPDATE, receive the notification when AEF Update some information on API Published.
+ Enhanced Event Report feature must be active.
**Pre-Conditions**:
@@ -483,6 +485,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
This test case will check that a CAPIF Provider subscribed to API Invoker events (API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED), receive the notifications when Invoker is onboarded, updated and removed respectively.
+ Enhanced Event Report feature must be active.
**Pre-Conditions**:
@@ -548,6 +551,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
This test case will check that a CAPIF Provider subscribed to ACCESS_CONTROL_POLICY_UPDATE receive a notification when ACL Changes.
+ Enhanced Event Report feature must be active.
**Pre-Conditions**:
@@ -619,6 +623,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
This test case will check that a CAPIF Invoker subscribed to ACCESS_CONTROL_POLICY_UNAVAILABLE will receive the notification when AEF remove Security Context created previously.
+ Enhanced Event Report feature must be active.
**Pre-Conditions**:
@@ -694,6 +699,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
This test case will check that a CAPIF Invoker subscribed to API_INVOKER_AUTHORIZATION_REVOKED and ACCESS_CONTROL_POLICY_UNAVAILABLE receive both notification when AEF revoke invoker's authorization.
+ Enhanced Event Report feature must be active.
**Pre-Conditions**:
@@ -708,7 +714,7 @@ At this documentation you will have all information and related files and exampl
1. Register Provider at CCF.
2. Publish a provider API with name **service_1**.
3. Register Invoker and Onboard Invoker at CCF.
- 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** events.
+ 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** events. Enhanced_event_report active at supported features.
5. Discover APIs filtered by **aef_id**
6. Create Security Context for Invoker.
7. Revoke Authorization by Provider.
@@ -723,6 +729,7 @@ At this documentation you will have all information and related files and exampl
2. body [event subscription request body] with:
1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE','API_INVOKER_AUTHORIZATION_REVOKED']**
2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
+ 3. supportedFeatures: binary 0100 -> string **4**
3. Use **Invoker Certificate**
5. Discover published APIs
6. Create Security Context for Invoker
@@ -800,6 +807,510 @@ At this documentation you will have all information and related files and exampl
---
+## Test Case 14: Invoker receives Service API Invocation events without Enhanced Event Report
+
+**Test ID**: ***capif_api_events-14***, ***mockserver***
+
+**Description**:
+
+ This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF Send **TO** logging service result of invocations to their APIs.
+ Enhanced Event Report feature must be inactive.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered and published APIs.
+ * API Provider had a Service API Published on CAPIF
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register provider and publish one API at CCF
+ 2. Register Invoker and Onboard Invoker at CCF
+ 3. Discover published APIs and extract apiIds and apiNames
+ 4. Subscribe to **SERVICE_API_INVOCATION_SUCCESS** and **SERVICE_API_INVOCATION_FAILURE** event filtering by aefId. Enhanced_event_report inactive at supported features.
+ 5. Retrieve {subscriberId} and {subscriptionId} from Location Header
+ 6. Emulate Success and Failure on API invocation of provider by Invoker, using Invocation Logs API.
+
+**Information of Test**:
+
+ 1. Perform [provider registration]
+ 2. Publish Service API at CCF:
+
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
+ 3. Perform [invoker onboarding]
+ 4. Discover published APIs:
+
+ * Get **Api Ids** And **Api Names** from response.
+
+ 5. Event Subscription to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE of provider previously registered:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['SERVICE_API_INVOCATION_SUCCESS','SERVICE_API_INVOCATION_FAILURE']**
+ 2. eventFilter: only receive events from provider's aefId.
+ 3. supportedFeatures: binary 0000 -> string **0**
+ 3. Use **Invoker Certificate**
+
+ 6. Create Log Entry emulating provider receive Success and Failure api invocation from invoker:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
+ 2. body [log entry request body] with:
+ 1. aefId from provider published.
+ 2. apiInvokerId from invoker onboarded.
+ 3. apiId of published API
+ 4. apiName of published API
+ 5. 200 and 400 results in two logs.
+ 3. Use **AEF Certificate**
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Response to creation of log entry on CCF must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/api-invocation-logs/{apiVersion}/{aefId}/subscriptions/{logId}**
+ 3. Mock Server received messages must accomplish:
+ 1. **Two Events have been received**.
