Adding fixes to security testplan and also upgrade release notes

bbc1b072 · Jorge Moratinos · eb6d219c · bbc1b072 · bbc1b072
Commit bbc1b072 authored 1 month ago by Jorge Moratinos
--- a/doc/releasenotes.md
+++ b/doc/releasenotes.md
@@ -23,7 +23,7 @@ The startup scripts of the ***Invoker Management Service***, ***Provider Managem
 This will also helps on the restart issue on k8s deployed OpenCAPIF.
-### Dynamic configurations
+#### Dynamic configurations
 - Add new collection in CAPIF mongo with the init configuration.
 - New endpoints in Helper to manage the CAPIF configuration.
 - Add new collection in Register mongo with the init configuration.
@@ -31,6 +31,19 @@ This will also helps on the restart issue on k8s deployed OpenCAPIF.
 - Documentation about Dynamic Configuration.
 - Documentation about Helper and Register swaggers.
+### **Documentation**
+#### Improvements over documentation
+- New [Event Filter section](./event-filter/event-filter.md)
+- New [Vendor Extensibility section](./vendor-ext/vendor-ext.md)
+- New [API Status section](./api-status/api-status.md)
+- New [Dynamic Configuration section](./configuration/configuration.md)
+#### Testplan
+- New tests related with [Api Status Feature](./testing/testplan/api_status/README.md).
+- New tests related with [Event Filter Feature](./testing/testplan/event_filter/README.md).
+- New tests related with [Vendor Extensibility](./testing/testplan/vendor_extensibility/README.md)
+- [Security Service Testplan](./testing/testplan/api_security_service/README.md) updated according to new features and Technical debts.
 ## **Release 2.0.0**

--- a/doc/testing/testplan/api_security_service/README.md
+++ b/doc/testing/testplan/api_security_service/README.md
@@ -16,15 +16,19 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Store signed Certificate
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
-  3. Create Security Context
+  4. Create Security Context
 **Information of Test**:
-  1. Perform [Invoker Onboarding]
+  1. Perform [Provider Registration] and [Invoker Onboarding]
-  2. Create Security Context for this Invoker
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this Invoker
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
-     * body [service security body]
+     * body [service security body] with aefId and apiId
     * Use **Invoker Certificate**
 **Expected Result**:
@@ -49,15 +53,18 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
-  1. Register and onboard Invoker at CCF
+  1. Register and onboard Invoker at CCF.
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context using Provider certificate
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
-  2. Create Security Context for this Invoker but using Provider certificate.
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this Invoker but using Provider certificate.
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Using **AEF Certificate**
@@ -90,13 +97,17 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register Provider at CCF
-  2. Create Security Context using Provider certificate
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Create Security Context using Provider certificate
 **Information of Test**:
-  1. Perform [Provider Registration]
+  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
-  2. Create Security Context for this not valid apiInvokerId and using Provider certificate.
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this not valid apiInvokerId and using Provider certificate.
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
     * body [service security body]
     * Using **AEF Certificate**
@@ -128,13 +139,17 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Create Security Context using Provider certificate
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Create Security Context using Provider certificate
 **Information of Test**:
-  1. Perform [Invoker Onboarding]
+  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
-  2. Create Security Context for this Invoker:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this Invoker:
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
     * body [service security body]
     * Use **Invoker Certificate**
@@ -154,7 +169,7 @@ At this documentation you will have all information and related files and exampl
 ## Test Case 5: Retrieve the Security Context of an API Invoker
-**Test ID**:: ***capif_security_api-5***
+**Test ID**:: ***capif_security_api-5***, ***smoke***
 **Description**:
@@ -167,13 +182,17 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context using Provider certificate
  4. Retrieve Security Context by Provider
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
  2. Create Security Context for this Invoker.
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
@@ -205,13 +224,18 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
-  2. Register Provider at CCF
+  1. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context using Provider certificate
  4. Retrieve Security Context by Provider of invalid invoker
 **Information of Test**:
-  1. Perform [Provider Registration]
+  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
  2. Retrieve Security Context of invalid Invoker by Provider:
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
@@ -243,9 +267,10 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Store signed Certificate
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
-  3. Create Security Context
+  3. Store signed Certificate
-  4. Retrieve Security Context as Provider.
+  4. Create Security Context
+  5. Retrieve Security Context as Provider.
 **Information of Test**:
@@ -273,7 +298,7 @@ At this documentation you will have all information and related files and exampl
 ## Test Case 8: Delete the Security Context of an API Invoker
-**Test ID**:: ***capif_security_api-8***
+**Test ID**:: ***capif_security_api-8***, ***smoke***
 **Description**:
@@ -286,24 +311,28 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context using Provider certificate
  4. Delete Security Context by Provider
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
-  2. Create Security Context for this Invoker but using Provider certificate.
+  3. Create Security Context for this Invoker but using Provider certificate.
