5. Update information of previously onboarded Invoker:
* Send *PUT* to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
@@ -538,42 +536,216 @@ At this documentation you will have all information and related files and exampl
2. One Event should be **API_INVOKER_UPDATED** with **eventDetail** with modified **apiInvokerId**.
3. One Event should be **API_INVOKER_OFFBOARDED** with **eventDetail** with modified **apiInvokerId**.
---
## Test Case 10: Invoker subscribe to ACL update event
## Test Case 10: Provider subscribed to ACL update event
**Test ID**: ***capif_api_events-10***
**Description**:
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
This test case will check that a CAPIF Provider subscribed to ACCESS_CONTROL_POLICY_UPDATE receive a notification when ACL Changes.
**Pre-Conditions**:
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
* CAPIF provider is correctly registered.
* API Provider had one Service API Published on CAPIF
* API Invoker had a Security Context for the Service API published by provider.
***Mock Server is up and running to receive requests.**
***Mock Server is clean.**
**Execution Steps**:
1. Register Provider at CCF.
2. Publish a provider API with name **service_1**.
3. Register Invoker and Onboard Invoker at CCF.
4. Subscribe Provider to **ACCESS_CONTROL_POLICY_UPDATE** event.
5. Discover APIs filtered by **aef_id**
6. Create Security Context for Invoker.
7. Provider Retrieve ACL
**Information of Test**:
1. Check and Clean Mock Server
2. Perform [provider registration]
3. Perform [invoker onboarding]
4. Event Subscription to **ACCESS_CONTROL_POLICY_UPDATE** event:
1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
2. body [event subscription request body] with:
1. events: **['ACCESS_CONTROL_POLICY_UPDATE']**
2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
3. Use **Provider AMF Certificate**
5. Discover published APIs
6. Create Security Context for Invoker
* Send PUT **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Use Invoker Certificate
7. Provider Retrieve ACL
* Send GET **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
* Use **serviceApiId** and **aefId**
* Use AEF Provider Certificate
**Expected Result**:
1. Response to Event Subscription must accomplish:
1.**201 Created**
2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
3. Response Body must follow **EventSubscription** data structure.
2. Create security context:
1.**201 Created** response.
2. body returned must accomplish **ServiceSecurity** data structure.
3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
3. ACL Response:
1.**200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
3. apiInvokerPolicies must:
1. contain only one object.
2. apiInvokerId must match apiInvokerId registered previously.
4. Mock Server received messages must accomplish:
1.**One Event has been received**.
2. Validate received event follow **EventNotification** data structure, with **accCtrlPolListExt** in **eventDetail** parameter.
1. One Event should be **ACCESS_CONTROL_POLICY_UPDATE** with **eventDetail** with **accCtrlPolListExt** including the **apiId** and **apiInvokerPolicies**.
---
## Test Case 11: Invoker subscribe to Service API Available and Unavailable events
## Test Case 11: Provider receives an ACL unavailable event when invoker remove Security Context.
**Test ID**: ***capif_api_events-11***
**Description**:
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
This test case will check that a CAPIF Invoker subscribed to ACCESS_CONTROL_POLICY_UNAVAILABLE will receive the notification when AEF remove Security Context created previously.
**Pre-Conditions**:
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
* CAPIF provider is correctly registered.
* API Provider had one Service API Published on CAPIF
***Mock Server is up and running to receive requests.**
***Mock Server is clean.**
**Execution Steps**:
1. Register Provider at CCF.
2. Publish a provider API with name **service_1**.
3. Register Invoker and Onboard Invoker at CCF.
4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event.
5. Discover APIs filtered by **aef_id**
6. Create Security Context for Invoker.
7. Provider Retrieve ACL.
8. Remove Security Context for Invoker.
**Information of Test**:
1. Check and Clean Mock Server
2. Perform [provider registration]
3. Perform [invoker onboarding]
4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event:
1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
1. Response to Event Subscription must accomplish:
1.**201 Created**
2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
3. Response Body must follow **EventSubscription** data structure.
2. Create security context:
1.**201 Created** response.
2. body returned must accomplish **ServiceSecurity** data structure.
3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
3. ACL Response:
1.**200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
3. apiInvokerPolicies must:
1. contain only one object.
2. apiInvokerId must match apiInvokerId registered previously.
4. Delete security context:
1.**204 No Content** response.
5. Mock Server received messages must accomplish:
1.**One Event has been received**.
2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
---
## Test Case 12: Invoker subscribe to ACL unavailable event
## Test Case 12: Invoker receives an Invoker Authorization Revoked and ACL unavailable event when Provider revoke Invoker Authorization.
**Test ID**: ***capif_api_events-12***
**Description**:
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
This test case will check that a CAPIF Invoker subscribed to API_INVOKER_AUTHORIZATION_REVOKED and ACCESS_CONTROL_POLICY_UNAVAILABLE receive both notification when AEF revoke invoker's authorization.
---
## Test Case 13: Invoker subscribe to API Invoker Authorization Revoked
**Pre-Conditions**:
**Test ID**: ***capif_api_events-13***
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
* CAPIF provider is correctly registered.
* API Provider had one Service API Published on CAPIF
***Mock Server is up and running to receive requests.**
***Mock Server is clean.**
**Description**:
**Execution Steps**:
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
1. Register Provider at CCF.
2. Publish a provider API with name **service_1**.
3. Register Invoker and Onboard Invoker at CCF.
4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** events.
5. Discover APIs filtered by **aef_id**
6. Create Security Context for Invoker.
7. Revoke Authorization by Provider.
**Information of Test**:
1. Check and Clean Mock Server
2. Perform [provider registration]
3. Perform [invoker onboarding]
4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** event:
1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
3. Use **Invoker Certificate**
5. Discover published APIs
6. Create Security Context for Invoker
* Send PUT **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Use Invoker Certificate
7. Revoke Authorization by Provider:
* Send POST **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
* body [security notification body]
* Using AEF Certificate.
**Expected Result**:
1. Response to Event Subscription must accomplish:
1.**201 Created**
2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
3. Response Body must follow **EventSubscription** data structure.
2. Create security context:
1.**201 Created** response.
2. body returned must accomplish **ServiceSecurity** data structure.
3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
4. Revoke Authorization:
1.**204 No Content** response.
5. Mock Server received messages must accomplish:
1.**Two Events has been received**.
2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
2. One Event should be **API_INVOKER_AUTHORIZATION_REVOKED** without **eventDetail**.