+ 2. Validate received events follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One should be **SERVICE_API_INVOCATION_SUCCESS** related with **200** result at Log.
+ 2. The other one must be **SERVICE_API_INVOCATION_FAILURE** related with **400** result at Log.
+
+---
+## Test Case 15: Invoker subscribe to Service API Available and Unavailable events without Enhanced Event Report
+
+**Test ID**: ***capif_api_events-15***, ***mockserver***
+
+**Description**:
+
+ This test case will check that a CAPIF Invoker subscribed to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE, receive the notification when AEF publish and remove it.
+ Enhanced Event Report feature must be inactive.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered and published APIs.
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register provider and publish one API at CCF
+ 2. Register Invoker and Onboard Invoker at CCF
+ 3. Discover published APIs and extract apiIds and apiNames
+ 4. Subscribe to **SERVICE_API_AVAILABLE** and **SERVICE_API_UNAVAILABLE** event filtering by aefId. Enhanced_event_report inactive at supported features.
+ 5. Retrieve {subscriberId} and {subscriptionId} from Location Header
+ 6. Provider publish new API.
+ 7. Provider remove published API.
+
+**Information of Test**:
+
+ 1. Perform [provider registration]
+ 2. Publish Service API at CCF:
+
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
+ 3. Perform [invoker onboarding]
+ 4. Discover published APIs:
+
+ * Get **Api Ids** And **Api Names** from response.
+
+ 5. Event Subscription to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE of provider previously registered:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['SERVICE_API_AVAILABLE','SERVICE_API_UNAVAILABLE']**
+ 2. eventFilter: only receive events from provider's aefId.
+ 3. supportedFeatures: binary 0000 -> string **0**
+ 3. Use **Invoker Certificate**
+
+ 6. Publish new Service API at CCF:
+
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_2**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
+ 7. Remove published Service API at CCF:
+ * Send **DELETE** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID}**
+ * Use **APF Certificate**
+
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+
+ 2. Mock Server received messages must accomplish:
+ 1. **Two Events have been received**.
+ 2. Validate received events follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One should be **SERVICE_API_AVAILABLE** apiId of **service_2** published API.
+ 2. The other one must be **SERVICE_API_UNAVAILABLE** apiId of **service_1** published API.
+
+---
+## Test Case 16: Invoker subscribe to Service API Update without Enhanced Event Report
+
+**Test ID**: ***capif_api_events-16***, ***mockserver***
+
+**Description**:
+
+ This test case will check that a CAPIF Invoker subscribed to SERVICE_API_UPDATE, receive the notification when AEF Update some information on API Published.
+ Enhanced Event Report feature must be inactive.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered and published APIs.
+ * API Provider had a Service API Published on CAPIF
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register Provider and publish one API at CCF
+ 2. Register Invoker and Onboard Invoker at CCF
+ 3. Discover published APIs and extract apiIds and apiNames
+ 4. Subscribe to **SERVICE_API_UPDATE** event filtering by aefId. Enhanced_event_report inactive at supported features.
+ 5. Retrieve {subscriberId} and {subscriptionId} from Location Header at event subscription
+ 6. Provider update information of Service API Published.
+
+**Information of Test**:
+
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Publish Service API at CCF:
+
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use ***APF Certificate***
+ * Store **serviceApiId**
+
+ 4. Perform [invoker onboarding]
+ 5. Discover published APIs:
+
+ * Get **Api Ids** And **Api Names** from response.
+
+ 6. Event Subscription to SERVICE_API_UPDATE of provider previously registered:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['SERVICE_API_UPDATE']**
+ 2. eventFilter: only receive events from provider's aefId.
+ 3. supportedFeatures: binary 0000 -> string **0**
+ 3. Use **Invoker Certificate**
+
+ 7. Update published API at CCF:
+ * Send **PUT** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}**
+ * body [service api description] with overrided **apiName** to **service_1**_modified**
+ * Use **APF Certificate**
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Response to Update Published Service API:
+ 1. **200 OK**
+ 2. Response Body must follow **ServiceAPIDescription** data structure with:
+ * apiName **service_1**_modified**
+ 3. Mock Server received messages must accomplish:
+ 1. **One Event has been received**.