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Using **AEF Certificate**
-  3. Delete Security Context of Invoker by Provider:
+  4. Delete Security Context of Invoker by Provider:
     * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Use **AEF Certificate**
-  4. Retrieve Security Context of Invoker by Provider:
+  5. Retrieve Security Context of Invoker by Provider:
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using **AEF Certificate**
@@ -336,19 +365,24 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register Provider at CCF
-  2. Create Security Context using Provider certificate
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
-  3. Delete Security Context by Invoker
+  3. Create Security Context using Provider certificate
+  4. Delete Security Context by Invoker
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
-  2. Create Security Context for this Invoker:
+  3. Create Security Context for this Invoker:
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Using **Invoker Certificate**
-  3. Delete Security Context of Invoker:
+  4. Delete Security Context of Invoker:
     * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Use **Invoker Certificate**
@@ -437,7 +471,7 @@ At this documentation you will have all information and related files and exampl
 ## Test Case 12: Update the Security Context of an API Invoker 
-**Test ID**:: ***capif_security_api-12***
+**Test ID**:: ***capif_security_api-12***, ***smoke***
 **Description**:
@@ -450,7 +484,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context By Invoker
  4. Update Security Context By Invoker
  5. Retrieve Security Context By Provider
@@ -458,6 +492,10 @@ At this documentation you will have all information and related files and exampl
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
  2. Create Security Context for this Invoker:
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
@@ -501,20 +539,24 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context
  4. Update Security Context as Provider
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
-  2. Create Security Context for this Invoker:
+  3. Create Security Context for this Invoker:
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Using **Invoker Certificate**.
-  3. Update Security Context of Invoker by Provider:
+  4. Update Security Context of Invoker by Provider:
     * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/update**
     * body [service security body] but with notification destination modified to **http://robot.testing2**
     * Using **AEF Certificate**
@@ -545,14 +587,18 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
-  1. Register Provider at CCF
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  2. Update Security Context as Provider
 **Information of Test**:
  1. Perform [Provider Registration]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
-  2. Update Security Context of Invoker by Provider:
+  3. Update Security Context of Invoker by Provider:
     * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
     * body [service security body]
     * Using **AEF Certificate**
@@ -583,13 +629,18 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Update Security Context
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Update Security Context
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
-  2. Update Security Context of Invoker:
+  3. Update Security Context of Invoker:
     * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
     * body [service security body]
     * Using **Invoker Certificate**.
@@ -620,7 +671,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context by Invoker
  4. Revoke Security Context by Provider
  5. Retrieve Security Context by Provider
@@ -629,17 +680,22 @@ At this documentation you will have all information and related files and exampl
  1. Perform [Provider Registration] and [Invoker Onboarding]
-  2. Create Security Context By Invoker:
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context By Invoker:
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Using **Invoker Certificate**
-  3. Revoke Authorization by Provider:
+  4. Revoke Authorization by Provider:
     * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
     * body [security notification body]
     * Using **AEF Certificate**.
-  4. Retrieve Security Context by Provider:
+  5. Retrieve Security Context by Provider:
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using **AEF Certificate**.
@@ -672,7 +728,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context
  4. Revoke Security Context by invoker
  5. Retrieve Security Context
@@ -681,17 +737,22 @@ At this documentation you will have all information and related files and exampl
  1. Perform [Provider Registration] and [Invoker Onboarding]
-  2. Create Security Context for this Invoker:
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this Invoker:
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Using **Invoker Certificate**.
-  3. Revoke Authorization by invoker:
+  4. Revoke Authorization by invoker:
     * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
     * body [security notification body]
     * Using **Invoker Certificate**
-  4. Retrieve Security Context of Invoker by Provider:
+  5. Retrieve Security Context of Invoker by Provider:
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * Using Provider Certificate
@@ -726,7 +787,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
  3. Create Security Context
  4. Revoke Security Context by Provider
  5. Retrieve Security Context
@@ -734,18 +795,22 @@ At this documentation you will have all information and related files and exampl
 **Information of Test**:
  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
-  2. Create Security Context for this Invoker:
+  3. Create Security Context for this Invoker:
     * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
     * body [service security body]
     * Using **Invoker Certificate**.
-  3. Revoke Authorization by Provider:
+  4. Revoke Authorization by Provider:
     * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/delete**
     * body [security notification body]
     * Using **AEF Certificate**.
-  4. Retrieve Security Context of Invoker by Provider:
+  5. Retrieve Security Context of Invoker by Provider:
     * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true**
     * This request will ask with parameter to retrieve authenticationInfo and authorizationInfo
     * Using **AEF Certificate**.
@@ -768,7 +833,7 @@ At this documentation you will have all information and related files and exampl
 ## Test Case 19: Retrieve access token
-**Test ID**:: ***capif_security_api-19***
+**Test ID**:: ***capif_security_api-19***, ***smoke***
 **Description**:
@@ -1285,5 +1350,6 @@ At this documentation you will have all information and related files and exampl
  [invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding"
  [provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration"
+  [service api description]: ../api_publish_service/service_api_description_post_example.json  "Service API Description Request"