Resolve "security test plan"

Closes #34 (closed)

doc/testing/testplan/api_security_service/README.md

@@ -16,15 +16,19 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Store signed Certificate
-  3. Create Security Context
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  4. Create Security Context
 
 **Information of Test**:
 
-  1. Perform [Invoker Onboarding]
-  2. Create Security Context for this Invoker
+  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this Invoker
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
-     * body [service security body]
+     * body [service security body] with aefId and apiId
      * Use **Invoker Certificate**
 
 **Expected Result**:
@@ -49,15 +53,18 @@ At this documentation you will have all information and related files and exampl
 
 **Execution Steps**:
 
-  1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  1. Register and onboard Invoker at CCF.
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context using Provider certificate
 
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
-
-  2. Create Security Context for this Invoker but using Provider certificate.
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this Invoker but using Provider certificate.
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * body [service security body]
      * Using **AEF Certificate**
@@ -90,13 +97,17 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register Provider at CCF
-  2. Create Security Context using Provider certificate
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Create Security Context using Provider certificate
 
 **Information of Test**:
 
-  1. Perform [Provider Registration]
-
-  2. Create Security Context for this not valid apiInvokerId and using Provider certificate.
+  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this not valid apiInvokerId and using Provider certificate.
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
      * body [service security body]
      * Using **AEF Certificate**
@@ -128,13 +139,17 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Create Security Context using Provider certificate
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Create Security Context using Provider certificate
 
 **Information of Test**:
 
-  1. Perform [Invoker Onboarding]
-
-  2. Create Security Context for this Invoker:
+  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Create Security Context for this Invoker:
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
      * body [service security body]
      * Use **Invoker Certificate**
@@ -154,7 +169,7 @@ At this documentation you will have all information and related files and exampl
 
 ## Test Case 5: Retrieve the Security Context of an API Invoker
 
-**Test ID**:: ***capif_security_api-5***
+**Test ID**:: ***capif_security_api-5***, ***smoke***
 
 **Description**:
 
@@ -167,13 +182,17 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context using Provider certificate
   4. Retrieve Security Context by Provider
 
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
   2. Create Security Context for this Invoker.
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
@@ -205,13 +224,18 @@ At this documentation you will have all information and related files and exampl
 
 **Execution Steps**:
 
-  2. Register Provider at CCF
+  1. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context using Provider certificate
   4. Retrieve Security Context by Provider of invalid invoker
 
 **Information of Test**:
 
-  1. Perform [Provider Registration]
+  1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
   2. Retrieve Security Context of invalid Invoker by Provider:
      * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
@@ -243,9 +267,10 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Store signed Certificate
-  3. Create Security Context
-  4. Retrieve Security Context as Provider.
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Store signed Certificate
+  4. Create Security Context
+  5. Retrieve Security Context as Provider.
 
 **Information of Test**:
 
@@ -273,7 +298,7 @@ At this documentation you will have all information and related files and exampl
 
 ## Test Case 8: Delete the Security Context of an API Invoker
 
-**Test ID**:: ***capif_security_api-8***
+**Test ID**:: ***capif_security_api-8***, ***smoke***
 
 **Description**:
 
@@ -286,24 +311,28 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context using Provider certificate
   4. Delete Security Context by Provider
 
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
-  2. Create Security Context for this Invoker but using Provider certificate.
+  3. Create Security Context for this Invoker but using Provider certificate.
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * body [service security body]
      * Using **AEF Certificate**
 
-  3. Delete Security Context of Invoker by Provider:
+  4. Delete Security Context of Invoker by Provider:
      * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * Use **AEF Certificate**
 
-  4. Retrieve Security Context of Invoker by Provider:
+  5. Retrieve Security Context of Invoker by Provider:
      * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * Using **AEF Certificate**
 
@@ -336,19 +365,24 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register Provider at CCF
-  2. Create Security Context using Provider certificate
-  3. Delete Security Context by Invoker
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Create Security Context using Provider certificate
+  4. Delete Security Context by Invoker
 
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
-  2. Create Security Context for this Invoker:
+  3. Create Security Context for this Invoker:
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * body [service security body]
      * Using **Invoker Certificate**
 
-  3. Delete Security Context of Invoker:
+  4. Delete Security Context of Invoker:
      * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * Use **Invoker Certificate**
 
@@ -437,7 +471,7 @@ At this documentation you will have all information and related files and exampl
 
 ## Test Case 12: Update the Security Context of an API Invoker 
 
-**Test ID**:: ***capif_security_api-12***
+**Test ID**:: ***capif_security_api-12***, ***smoke***
 
 **Description**:
 
@@ -450,7 +484,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context By Invoker
   4. Update Security Context By Invoker
   5. Retrieve Security Context By Provider
@@ -458,6 +492,10 @@ At this documentation you will have all information and related files and exampl
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
   2. Create Security Context for this Invoker:
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
@@ -501,20 +539,24 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context
   4. Update Security Context as Provider
 
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
-  2. Create Security Context for this Invoker:
+  3. Create Security Context for this Invoker:
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * body [service security body]
      * Using **Invoker Certificate**.
 
