From f5214dd042ec0a98191c76109d9c48aed2ec26b8 Mon Sep 17 00:00:00 2001
From: Pelayo Torres <pelayo.torresalonso@telefonica.com>
Date: Thu, 25 Jun 2026 15:44:38 +0200
Subject: [PATCH] Opendiscover tests

---
 doc/testing/testplan/README.md                |   1 +
 .../api_open_discover_service/README.md       | 288 ++++++++++++++++++
 2 files changed, 289 insertions(+)
 create mode 100644 doc/testing/testplan/api_open_discover_service/README.md

diff --git a/doc/testing/testplan/README.md b/doc/testing/testplan/README.md
index 794c4ab1..91377d85 100644
--- a/doc/testing/testplan/README.md
+++ b/doc/testing/testplan/README.md
@@ -6,6 +6,7 @@ List of Common API Services implemented:
 * [Api Provider Management](./api_provider_management/README.md)
 * [Api Publish Service](./api_publish_service/README.md)
 * [Api Discover Service](./api_discover_service/README.md)
+* [Api Open Discover Service](./api_open_discover_service/README.md)
 * [Api Events Service](./api_events_service/README.md)
 * [Api Security Service](./api_security_service/README.md)
 * [Api Logging Service](./api_logging_service/README.md)
diff --git a/doc/testing/testplan/api_open_discover_service/README.md b/doc/testing/testplan/api_open_discover_service/README.md
new file mode 100644
index 00000000..6fd63581
--- /dev/null
+++ b/doc/testing/testplan/api_open_discover_service/README.md
@@ -0,0 +1,288 @@
+# Test Plan for CAPIF Open Discover Service API
+At this documentation you will have all information and related files and examples of test plan for this API.
+
+## Test Case 1: Open Discover Published service APIs by Authorised Entity
+
+**Test ID**: ***capif_api_open_discover_service-1***
+
+**Description**:
+
+  This test case will check if any JWT-authenticated entity can open discover published service APIs.
+
+**Pre-Conditions**:
+
+  * Service APIs are published.
+  * Provider was registered previously.
+
+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API at CCF.
+  2. Open Discover Service APIs using JWT token.
+
+**Information of Test**:
+
+  1. Perform [Provider Registration]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Request Open Discover Published APIs:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis**
+     * No query parameters required
+     * Use **JWT Bearer Token**
+
+**Expected Result**:
+
+  1. Response to Publish request must accomplish:
+     1. **201 Created**
+     2. Response Body must follow **ServiceAPIDescription** data structure with:
+        * apiId
+     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
+
+  2. Response to Open Discover Request:
+     1. **200 OK** response.
+     2. Response body must follow **OpenDiscoveryResp** data structure:
+        * Check if `discApis` contains the API published previously.
+
+
+## Test Case 2: Open Discover Published service APIs by Non Authorised Entity
+
+**Test ID**: ***capif_api_open_discover_service-2***
+
+**Description**:
+
+  This test case will check that a request without a valid JWT token is rejected with 401 Unauthorized.
+
+**Pre-Conditions**:
+
+  * Service APIs are published.
+
+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service API at CCF.
+  2. Request Open Discover without JWT token.
+
+**Information of Test**:
+
+  1. Perform [Provider Registration]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Request Open Discover Published APIs without authorization:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis**
+     * No `Authorization` header
+
+**Expected Result**:
+
+  1. Response to Publish request must accomplish:
+     1. **201 Created**
+     2. Response Body must follow **ServiceAPIDescription** data structure with:
+        * apiId
+     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
+
+  2. Response to Open Discover Request:
+     1. **401 Unauthorized**
+     2. Error Response Body must accomplish with **ProblemDetails** data structure with:
+        * status 401
+        * title with message "Unauthorized"
+        * detail with message "User not authorized".
+        * cause with message "Certificate not authorized".
+
+
+## Test Case 3: Open Discover Published service APIs when no APIs are published
+
+**Test ID**: ***capif_api_open_discover_service-3***
+
+**Description**:
+
+  This test case will check that the Open Discover endpoint returns 404 when no service APIs are registered at the CCF.
+
+**Pre-Conditions**:
+
+  * No Service APIs are published at the CCF.
+
+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates. Do not publish any API.
+  2. Request Open Discover using JWT token.
+
+**Information of Test**:
+
+  1. Perform [Provider Registration]
+  2. Request Open Discover without any published APIs:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis**
+     * Use **JWT Bearer Token**
+
+**Expected Result**:
+
+  1. Response to Open Discover Request:
+     1. **404 Not Found** response.
+     2. Error Response Body must accomplish with **ProblemDetails** data structure with:
+        * status 404
+        * title with message "Not Found"
+        * detail with message "No API Published accomplish filter conditions".
+        * cause with message "No API Published accomplish filter conditions".
+
+
+## Test Case 4: Open Discover Published service APIs filtered by api-names with 1 result
+
+**Test ID**: ***capif_api_open_discover_service-4***
+
+**Description**:
+
+  This test case will check if an authenticated entity can filter open discovered service APIs by API name and obtain only the matching result.
