From bbc1b072454d00c8ee6fb8bc386e884fc7a7be10 Mon Sep 17 00:00:00 2001
From: Jorge Moratinos Salcines <jorge.moratinossalcines@telefonica.com>
Date: Mon, 31 Mar 2025 13:55:02 +0200
Subject: [PATCH] Adding fixes to security testplan and also upgrade release
notes
---
doc/releasenotes.md | 15 +-
.../testplan/api_security_service/README.md | 176 ++++++++++++------
2 files changed, 135 insertions(+), 56 deletions(-)
diff --git a/doc/releasenotes.md b/doc/releasenotes.md
index 1ac6ed1..6b5881c 100644
--- a/doc/releasenotes.md
+++ b/doc/releasenotes.md
@@ -23,7 +23,7 @@ The startup scripts of the ***Invoker Management Service***, ***Provider Managem
This will also helps on the restart issue on k8s deployed OpenCAPIF.
-### Dynamic configurations
+#### Dynamic configurations
- Add new collection in CAPIF mongo with the init configuration.
- New endpoints in Helper to manage the CAPIF configuration.
- Add new collection in Register mongo with the init configuration.
@@ -31,6 +31,19 @@ This will also helps on the restart issue on k8s deployed OpenCAPIF.
- Documentation about Dynamic Configuration.
- Documentation about Helper and Register swaggers.
+### **Documentation**
+
+#### Improvements over documentation
+- New [Event Filter section](./event-filter/event-filter.md)
+- New [Vendor Extensibility section](./vendor-ext/vendor-ext.md)
+- New [API Status section](./api-status/api-status.md)
+- New [Dynamic Configuration section](./configuration/configuration.md)
+
+#### Testplan
+- New tests related with [Api Status Feature](./testing/testplan/api_status/README.md).
+- New tests related with [Event Filter Feature](./testing/testplan/event_filter/README.md).
+- New tests related with [Vendor Extensibility](./testing/testplan/vendor_extensibility/README.md)
+- [Security Service Testplan](./testing/testplan/api_security_service/README.md) updated according to new features and Technical debts.
## **Release 2.0.0**
diff --git a/doc/testing/testplan/api_security_service/README.md b/doc/testing/testplan/api_security_service/README.md
index e06d162..eeed75e 100644
--- a/doc/testing/testplan/api_security_service/README.md
+++ b/doc/testing/testplan/api_security_service/README.md
@@ -16,15 +16,19 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Store signed Certificate
- 3. Create Security Context
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+ 4. Create Security Context
**Information of Test**:
- 1. Perform [Invoker Onboarding]
- 2. Create Security Context for this Invoker
+ 1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+ 3. Create Security Context for this Invoker
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
- * body [service security body]
+ * body [service security body] with aefId and apiId
* Use **Invoker Certificate**
**Expected Result**:
@@ -49,15 +53,18 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 1. Register and onboard Invoker at CCF.
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context using Provider certificate
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
-
- 2. Create Security Context for this Invoker but using Provider certificate.
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+ 3. Create Security Context for this Invoker but using Provider certificate.
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Using **AEF Certificate**
@@ -90,13 +97,17 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register Provider at CCF
- 2. Create Security Context using Provider certificate
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+ 3. Create Security Context using Provider certificate
**Information of Test**:
- 1. Perform [Provider Registration]
-
- 2. Create Security Context for this not valid apiInvokerId and using Provider certificate.
+ 1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+ 3. Create Security Context for this not valid apiInvokerId and using Provider certificate.
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
* body [service security body]
* Using **AEF Certificate**
@@ -128,13 +139,17 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Create Security Context using Provider certificate
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+ 3. Create Security Context using Provider certificate
**Information of Test**:
- 1. Perform [Invoker Onboarding]
-
- 2. Create Security Context for this Invoker:
+ 1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+ 3. Create Security Context for this Invoker:
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
* body [service security body]
* Use **Invoker Certificate**
@@ -154,7 +169,7 @@ At this documentation you will have all information and related files and exampl
## Test Case 5: Retrieve the Security Context of an API Invoker
-**Test ID**:: ***capif_security_api-5***
+**Test ID**:: ***capif_security_api-5***, ***smoke***
**Description**:
@@ -167,13 +182,17 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context using Provider certificate
4. Retrieve Security Context by Provider
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
2. Create Security Context for this Invoker.
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
@@ -205,13 +224,18 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
- 2. Register Provider at CCF
+ 1. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context using Provider certificate
4. Retrieve Security Context by Provider of invalid invoker
**Information of Test**:
- 1. Perform [Provider Registration]
+ 1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
2. Retrieve Security Context of invalid Invoker by Provider:
* Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
@@ -243,9 +267,10 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Store signed Certificate
- 3. Create Security Context
- 4. Retrieve Security Context as Provider.
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+ 3. Store signed Certificate
+ 4. Create Security Context
+ 5. Retrieve Security Context as Provider.
**Information of Test**:
@@ -273,7 +298,7 @@ At this documentation you will have all information and related files and exampl
## Test Case 8: Delete the Security Context of an API Invoker
-**Test ID**:: ***capif_security_api-8***
+**Test ID**:: ***capif_security_api-8***, ***smoke***
**Description**:
@@ -286,24 +311,28 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context using Provider certificate
4. Delete Security Context by Provider
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
- 2. Create Security Context for this Invoker but using Provider certificate.