+ 2. Validate received events follow **EventNotification** data structure, with **serviceAPIDescriptions** in **eventDetail** parameter.
+ 1. Event should be **SERVICE_API_UPDATE** with **eventDetail** with modified **apiName**.
+
+---
+## Test Case 17: Provider subscribe to API Invoker events without Enhanced Event Report
+
+**Test ID**: ***capif_api_events-17***, ***mockserver***
+
+**Description**:
+
+ This test case will check that a CAPIF Provider subscribed to API Invoker events (API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED), receive the notifications when Invoker is onboarded, updated and removed respectively.
+ Enhanced Event Report feature must be inactive.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered.
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Subscribe Provider to **API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED** events. Enhanced_event_report inactive at supported features.
+ 3. Register Invoker and Onboard Invoker at CCF
+ 4. Update Onboarding Information at CCF with a minor change on "notificationDestination"
+ 5. Offboard Invoker
+
+**Information of Test**:
+
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Event Subscription to API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED events:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['API_INVOKER_ONBOARDED', 'API_INVOKER_UPDATED', 'API_INVOKER_OFFBOARDED']**
+ 2. supportedFeatures: binary 0100 -> string **4**
+ 3. Use **Provider AMF Certificate**
+ 4. Perform [invoker onboarding]
+ 5. Update information of previously onboarded Invoker:
+ * Send **PUT** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
+ * Reference Request Body is: [put invoker onboarding body]
+ * "notificationDestination": "**http://host.docker.internal:8086/netapp_new_callback**",
+ 6. Offboard:
+ * Send **DELETE** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Response to Onboard request must accomplish:
+ 1. **201 Created**
+ 2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
+ * apiInvokerId
+ * onboardingInformation->apiInvokerCertificate must contain the public key signed.
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
+ 3. Response to Update Request (PUT) with minor change must contain:
+ 1. **200 OK** response.
+ 2. notificationDestination on response must contain the new value
+ 4. Response to Offboard Request (DELETE) must contain:
+ 1. **204 No Content**
+ 5. Mock Server received messages must accomplish:
+ 1. **Three Events have been received**.
+ 2. Validate received events follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One Event should be **API_INVOKER_ONBOARDED**
+ 2. One Event should be **API_INVOKER_UPDATED**
+ 3. One Event should be **API_INVOKER_OFFBOARDED**
+---
+## Test Case 18: Provider subscribed to ACL update event without Enhanced Event Report
+
+**Test ID**: ***capif_api_events-18***, ***mockserver***
+
+**Description**:
+
+ This test case will check that a CAPIF Provider subscribed to ACCESS_CONTROL_POLICY_UPDATE receive a notification when ACL Changes.
+ Enhanced Event Report feature must be inactive.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered.
+ * API Provider had one Service API Published on CAPIF
+ * API Invoker had a Security Context for the Service API published by provider.
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF.
+ 2. Publish a provider API with name **service_1**.
+ 3. Register Invoker and Onboard Invoker at CCF.
+ 4. Subscribe Provider to **ACCESS_CONTROL_POLICY_UPDATE** event. Enhanced_event_report inactive at supported features.
+ 5. Discover APIs filtered by **aef_id**
+ 6. Create Security Context for Invoker.
+ 7. Provider Retrieve ACL
+
+**Information of Test**:
+
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Perform [invoker onboarding]
+ 4. Event Subscription to **ACCESS_CONTROL_POLICY_UPDATE** event:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['ACCESS_CONTROL_POLICY_UPDATE']**
+ 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
+ 3. supportedFeatures: binary 0000 -> string **0**
+ 3. Use **Provider AMF Certificate**
+ 5. Discover published APIs
+ 6. Create Security Context for Invoker
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * body [service security body]
+ * Use **Invoker Certificate**
+ 7. Provider Retrieve ACL
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use AEF Provider Certificate
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Create security context:
+ 1. **201 Created** response.
+ 2. body returned must accomplish **ServiceSecurity** data structure.
+ 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
+ 3. ACL Response:
+ 1. **200 OK** Response.
+ 2. body returned must accomplish **AccessControlPolicyList** data structure.
+ 3. apiInvokerPolicies must:
+ 1. contain only one object.
+ 2. apiInvokerId must match apiInvokerId registered previously.