-  3. Update Security Context of Invoker by Provider:
+  4. Update Security Context of Invoker by Provider:
      * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/update**
      * body [service security body] but with notification destination modified to **http://robot.testing2**
      * Using **AEF Certificate**
@@ -545,14 +587,18 @@ At this documentation you will have all information and related files and exampl
 
 **Execution Steps**:
 
-  1. Register Provider at CCF
+  1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   2. Update Security Context as Provider
 
 **Information of Test**:
 
   1. Perform [Provider Registration]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
-  2. Update Security Context of Invoker by Provider:
+  3. Update Security Context of Invoker by Provider:
      * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
      * body [service security body]
      * Using **AEF Certificate**
@@ -583,13 +629,18 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Update Security Context
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
+  3. Update Security Context
 
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
-  2. Update Security Context of Invoker:
+  3. Update Security Context of Invoker:
      * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
      * body [service security body]
      * Using **Invoker Certificate**.
@@ -620,7 +671,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context by Invoker
   4. Revoke Security Context by Provider
   5. Retrieve Security Context by Provider
@@ -629,17 +680,22 @@ At this documentation you will have all information and related files and exampl
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
 
-  2. Create Security Context By Invoker:
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+
+  3. Create Security Context By Invoker:
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * body [service security body]
      * Using **Invoker Certificate**
 
-  3. Revoke Authorization by Provider:
+  4. Revoke Authorization by Provider:
      * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
      * body [security notification body]
      * Using **AEF Certificate**.
 
-  4. Retrieve Security Context by Provider:
+  5. Retrieve Security Context by Provider:
      * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * Using **AEF Certificate**.
 
@@ -672,7 +728,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context
   4. Revoke Security Context by invoker
   5. Retrieve Security Context
@@ -681,17 +737,22 @@ At this documentation you will have all information and related files and exampl
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
 
-  2. Create Security Context for this Invoker:
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+
+  3. Create Security Context for this Invoker:
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * body [service security body]
      * Using **Invoker Certificate**.
 
-  3. Revoke Authorization by invoker:
+  4. Revoke Authorization by invoker:
      * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
      * body [security notification body]
      * Using **Invoker Certificate**
 
-  4. Retrieve Security Context of Invoker by Provider:
+  5. Retrieve Security Context of Invoker by Provider:
      * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * Using Provider Certificate
 
@@ -726,7 +787,7 @@ At this documentation you will have all information and related files and exampl
 **Execution Steps**:
 
   1. Register and onboard Invoker at CCF
-  2. Register Provider at CCF
+  2. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF.
   3. Create Security Context
   4. Revoke Security Context by Provider
   5. Retrieve Security Context
@@ -734,18 +795,22 @@ At this documentation you will have all information and related files and exampl
 **Information of Test**:
 
   1. Perform [Provider Registration] and [Invoker Onboarding]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
 
-  2. Create Security Context for this Invoker:
+  3. Create Security Context for this Invoker:
      * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
      * body [service security body]
      * Using **Invoker Certificate**.
 
-  3. Revoke Authorization by Provider:
+  4. Revoke Authorization by Provider:
      * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/delete**
      * body [security notification body]
      * Using **AEF Certificate**.
 
-  4. Retrieve Security Context of Invoker by Provider:
+  5. Retrieve Security Context of Invoker by Provider:
      * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true**
      * This request will ask with parameter to retrieve authenticationInfo and authorizationInfo
      * Using **AEF Certificate**.
@@ -768,7 +833,7 @@ At this documentation you will have all information and related files and exampl
 
 ## Test Case 19: Retrieve access token
 
-**Test ID**:: ***capif_security_api-19***
+**Test ID**:: ***capif_security_api-19***, ***smoke***
 
 **Description**:
 
@@ -1285,5 +1350,6 @@ At this documentation you will have all information and related files and exampl
 
   [invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding"
   [provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration"
+  [service api description]: ../api_publish_service/service_api_description_post_example.json  "Service API Description Request"