+ 3. Create Security Context for this Invoker but using Provider certificate.
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Using **AEF Certificate**
- 3. Delete Security Context of Invoker by Provider:
+ 4. Delete Security Context of Invoker by Provider:
* Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* Use **AEF Certificate**
- 4. Retrieve Security Context of Invoker by Provider:
+ 5. Retrieve Security Context of Invoker by Provider:
* Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* Using **AEF Certificate**
@@ -336,19 +365,24 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register Provider at CCF
- 2. Create Security Context using Provider certificate
- 3. Delete Security Context by Invoker
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+ 3. Create Security Context using Provider certificate
+ 4. Delete Security Context by Invoker
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
- 2. Create Security Context for this Invoker:
+ 3. Create Security Context for this Invoker:
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Using **Invoker Certificate**
- 3. Delete Security Context of Invoker:
+ 4. Delete Security Context of Invoker:
* Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* Use **Invoker Certificate**
@@ -437,7 +471,7 @@ At this documentation you will have all information and related files and exampl
## Test Case 12: Update the Security Context of an API Invoker
-**Test ID**:: ***capif_security_api-12***
+**Test ID**:: ***capif_security_api-12***, ***smoke***
**Description**:
@@ -450,7 +484,7 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context By Invoker
4. Update Security Context By Invoker
5. Retrieve Security Context By Provider
@@ -458,6 +492,10 @@ At this documentation you will have all information and related files and exampl
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
2. Create Security Context for this Invoker:
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
@@ -501,20 +539,24 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context
4. Update Security Context as Provider
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
- 2. Create Security Context for this Invoker:
+ 3. Create Security Context for this Invoker:
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Using **Invoker Certificate**.
- 3. Update Security Context of Invoker by Provider:
+ 4. Update Security Context of Invoker by Provider:
* Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/update**
* body [service security body] but with notification destination modified to **http://robot.testing2**
* Using **AEF Certificate**
@@ -545,14 +587,18 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
- 1. Register Provider at CCF
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
2. Update Security Context as Provider
**Information of Test**:
1. Perform [Provider Registration]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
- 2. Update Security Context of Invoker by Provider:
+ 3. Update Security Context of Invoker by Provider:
* Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
* body [service security body]
* Using **AEF Certificate**
@@ -583,13 +629,18 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Update Security Context
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+ 3. Update Security Context
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
- 2. Update Security Context of Invoker:
+ 3. Update Security Context of Invoker:
* Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
* body [service security body]
* Using **Invoker Certificate**.
@@ -620,7 +671,7 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context by Invoker
4. Revoke Security Context by Provider
5. Retrieve Security Context by Provider
@@ -629,17 +680,22 @@ At this documentation you will have all information and related files and exampl
1. Perform [Provider Registration] and [Invoker Onboarding]
- 2. Create Security Context By Invoker:
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+
+ 3. Create Security Context By Invoker:
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Using **Invoker Certificate**
- 3. Revoke Authorization by Provider:
+ 4. Revoke Authorization by Provider:
* Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
* body [security notification body]
* Using **AEF Certificate**.
- 4. Retrieve Security Context by Provider:
+ 5. Retrieve Security Context by Provider:
* Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* Using **AEF Certificate**.
@@ -672,7 +728,7 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context
4. Revoke Security Context by invoker
5. Retrieve Security Context
@@ -681,17 +737,22 @@ At this documentation you will have all information and related files and exampl
1. Perform [Provider Registration] and [Invoker Onboarding]
- 2. Create Security Context for this Invoker:
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+
+ 3. Create Security Context for this Invoker:
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Using **Invoker Certificate**.
- 3. Revoke Authorization by invoker:
+ 4. Revoke Authorization by invoker:
* Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
* body [security notification body]
* Using **Invoker Certificate**
- 4. Retrieve Security Context of Invoker by Provider:
+ 5. Retrieve Security Context of Invoker by Provider:
* Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* Using Provider Certificate
@@ -726,7 +787,7 @@ At this documentation you will have all information and related files and exampl
**Execution Steps**:
1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
+ 2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
3. Create Security Context
4. Revoke Security Context by Provider
5. Retrieve Security Context
@@ -734,18 +795,22 @@ At this documentation you will have all information and related files and exampl
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
- 2. Create Security Context for this Invoker:
+ 3. Create Security Context for this Invoker:
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
* Using **Invoker Certificate**.
- 3. Revoke Authorization by Provider:
+ 4. Revoke Authorization by Provider:
* Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/delete**
* body [security notification body]
* Using **AEF Certificate**.
- 4. Retrieve Security Context of Invoker by Provider:
+ 5. Retrieve Security Context of Invoker by Provider:
* Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true**
* This request will ask with parameter to retrieve authenticationInfo and authorizationInfo
* Using **AEF Certificate**.
@@ -768,7 +833,7 @@ At this documentation you will have all information and related files and exampl
## Test Case 19: Retrieve access token
-**Test ID**:: ***capif_security_api-19***
+**Test ID**:: ***capif_security_api-19***, ***smoke***
**Description**:
@@ -1285,5 +1350,6 @@ At this documentation you will have all information and related files and exampl
[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding"
[provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration"
+ [service api description]: ../api_publish_service/service_api_description_post_example.json "Service API Description Request"
--
GitLab