+ 4. Mock Server received messages must accomplish:
+ 1. **One Event has been received**.
+ 2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One Event should be **ACCESS_CONTROL_POLICY_UPDATE**.
+
+---
+## Test Case 19: Provider receives an ACL unavailable event when invoker remove Security Context without Enhanced Event Report
+
+**Test ID**: ***capif_api_events-19***, ***mockserver***
+
+**Description**:
+
+ This test case will check that a CAPIF Invoker subscribed to ACCESS_CONTROL_POLICY_UNAVAILABLE will receive the notification when AEF remove Security Context created previously.
+ Enhanced Event Report feature must be inactive.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered.
+ * API Provider had one Service API Published on CAPIF
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF.
+ 2. Publish a provider API with name **service_1**.
+ 3. Register Invoker and Onboard Invoker at CCF.
+ 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event. Enhanced_event_report inactive at supported features.
+ 5. Discover APIs filtered by **aef_id**
+ 6. Create Security Context for Invoker.
+ 7. Provider Retrieve ACL.
+ 8. Remove Security Context for Invoker.
+
+**Information of Test**:
+
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Perform [invoker onboarding]
+ 4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE']**
+ 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
+ 3. supportedFeatures: binary 0000 -> string **0**
+ 3. Use **Invoker Certificate**
+ 5. Discover published APIs
+ 6. Create Security Context for Invoker
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * body [service security body]
+ * Use **Invoker Certificate**
+ 7. Provider Retrieve ACL
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **AEF Provider Certificate**
+ 8. Delete Security Context of Invoker by Provider:
+ * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Use **AEF Certificate**
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Create security context:
+ 1. **201 Created** response.
+ 2. body returned must accomplish **ServiceSecurity** data structure.
+ 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
+ 3. ACL Response:
+ 1. **200 OK** Response.
+ 2. body returned must accomplish **AccessControlPolicyList** data structure.
+ 3. apiInvokerPolicies must:
+ 1. contain only one object.
+ 2. apiInvokerId must match apiInvokerId registered previously.
+ 4. Delete security context:
+ 1. **204 No Content** response.
+ 5. Mock Server received messages must accomplish:
+ 1. **One Event has been received**.
+ 2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
+---
+## Test Case 20: Invoker receives an Invoker Authorization Revoked and ACL unavailable event when Provider revoke Invoker Authorization without Enhanced Event Report
+
+**Test ID**: ***capif_api_events-20***, ***mockserver***
+
+**Description**:
+
+ This test case will check that a CAPIF Invoker subscribed to API_INVOKER_AUTHORIZATION_REVOKED and ACCESS_CONTROL_POLICY_UNAVAILABLE receive both notification when AEF revoke invoker's authorization.
+ Enhanced Event Report feature must be inactive.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered.
+ * API Provider had one Service API Published on CAPIF
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF.
+ 2. Publish a provider API with name **service_1**.
+ 3. Register Invoker and Onboard Invoker at CCF.
+ 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** events.
+ 5. Discover APIs filtered by **aef_id**
+ 6. Create Security Context for Invoker.
+ 7. Revoke Authorization by Provider.
+
+**Information of Test**:
+
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Perform [invoker onboarding]
+ 4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** event:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE','API_INVOKER_AUTHORIZATION_REVOKED']**
+ 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
+ 3. Use **Invoker Certificate**
+ 5. Discover published APIs
+ 6. Create Security Context for Invoker
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * body [service security body]
+ * Use **Invoker Certificate**
+ 7. Revoke Authorization by Provider:
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
+ * body [security notification body]
+ * Using **AEF Certificate**.
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Create security context:
+ 1. **201 Created** response.
+ 2. body returned must accomplish **ServiceSecurity** data structure.
+ 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
+ 4. Revoke Authorization:
+ 1. **204 No Content** response.
+ 5. Mock Server received messages must accomplish:
+ 1. **Two Events has been received**.
+ 2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
+ 2. One Event should be **API_INVOKER_AUTHORIZATION_REVOKED** without **eventDetail**.
+
+---
+
+
[invoker onboard request body]: ../api_invoker_management/invoker_details_post_example.json "API Invoker Request"
[event subscription request body]: ./event_subscription.json "Event Subscription Request"
[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding"