diff --git a/doc/architecture.md b/doc/architecture.md new file mode 100644 index 0000000000000000000000000000000000000000..ef7fcf9a38faa9536fdd57260489b48507513c07 --- /dev/null +++ b/doc/architecture.md @@ -0,0 +1,5 @@ +drawing + +# Architecture + + diff --git a/doc/images/logo_osl.png b/doc/images/logo_osl.png deleted file mode 100644 index e6eb89a7da94edc6ea26dcb1972d9e101b0dffee..0000000000000000000000000000000000000000 Binary files a/doc/images/logo_osl.png and /dev/null differ diff --git a/doc/images/logo_osl_square.png b/doc/images/logo_osl_square.png deleted file mode 100644 index 37cbc4ba60771e54c3ea2f18fa89a7e3af387360..0000000000000000000000000000000000000000 Binary files a/doc/images/logo_osl_square.png and /dev/null differ diff --git a/doc/images/logo_osl_square_non_transp.png b/doc/images/logo_osl_square_non_transp.png deleted file mode 100644 index a7f8684e95a987b15dacb02675bd3ac9ec7ed091..0000000000000000000000000000000000000000 Binary files a/doc/images/logo_osl_square_non_transp.png and /dev/null differ diff --git a/doc/images/openslice_logo.png b/doc/images/openslice_logo.png deleted file mode 100644 index 2fa5efc135209ce66cee07ea7a76dc0a4cff9244..0000000000000000000000000000000000000000 Binary files a/doc/images/openslice_logo.png and /dev/null differ diff --git a/doc/images/openslice_logo_old.png b/doc/images/openslice_logo_old.png deleted file mode 100644 index 61a38a515223bb67a78da6694c34dbe08c89e942..0000000000000000000000000000000000000000 Binary files a/doc/images/openslice_logo_old.png and /dev/null differ diff --git a/doc/index.md b/doc/index.md index 10d23eefdf17602dc64e7a329925172b647a3be9..8b61b159189480e697259e55b51aa87b07461364 100644 --- a/doc/index.md +++ b/doc/index.md @@ -1,51 +1,7 @@ drawing -# Release X.X.X-rc -This release includes next changes: - -**New register flow to ensure:** - - - isolation between CCF and Register services. - - Improve security, with split resposability between administrator operations and common user. - -**Improved Testing with Robot in order to cover:** - - - New Register flows. - - Allow different URLs for register, ccf and vault services. - -**Improved security on DB:** - - - Credentials requested to access mongo databases. - - Credentials requested also by mongo-express. - -**Scripts upgraded:** - - - docker compose version 2 used on them. - - New cleaning script developed. - -**Cleanup of capif repository:** - - - Documentation is now on splitted repository [OCF Documentation Repository] - - Test plan was moved to [OCF Documentation Repository] - - Obsolote data is removed. - - -# Release 0.0 - -The APIs included in Release 0.0 are: - -- JWT Authentication APIs -- CAPIF Invoker Management API -- CAPIF Publish API -- CAPIF Discover API -- CAPIF Security API -- CAPIF Events API -- CAPIF Provider Management API - -This Release also includes a Robot Test Suite for all those services and a Postman Test Suite for simple testing. - -## What is OpenCAPIF? +# What is OpenCAPIF? OpenCAPIF is an open source implementation of the CAPIF Core Function APIs plus the logic and additional services required to fulfill the 3GPP requirements and deliver the expected functionality. @@ -81,7 +37,7 @@ The following diagram shows how API Invokers and API Providers interact with the If you want to know more about OpenCAPIF check [The story behind openCAPIF](https://ocf.etsi.org/news/20240110_the_story_behind_opencapif/) -## Repository structure +# Repository structure You can check the code at [OpenCAPIF Repository] @@ -101,21 +57,21 @@ CAPIF_API_Services * **tools**: Auxiliary tools. Robot Framework related code and OpenAPI scripts. * **test**: Tests developed using Robot Framework. -## CAPIF_API_Services +# CAPIF_API_Services This repository has the python-flask Mockup servers created with openapi-generator related with CAPIF APIS defined here: [Open API Descriptions of 3GPP 5G APIs] -## How to test CAPIF APIs +# How to test CAPIF APIs The above APIs can be tested either with POSTMAN tool or running the developed tests with Robot Framework. -## Test Plan Documentation +# Test Plan Documentation Complete documentation of tests is available here: [Test Plan Directory] -## Robot Framework +# Robot Framework In order to ensure that modifications over CAPIF services still fulfills the required functionality, the Robot Framework Test Suite must be successfully run. @@ -123,15 +79,15 @@ The Robot Test Suite covers the requirements described in the test plan at [Test Please check the [Testing with Robot Framework] Section -## Using PostMan +# Using PostMan You can also test the CAPIF flow using the Postman tool. To do this, we have created a collection with some examples of CAPIF requests with everything necessary to carry them out. For more information on how to test the APIs with POSTMAN, go to this [POSTMAN Section]. -## Important urls: +# Important urls: -## Mongo CAPIF's DB Dashboard +# Mongo CAPIF's DB Dashboard ``` http://localhost:8082/ (if accessed from localhost) @@ -140,7 +96,7 @@ or http://:8082/ (if accessed from another host) ``` -## Mongo Register's DB Dashboard +# Mongo Register's DB Dashboard ``` http://localhost:8083/ (if accessed from localhost) @@ -149,15 +105,12 @@ or http://:8083/ (if accessed from another host) ``` -## FAQ Documentation +# FAQ Documentation Frequently asked questions can be found here: [FAQ Section] - - - [Test Plan Directory]: ./testing/testplan/README.md "Test Plan Directory" [Testing with Robot Framework]: ./testing/robotframework/README.md "Testing with Robot Framework" [FAQ Section]: ./FAQ.md "FAQ Section" diff --git a/doc/releasenotes.md b/doc/releasenotes.md new file mode 100644 index 0000000000000000000000000000000000000000..90717e22658db0bdf24713e4142ad53b407e5c16 --- /dev/null +++ b/doc/releasenotes.md @@ -0,0 +1,45 @@ +# Release X.X.X-rc + +This release includes next changes: + +**New register flow to ensure:** + + - isolation between CCF and Register services. + - Improve security, with split resposability between administrator operations and common user. + +**Improved Testing with Robot in order to cover:** + + - New Register flows. + - Allow different URLs for register, ccf and vault services. + +**Improved security on DB:** + + - Credentials requested to access mongo databases. + - Credentials requested also by mongo-express. + +**Scripts upgraded:** + + - docker compose version 2 used on them. + - New cleaning script developed. + +**Cleanup of capif repository:** + + - Documentation is now on splitted repository [OCF Documentation Repository] + - Test plan was moved to [OCF Documentation Repository] + - Obsolote data is removed. + + +# Release 0.0 + +The APIs included in Release 0.0 are: + +- JWT Authentication APIs +- CAPIF Invoker Management API +- CAPIF Publish API +- CAPIF Discover API +- CAPIF Security API +- CAPIF Events API +- CAPIF Provider Management API + +This Release also includes a Robot Test Suite for all those services and a Postman Test Suite for simple testing. + diff --git a/doc/testing/robotframework/README.md b/doc/testing/robotframework/README.md index 7eb83dd48697fafb4973b9bdc3da19c264dd2f91..fad7717ec1ca73ee5e8d77eb3f1a799372f37de8 100644 --- a/doc/testing/robotframework/README.md +++ b/doc/testing/robotframework/README.md @@ -15,18 +15,32 @@ To run any test locally you will need *docker* and *docker-compose* installed in ## Script Test Execution This script will build robot docker image if it's need and execute tests selected by "include" option. Just go to service folder, execute and follow steps. ``` -./runCapifTests.sh --include +./run_capif_tests.sh --include ``` Results will be stored at /results Please check parameters (include) under *Test Execution* at [Manual Build And Test Execution](#manual-build-and-test-execution). +### Mock Server +Some tests on Test Plans require mockserver. That mock server must be deployed and reachable by Robot Framework and CCF under test. + +To run Mock Server locally you can just execute the next script: +``` +cd services +./run_mock_server.sh +``` + +If you want to launch only tests that not needed mockserver, just add "--exclude mockserver" parameter to robot execution: +``` +./run_capif_tests.sh --include --exclude mockserver +``` + ## Manual Build And Test Execution * **Build Robot docker image**: ``` cd tools/robot -docker build . -t 5gnow-robot-test:latest +docker build . -t capif-robot-test:latest ``` * **Tests Execution**: @@ -35,11 +49,34 @@ Execute all tests locally: ``` =path in local machine to repository cloned. =path to a folder on local machine to store results of Robot Framework execution. -=Is the hostname set when run.sh is executed, by default it will be capifcore. +=Is the hostname set when run.sh is executed, by default it is capifcore. =This is the port to reach when robot framework want to reach CAPIF deployment using http, this should be set to port without TLS set on Nginx, 8080 by default. +=This is the port to be used when we want to use https connection, this should be set to port with TLS set on Nginx, 443 by default +=This is the hostname of register service deployed. By default it is register. +=This is the port to be used to reach register service deployed. By default it is 8084. +=This is the hostname of vault service. By default it is vault. +=This is the port to be used to reach vault service. By default it is 8200. +=Vault token to be used on request through vault. By default it is "read-ca-token". +=Setup Mock server url to be used in notifications at tests marked with mockserver tag. By default it is not set. To execute all tests run : -docker run -ti --rm --network="host" -v /tests:/opt/robot-tests/tests -v :/opt/robot-tests/results 5gnow-robot-test:latest --variable CAPIF_HOSTNAME:capifcore --variable CAPIF_HTTP_PORT:8080 --include all +docker run -ti --rm --network="host" \ + --add-host host.docker.internal:host-gateway \ + --add-host vault:host-gateway \ + --add-host register:host-gateway \ + --add-host mockserver:host-gateway \ + -v /tests:/opt/robot-tests/tests \ + -v :/opt/robot-tests/results capif-robot-test:latest \ + --variable CAPIF_HOSTNAME:$CAPIF_HOSTNAME \ + --variable CAPIF_HTTP_PORT:$CAPIF_HTTP_PORT \ + --variable CAPIF_HTTPS_PORT:$CAPIF_HTTPS_PORT \ + --variable CAPIF_REGISTER:$CAPIF_REGISTER \ + --variable CAPIF_REGISTER_PORT:$CAPIF_REGISTER_PORT \ + --variable CAPIF_VAULT:$CAPIF_VAULT \ + --variable CAPIF_VAULT_PORT:$CAPIF_VAULT_PORT \ + --variable CAPIF_VAULT_TOKEN:$CAPIF_VAULT_TOKEN \ + --variable MOCK_SERVER_URL:$MOCK_SERVER_URL \ + --include all ``` Execute specific tests locally: @@ -57,7 +94,23 @@ To run more specific tests, for example, only one functionality: "capif_security_api And Run: -docker run -ti --rm --network="host" -v /tests:/opt/robot-tests/tests -v :/opt/robot-tests/results 5gnow-robot-test:latest --variable CAPIF_HOSTNAME:capifcore --variable CAPIF_HTTP_PORT:8080 --include +docker run -ti --rm --network="host" \ + --add-host host.docker.internal:host-gateway \ + --add-host vault:host-gateway \ + --add-host register:host-gateway \ + --add-host mockserver:host-gateway \ + -v /tests:/opt/robot-tests/tests \ + -v :/opt/robot-tests/results capif-robot-test:latest \ + --variable CAPIF_HOSTNAME:$CAPIF_HOSTNAME \ + --variable CAPIF_HTTP_PORT:$CAPIF_HTTP_PORT \ + --variable CAPIF_HTTPS_PORT:$CAPIF_HTTPS_PORT \ + --variable CAPIF_REGISTER:$CAPIF_REGISTER \ + --variable CAPIF_REGISTER_PORT:$CAPIF_REGISTER_PORT \ + --variable CAPIF_VAULT:$CAPIF_VAULT \ + --variable CAPIF_VAULT_PORT:$CAPIF_VAULT_PORT \ + --variable CAPIF_VAULT_TOKEN:$CAPIF_VAULT_TOKEN \ + --variable MOCK_SERVER_URL:$MOCK_SERVER_URL \ + --include ``` ## Test result review diff --git a/doc/testing/testplan/README.md b/doc/testing/testplan/README.md index 2031569738a2ae34529a68bd4568f996813b90bc..340bce285e9d96bdcb89a723a64d076b982385c7 100644 --- a/doc/testing/testplan/README.md +++ b/doc/testing/testplan/README.md @@ -1,6 +1,7 @@ # Test Plan Index List of Common API Services implemented: +* [Common Operations](./common_operations/README.md) * [Api Invoker Management](./api_invoker_management/README.md) * [Api Provider Management](./api_provider_management/README.md) * [Api Publish Service](./api_publish_service/README.md) diff --git a/doc/testing/testplan/api_access_control_policy/README.md b/doc/testing/testplan/api_access_control_policy/README.md index dae28c55aae6c70c18883abeeed8a351284c6984..6233badb594b3c1bb779cacc79f737a3771906e2 100644 --- a/doc/testing/testplan/api_access_control_policy/README.md +++ b/doc/testing/testplan/api_access_control_policy/README.md @@ -825,5 +825,5 @@ At this documentation you will have all information and related files and exampl [security notification body]: ./security_notification.json "Security Notification Request" [access token req body]: ./access_token_req.json "Access Token Request" [example]: ./access_token_req.json "Access Token Request Example" -[invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" +[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" [provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration" diff --git a/doc/testing/testplan/api_auditing_service/README.md b/doc/testing/testplan/api_auditing_service/README.md index add1a9d7775aee028f7d197fe1cf7e0cd3509048..8b856af654eaafcea001a11dedf8a23bbaffc43e 100644 --- a/doc/testing/testplan/api_auditing_service/README.md +++ b/doc/testing/testplan/api_auditing_service/README.md @@ -242,6 +242,6 @@ At this documentation you will have all information and related files and exampl [log entry request body]: ../api_logging_service/invocation_log.json "Log Request Body" -[invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" +[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" [provider onboarding]: ../common_operations/README.md#register-a-provider "Provider Onboarding" diff --git a/doc/testing/testplan/api_discover_service/README.md b/doc/testing/testplan/api_discover_service/README.md index 4c5c8f280e7d476bf7b15dcf5c7e47aaa57880df..aaef9ab4fc5ef557cfa83996b7e485b252ee9ea7 100644 --- a/doc/testing/testplan/api_discover_service/README.md +++ b/doc/testing/testplan/api_discover_service/README.md @@ -348,9 +348,8 @@ At this documentation you will have all information and related files and exampl [service api description]: ../api_publish_service/service_api_description_post_example.json "Service API **Description** Request" [publisher register body]: ../api_publish_service/publisher_register_body.json "Publish register Body" [invoker onboarding body]: ../api_invoker_management/invoker_details_post_example.json "API Invoker Request" - [invoker register body]: ../api_invoker_management/invoker_register_body.json "Invoker Register Body" [provider request body]: ../api_provider_management/provider_details_post_example.json "API Provider Enrolment Request" [provider request patch body]: ../api_provider_management/provider_details_enrolment_details_patch_example.json "API Provider Enrolment Patch Request" - [provider getauth body]: ../api_provider_management/provider_getauth_example.json "Get Auth Example" - [invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" + + [invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" [provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration" diff --git a/doc/testing/testplan/api_events_service/README.md b/doc/testing/testplan/api_events_service/README.md index ca259ac3f38efe8b19f63995569f1020269238ac..91ef445f8d102d5c8b26944b03a73486e1594c97 100644 --- a/doc/testing/testplan/api_events_service/README.md +++ b/doc/testing/testplan/api_events_service/README.md @@ -1,8 +1,7 @@ # Test Plan for CAPIF Api Events Service At this documentation you will have all information and related files and examples of test plan for this API. -## Tests - +--- ## Test Case 1: Creates a new individual CAPIF Event Subscription. **Test ID**: ***capif_api_events-1*** @@ -11,24 +10,24 @@ At this documentation you will have all information and related files and exampl This test case will check that a CAPIF subscriber (Invoker or Publisher) can Subscribe to Events **Pre-Conditions**: - + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) +**Execution Steps**: + + 1. Register Invoker and Onboard Invoker at CCF + 2. Subscribe to Events + 3. Retrieve {subscriberId} and {subscriptionId} from Location Header + **Information of Test**: 1. Perform [Invoker Onboarding] 2. Event Subscription: - 1. Send POST to *https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions* + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** 2. body [event subscription request body] - 3. Use Invoker Certificate + 3. Use **Invoker Certificate** -**Execution Steps**: - - 1. Register Invoker and Onboard Invoker at CCF - 2. Subscribe to Events - 3. Retrieve {subscriberId} and {subscriptionId} from Location Header - **Expected Result**: 1. Response to Onboard request must accomplish: @@ -36,16 +35,16 @@ At this documentation you will have all information and related files and exampl 2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with: * apiInvokerId * onboardingInformation->apiInvokerCertificate must contain the public key signed. - 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}* + 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}** 2. Response to Event Subscription must accomplish: 1. **201 Created** - 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: *{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId} + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** 3. Response Body must follow **EventSubscription** data structure. 3. Event Subscriptions are stored in CAPIF Database - +--- ## Test Case 2: Creates a new individual CAPIF Event Subscription with Invalid SubscriberId **Test ID**: ***capif_api_events-2*** @@ -55,23 +54,23 @@ At this documentation you will have all information and related files and exampl This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Subscribe to Events without valid SubcriberId **Pre-Conditions**: - + * CAPIF subscriber is not pre-authorised (has invalid InvokerId or apfId) +**Execution Steps**: + + 1. Register Invoker and Onboard Invoker at CCF + 2. Subscribe to Events + **Information of Test**: 1. Perform [Invoker Onboarding] 2. Event Subscription: - 1. Send POST to *https://{CAPIF_HOSTNAME}/capif-events/v1/{SUBSCRIBER_NOT_REGISTERED}/subscriptions* + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{SUBSCRIBER_NOT_REGISTERED}/subscriptions** 2. body [event subscription request body] - 3. Use Invoker Certificate + 3. Use **Invoker Certificate** -**Execution Steps**: - - 1. Register Invoker and Onboard Invoker at CCF - 2. Subscribe to Events - **Expected Result**: 1. Response to Onboard request must accomplish: @@ -79,7 +78,7 @@ At this documentation you will have all information and related files and exampl 2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with: * apiInvokerId * onboardingInformation->apiInvokerCertificate must contain the public key signed. - 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}* + 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}** 2. Response to Event Subscription must accomplish: 1. **404 Not Found** @@ -91,7 +90,7 @@ At this documentation you will have all information and related files and exampl 3. Event Subscriptions are not stored in CAPIF Database - +--- ## Test Case 3: Deletes an individual CAPIF Event Subscription **Test ID**: ***capif_api_events-3*** @@ -101,29 +100,29 @@ At this documentation you will have all information and related files and exampl This test case will check that a CAPIF subscriber (Invoker or Publisher) can Delete an Event Subscription **Pre-Conditions**: - + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) +**Execution Steps**: + + 1. Register Invoker and Onboard Invoker at CCF + 2. Subscribe to Events + 3. Retrieve {subscriberId} and {subscriptionId} from Location Header + 4. Remove Event Subscription + **Information of Test**: 1. Perform [Invoker Onboarding] 2. Event Subscription: - 1. Send POST to *https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions* + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** 2. body [event subscription request body] - 3. Use Invoker Certificate + 3. Use **Invoker Certificate** 3. Remove Event Subscription: - 1. Send DELETE to *https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions* - 2. Use Invoker Certificate + 1. Send **DELETE** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. Use **Invoker Certificate** -**Execution Steps**: - - 1. Register Invoker and Onboard Invoker at CCF - 2. Subscribe to Events - 3. Retrieve {subscriberId} and {subscriptionId} from Location Header - 4. Remove Event Subscription - **Expected Result**: 1. Response to Onboard request must accomplish: @@ -131,11 +130,11 @@ At this documentation you will have all information and related files and exampl 2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with: * apiInvokerId * onboardingInformation->apiInvokerCertificate must contain the public key signed. - 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}* + 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}** 2. Response to Event Subscription must accomplish: 1. **201 Created** - 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: *{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId} + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** 3. Response Body must follow **EventSubscription** data structure. 3. Event Subscriptions are stored in CAPIF Database @@ -144,7 +143,7 @@ At this documentation you will have all information and related files and exampl 5. Event Subscription is not present at CAPIF Database. - +--- ## Test Case 4: Deletes an individual CAPIF Event Subscription with invalid SubscriberId **Test ID**: ***capif_api_events-4*** @@ -154,30 +153,30 @@ At this documentation you will have all information and related files and exampl This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Delete to Events without valid SubcriberId **Pre-Conditions**: - + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId). * CAPIF subscriber is subscribed to Events. +**Execution Steps**: + + 1. Register Invoker and Onboard Invoker at CCF + 2. Subscribe to Events + 3. Retrieve Location Header with subscriptionId. + 4. Remove Event Subscribed with not valid Subscriber. + **Information of Test**: 1. Perform [Invoker Onboarding] 2. Event Subscription: - 1. Send POST to https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** 2. body [event subscription request body] - 3. Use Invoker Certificate + 3. Use **Invoker Certificate** 3. Remove Event Subcription with not valid subscriber: - 1. Send DELETE to to https://{CAPIF_HOSTNAME}/capif-events/v1/{SUBSCRIBER_ID_NOT_VALID}/subscriptions/{subcriptionId} - 2. Use Invoker Certificate + 1. Send **DELETE** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{SUBSCRIBER_ID_NOT_VALID}/subscriptions/{subcriptionId}** + 2. Use **Invoker Certificate** -**Execution Steps**: - - 1. Register Invoker and Onboard Invoker at CCF - 2. Subscribe to Events - 3. Retrieve Location Header with subscriptionId. - 4. Remove Event Subscribed with not valid Subscriber. - **Expected Result**: 1. Response to Onboard request must accomplish: @@ -185,7 +184,7 @@ At this documentation you will have all information and related files and exampl 2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with: * apiInvokerId * onboardingInformation->apiInvokerCertificate must contain the public key signed. - 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}* + 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}** 2. Response to Event Subscription must accomplish: 1. 