+
+**Pre-Conditions**:
+
+  * At least 2 Service APIs are published.
+
+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service APIs **service_1** and **service_2** at CCF.
+  2. Open Discover all Service APIs.
+  3. Open Discover filtered by api-names **service_1**.
+
+**Information of Test**:
+
+  1. Perform [Provider Registration]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_2**
+     * Use **APF Certificate**
+  4. Request Open Discover Published APIs:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis**
+     * Use **JWT Bearer Token**
+  5. Request Open Discover filtering by api-names:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis?api-names=service_1**
+     * Use **JWT Bearer Token**
+
+**Expected Result**:
+
+  1. Response to each Publish request must accomplish:
+     1. **201 Created**
+     2. Response Body must follow **ServiceAPIDescription** data structure with:
+        * apiId
+     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
+  2. Response to Open Discover Request (no filter):
+     1. **200 OK** response.
+     2. Response body must follow **OpenDiscoveryResp** data structure:
+        * Check if `discApis` contains the 2 previously published Service APIs.
+  3. Response to Open Discover Request (filtered by api-names=service_1):
+     1. **200 OK** response.
+     2. Response body must follow **OpenDiscoveryResp** data structure:
+        * Check if `discApis` contains **only** the API published with api-name **service_1**.
+
+
+## Test Case 5: Open Discover Published service APIs filtered by api-names with no match
+
+**Test ID**: ***capif_api_open_discover_service-5***
+
+**Description**:
+
+  This test case will check that filtering by an api-name that does not match any published API returns 404 Not Found.
+
+**Pre-Conditions**:
+
+  * At least 2 Service APIs are published.
+
+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service APIs **service_1** and **service_2** at CCF.
+  2. Open Discover all Service APIs.
+  3. Open Discover filtered by api-names **NOT_VALID_NAME**.
+
+**Information of Test**:
+
+  1. Perform [Provider Registration]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_2**
+     * Use **APF Certificate**
+  4. Request Open Discover Published APIs:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis**
+     * Use **JWT Bearer Token**
+  5. Request Open Discover filtering by non-existent api-name:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis?api-names=NOT_VALID_NAME**
+     * Use **JWT Bearer Token**
+
+**Expected Result**:
+
+  1. Response to each Publish request must accomplish:
+     1. **201 Created**
+     2. Response Body must follow **ServiceAPIDescription** data structure with:
+        * apiId
+     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
+  2. Response to Open Discover Request (no filter):
+     1. **200 OK** response.
+     2. Response body must follow **OpenDiscoveryResp** data structure:
+        * Check if `discApis` contains the 2 previously published Service APIs.
+  3. Response to Open Discover Request (filtered by api-names=NOT_VALID_NAME):
+     1. **404 Not Found** response.
+     2. Error Response Body must accomplish with **ProblemDetails** data structure with:
+        * status 404
+        * title with message "Not Found"
+        * detail with message "No API Published accomplish filter conditions".
+        * cause with message "No API Published accomplish filter conditions".
+
+
+## Test Case 6: Open Discover Published service APIs not filtered
+
+**Test ID**: ***capif_api_open_discover_service-6***
+
+**Description**:
+
+  This test case will check if an authenticated entity can open discover all published service APIs without applying any filter.
+
+**Pre-Conditions**:
+
+  * 2 Service APIs are published.
+
+**Execution Steps**:
+
+  1. Register Provider at CCF, store certificates and Publish Service APIs **service_1** and **service_2** at CCF.
+  2. Open Discover all Service APIs without filter.
+
+**Information of Test**:
+
+  1. Perform [Provider Registration]
+  2. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_1**
+     * Use **APF Certificate**
+  3. Publish Service API at CCF:
+     * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+     * body [service api description] with apiName **service_2**
+     * Use **APF Certificate**
+  4. Request Open Discover Published APIs not filtered:
+     * Send **GET** to **https://{CAPIF_HOSTNAME}/open-api-disc/v1/service-apis**
+     * Use **JWT Bearer Token**
+
+**Expected Result**:
+
+  1. Response to each Publish request must accomplish:
+     1. **201 Created**
+     2. Response Body must follow **ServiceAPIDescription** data structure with:
+        * apiId
+     3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
+
+  2. Response to Open Discover Request:
+     1. **200 OK** response.
+     2. Response body must follow **OpenDiscoveryResp** data structure:
+        * Check if `discApis` contains the 2 previously published Service APIs.
+
+
+   [service api description]: ../api_publish_service/service_api_description_post_example.json  "Service API Description Request"
+   [publisher register body]: ../api_publish_service/publisher_register_body.json  "Publish register Body"
+   [provider request body]: ../api_provider_management/provider_details_post_example.json  "API Provider Enrolment Request"
+   [provider request patch body]: ../api_provider_management/provider_details_enrolment_details_patch_example.json  "API Provider Enrolment Patch Request"
+
+   [provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration"
-- 
GitLab