201 Created @@ -194,12 +193,13 @@ At this documentation you will have all information and related files and exampl 3. Event Subscriptions are stored in CAPIF Database 4. Error Response Body must accomplish with **ProblemDetails** data structure with: - * status 404 - * title with message "Not Found" - * detail with message "Invoker or APF or AEF or AMF Not found". - * cause with message "Subscriber Not Found". + * status 404 + * title with message "Not Found" + * detail with message "Invoker or APF or AEF or AMF Not found". + * cause with message "Subscriber Not Found". +--- ## Test Case 5: Deletes an individual CAPIF Event Subscription with invalid SubscriptionId **Test ID**: ***capif_api_events-5*** @@ -209,30 +209,30 @@ At this documentation you will have all information and related files and exampl This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Delete an Event Subscription without valid SubscriptionId **Pre-Conditions**: - + * CAPIF subscriber is pre-authorised (has invalid InvokerId or apfId). * CAPIF subscriber is subscribed to Events. +**Execution Steps**: + + 1. Register Invoker and Onboard Invoker at CCF + 2. Subscribe to Events + 3. Retrieve Location Header with subscriptionId. + 4. Remove Event Subscribed with not valid Subscriber. + **Information of Test**: 1. Perform [Invoker Onboarding] 2. Event Subscription: - 1. Send POST to https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions + 1. Send **POST** to https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions 2. body [event subscription request body] - 3. Use Invoker Certificate + 3. Use **Invoker Certificate** 3. Remove Event Subcription with not valid subscriber: - 1. Send DELETE to to https://{CAPIF_HOSTNAME}/capif-events/v1/{subcriberId}/subscriptions/{SUBSCRIPTION_ID_NOT_VALID} - 2. Use Invoker Certificate + 1. Send **DELETE** to to https://{CAPIF_HOSTNAME}/capif-events/v1/{subcriberId}/subscriptions/{SUBSCRIPTION_ID_NOT_VALID} + 2. Use **Invoker Certificate** -**Execution Steps**: - - 1. Register Invoker and Onboard Invoker at CCF - 2. Subscribe to Events - 3. Retrieve Location Header with subscriptionId. - 4. Remove Event Subscribed with not valid Subscriber. - **Expected Result**: 1. Response to Onboard request must accomplish: @@ -240,11 +240,11 @@ At this documentation you will have all information and related files and exampl 2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with: * apiInvokerId * onboardingInformation->apiInvokerCertificate must contain the public key signed. - 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}* + 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}** 2. Response to Event Subscription must accomplish: 1. **201 Created** - 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: *{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId} + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** 3. Response Body must follow **EventSubscription** data structure. 3. Event Subscriptions are stored in CAPIF Database @@ -255,13 +255,504 @@ At this documentation you will have all information and related files and exampl * detail with message "Service API not existing". * cause with message "Event API subscription id not found". +--- +## Test Case 6: Invoker receives Service API Invocation events + +**Test ID**: ***capif_api_events-6***, ***mockserver*** + +**Description**: + + This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs. + +**Pre-Conditions**: + + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) + * CAPIF provider is correctly registered and published APIs. + * API Provider had a Service API Published on CAPIF + * **Mock Server is up and running to receive requests.** + * **Mock Server is clean.** + +**Execution Steps**: + + 1. Register provider and publish one API at CCF + 2. Register Invoker and Onboard Invoker at CCF + 3. Discover published APIs and extract apiIds and apiNames + 4. Subscribe to **SERVICE_API_INVOCATION_SUCCESS** and **SERVICE_API_INVOCATION_FAILURE** event filtering by aefId. + 5. Retrieve {subscriberId} and {subscriptionId} from Location Header + 6. Emulate Success and Failure on API invocation of provider by Invoker, using Invocation Logs API. + +**Information of Test**: + + 1. Perform [provider registration] + 2. Publish Service API at CCF: + + * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis** + * body [service api description] with apiName **service_1** + * Store **serviceApiId** + * Use APF Certificate + + 3. Perform [invoker onboarding] + 4. Discover published APIs: + + * Get **Api Ids** And **Api Names** from response. + + 5. Event Subscription to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE of provider previously registered: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. body [event subscription request body] with: + 1. events: **['SERVICE_API_INVOCATION_SUCCESS','SERVICE_API_INVOCATION_FAILURE']** + 2. eventFilter: only receive events from provider's aefId. + 3. Use **Invoker Certificate** + + 7. Create Log Entry emulating provider receive Success and Failure api invocation from invoker: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs** + 2. body [log entry request body] with: + 1. aefId from provider published. + 2. apiInvokerId from invoker onboarded. + 3. apiId of published API + 4. apiName of published API + 5. 200 and 400 results in two logs. + 3. Use AEF Certificate + +**Expected Result**: + + 1. Response to Event Subscription must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** + 3. Response Body must follow **EventSubscription** data structure. + 2. Response to creation of log entry on CCF must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/api-invocation-logs/{apiVersion}/{aefId}/subscriptions/{logId}** + 3. Mock Server received messages must accomplish: + 1. **Two Events have been received**. + 2. Validate received events follow **EventNotification** data structure, with **invocationLog** in **eventDetail** parameter. + 1. One should be **SERVICE_API_INVOCATION_SUCCESS** related with **200** result at Log. + 2. The other one must be **SERVICE_API_INVOCATION_FAILURE** related with **400** result at Log. + +--- +## Test Case 7: Invoker subscribe to Service API Available and Unavailable events + +**Test ID**: ***capif_api_events-7***, ***mockserver*** + +**Description**: + + This test case will check that a CAPIF Invoker subscribed to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE, receive the notification when AEF publish and remove it. + +**Pre-Conditions**: + + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) + * CAPIF provider is correctly registered and published APIs. + * **Mock Server is up and running to receive requests.** + * **Mock Server is clean.** + +**Execution Steps**: + + 1. Register provider and publish one API at CCF + 2. Register Invoker and Onboard Invoker at CCF + 3. Discover published APIs and extract apiIds and apiNames + 4. Subscribe to **SERVICE_API_AVAILABLE** and **SERVICE_API_UNAVAILABLE** event filtering by aefId. + 5. Retrieve {subscriberId} and {subscriptionId} from Location Header + 6. Provider publish new API. + 7. Provider remove published API. + +**Information of Test**: + + 1. Perform [provider registration] + 2. Publish Service API at CCF: + + * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis** + * body [service api description] with apiName **service_1** + * Store **serviceApiId** + * Use **APF Certificate** + + 3. Perform [invoker onboarding] + 4. Discover published APIs: + + * Get **Api Ids** And **Api Names** from response. + + 5. Event Subscription to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE of provider previously registered: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. body [event subscription request body] with: + 1. events: **['SERVICE_API_AVAILABLE','SERVICE_API_UNAVAILABLE']** + 2. eventFilter: only receive events from provider's aefId. + 3. Use **Invoker Certificate** + + 6. Publish new Service API at CCF: + + * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis** + * body [service api description] with apiName **service_2** + * Store **serviceApiId** + * Use **APF Certificate** + + 7. Remove published Service API at CCF: + * Send **DELETE** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID}** + * Use **APF Certificate** + + +**Expected Result**: + + 1. Response to Event Subscription must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** + 3. Response Body must follow **EventSubscription** data structure. + + 2. Mock Server received messages must accomplish: + 1. **Two Events have been received**. + 2. Validate received events follow **EventNotification** data structure, with **apiIds** in **eventDetail** parameter. + 1. One should be **SERVICE_API_AVAILABLE** apiId of service_2 published API. + 2. The other one must be **SERVICE_API_UNAVAILABLE** apiId of service_1 published API. + +--- +## Test Case 8: Invoker subscribe to Service API Update + +**Test ID**: ***capif_api_events-8***, ***mockserver*** + +**Description**: + + This test case will check that a CAPIF Invoker subscribed to SERVICE_API_UPDATE, receive the notification when AEF Update some information on API Published. + +**Pre-Conditions**: + + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) + * CAPIF provider is correctly registered and published APIs. + * API Provider had a Service API Published on CAPIF + * **Mock Server is up and running to receive requests.** + * **Mock Server is clean.** + +**Execution Steps**: + + 1. Register Provider and publish one API at CCF + 2. Register Invoker and Onboard Invoker at CCF + 3. Discover published APIs and extract apiIds and apiNames + 4. Subscribe to **SERVICE_API_UPDATE** event filtering by aefId. + 5. Retrieve {subscriberId} and {subscriptionId} from Location Header at event subscription + 6. Provider update information of Service API Published. + +**Information of Test**: + + 1. Check and Clean Mock Server + 2. Perform [provider registration] + 3. Publish Service API at CCF: + * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis** + * body [service api description] with apiName **service_1** + * Use ***APF Certificate*** + * Store **serviceApiId** + 4. Perform [invoker onboarding] + 5. Discover published APIs: + + * Get **Api Ids** And **Api Names** from response. + + 6. Event Subscription to SERVICE_API_UPDATE of provider previously registered: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. body [event subscription request body] with: + 1. events: **['SERVICE_API_UPDATE']** + 2. eventFilter: only receive events from provider's aefId. + 3. Use **Invoker Certificate** + + 7. Update published API at CCF: + * Send **PUT** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}** + * body [service api description] with overrided **apiName** to **service_1_modified** + * Use **APF Certificate** + +**Expected Result**: + + 1. Response to Event Subscription must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** + 3. Response Body must follow **EventSubscription** data structure. + 2. Response to Update Published Service API: + 1. **200 OK** + 2. Response Body must follow **ServiceAPIDescription** data structure with: + * apiName **service_1_modified** + 3. Mock Server received messages must accomplish: + 1. **One Event has been received**. + 2. Validate received events follow **EventNotification** data structure, with **serviceAPIDescriptions** in **eventDetail** parameter. + 1. Event should be **SERVICE_API_UPDATE** with **eventDetail** with modified **apiName**. + +--- +## Test Case 9: Provider subscribe to API Invoker events + +**Test ID**: ***capif_api_events-9***, ***mockserver*** + +**Description**: + + This test case will check that a CAPIF Provider subscribed to API Invoker events (API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED), receive the notifications when Invoker is onboarded, updated and removed respectively. + +**Pre-Conditions**: + + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) + * CAPIF provider is correctly registered. + * **Mock Server is up and running to receive requests.** + * **Mock Server is clean.** + +**Execution Steps**: + + 1. Register Provider at CCF + 2. Subscribe Provider to **API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED** events. + 3. Register Invoker and Onboard Invoker at CCF + 4. Update Onboarding Information at CCF with a minor change on "notificationDestination" + 5. Offboard Invoker + +**Information of Test**: + + 1. Check and Clean Mock Server + 2. Perform [provider registration] + 3. Event Subscription to API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED events: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. body [event subscription request body] with: + 1. events: **['API_INVOKER_ONBOARDED', 'API_INVOKER_UPDATED', 'API_INVOKER_OFFBOARDED']** + 3. Use **Provider AMF Certificate** + 4. Perform [invoker onboarding] + 5. Update information of previously onboarded Invoker: + * Send **PUT** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}** + * Reference Request Body is: [put invoker onboarding body] + * "notificationDestination": "**http://host.docker.internal:8086/netapp_new_callback**", + 6. Offboard: + * Send **DELETE** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}** + +**Expected Result**: + + 1. Response to Event Subscription must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** + 3. Response Body must follow **EventSubscription** data structure. + 2. Response to Onboard request must accomplish: + 1. **201 Created** + 2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with: + * apiInvokerId + * onboardingInformation->apiInvokerCertificate must contain the public key signed. + 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}** + 3. Response to Update Request (PUT) with minor change must contain: + 1. **200 OK** response. + 2. notificationDestination on response must contain the new value + 4. Response to Offboard Request (DELETE) must contain: + 1. **204 No Content** + 5. Mock Server received messages must accomplish: + 1. **Three Events have been received**. + 2. Validate received events follow **EventNotification** data structure, with **apiInvokerIds** in **eventDetail** parameter. + 1. One Event should be **API_INVOKER_ONBOARDED** with **eventDetail** with modified **apiInvokerId**. + 2. One Event should be **API_INVOKER_UPDATED** with **eventDetail** with modified **apiInvokerId**. + 3. One Event should be **API_INVOKER_OFFBOARDED** with **eventDetail** with modified **apiInvokerId**. +--- +## Test Case 10: Provider subscribed to ACL update event + +**Test ID**: ***capif_api_events-10***, ***mockserver*** + +**Description**: + + This test case will check that a CAPIF Provider subscribed to ACCESS_CONTROL_POLICY_UPDATE receive a notification when ACL Changes. + +**Pre-Conditions**: + + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) + * CAPIF provider is correctly registered. + * API Provider had one Service API Published on CAPIF + * API Invoker had a Security Context for the Service API published by provider. + * **Mock Server is up and running to receive requests.** + * **Mock Server is clean.** + +**Execution Steps**: + + 1. Register Provider at CCF. + 2. Publish a provider API with name **service_1**. + 3. Register Invoker and Onboard Invoker at CCF. + 4. Subscribe Provider to **ACCESS_CONTROL_POLICY_UPDATE** event. + 5. Discover APIs filtered by **aef_id** + 6. Create Security Context for Invoker. + 7. Provider Retrieve ACL + +**Information of Test**: + + 1. Check and Clean Mock Server + 2. Perform [provider registration] + 3. Perform [invoker onboarding] + 4. Event Subscription to **ACCESS_CONTROL_POLICY_UPDATE** event: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. body [event subscription request body] with: + 1. events: **['ACCESS_CONTROL_POLICY_UPDATE']** + 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker + 3. Use **Provider AMF Certificate** + 5. Discover published APIs + 6. Create Security Context for Invoker + * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}** + * body [service security body] + * Use Invoker Certificate + 7. Provider Retrieve ACL + * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}** + * Use **serviceApiId** and **aefId** + * Use AEF Provider Certificate + +**Expected Result**: + + 1. Response to Event Subscription must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** + 3. Response Body must follow **EventSubscription** data structure. + 2. Create security context: + 1. **201 Created** response. + 2. body returned must accomplish **ServiceSecurity** data structure. + 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}** + 3. ACL Response: + 1. **200 OK** Response. + 2. body returned must accomplish **AccessControlPolicyList** data structure. + 3. apiInvokerPolicies must: + 1. contain only one object. + 2. apiInvokerId must match apiInvokerId registered previously. + 4. Mock Server received messages must accomplish: + 1. **One Event has been received**. + 2. Validate received event follow **EventNotification** data structure, with **accCtrlPolListExt** in **eventDetail** parameter. + 1. One Event should be **ACCESS_CONTROL_POLICY_UPDATE** with **eventDetail** with **accCtrlPolListExt** including the **apiId** and **apiInvokerPolicies**. + +--- +## Test Case 11: Provider receives an ACL unavailable event when invoker remove Security Context. + +**Test ID**: ***capif_api_events-11***, ***mockserver*** + +**Description**: + + This test case will check that a CAPIF Invoker subscribed to ACCESS_CONTROL_POLICY_UNAVAILABLE will receive the notification when AEF remove Security Context created previously. + +**Pre-Conditions**: + + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) + * CAPIF provider is correctly registered. + * API Provider had one Service API Published on CAPIF + * **Mock Server is up and running to receive requests.** + * **Mock Server is clean.** + +**Execution Steps**: + + 1. Register Provider at CCF. + 2. Publish a provider API with name **service_1**. + 3. Register Invoker and Onboard Invoker at CCF. + 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event. + 5. Discover APIs filtered by **aef_id** + 6. Create Security Context for Invoker. + 7. Provider Retrieve ACL. + 8. Remove Security Context for Invoker. + +**Information of Test**: + + 1. Check and Clean Mock Server + 2. Perform [provider registration] + 3. Perform [invoker onboarding] + 4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. body [event subscription request body] with: + 1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE']** + 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker + 3. Use **Invoker Certificate** + 5. Discover published APIs + 6. Create Security Context for Invoker + * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}** + * body [service security body] + * Use Invoker Certificate + 7. Provider Retrieve ACL + * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}** + * Use **serviceApiId** and **aefId** + * Use **AEF Provider Certificate** + 3. Delete Security Context of Invoker by Provider: + * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}** + * Use **AEF certificate** + +**Expected Result**: + + 1. Response to Event Subscription must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** + 3. Response Body must follow **EventSubscription** data structure. + 2. Create security context: + 1. **201 Created** response. + 2. body returned must accomplish **ServiceSecurity** data structure. + 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}** + 3. ACL Response: + 1. **200 OK** Response. + 2. body returned must accomplish **AccessControlPolicyList** data structure. + 3. apiInvokerPolicies must: + 1. contain only one object. + 2. apiInvokerId must match apiInvokerId registered previously. + 4. Delete security context: + 1. **204 No Content** response. + 5. Mock Server received messages must accomplish: + 1. **One Event has been received**. + 2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter. + 1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**. +--- +## Test Case 12: Invoker receives an Invoker Authorization Revoked and ACL unavailable event when Provider revoke Invoker Authorization. + +**Test ID**: ***capif_api_events-12***, ***mockserver*** + +**Description**: + + This test case will check that a CAPIF Invoker subscribed to API_INVOKER_AUTHORIZATION_REVOKED and ACCESS_CONTROL_POLICY_UNAVAILABLE receive both notification when AEF revoke invoker's authorization. + +**Pre-Conditions**: + + * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority) + * CAPIF provider is correctly registered. + * API Provider had one Service API Published on CAPIF + * **Mock Server is up and running to receive requests.** + * **Mock Server is clean.** + +**Execution Steps**: + + 1. Register Provider at CCF. + 2. Publish a provider API with name **service_1**. + 3. Register Invoker and Onboard Invoker at CCF. + 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** events. + 5. Discover APIs filtered by **aef_id** + 6. Create Security Context for Invoker. + 7. Revoke Authorization by Provider. + +**Information of Test**: + + 1. Check and Clean Mock Server + 2. Perform [provider registration] + 3. Perform [invoker onboarding] + 4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** event: + 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions** + 2. body [event subscription request body] with: + 1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE','API_INVOKER_AUTHORIZATION_REVOKED']** + 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker + 3. Use **Invoker Certificate** + 5. Discover published APIs + 6. Create Security Context for Invoker + * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}** + * body [service security body] + * Use Invoker Certificate + 7. Revoke Authorization by Provider: + * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete** + * body [security notification body] + * Using AEF Certificate. + +**Expected Result**: + + 1. Response to Event Subscription must accomplish: + 1. **201 Created** + 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}** + 3. Response Body must follow **EventSubscription** data structure. + 2. Create security context: + 1. **201 Created** response. + 2. body returned must accomplish **ServiceSecurity** data structure. + 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}** + 4. Revoke Authorization: + 1. **204 No Content** response. + 5. Mock Server received messages must accomplish: + 1. **Two Events has been received**. + 2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter. + 1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**. + 2. One Event should be **API_INVOKER_AUTHORIZATION_REVOKED** without **eventDetail**. + +--- -[invoker register body]: ../api_invoker_management/invoker_register_body.json "Invoker Register Body" [invoker onboard request body]: ../api_invoker_management/invoker_details_post_example.json "API Invoker Request" [event subscription request body]: ./event_subscription.json "Event Subscription Request" -[invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" - +[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" +[provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration" +[log entry request body]: ../api_logging_service/invocation_log.json "Log Request Body" +[put register body]: ./invoker_details_put_example.json "API Invoker Update Request" +[service security body]: ../api_security_service/service_security.json "Service Security Request" +[security notification body]: ./security_notification.json "Security Notification Request" [Return To All Test Plans]: ../README.md diff --git a/doc/testing/testplan/api_invoker_management/README.md b/doc/testing/testplan/api_invoker_management/README.md index 3b4e13031db427b109f0f8acaaa9d37f141a1815..02f04a9f3d3acdbac08ad97546d12dd843d1e97b 100644 --- a/doc/testing/testplan/api_invoker_management/README.md +++ b/doc/testing/testplan/api_invoker_management/README.md @@ -13,20 +13,19 @@ At this documentation you will have all information and related files and exampl * NetApp was not registered previously * NetApp was not onboarded previously + * ***Preconditions: The administrator must have previously registered the User.*** **Information of Test**: 1. Create public and private key at invoker - 2. Register of Invoker at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [invoker register body] + 2. Retrieve access_token by User: - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [invoker getauth body] + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] - 4. Onboard Invoker: + 3. Onboard Invoker: * Send POST to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers* * Reference Request Body: [invoker onboarding body] * "onboardingInformation"->"apiInvokerPublicKey": must contain public key generated by Invoker. @@ -34,7 +33,7 @@ At this documentation you will have all information and related files and exampl **Execution Steps**: - 1. Register Invoker at CCF + 1. Retrieve access_token by User from register 2. Onboard Invoker at CCF 3. Store signed Certificate @@ -305,8 +304,8 @@ At this documentation you will have all information and related files and exampl [invoker onboarding body]: ./invoker_details_post_example.json "API Invoker Request" -[invoker register body]: ./invoker_register_body.json "Invoker Register Body" +[user_getauth_response_body_example]: ../common_operations/user_getauth_response_body_example.json "User GetAuth response Body Example" [put register body]: ./invoker_details_put_example.json "API Invoker Update Request" [invoker getauth body]: ./invoker_getauth_example.json "Get Auth Example" -[invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" +[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" diff --git a/doc/testing/testplan/api_invoker_management/invoker_register_body.json b/doc/testing/testplan/api_invoker_management/invoker_register_body.json deleted file mode 100644 index e5bf1fc5b89682c56416c62530a95a5a86037885..0000000000000000000000000000000000000000 --- a/doc/testing/testplan/api_invoker_management/invoker_register_body.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "password": "password", - "username": "ROBOT_TESTING_INVOKER", - "role": "invoker", - "description": "Testing", - "cn": "ROBOT_TESTING_INVOKER" -} diff --git a/doc/testing/testplan/api_logging_service/README.md b/doc/testing/testplan/api_logging_service/README.md index f22795a4faea72b64e0d3be0d2b2a252128d73b7..5d61b8e3baa72561be5132fb9ecde26c42c9b294 100644 --- a/doc/testing/testplan/api_logging_service/README.md +++ b/doc/testing/testplan/api_logging_service/README.md @@ -235,7 +235,7 @@ At this documentation you will have all information and related files and exampl [log entry request body]: ./invocation_log.json "Log Request Body" -[invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" +[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" [provider onboarding]: ../common_operations/README.md#register-a-provider "Provider Onboarding" diff --git a/doc/testing/testplan/api_provider_management/README.md b/doc/testing/testplan/api_provider_management/README.md index d20f83944fc6a1b7ae505377628dd670e7c93d8e..fe72d20ead83260ba471643fb19945c6988b56a6 100644 --- a/doc/testing/testplan/api_provider_management/README.md +++ b/doc/testing/testplan/api_provider_management/README.md @@ -17,15 +17,14 @@ At this documentation you will have all information and related files and exampl 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token @@ -61,22 +60,22 @@ At this documentation you will have all information and related files and exampl **Information of Test**: 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token * Store each cert in a file with according name. - 5. Re-Register Provider: + 4. Re-Register Provider: + * Same regSec than Previous registration **Execution Steps**: @@ -90,6 +89,7 @@ At this documentation you will have all information and related files and exampl 1. Re-Register Provider: 1. **403 Forbidden** response. 2. body returned must accomplish **ProblemDetails** data structure, with: + * status 403 * title with message "Forbidden" * detail with message "Provider already registered". @@ -110,22 +110,21 @@ At this documentation you will have all information and related files and exampl **Information of Test**: 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) + 2. Retrieve access_token by User: - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token * Get Resource URL from Location - 5. Update Provider: + 4. Update Provider: + * Send PUT to Resource URL returned at registration *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}* * body [provider request body] with apiProvDomInfo set to ROBOT_TESTING_MOD * Use AMF Certificate. @@ -167,21 +166,21 @@ At this documentation you will have all information and related files and exampl 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token * Store each cert in a file with according name. - 5. Update Not Registered Provider: + 4. Update Not Registered Provider: + * Send PUT *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_PROVIDER_NOT_REGISTERED}* * body [provider request body] * Use AMF Certificate. @@ -189,7 +188,7 @@ At this documentation you will have all information and related files and exampl **Execution Steps**: 1. Register Provider at CCF - 3. Update Not Registered Provider + 2. Update Not Registered Provider **Expected Result**: @@ -217,21 +216,21 @@ At this documentation you will have all information and related files and exampl 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token * Store each cert in a file with according name. - 5. Partial update provider: + 4. Partial update provider: + * Send PATCH *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}* * body [provider request patch body] * Use AMF Certificate. @@ -265,21 +264,21 @@ At this documentation you will have all information and related files and exampl 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token * Store each cert in a file with according name. - 5. Partial update Provider: + 4. Partial update Provider: + * Send PATCH *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_API_PROVIDER_NOT_REGISTERED}* * body [provider request patch body] * Use AMF Certificate. @@ -296,6 +295,7 @@ At this documentation you will have all information and related files and exampl 1. Partial update provider: 1. **404 Not Found** response. 2. body returned must accomplish **ProblemDetails** data structure, with: + * status 404 * title with message "Not Found" * detail with message "Not Exist Provider Enrolment Details". @@ -317,21 +317,21 @@ At this documentation you will have all information and related files and exampl 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token * Store each cert in a file with according name. - 5. Delete registered provider: + 4. Delete registered provider: + * Send DELETE *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}* * Use AMF Certificate. @@ -362,21 +362,21 @@ At this documentation you will have all information and related files and exampl 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] - - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Authentication Bearer with access_token * Store each cert in a file with according name. - 5. Delete registered provider at Provider Management: + 4. Delete registered provider at Provider Management: + * Send DELETE *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_PROVIDER_NOT_REGISTERED}* * Use AMF Certificate. @@ -395,11 +395,9 @@ At this documentation you will have all information and related files and exampl * detail with message "Not Exist Provider Enrolment Details". * cause with message "Not found registrations to send this api provider details". -[provider register body]: ./provider_details_post_example.json "API Provider Enrolment Request" - [provider request body]: ./provider_details_post_example.json "API Provider Enrolment Request" [provider request patch body]: ./provider_details_enrolment_details_patch_example.json "API Provider Enrolment Patch Request" -[provider getauth body]: ./provider_getauth_example.json "Get Auth Example" +[user_getauth_response_body_example]: ../common_operations/user_getauth_response_body_example.json "User GetAuth response Body Example" diff --git a/doc/testing/testplan/api_provider_management/provider_register_body.json b/doc/testing/testplan/api_provider_management/provider_register_body.json deleted file mode 100644 index fc26db2141eab904b1f2f8d96e963f2ec0efcbe1..0000000000000000000000000000000000000000 --- a/doc/testing/testplan/api_provider_management/provider_register_body.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "password": "password", - "username": "ROBOT_TESTING_PUBLISHER", - "role": "provider", - "description": "Testing", - "cn": "ROBOT_TESTING_PUBLISHER" -} diff --git a/doc/testing/testplan/api_publish_service/README.md b/doc/testing/testplan/api_publish_service/README.md index 668662dfb3c8b28f229b807daa95f0ee0476b81c..21512db6fbd04c0170c0cf940bba92486000aa33 100644 --- a/doc/testing/testplan/api_publish_service/README.md +++ b/doc/testing/testplan/api_publish_service/README.md @@ -647,11 +647,9 @@ At this documentation you will have all information and related files and exampl [service api description]: ./service_api_description_post_example.json "Service API Description Request" [publisher register body]: ./publisher_register_body.json "Publish register Body" [invoker onboarding body]: ../api_invoker_management/invoker_details_post_example.json "API Invoker Request" - [invoker register body]: ../api_invoker_management/invoker_register_body.json "Invoker Register Body" [provider request body]: ../api_provider_management/provider_details_post_example.json "API Provider Enrolment Request" [provider request patch body]: ../api_provider_management/provider_details_enrolment_details_patch_example.json "API Provider Enrolment Patch Request" - [provider getauth body]: ../api_provider_management/provider_getauth_example.json "Get Auth Example" - [invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" + [invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" [provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration" diff --git a/doc/testing/testplan/api_security_service/README.md b/doc/testing/testplan/api_security_service/README.md index 306470adfa1b1041f00f272243975dd2f5c9c9b6..e051f90fc1e32645e24cf099fd6108f6520200f5 100644 --- a/doc/testing/testplan/api_security_service/README.md +++ b/doc/testing/testplan/api_security_service/README.md @@ -1281,7 +1281,7 @@ At this documentation you will have all information and related files and exampl [access token req body]: ./access_token_req.json "Access Token Request" [example]: ./access_token_req.json "Access Token Request Example" - [invoker onboarding]: ../common_operations/README.md#register-an-invoker "Invoker Onboarding" + [invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding" [provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration" diff --git a/doc/testing/testplan/common_operations/README.md b/doc/testing/testplan/common_operations/README.md index e75570791e791a22caca495c280d9f5f539d4743..0f8cf9f2cc7271ddefa318648beada778bd8f0af 100644 --- a/doc/testing/testplan/common_operations/README.md +++ b/doc/testing/testplan/common_operations/README.md @@ -1,26 +1,59 @@ # Common Operations -## Register an Invoker +## Register new user + +In order to use OpenCAPIF we must add a new user. This new user can onboard/register any Invokers or Providers. + +That new user **must be created by administrator** of Register Service and with the credentials shared by administrator, the new user can get the **access_token** by requesting it to Register service. + +The steps to register a new user at Register Service are: + +### Admin create User +1) **Login as Admin to get access_token:** + + * Send **POST** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/login** + * **Include basic Auth Header with Admin credentials** + * Get **access_token** and **refresh_token** from response + +![Flow](../../../images/flows/01_Login_Admin.png) + +2) **Create User:** + + * Send **POST** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/createUser** + * Include Admin **access_token** in **Authorization Bearer Header** + * Body [user_registration_body] + +![Flow](../../../images/flows/02_Creation_of_user.png) + +### User Retrieve access token and other information +1) **Retrieve access_token by User:** + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include **basic Auth Header with User credentials** + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + +![Flow](../../../images/flows/03_Register_of_AEF_GetAuth.png) + +## Onboard an Invoker ### Steps to perform operation +***Preconditions: The administrator must have previously registered the User.*** + 1. Create public and private key at invoker - 2. Register of Invoker at CCF: - * Send POST to http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register - * Body [invoker register body] + 2. Retrieve access_token by User: + + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [invoker getauth body] + 3. Onboard Invoker: - 4. Onboard Invoker: - * Send POST to https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers - * Reference Request Body: [invoker onboarding body] - * "onboardingInformation"->"apiInvokerPublicKey": must contain public key generated by Invoker. - * Send at Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token}) + * Send **POST** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers** + * Reference Request Body: [invoker onboarding body] + * "onboardingInformation"->"apiInvokerPublicKey": must contain public key generated by Invoker. + * Send at Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token}) ### Checks to ensure onboarding - 1. Response to Register: - 1. **201 Created** 2. Response to Get Auth: 1. **200 OK** @@ -33,20 +66,21 @@ * onboardingInformation->apiInvokerCertificate must contain the public key signed. 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}* +### Example Flow +![Flow](../../../images/flows/07_Invoker_Onboarding.png) ## Register a Provider ### Steps to Perform operation 1. Create public and private key at provider for provider itself and each function (apf, aef and amf) - 2. Register of Provider at CCF: - * Send POST to *http://{CAPIF_HOSTNAME}:{CAPIF_HTTP_PORT}/register* - * body [provider register body] + 2. Retrieve access_token by User: - 3. Obtain Access Token: - * Send POST to *http://{CAPIF_HOSTNAME}/getauth* - * Body [provider getauth body] + * Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth** + * Include basic Auth Header with Admin user/password + * Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example] + + 3. Register Provider: - 4. Register Provider: * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations* * body [provider request body] * Send at Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token}) @@ -68,20 +102,17 @@ 2. **apiProvCert** under **regInfo** is set properly 4. Location Header must contain the new resource URL *{apiRoot}/api-provider-management/v1/registrations/{registrationId}* +### Example Flow +![Flow](../../../images/flows/07_Invoker_Onboarding.png) +[user_registration_body]: ./user_registration_body.json "User Registration Body" +[user_getauth_response_body_example]: ./user_getauth_response_body_example.json "User GetAuth response Body Example" - -[invoker register body]: ../api_invoker_management/invoker_register_body.json "Invoker Register Body" [invoker onboarding body]: ../api_invoker_management/invoker_details_post_example.json "API Invoker Request" [invoker getauth body]: ../api_invoker_management/invoker_getauth_example.json "Get Auth Example" -[provider register body]: ../api_provider_management/provider_register_body.json "Provider Register Body" [provider request body]: ../api_provider_management/provider_details_post_example.json "API Provider Enrolment Request" -[provider getauth body]: ../api_provider_management/provider_getauth_example.json "Get Auth Example" - - - [Return To All Test Plans]: ../README.md diff --git a/doc/testing/testplan/common_operations/user_getauth_response_body_example.json b/doc/testing/testplan/common_operations/user_getauth_response_body_example.json new file mode 100644 index 0000000000000000000000000000000000000000..a4a71feba3522d8678a453eb5d8b82180dc82312 --- /dev/null +++ b/doc/testing/testplan/common_operations/user_getauth_response_body_example.json @@ -0,0 +1,10 @@ +{ + "access_token": "eyJhbGciOiJS...", + "ca_root": "-----BEGIN CERTIFICATE----- ...", + "ccf_api_onboarding_url": "api-provider-management/v1/registrations", + "ccf_discover_url": "service-apis/v1/allServiceAPIs?api-invoker-id=", + "ccf_onboarding_url": "api-invoker-management/v1/onboardedInvokers", + "ccf_publish_url": "published-apis/v1//service-apis", + "ccf_security_url": "capif-security/v1/trustedInvokers/", + "message": "Token and CA root returned successfully" +} \ No newline at end of file diff --git a/doc/testing/testplan/common_operations/user_registration_body.json b/doc/testing/testplan/common_operations/user_registration_body.json new file mode 100644 index 0000000000000000000000000000000000000000..123c1e16bf5ef55eab5dc90927b3715856a0c0ab --- /dev/null +++ b/doc/testing/testplan/common_operations/user_registration_body.json @@ -0,0 +1,6 @@ +{ + "username": "customUser", + "password": "password", + "description": "description", + "email": "customuser@telefonica.com" +} \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index fb0bbb0795b65f908e0f65c723d98b13c8381651..aa15c1ed66425563b17f5dfec62ef6604f47dc9b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -74,6 +74,8 @@ extra: nav: - Overview: - Introduction: index.md + - Release Notes: releasenotes.md + - Architecture: architecture.md - Getting Started: - How to Run: ./gettingstarted/howtorun.md - Testing: