diff --git a/doc/testing/testplan/api_access_control_policy/README.md b/doc/testing/testplan/api_access_control_policy/README.md
index 6233badb594b3c1bb779cacc79f737a3771906e2..192495cdaa6e538852c45f4b68285b97bb71c5f7 100644
--- a/doc/testing/testplan/api_access_control_policy/README.md
+++ b/doc/testing/testplan/api_access_control_policy/README.md
@@ -6,51 +6,51 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-1***
**Description**:
-
+
This test case will check that an API Provider can retrieve ACL from CAPIF
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. contain only one object.
2. apiInvokerId must match apiInvokerId registered previously.
@@ -60,63 +60,63 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-2***
**Description**:
-
+
This test case will check that an API Provider can retrieve ACL from CAPIF for 2 different serviceApis published.
**Pre-Conditions**:
-
+
* API Provider had two Service API Published on CAPIF
* API Invoker had a Security Context for both Service APIs published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1** and **service_2**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information for **service_1**.
+ 7. Provider Get ACL information for **service_2**.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
3. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_2
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_2**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
4. Perform [Invoker Onboarding] store apiInvokerId
5. Discover published APIs
6. Create Security Context for this Invoker for both published APIs
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
- 7. Provider Retrieve ACL for serviceApiId1
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
- * Use AEF Provider Certificate
+ 7. Provider Retrieve ACL for **serviceApiId1**
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **AEF Provider Certificate**
8. Provider Retrieve ACL for serviceApiId2
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId2}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId2}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1 and service_2
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information for service_1.
- 7. Provider Get ACL information for service_2.
-
**Expected Result**:
1. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. contain one object.
2. apiInvokerId must match apiInvokerId registered previously.
@@ -125,123 +125,123 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-3***
**Description**:
-
+
This test case will check that an API Provider can retrieve ACL from CAPIF containing 2 objects.
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* Two API Invokers had a Security Context for same Service API published by provider.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1** and **service_2**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker for both published APIs
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Repeat previous 3 steps in order to have a new Invoker.
7. Provider Retrieve ACL for serviceApiId
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1 and service_2
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. Contain two objects.
- 2. One object must match with apiInvokerId1 and the other one with apiInvokerId2 an registered previously.
-
+ 2. One object must match with **apiInvokerId1** and the other one with **apiInvokerId2** an registered previously.
+
## Test Case 4: Retrieve ACL filtered by api-invoker-id
**Test ID**: ***capif_api_acl-4***
**Description**:
-
+
This test case will check that an API Provider can retrieve ACL filtering by apiInvokerId from CAPIF containing 1 objects.
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* Two API Invokers had a Security Context for same Service API published by provider.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1** and **service_2**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information with query parameter indicating first api-invoker-id.
+ 7. Provider Get ACL information with query parameter indicating second api-invoker-id.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
- 4. Perform [Invoker Onboarding] store apiInvokerId
- 6. Discover published APIs
- 7. Create Security Context for this Invoker for both published APIs
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
+ 3. Perform [Invoker Onboarding] store apiInvokerId
+ 4. Discover published APIs
+ 5. Create Security Context for this Invoker for both published APIs
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
- 8. Repeat previous 3 steps in order to have a new Invoker.
+ 6. Repeat previous 3 steps in order to have a new Invoker.
- 9. Provider Retrieve ACL for serviceApiId
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&api-invoker-id={apiInvokerId1}*
- * Use *serviceApiId*, *aefId* and apiInvokerId1
- * Use AEF Provider Certificate
+ 7. Provider Retrieve ACL for **serviceApiId1**
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={apiInvokerId1}**
+ * Use **serviceApiId**, **aefId** and **apiInvokerId1**
+ * Use **AEF Provider Certificate**
- 10. Provider Retrieve ACL for serviceApiId
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&api-invoker-id={apiInvokerId2}*
- * Use *serviceApiId*, *aefId* and apiInvokerId2
- * Use AEF Provider Certificate
+ 8. Provider Retrieve ACL for **serviceApiId2**
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={apiInvokerId2}**
+ * Use **serviceApiId**, **aefId** and **apiInvokerId2**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1 and service_2
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information with query parameter indicating first api-invoker-id.
- 7. Provider Get ACL information with query parameter indicating second api-invoker-id.
-
**Expected Result**:
1. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. Contain one objects.
- 2. Object must match with apiInvokerId1.
+ 2. Object must match with **apiInvokerId1**.
2. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. Contain one objects.
- 2. Object must match with apiInvokerId2.
+ 2. Object must match with **apiInvokerId2**.
## Test Case 5: Retrieve ACL filtered by supported-features
@@ -250,66 +250,66 @@ At this documentation you will have all information and related files and exampl
**Description**:
**CURRENTLY NOT SUPPORTED FEATURE**
-
+
This test case will check that an API Provider can retrieve ACL filtering by supportedFeatures from CAPIF containing 1 objects.
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* Two API Invokers had a Security Context for same Service API published by provider.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1** and **service_2**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information with query parameter indicating first supported-features.
+ 7. Provider Get ACL information with query parameter indicating second supported-features.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker for both published APIs
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Repeat previous 3 steps in order to have a new Invoker.
7. Provider Retrieve ACL for serviceApiId
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&supported-features={apiInvokerId1}*
- * Use *serviceApiId*, *aefId* and apiInvokerId1
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&supported-features={apiInvokerId1}**
+ * Use **serviceApiId**, **aefId** and **apiInvokerId1**
+ * Use **AEF Provider Certificate**
8. Provider Retrieve ACL for serviceApiId
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&supported-features={apiInvokerId2}*
- * Use *serviceApiId*, *aefId* and apiInvokerId2
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&supported-features={apiInvokerId2}**
+ * Use **serviceApiId**, **aefId** and **apiInvokerId2**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1 and service_2
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information with query parameter indicating first supported-features.
- 7. Provider Get ACL information with query parameter indicating second supported-features.
-
**Expected Result**:
1. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. Contain one objects.
2. Object must match with supportedFeatures1.
2. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. Contain one objects.
2. Object must match with supportedFeatures1.
@@ -319,51 +319,51 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-6***
**Description**:
-
+
This test case will check that an API Provider can't retrieve ACL from CAPIF if aef-id is not valid
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${AEF_ID_NOT_VALID}*
- * Use *serviceApiId* and *AEF_ID_NOT_VALID*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${AEF_ID_NOT_VALID}**
+ * Use **serviceApiId** and **AEF_ID_NOT_VALID**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. ACL Response:
1. **404 Not Found** Response.
2. body returned must accomplish **Problem Details** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
* status **404**
* title with message "Not Found"
* detail with message "No ACLs found for the requested service: {service_api_id}, aef_id: {aef_id}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
@@ -375,51 +375,51 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-7***
**Description**:
-
+
This test case will check that an API Provider can't retrieve ACL from CAPIF if service-api-id is not valid
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${NOT_VALID_SERVICE_API_ID}?aef-id=${aef_id}*
- * Use *NOT_VALID_SERVICE_API_ID* and *aef_id*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${NOT_VALID_SERVICE_API_ID}?aef-id=${aef_id}**
+ * Use **NOT_VALID_SERVICE_API_ID** and **aef_id**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. ACL Response:
1. **404 Not Found** Response.
2. body returned must accomplish **Problem Details** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
* status **404**
* title with message "Not Found"
* detail with message "No ACLs found for the requested service: {service_api_id}, aef_id: {aef_id}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
@@ -430,51 +430,51 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-8***
**Description**:
-
+
This test case will check that an API Provider can't retrieve ACL from CAPIF if service-api-id and aef-id are not valid
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${NOT_VALID_SERVICE_API_ID}?aef-id=${AEF_ID_NOT_VALID}*
- * Use *NOT_VALID_SERVICE_API_ID* and *aef_id*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${NOT_VALID_SERVICE_API_ID}?aef-id=${AEF_ID_NOT_VALID}**
+ * Use **NOT_VALID_SERVICE_API_ID** and **aef_id**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. ACL Response:
1. **404 Not Found** Response.
2. body returned must accomplish **Problem Details** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
* status **404**
* title with message "Not Found"
* detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
@@ -486,7 +486,7 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-9***
**Description**:
-
+
This test case will check that an API Provider can't retrieve ACL if no invoker had requested Security Context to CAPIF
**Pre-Conditions**:
@@ -494,39 +494,39 @@ At this documentation you will have all information and related files and exampl
* API Provider had a Service API Published on CAPIF
* API Invoker created but no Security Context for Service API published had been requested.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. ACL Response:
1. **404 Not Found** Response.
2. body returned must accomplish **Problem Details** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
* status **404**
* title with message "Not Found"
* detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
@@ -537,51 +537,51 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_acl-10***
**Description**:
-
+
This test case will check that an API Provider get not found response if filter by not valid api-invoker-id doesn't match any registered ACL.
**Pre-Conditions**:
-
+
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={NOT_VALID_API_INVOKER_ID}*
- * Use *serviceApiId*, *aefId* and *NOT_VALID_API_INVOKER_ID*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={NOT_VALID_API_INVOKER_ID}**
+ * Use **serviceApiId**, **aefId** and **NOT_VALID_API_INVOKER_ID**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. ACL Response:
1. **404 Not Found** Response.
2. body returned must accomplish **Problem Details** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
* status **404**
* title with message "Not Found"
* detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
@@ -593,44 +593,44 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check that an API Provider can't retrieve ACL from CAPIF using APF Certificate
+ This test case will check that an API Provider can't retrieve ACL from CAPIF using **APF Certificate**
**Pre-Conditions**:
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
* Use APF Provider Certificate
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. Response to Logging Service must accomplish:
@@ -654,37 +654,37 @@ At this documentation you will have all information and related files and exampl
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
* Use AMF Provider Certificate
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
-
**Expected Result**:
1. Response to Logging Service must accomplish:
@@ -701,43 +701,43 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check that an API Provider can't retrieve ACL from CAPIF using Invoker Certificate
+ This test case will check that an API Provider can't retrieve ACL from CAPIF using **Invoker Certificate**
**Pre-Conditions**:
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published.
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}*
- * Use *serviceApiId* and *aefId*
- * Use Invoker Certificate
-
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information.
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **Invoker Certificate**
**Expected Result**:
@@ -762,56 +762,56 @@ At this documentation you will have all information and related files and exampl
* API Provider had a Service API Published on CAPIF
* API Invoker had a Security Context for Service API published and ACL is present
+**Execution Steps**:
+
+ 1. Register and onboard Provider at CCF.
+ 2. Publish a provider API with name **service_1**
+ 3. Register and onboard Invoker at CCF
+ 4. Store signed Certificate
+ 5. Create Security Context
+ 6. Provider Get ACL information of invoker.
+ 7. Remove Invoker from CAPIF.
+ 8. Provider Get ACL information of invoker.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Store *serviceApiId*
- * Use APF Certificate
-
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Store **serviceApiId**
+ * Use **APF Certificate**
+
3. Perform [Invoker Onboarding] store apiInvokerId
4. Discover published APIs
5. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
6. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={api-invoker-id}*
- * Use *serviceApiId*, *aefId* and *api-invoker-id*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={api-invoker-id}**
+ * Use **serviceApiId**, **aefId** and **api-invoker-id**
+ * Use **AEF Provider Certificate**
7. Remove Invoker from CAPIF
8. Provider Retrieve ACL
- * Send GET *https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={api-invoker-id}*
- * Use *serviceApiId*, *aefId* and *api-invoker-id*
- * Use AEF Provider Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={api-invoker-id}**
+ * Use **serviceApiId**, **aefId** and **api-invoker-id**
+ * Use **AEF Provider Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Provider at CCF.
- 2. Publish a provider API with name service_1
- 3. Register and onboard Invoker at CCF
- 4. Store signed Certificate
- 5. Create Security Context
- 6. Provider Get ACL information of invoker.
- 7. Remove Invoker from CAPIF.
- 8. Provider Get ACL information of invoker.
-
**Expected Result**:
1. ACL Response:
1. **200 OK** Response.
2. body returned must accomplish **AccessControlPolicyList** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
1. contain only one object.
2. apiInvokerId must match apiInvokerId registered previously.
2. ACL Response:
1. **404 Not Found** Response.
2. body returned must accomplish **Problem Details** data structure.
- 3. apiInvokerPolicies must:
+ 3. **apiInvokerPolicies** must:
* status **404**
* title with message "Not Found"
* detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: None and supportedFeatures: None".
diff --git a/doc/testing/testplan/api_auditing_service/README.md b/doc/testing/testplan/api_auditing_service/README.md
index 8b856af654eaafcea001a11dedf8a23bbaffc43e..899dea9db452a86038af7d4ba28b55f571b153e8 100644
--- a/doc/testing/testplan/api_auditing_service/README.md
+++ b/doc/testing/testplan/api_auditing_service/README.md
@@ -10,35 +10,35 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF AMF can get log entry to Logging Service
**Pre-Conditions**:
-
+
* CAPIF provider is pre-authorised (has valid AMF cert from CAPIF Authority)
* Service exist in CAPIF
* Invoker exist in CAPIF
* Log Entry exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+ 4. Get Log Entry
+
**Information of Test**:
1. Perform [provider onboarding], [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Create Log Entry:
- - Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ - Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
- body [log entry request body]
- - Use AEF Certificate
+ - Use **AEF Certificate**
4. Get Log:
- 1. Send GET to *https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}*
- 2. Use AMF Certificate
-
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
- 4. Get Log Entry
+ 1. Send **GET** to **https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}**
+ 2. Use **AMF Certificate**
**Expected Result**:
@@ -63,23 +63,23 @@ At this documentation you will have all information and related files and exampl
* Service exist in CAPIF
* Invoker exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Get Log Entry
+
**Information of Test**:
1. Perform [provider onboarding], [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
- 4. Get Log:
- 1. Send GET to *https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}*
- 2. Use AMF Certificate
-
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Get Log Entry
+ 3. Get Log:
+ 1. Send **GET** to **https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}**
+ 2. Use **AMF Certificate**
**Expected Result**:
@@ -106,29 +106,29 @@ At this documentation you will have all information and related files and exampl
* Invoker exist in CAPIF
* Log Entry exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+ 4. Get Log Entry
+
**Information of Test**:
1. Perform [provider onboarding], [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Create Log Entry:
- - Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ - Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
- body [log entry request body]
- - Use AEF Certificate
+ - Use **AEF Certificate**
4. Get Log:
- 1. Send GET to *https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs
- 2. Use AMF Certificate
-
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
- 4. Get Log Entry
+ 1. Send **GET** to **https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs**
+ 2. Use **AMF Certificate**
**Expected Result**:
@@ -156,29 +156,29 @@ At this documentation you will have all information and related files and exampl
* Invoker exist in CAPIF
* Log Entry exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+ 4. Get Log Entry
+
**Information of Test**:
1. Perform [provider onboarding], [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Create Log Entry:
- - Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ - Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
- body [log entry request body]
- - Use AEF Certificate
+ - Use **AEF Certificate**
4. Get Log:
- 1. Send GET to *https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}&api-version={v1}*
- 2. Use AMF Certificate
-
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
- 4. Get Log Entry
+ 1. Send **GET** to **https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}&api-version={v1}**
+ 2. Use **AMF Certificate**
**Expected Result**:
@@ -205,29 +205,29 @@ At this documentation you will have all information and related files and exampl
* Invoker exist in CAPIF
* Log Entry exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+ 4. Get Log Entry
+
**Information of Test**:
1. Perform [provider onboarding], [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Create Log Entry:
- - Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ - Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
- body [log entry request body]
- - Use AEF Certificate
+ - Use **AEF Certificate**
4. Get Log:
- 1. Send GET to *https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}&api-version={v58}*
- 2. Use AMF Certificate
-
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
- 4. Get Log Entry
+ 1. Send **GET** to **https://{CAPIF_HOSTNAME}/logs/v1/apiInvocationLogs?aef-id={aefId}&api-invoker-id={api-invoker-id}&api-version={v58}**
+ 2. Use **AMF Certificate**
**Expected Result**:
diff --git a/doc/testing/testplan/api_discover_service/README.md b/doc/testing/testplan/api_discover_service/README.md
index aaef9ab4fc5ef557cfa83996b7e485b252ee9ea7..983756985056781638d66a5383e17274fddc8639 100644
--- a/doc/testing/testplan/api_discover_service/README.md
+++ b/doc/testing/testplan/api_discover_service/README.md
@@ -7,31 +7,31 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check if NetApp (Invoker) can discover published service APIs.
+ This test case will check if Network App (Invoker) can discover published service APIs.
**Pre-Conditions**:
* Service APIs are published.
- * NetApp was registered previously
- * NetApp was onboarded previously with {onboardingId}
-
+ * Network App was registered previously
+ * Network App was onboarded previously with {onboardingId}
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API at CCF
+ 2. Register Invoker and Onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs:
- * Send GET to *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Use Invoker Certificate
-
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API at CCF
- 2. Register Invoker and Onboard Invoker at CCF
- 3. Discover Service APIs by Invoker
+ * Use **Invoker Certificate**
**Expected Result**:
@@ -39,14 +39,14 @@ At this documentation you will have all information and related files and exampl
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Onboard request must accomplish:
1. **201 Created**
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
3. Response to Discover Request By Invoker:
1. **200 OK** response.
2. Response body must follow **DiscoveredAPIs** data structure:
@@ -64,18 +64,6 @@ At this documentation you will have all information and related files and exampl
**Pre-Conditions**:
* Service APIs are published.
-
-**Information of Test**:
-
- 1. Perform [Provider Registration] and [Invoker Onboarding]
- 2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Use APF Certificate
- 3. Request Discover Published APIs by no invoker entity:
- * Send GET to *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
- * Param api-invoker-id is mandatory
- * Use not Invoker Certificate
**Execution Steps**:
@@ -83,20 +71,32 @@ At this documentation you will have all information and related files and exampl
2. Register Invoker and Onboard Invoker at CCF
3. Discover Service APIs by no invoker entity
+**Information of Test**:
+
+ 1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+ 3. Request Discover Published APIs by no invoker entity:
+ * Send **GET** to **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
+ * Param api-invoker-id is mandatory
+ * Use not **Invoker Certificate**
+
**Expected Result**:
1. Response to Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Onboard request must accomplish:
1. **201 Created**
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
3. Response to Discover Request By no invoker entity:
1. **401 Unauthorized**
@@ -118,18 +118,6 @@ At this documentation you will have all information and related files and exampl
**Pre-Conditions**:
* Service APIs are published.
-
-**Information of Test**:
-
- 1. Perform [Provider Registration] and [Invoker Onboarding]
- 2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Use APF Certificate
- 3. Request Discover Published APIs with not valid apiInvoker:
- * Send GET to *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={INVOKER_NOT_REGISTERED}*
- * Param api-invoker-id is mandatory
- * Using invoker certificate
**Execution Steps**:
@@ -137,20 +125,32 @@ At this documentation you will have all information and related files and exampl
2. Register Invoker and Onboard Invoker at CCF
3. Discover Service APIs by Publisher
+**Information of Test**:
+
+ 1. Perform [Provider Registration] and [Invoker Onboarding]
+ 2. Publish Service API at CCF:
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
+ 3. Request Discover Published APIs with not valid apiInvoker:
+ * Send **GET** to **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={INVOKER_NOT_REGISTERED}**
+ * Param api-invoker-id is mandatory
+ * Using **Invoker Certificate**
+
**Expected Result**:
1. Response to Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Onboard request must accomplish:
1. **201 Created**
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
3. Response to Discover Request By Invoker:
1. **404 Not Found**
@@ -167,37 +167,37 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check if NetApp (Invoker) can discover published service APIs.
+ This test case will check if Network App (Invoker) can discover published service APIs.
**Pre-Conditions**:
* At least 2 Service APIs are published.
- * NetApp was registered previously
- * NetApp was onboarded previously with {onboardingId}
-
+ * Network App was registered previously
+ * Network App was onboarded previously with {onboardingId}
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** and **service_2** at CCF
+ 2. Register Invoker and Onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Discover filtered by api-name **service_1** Service APIs by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_2
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_2**
+ * Use **APF Certificate**
4. Request Discover Published APIs filtering by api-name:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}&api-name=service_1*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}&api-name=**service_1**
* Param api-invoker-id is mandatory
- * Using invoker certificate
- * filter by api-name service_1
-
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 and service_2 at CCF
- 2. Register Invoker and Onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Discover filtered by api-name service_1 Service APIs by Invoker
+ * Using **Invoker Certificate**
+ * filter by api-name **service_1**
**Expected Result**:
@@ -205,13 +205,13 @@ At this documentation you will have all information and related files and exampl
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Onboard request must accomplish:
1. **201 Created**
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
3. Response to Discover Request By Invoker:
1. **200 OK** response.
2. Response body must follow **DiscoveredAPIs** data structure:
@@ -219,7 +219,7 @@ At this documentation you will have all information and related files and exampl
4. Response to Discover Request By Invoker:
1. **200 OK** response.
2. Response body must follow **DiscoveredAPIs** data structure:
- * Check if DiscoveredAPIs contains only Service API published with api-name service_1
+ * Check if DiscoveredAPIs contains only Service API published with api-name **service_1**
## Test Case 5: Discover Published service APIs by registered API Invoker filtered with no match
@@ -228,51 +228,51 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check if NetApp (Invoker) can discover published service APIs.
+ This test case will check if Network App (Invoker) can discover published service APIs.
**Pre-Conditions**:
* At least 2 Service APIs are published.
- * NetApp was registered previously
- * NetApp was onboarded previously with {onboardingId}
-
+ * Network App was registered previously
+ * Network App was onboarded previously with {onboardingId}
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** and **service_2** at CCF
+ 2. Register Invoker and Onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Discover filtered by api-name not published Service APIs by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_2
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_2**
+ * Use **APF Certificate**
4. Request Discover Published APIs filtering by api-name not published:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}&api-name=NOT_VALID_NAME*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}&api-name=NOT_VALID_NAME**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
* filter by api-name NOT_VALID_NAME
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 and service_2 at CCF
- 2. Register Invoker and Onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Discover filtered by api-name not published Service APIs by Invoker
-
**Expected Result**:
1. Response to Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Onboard request must accomplish:
1. **201 Created**
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
3. Response to Discover Request By Invoker:
1. **200 OK** response.
2. Response body must follow **DiscoveredAPIs** data structure:
@@ -292,36 +292,36 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check if NetApp (Invoker) can discover published service APIs.
+ This test case will check if Network App (Invoker) can discover published service APIs.
**Pre-Conditions**:
* 2 Service APIs are published.
- * NetApp was registered previously
- * NetApp was onboarded previously with {onboardingId}
-
+ * Network App was registered previously
+ * Network App was onboarded previously with {onboardingId}
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** and **service_2** at CCF
+ 2. Register Invoker and Onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Discover without filter by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_2
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_2**
+ * Use **APF Certificate**
4. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
-
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 and service_2 at CCF
- 2. Register Invoker and Onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Discover without filter by Invoker
+ * Using **Invoker Certificate**
**Expected Result**:
@@ -329,14 +329,14 @@ At this documentation you will have all information and related files and exampl
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Onboard request must accomplish:
1. **201 Created**
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
3. Response to Discover Request By Invoker:
1. **200 OK** response.
diff --git a/doc/testing/testplan/api_events_service/README.md b/doc/testing/testplan/api_events_service/README.md
index 91ef445f8d102d5c8b26944b03a73486e1594c97..73106b7145ca7600a988601d0fa624903e26d087 100644
--- a/doc/testing/testplan/api_events_service/README.md
+++ b/doc/testing/testplan/api_events_service/README.md
@@ -9,6 +9,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
This test case will check that a CAPIF subscriber (Invoker or Publisher) can Subscribe to Events
+
**Pre-Conditions**:
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
@@ -188,7 +189,7 @@ At this documentation you will have all information and related files and exampl
2. Response to Event Subscription must accomplish:
1. 201 Created
- 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: *{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
3. Response Body must follow **EventSubscription** data structure.
3. Event Subscriptions are stored in CAPIF Database
@@ -225,12 +226,12 @@ At this documentation you will have all information and related files and exampl
1. Perform [Invoker Onboarding]
2. Event Subscription:
- 1. Send **POST** to https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
2. body [event subscription request body]
3. Use **Invoker Certificate**
3. Remove Event Subcription with not valid subscriber:
- 1. Send **DELETE** to to https://{CAPIF_HOSTNAME}/capif-events/v1/{subcriberId}/subscriptions/{SUBSCRIPTION_ID_NOT_VALID}
+ 1. Send **DELETE** to to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subcriberId}/subscriptions/{SUBSCRIPTION_ID_NOT_VALID}**
2. Use **Invoker Certificate**
**Expected Result**:
@@ -262,7 +263,7 @@ At this documentation you will have all information and related files and exampl
**Description**:
- This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
+ This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF Send **TO** logging service result of invocations to their APIs.
**Pre-Conditions**:
@@ -289,7 +290,7 @@ At this documentation you will have all information and related files and exampl
* Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
* body [service api description] with apiName **service_1**
* Store **serviceApiId**
- * Use APF Certificate
+ * Use **APF Certificate**
3. Perform [invoker onboarding]
4. Discover published APIs:
@@ -311,7 +312,7 @@ At this documentation you will have all information and related files and exampl
3. apiId of published API
4. apiName of published API
5. 200 and 400 results in two logs.
- 3. Use AEF Certificate
+ 3. Use **AEF Certificate**
**Expected Result**:
@@ -398,8 +399,8 @@ At this documentation you will have all information and related files and exampl
2. Mock Server received messages must accomplish:
1. **Two Events have been received**.
2. Validate received events follow **EventNotification** data structure, with **apiIds** in **eventDetail** parameter.
- 1. One should be **SERVICE_API_AVAILABLE** apiId of service_2 published API.
- 2. The other one must be **SERVICE_API_UNAVAILABLE** apiId of service_1 published API.
+ 1. One should be **SERVICE_API_AVAILABLE** apiId of **service_2** published API.
+ 2. The other one must be **SERVICE_API_UNAVAILABLE** apiId of **service_1** published API.
---
## Test Case 8: Invoker subscribe to Service API Update
@@ -452,7 +453,7 @@ At this documentation you will have all information and related files and exampl
7. Update published API at CCF:
* Send **PUT** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}**
- * body [service api description] with overrided **apiName** to **service_1_modified**
+ * body [service api description] with overrided **apiName** to **service_1**_modified**
* Use **APF Certificate**
**Expected Result**:
@@ -464,7 +465,7 @@ At this documentation you will have all information and related files and exampl
2. Response to Update Published Service API:
1. **200 OK**
2. Response Body must follow **ServiceAPIDescription** data structure with:
- * apiName **service_1_modified**
+ * apiName **service_1**_modified**
3. Mock Server received messages must accomplish:
1. **One Event has been received**.
2. Validate received events follow **EventNotification** data structure, with **serviceAPIDescriptions** in **eventDetail** parameter.
@@ -553,7 +554,7 @@ At this documentation you will have all information and related files and exampl
* **Mock Server is clean.**
**Execution Steps**:
-
+
1. Register Provider at CCF.
2. Publish a provider API with name **service_1**.
3. Register Invoker and Onboard Invoker at CCF.
@@ -577,7 +578,7 @@ At this documentation you will have all information and related files and exampl
6. Create Security Context for Invoker
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
7. Provider Retrieve ACL
* Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
* Use **serviceApiId** and **aefId**
@@ -647,14 +648,14 @@ At this documentation you will have all information and related files and exampl
6. Create Security Context for Invoker
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
7. Provider Retrieve ACL
* Send **GET** **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
* Use **serviceApiId** and **aefId**
* Use **AEF Provider Certificate**
3. Delete Security Context of Invoker by Provider:
* Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
- * Use **AEF certificate**
+ * Use **AEF Certificate**
**Expected Result**:
@@ -720,11 +721,11 @@ At this documentation you will have all information and related files and exampl
6. Create Security Context for Invoker
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
7. Revoke Authorization by Provider:
* Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
* body [security notification body]
- * Using AEF Certificate.
+ * Using **AEF Certificate**.
**Expected Result**:
diff --git a/doc/testing/testplan/api_invoker_management/README.md b/doc/testing/testplan/api_invoker_management/README.md
index 02f04a9f3d3acdbac08ad97546d12dd843d1e97b..076d9e7af395e100cef102c0b5251e124d136454 100644
--- a/doc/testing/testplan/api_invoker_management/README.md
+++ b/doc/testing/testplan/api_invoker_management/README.md
@@ -1,20 +1,26 @@
# Test Plan for CAPIF Api Invoker Management
At this documentation you will have all information and related files and examples of test plan for this API.
-## Test Case 1: Onboard NetApp
+## Test Case 1: Onboard Network App
**Test ID**: ***capif_api_invoker_management-1***
**Description**:
- This test will try to register new NetApp at CAPIF Core.
+ This test will try to register new Network App at CAPIF Core.
**Pre-Conditions**:
- * NetApp was not registered previously
- * NetApp was not onboarded previously
+ * Network App was not registered previously
+ * Network App was not onboarded previously
* ***Preconditions: The administrator must have previously registered the User.***
+**Execution Steps**:
+
+ 1. Retrieve access_token by User from register
+ 2. Onboard Invoker at CCF
+ 3. Store signed Certificate
+
**Information of Test**:
1. Create public and private key at invoker
@@ -26,17 +32,11 @@ At this documentation you will have all information and related files and exampl
* Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example]
3. Onboard Invoker:
- * Send POST to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers*
+ * Send **POST** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers**
* Reference Request Body: [invoker onboarding body]
* "onboardingInformation"->"apiInvokerPublicKey": must contain public key generated by Invoker.
- * Send at Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
+ * Send in Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
-**Execution Steps**:
-
- 1. Retrieve access_token by User from register
- 2. Onboard Invoker at CCF
- 3. Store signed Certificate
-
**Expected Result**:
1. Response to Onboard request must accomplish:
@@ -44,39 +44,39 @@ At this documentation you will have all information and related files and exampl
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
-## Test Case 2: Onboard NetApp Already onboarded
+## Test Case 2: Onboard Network App Already onboarded
**Test ID**: ***capif_api_invoker_management-2***
**Description**:
- This test will check second onboard of same NetApp is not allowed.
+ This test will check second onboard of same Network App is not allowed.
**Pre-Conditions**:
- * NetApp was registered previously
- * NetApp was onboarded previously
+ * Network App was registered previously
+ * Network App was onboarded previously
+
+**Execution Steps**:
+
+ 1. Register Network App at CCF
+ 2. Onboard Network App at CCF
+ 3. Store signed Certificate at Network App
+ 4. Onboard Again the Network App at CCF
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Repeat Onboard Invoker:
- * Send POST to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers*
+ * Send **POST** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers**
* Reference Request Body: [invoker onboarding body]
* "onboardingInformation"->"apiInvokerPublicKey": must contain public key generated by Invoker.
- * Send at Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
-
-**Execution Steps**:
+ * Send in Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
- 1. Register NetApp at CCF
- 2. Onboard NetApp at CCF
- 3. Store signed Certificate at NetApp
- 4. Onboard Again the NetApp at CCF
-
**Expected Result**:
1. Response to Onboard request must accomplish:
@@ -84,8 +84,8 @@ At this documentation you will have all information and related files and exampl
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
- 2. Response to Second Onboard of NetApp must accomplish:
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
+ 2. Response to Second Onboard of Network App must accomplish:
1. **403 Forbidden**
2. Error Response Body must accomplish with **ProblemDetails** data structure with:
* status 403
@@ -94,77 +94,77 @@ At this documentation you will have all information and related files and exampl
* cause with message "Identical invoker public key".
-## Test Case 3: Update Onboarded NetApp
+## Test Case 3: Update Onboarded Network App
**Test ID**: ***capif_api_invoker_management-3***
**Description**:
- This test will try to update information of previous onboard NetApp at CAPIF Core.
+ This test will try to update information of previous onboard Network App at CAPIF Core.
**Pre-Conditions**:
- * NetApp was registered previously
- * NetApp was onboarded previously with {onboardingId}
-
+ * Network App was registered previously
+ * Network App was onboarded previously with {onboardingId}
+
+**Execution Steps**:
+
+ 1. Register Invoker at CCF
+ 2. Onboard Invoker at CCF
+ 3. Store signed Certificate
+ 4. Update Onboarding Information at CCF with a minor change on "notificationDestination"
+
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Update information of previously onboarded Invoker:
- * Send PUT to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}*
+ * Send **PUT** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
* Reference Request Body is: [put invoker onboarding body]
* "notificationDestination": "*http://host.docker.internal:8086/netapp_new_callback*",
-**Execution Steps**:
-
- 1. Register Invoker at CCF
- 2. Onboard Invoker at CCF
- 3. Store signed Certificate
- 4. Update Onboarding Information at CCF with a minor change on "notificationDestination"
-
**Expected Result**:
-
+
1. Response to Onboard request must accomplish:
1. **201 Created**
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
2. Response to Update Request (PUT) with minor change must contain:
1. **200 OK** response.
2. notificationDestination on response must contain the new value
-## Test Case 4: Update Not Onboarded NetApp
+## Test Case 4: Update Not Onboarded Network App
**Test ID**: ***capif_api_invoker_management-4***
**Description**:
- This test will try to update information of not onboarded NetApp at CAPIF Core.
+ This test will try to update information of not onboarded Network App at CAPIF Core.
**Pre-Conditions**:
- * NetApp was registered previously
- * NetApp was not onboarded previously
-
+ * Network App was registered previously
+ * Network App was not onboarded previously
+
+**Execution Steps**:
+
+ 1. Register Invoker at CCF
+ 2. Onboard Invoker at CCF
+ 3. Update Onboarding Information at CCF of not onboarded
+
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Update information of not onboarded Invoker:
- * Send PUT to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{INVOKER_NOT_REGISTERED}*
+ * Send **PUT** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{INVOKER_NOT_REGISTERED}**
* Reference Request Body is: [put invoker onboarding body]
-**Execution Steps**:
-
- 1. Register Invoker at CCF
- 2. Onboard Invoker at CCF
- 3. Update Onboarding Information at CCF of not onboarded
-
**Expected Result**:
-
+
1. Response to Onboard request must accomplish:
1. **201 Created**
2. Response to Update Request (PUT) must contain:
@@ -172,37 +172,36 @@ At this documentation you will have all information and related files and exampl
2. Error Response Body must accomplish with **ProblemDetails** data structure with:
* status 404
* title with message "Not Found"
- * detail with message "Please provide an existing Netapp ID".
- * cause with message "Not exist NetappID".
-
+ * detail with message "Please provide an existing Network App ID".
+ * cause with message "Not exist Network App ID".
-## Test Case 5: Offboard NetApp
+## Test Case 5: Offboard Network App
**Test ID**: ***capif_api_invoker_management-5***
**Description**:
- This test case will check that a Registered NetApp can be deleted.
+ This test case will check that a Registered Network App can be deleted.
**Pre-Conditions**:
- * NetApp was registered previously
- * NetApp was onboarded previously
+ * Network App was registered previously
+ * Network App was onboarded previously
+
+**Execution Steps**:
+
+ 1. Register Invoker at CCF
+ 2. Onboard Invoker at CCF
+ 3. Offboard Invoker at CCF
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Offboard:
- * Send Delete to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}*
-
-**Execution Steps**:
+ * Send **DELETE** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
- 1. Register Invoker at CCF
- 2. Onboard Invoker at CCF
- 3. Offboard Invoker at CCF
-
**Expected Result**:
1. Response to Onboard request must accomplish:
@@ -211,30 +210,30 @@ At this documentation you will have all information and related files and exampl
1. **204 No Content**
-## Test Case 6: Offboard Not previsouly Onboarded NetApp
+## Test Case 6: Offboard Not previsouly Onboarded Network App
**Test ID**: ***capif_api_invoker_management-6***
**Description**:
- This test case will check that a Non-Registered NetApp cannot be deleted
+ This test case will check that a Non-Registered Network App cannot be deleted
**Pre-Conditions**:
- * NetApp was registered previously
- * NetApp was not onboarded previously
+ * Network App was registered previously
+ * Network App was not onboarded previously
+
+**Execution Steps**:
+
+ 1. Register Invoker at CCF
+ 2. Offboard Invoker at CCF
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Offboard:
- * Send Delete to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{INVOKER_NOT_REGISTERED}*
-
-**Execution Steps**:
-
- 1. Register Invoker at CCF
- 2. Offboard Invoker at CCF
+ * Send **DELETE** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{INVOKER_NOT_REGISTERED}**
**Expected Result**:
@@ -243,10 +242,10 @@ At this documentation you will have all information and related files and exampl
2. Error Response Body must accomplish with **ProblemDetails** data structure with:
* status 404
* title with message "Not Found"
- * detail with message "Please provide an existing Netapp ID".
- * cause with message "Not exist NetappID".
+ * detail with message "Please provide an existing Network App ID".
+ * cause with message "Not exist Network App ID".
-## Test Case 7: Update Onboarded NetApp Certificate
+## Test Case 7: Update Onboarded Network App Certificate
**Test ID**: ***capif_api_invoker_management-7***
@@ -256,8 +255,16 @@ At this documentation you will have all information and related files and exampl
**Pre-Conditions**:
- * NetApp was registered previously
- * NetApp was onboarded previously with {onboardingId} and {public_key_1}
+ * Network App was registered previously
+ * Network App was onboarded previously with {onboardingId} and {public_key_1}
+
+**Execution Steps**:
+
+ 1. Register Invoker at CCF
+ 2. Onboard Invoker at CCF
+ 3. Store signed Certificate
+ 4. Update Onboarding Information at CCF with new public key
+ 5. Update Onboarding Information at CCF with minor change
**Information of Test**:
@@ -266,24 +273,16 @@ At this documentation you will have all information and related files and exampl
2. Create {public_key_2}
3. Update information of previously onboarded Invoker:
- * Send PUT to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}*
+ * Send **PUT** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
* Reference Request Body is: [put invoker onboarding body]
* ["onboardingInformation"]["apiInvokerPublicKey"]: {public_key_2},
* Store new certificate.
4. Update information of previously onboarded Invoker Using new certificate:
- * Send PUT to *https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}*
+ * Send **PUT** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
* Reference Request Body is: [put invoker onboarding body]
* "notificationDestination": "*http://host.docker.internal:8086/netapp_new_callback*",
- * Use new invoker certificate
-
-**Execution Steps**:
-
- 1. Register Invoker at CCF
- 2. Onboard Invoker at CCF
- 3. Store signed Certificate
- 4. Update Onboarding Information at CCF with new public key
- 5. Update Onboarding Information at CCF with minor change
+ * Use new **Invoker Certificate**
**Expected Result**:
@@ -292,7 +291,7 @@ At this documentation you will have all information and related files and exampl
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
2. Response to Update Request (PUT) with new public key:
1. **200 OK** response.
2. apiInvokerCertificate with new certificate on response -> store to use.
@@ -302,7 +301,6 @@ At this documentation you will have all information and related files and exampl
-
[invoker onboarding body]: ./invoker_details_post_example.json "API Invoker Request"
[user_getauth_response_body_example]: ../common_operations/user_getauth_response_body_example.json "User GetAuth response Body Example"
[put register body]: ./invoker_details_put_example.json "API Invoker Update Request"
diff --git a/doc/testing/testplan/api_logging_service/README.md b/doc/testing/testplan/api_logging_service/README.md
index 5d61b8e3baa72561be5132fb9ecde26c42c9b294..b2437e9ed8e3d16054fa9c129b4d8993590baef6 100644
--- a/doc/testing/testplan/api_logging_service/README.md
+++ b/doc/testing/testplan/api_logging_service/README.md
@@ -10,29 +10,29 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF AEF can create log entry to Logging Service
**Pre-Conditions**:
-
+
* CAPIF provider is pre-authorised (has valid aefId from CAPIF Authority)
* Service exist in CAPIF
* Invoker exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+
**Information of Test**:
1. Perform [provider onboarding] and [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Log Entry:
- 1. Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
2. body [log entry request body]
- 3. Use AEF Certificate
-
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
+ 3. Use **AEF Certificate**
**Expected Result**:
@@ -42,9 +42,7 @@ At this documentation you will have all information and related files and exampl
* aefId
* apiInvokerId
* logs
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invocation-logs/v1/{aefId}/logs/{logId}*
-
-
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invocation-logs/v1/{aefId}/logs/{logId}**
## Test Case 2: Creates a new individual CAPIF Log Entry with Invalid aefId
@@ -61,25 +59,25 @@ At this documentation you will have all information and related files and exampl
* Service exist in CAPIF
* Invoker exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+
**Information of Test**:
1. Perform [provider onboarding] and [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Log Entry:
- 1. Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{not-valid-aefId}/logs*
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{not-valid-aefId}/logs**
2. body [log entry request body]
- 3. Use AEF Certificate
+ 3. Use **AEF Certificate**
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
-
**Expected Result**:
1. Response to Logging Service must accomplish:
@@ -90,6 +88,7 @@ At this documentation you will have all information and related files and exampl
* detail with message "Exposer not exist".
* cause with message "Exposer id not found".
+
## Test Case 3: Creates a new individual CAPIF Log Entry with Invalid serviceAPI
**Test ID**: ***capif_api_logging-3***
@@ -99,27 +98,27 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF subscriber (AEF) cannot create Log Entry without valid aefId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid aefId from CAPIF Authority)
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+
**Information of Test**:
1. Perform [provider onboarding] and [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Log Entry:
- 1. Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
2. body [log entry request body with serviceAPI apiName apiId not valid]
- 3. Use AEF Certificate
-
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
+ 3. Use **AEF Certificate**
**Expected Result**:
@@ -132,7 +131,6 @@ At this documentation you will have all information and related files and exampl
* cause with message "Invoker id not found".
-
## Test Case 4: Creates a new individual CAPIF Log Entry with Invalid apiInvokerId
**Test ID**: ***capif_api_logging-4***
@@ -142,28 +140,28 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF subscriber (AEF) cannot create Log Entry without valid aefId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid aefId from CAPIF Authority)
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+
**Information of Test**:
1. Perform [provider onboarding] and [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Log Entry:
- 1. Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
2. body [log entry request body with invokerId not valid]
- 3. Use AEF Certificate
+ 3. Use **AEF Certificate**
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
-
**Expected Result**:
1. Response to Onboard request must accomplish:
@@ -172,7 +170,7 @@ At this documentation you will have all information and related files and exampl
3. For each **apiProvFuncs**, we must check:
1. **apiProvFuncId** is set
2. **apiProvCert** under **regInfo** is set properly
- 5. Location Header must contain the new resource URL *{apiRoot}/api-provider-management/v1/registrations/{registrationId}*
+ 5. Location Header must contain the new resource URL **{apiRoot}/api-provider-management/v1/registrations/{registrationId}**
2. Response to Logging Service must accomplish:
1. **404 Not Found**
@@ -199,25 +197,25 @@ At this documentation you will have all information and related files and exampl
* Service exist in CAPIF
* Invoker exist in CAPIF
+**Execution Steps**:
+ 1. Register Provider and Invoker CCF
+ 2. Publish Service
+ 3. Create Log Entry
+
**Information of Test**:
1. Perform [provider onboarding] and [invoker onboarding]
2. Publish Service API at CCF:
- - Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- - body [service api description] with apiName service_1
- - Use APF Certificate
+ - Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ - body [service api description] with apiName **service_1**
+ - Use **APF Certificate**
3. Log Entry:
- 1. Send POST to *https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs*
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/api-invocation-logs/v1/{aefId}/logs**
2. body [log entry request body with bad aefId]
- 3. Use AEF Certificate
+ 3. Use **AEF Certificate**
-**Execution Steps**:
- 1. Register Provider and Invoker CCF
- 2. Publish Service
- 3. Create Log Entry
-
**Expected Result**:
1. Response to Logging Service must accomplish:
@@ -229,10 +227,6 @@ At this documentation you will have all information and related files and exampl
* cause with message "Not identical AEF id".
-
-
-
-
[log entry request body]: ./invocation_log.json "Log Request Body"
[invoker onboarding]: ../common_operations/README.md#onboard-an-invoker "Invoker Onboarding"
diff --git a/doc/testing/testplan/api_provider_management/README.md b/doc/testing/testplan/api_provider_management/README.md
index fe72d20ead83260ba471643fb19945c6988b56a6..839e8be1d8bf26dc98861bb1a01b59baf5bca554 100644
--- a/doc/testing/testplan/api_provider_management/README.md
+++ b/doc/testing/testplan/api_provider_management/README.md
@@ -6,13 +6,18 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_provider_management-1***
**Description**:
-
+
This test case will check that Api Provider can be registered con CCF
**Pre-Conditions**:
-
+
* Provider is pre-authorised (has valid certificate from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Create private and public key for provider and each function to register.
+ 2. Register Provider.
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
@@ -25,16 +30,11 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Store each cert in a file with according name.
-**Execution Steps**:
-
- 1. Create private and public key for provider and each function to register.
- 2. Register Provider.
-
**Expected Result**:
1. Register Provider at Provider Management:
@@ -43,24 +43,31 @@ At this documentation you will have all information and related files and exampl
3. For each **apiProvFuncs**, we must check:
1. **apiProvFuncId** is set
2. **apiProvCert** under **regInfo** is set properly
- 5. Location Header must contain the new resource URL *{apiRoot}/api-provider-management/v1/registrations/{registrationId}*
+ 5. Location Header must contain the new resource URL **{apiRoot}/api-provider-management/v1/registrations/{registrationId}**
+
## Test Case 2: Register Api Provider Already registered
**Test ID**: ***capif_api_provider_management-2***
**Description**:
-
+
This test case will check that a Api Provider previously registered cannot be re-registered
**Pre-Conditions**:
-
+
* Api Provider was registered previously and there is a {registerId} for his Api Provider in the DB
+**Execution Steps**:
+
+ 1. Create private and public key for provider and each function to register.
+ 2. Register Provider.
+ 3. Re-Register Provider.
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
-
+
2. Retrieve access_token by User:
* Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth**
@@ -69,7 +76,7 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Store each cert in a file with according name.
@@ -78,12 +85,6 @@ At this documentation you will have all information and related files and exampl
* Same regSec than Previous registration
-**Execution Steps**:
-
- 1. Create private and public key for provider and each function to register.
- 2. Register Provider.
- 3. Re-Register Provider.
-
**Expected Result**:
1. Re-Register Provider:
@@ -95,18 +96,25 @@ At this documentation you will have all information and related files and exampl
* detail with message "Provider already registered".
* cause with message "Identical provider reg sec".
+
## Test Case 3: Update Registered Api Provider
**Test ID**: ***capif_api_provider_management-3***
**Description**:
-
+
This test case will check that a Registered Api Provider can be updated
**Pre-Conditions**:
-
+
* Api Provider was registered previously and there is a {registerId} for his Api Provider in the DB
+**Execution Steps**:
+
+ 1. Create private and public key for provider and each function to register.
+ 2. Register Provider
+ 3. Update Provider
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
@@ -118,30 +126,23 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Get Resource URL from Location
4. Update Provider:
- * Send PUT to Resource URL returned at registration *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}*
+ * Send **PUT** to Resource URL returned at registration **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}**
* body [provider request body] with apiProvDomInfo set to ROBOT_TESTING_MOD
* Use AMF Certificate.
-
-**Execution Steps**:
-
- 1. Create private and public key for provider and each function to register.
- 2. Register Provider
- 3. Update Provider
-
**Expected Result**:
1. Register Provider:
1. **201 Created** response.
2. body returned must accomplish **APIProviderEnrolmentDetails** data structure.
- 3. Location Header must contain the new resource URL *{apiRoot}/api-provider-management/v1/registrations/{registrationId}*
+ 3. Location Header must contain the new resource URL **{apiRoot}/api-provider-management/v1/registrations/{registrationId}**
2. Update Provider:
@@ -155,13 +156,18 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_provider_management-4***
**Description**:
-
+
This test case will check that a Non-Registered Api Provider cannot be updated
**Pre-Conditions**:
-
+
* Api Provider was not registered previously
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Update Not Registered Provider
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
@@ -174,22 +180,17 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Store each cert in a file with according name.
4. Update Not Registered Provider:
- * Send PUT *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_PROVIDER_NOT_REGISTERED}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_PROVIDER_NOT_REGISTERED}**
* body [provider request body]
* Use AMF Certificate.
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Update Not Registered Provider
-
**Expected Result**:
1. Update Not Registered Provider:
@@ -198,20 +199,27 @@ At this documentation you will have all information and related files and exampl
* status 404
* title with message "Not Found"
* detail with message "Not Exist Provider Enrolment Details".
- * cause with message "Not found registrations to send this api provider details".
+ * cause with message "Not found registrations to Send **THIS** api provider details".
+
## Test Case 5: Partially Update Registered Api Provider
**Test ID**: ***capif_api_provider_management-5***
**Description**:
-
+
This test case will check that a Registered Api Provider can be partially updated
**Pre-Conditions**:
-
+
* Api Provider was registered previously and there is a {registerId} for his Api Provider in the DB
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Register Provider
+ 3. Partial update provider
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
@@ -224,23 +232,17 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Store each cert in a file with according name.
4. Partial update provider:
- * Send PATCH *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}*
+ * Send **PATCH** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}**
* body [provider request patch body]
* Use AMF Certificate.
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Register Provider
- 3. Partial update provider
-
**Expected Result**:
1. Partial update provider at Provider Management:
@@ -248,18 +250,25 @@ At this documentation you will have all information and related files and exampl
2. body returned must accomplish **APIProviderEnrolmentDetails** data structure, with:
* apiProvDomInfo with "ROBOT_TESTING_MOD"
+
## Test Case 6: Partially Update Not Registered Api Provider
**Test ID**: ***capif_api_provider_management-6***
**Description**:
-
+
This test case will check that a Non-Registered Api Provider cannot be partially updated
**Pre-Conditions**:
-
+
* Api Provider was not registered previously
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Register Provider
+ 3. Partial update provider
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
@@ -272,24 +281,17 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Store each cert in a file with according name.
4. Partial update Provider:
- * Send PATCH *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_API_PROVIDER_NOT_REGISTERED}*
+ * Send **PATCH** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_API_PROVIDER_NOT_REGISTERED}**
* body [provider request patch body]
* Use AMF Certificate.
-
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Register Provider
- 3. Partial update provider
-
**Expected Result**:
1. Partial update provider:
@@ -299,20 +301,27 @@ At this documentation you will have all information and related files and exampl
* status 404
* title with message "Not Found"
* detail with message "Not Exist Provider Enrolment Details".
- * cause with message "Not found registrations to send this api provider details".
+ * cause with message "Not found registrations to Send **THIS** api provider details".
+
## Test Case 7: Delete Registered Api Provider
**Test ID**: ***capif_api_provider_management-7***
**Description**:
-
+
This test case will check that a Registered Api Provider can be deleted
**Pre-Conditions**:
-
+
* Api Provider was registered previously
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Register Provider
+ 3. Delete Provider
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
@@ -325,39 +334,39 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Store each cert in a file with according name.
4. Delete registered provider:
- * Send DELETE *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}*
+ * Send **DELETE** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}**
* Use AMF Certificate.
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Register Provider
- 3. Delete Provider
-
**Expected Result**:
1. Delete Provider:
1. **204 No Content** response.
+
## Test Case 8: Delete Not Registered Api Provider
**Test ID**: ***capif_api_provider_management-8***
**Description**:
-
+
This test case will check that a Non-Registered Api Provider cannot be deleted
**Pre-Conditions**:
-
+
* Api Provider was not registered previously
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Delete Provider
+
**Information of Test**:
1. Create public and private key at provider for provider itself and each function (apf, aef and amf)
@@ -370,21 +379,16 @@ At this documentation you will have all information and related files and exampl
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
* Authentication Bearer with access_token
* Store each cert in a file with according name.
4. Delete registered provider at Provider Management:
- * Send DELETE *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_PROVIDER_NOT_REGISTERED}*
+ * Send **DELETE** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{API_PROVIDER_NOT_REGISTERED}**
* Use AMF Certificate.
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Delete Provider
-
**Expected Result**:
1. Delete Provider:
@@ -393,7 +397,8 @@ At this documentation you will have all information and related files and exampl
* status 404
* title with message "Not Found"
* detail with message "Not Exist Provider Enrolment Details".
- * cause with message "Not found registrations to send this api provider details".
+ * cause with message "Not found registrations to Send **THIS** api provider details".
+
[provider request body]: ./provider_details_post_example.json "API Provider Enrolment Request"
diff --git a/doc/testing/testplan/api_publish_service/README.md b/doc/testing/testplan/api_publish_service/README.md
index 21512db6fbd04c0170c0cf940bba92486000aa33..928c95e7e0342ccb2b01ca54df318c2d47ae2fc2 100644
--- a/doc/testing/testplan/api_publish_service/README.md
+++ b/doc/testing/testplan/api_publish_service/README.md
@@ -6,66 +6,67 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-1***
**Description**:
-
+
This test case will check that an API Publisher can Publish an API
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+
+ 2. Publish Service API
+
+ 3. Retrieve {apiId} from body and Location header with new resource created from response
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to **ccf_publish_url**: *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
+ * Send **POST** to **ccf_publish_url**: **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
* body [service api description] with apiName **service_1**
- * Use APF Certificate
-
-**Execution Steps**:
+ * Use **APF Certificate**
- 1. Register Provider at CCF and store certificates.
-
- 2. Publish Service API
-
- 3. Retrieve {apiId} from body and Location header with new resource created from response
-
**Expected Result**:
1. Response to Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 1. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 1. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
3. Published Service API is stored in CAPIF Database
+
## Test Case 2: Publish API by NON Authorised API Publisher
**Test ID**: ***capif_api_publish_service-2***
**Description**:
-
+
This test case will check that an API Publisher cannot Publish an API withot valid apfId
**Pre-Conditions**:
-
+
* CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Publish Service API with invalid APF ID
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API with invalid APF ID at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis*
- * body [service api description] with apiName service_1
- * Use APF Certificate
-
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Publish Service API with invalid APF ID
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
**Expected Result**:
@@ -93,34 +94,34 @@ At this documentation you will have all information and related files and exampl
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
* At least 2 service APIs are published.
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Publish Service API **service_1**
+ 3. Retrieve {apiId1} from body and Location header with new resource created from response
+ 4. Publish Service API **service_2**
+ 5. Retrieve {apiId2} from body and Location header with new resource created from response
+ 6. Retrieve All published APIs and check if both are present.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
3. Publish Other Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_2
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_2**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
4. Retrieve all published APIs:
- * Send Get to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * Use APF Certificate
-
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Publish Service API service_1
- 3. Retrieve {apiId1} from body and Location header with new resource created from response
- 4. Publish Service API service_2
- 5. Retrieve {apiId2} from body and Location header with new resource created from response
- 6. Retrieve All published APIs and check if both are present.
+ * Send **GET** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * Use **APF Certificate**
**Expected Result**:
@@ -128,13 +129,13 @@ At this documentation you will have all information and related files and exampl
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}**
2. Response to service 2 Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}**
3. Published Service APIs are stored in CAPIF Database
@@ -143,6 +144,7 @@ At this documentation you will have all information and related files and exampl
2. Response body must return an array of **ServiceAPIDescription** data.
3. Array must contain all previously published APIs.
+
## Test Case 4: Retrieve all APIs Published by NON Authorised apfId
**Test ID**: ***capif_api_publish_service-4***
@@ -155,19 +157,19 @@ At this documentation you will have all information and related files and exampl
* CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Retrieve All published APIs
+
**Information of Test**:
1. Perform [Provider Registration]
2. Retrieve all published APIs:
- * Send Get to *https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis*
- * Use APF Certificate
+ * Send **GET** to **https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis**
+ * Use **APF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Retrieve All published APIs
-
**Expected Result**:
1. Response to Publish request must accomplish:
@@ -180,52 +182,53 @@ At this documentation you will have all information and related files and exampl
2. Service API is NOT stored in CAPIF Database
+
## Test Case 5: Retrieve single APIs Published by Authorised apfId
**Test ID**: ***capif_api_publish_service-5***
**Description**:
-
+
This test case will check that an API Publisher can Retrieve API published one by one
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
* At least 2 service APIs are published.
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Publish Service API **service_1**.
+ 3. Retrieve {apiId1} from body and Location header with new resource created from response.
+ 4. Publish Service API **service_2**.
+ 5. Retrieve {apiId2} from body and Location header with new resource created from response.
+ 6. Retrieve **service_1** API Detail.
+ 7. Retrieve **service_2** API Detail.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
3. Publish Other Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_2
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_2**
* Get apiId
- * Use APF Certificate
-
- 4. Retrieve service_1 published APIs detail:
- * Send Get to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId1}*
- * Use APF Certificate
-
- 5. Retrieve service_2 published APIs detail:
- * Send Get to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId2}*
- * Use APF Certificate
+ * Use **APF Certificate**
-**Execution Steps**:
+ 4. Retrieve **service_1** published APIs detail:
+ * Send **GET** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId1}**
+ * Use **APF Certificate**
- 1. Register Provider at CCF and store certificates.
- 2. Publish Service API service_1.
- 3. Retrieve {apiId1} from body and Location header with new resource created from response.
- 4. Publish Service API service_2.
- 5. Retrieve {apiId2} from body and Location header with new resource created from response.
- 6. Retrieve service_1 API Detail.
- 7. Retrieve service_2 API Detail.
+ 5. Retrieve **service_2** published APIs detail:
+ * Send **GET** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId2}**
+ * Use **APF Certificate**
**Expected Result**:
@@ -233,25 +236,25 @@ At this documentation you will have all information and related files and exampl
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}**
2. Response to service 2 Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}**
3. Published Service APIs are stored in CAPIF Database
- 4. Response to Retrieve service_1 published API using apiId1:
+ 4. Response to Retrieve **service_1** published API using apiId1:
1. **200 OK**
2. Response body must return a **ServiceAPIDescription** data.
- 3. Array must contain same information than service_1 published registration response.
+ 3. Array must contain same information than **service_1** published registration response.
- 5. Response to Retrieve service_2 published API using apiId2:
+ 5. Response to Retrieve **service_2** published API using apiId2:
1. **200 OK**
2. Response body must return a **ServiceAPIDescription** data.
- 3. Array must contain same information than service_2 published registration response.
+ 3. Array must contain same information than **service_2** published registration response.
## Test Case 6: Retrieve single APIs non Published by Authorised apfId
@@ -259,26 +262,26 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-6***
**Description**:
-
+
This test case will check that an API Publisher try to get detail of not published api.
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
* No published api
-**Information of Test**:
-
- 1. Perform [Provider Registration]
- 2. Retrieve not published APIs detail:
- * Send Get to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}*
- * Use APF Certificate
-
**Execution Steps**:
1. Register Provider at CCF and store certificates.
2. Retrieve not published API Detail.
+**Information of Test**:
+
+ 1. Perform [Provider Registration]
+ 2. Retrieve not published APIs detail:
+ * Send **GET** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}**
+ * Use **APF Certificate**
+
**Expected Result**:
1. Response to Retrieve for NOT published API must accomplish:
@@ -295,36 +298,36 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-7***
**Description**:
-
+
This test case will check that an API Publisher cannot Retrieve detailed API published when apfId is not authorised
**Pre-Conditions**:
-
+
* CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Publish Service API at CCF
+ 3. Retrieve {apiId} from body and Location header with new resource created from response.
+ 4. Register and onboard Invoker at CCF
+ 5. Store signed **Invoker Certificate**
+ 6. Retrieve detailed published API acting as Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
3. Retrieve detailed published APIs:
- * Send Get to *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/${apiId}*
- * Use Invoker certificate
+ * Send **GET** to **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/${apiId}**
+ * Use **Invoker Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Publish Service API at CCF
- 3. Retrieve {apiId} from body and Location header with new resource created from response.
- 4. Register and onboard Invoker at CCF
- 5. Store signed Invoker Certificate
- 6. Retrieve detailed published API acting as Invoker
-
**Expected Result**:
1. Response to Retrieve Detailed published API acting as Invoker must accomplish:
@@ -343,101 +346,101 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-8***
**Description**:
-
+
This test case will check that an API Publisher can Update published API with a valid serviceApiId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
* A service APIs is published.
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Publish Service API
+ 3. Retrieve {apiId} from body and Location header with new resource url created from response
+ 4. Update published Service API.
+ 5. Retrieve detail of Service API
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
* get resource url from location Header.
- * Use APF Certificate
+ * Use **APF Certificate**
3. Update published API at CCF:
- * Send PUT to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}*
- * body [service api description] with overrided apiName to service_1_modified
- * Use APF Certificate
+ * Send **PUT** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}**
+ * body [service api description] with overrided apiName to **service_1**_modified
+ * Use **APF Certificate**
4. Retrieve detail of service API:
- * Send Get to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}*
- * check apiName is service_1_modified
- * Use APF Certificate
-
-**Execution Steps**:
+ * Send **GET** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}**
+ * check apiName is **service_1**_modified
+ * Use **APF Certificate**
- 1. Register Provider at CCF and store certificates.
- 2. Publish Service API
- 3. Retrieve {apiId} from body and Location header with new resource url created from response
- 4. Update published Service API.
- 5. Retrieve detail of Service API
-
**Expected Result**:
1. Response to Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Update Published Service API:
1. **200 OK**
2. Response Body must follow **ServiceAPIDescription** data structure with:
- * apiName service_1_modified
+ * apiName **service_1**_modified
3. Response to Retrieve detail of Service API:
1. **200 OK**
2. Response Body must follow **ServiceAPIDescription** data structure with:
- * apiName service_1_modified.
-
+ * apiName **service_1**_modified.
+
## Test Case 9: Update APIs Published by Authorised apfId with invalid serviceApiId
**Test ID**: ***capif_api_publish_service-9***
**Description**:
-
+
This test case will check that an API Publisher cannot Update published API with a invalid serviceApiId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Update published Service API.
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
3. Update published API at CCF:
- * Send PUT to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}*
- * body [service api description] with overrided apiName to ***service_1_modified***
- * Use APF Certificate
-
-**Execution Steps**:
+ * Send **PUT** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}**
+ * body [service api description] with overrided apiName to ***service_1**_modified***
+ * Use **APF Certificate**
- 1. Register Provider at CCF and store certificates.
- 2. Update published Service API.
-
**Expected Result**:
1. Response to Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Response to Update Published Service API:
1. **404 Not Found**
@@ -452,43 +455,43 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-10***
**Description**:
-
+
This test case will check that an API Publisher cannot Update API published when apfId is not authorised
**Pre-Conditions**:
-
+
* CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Publish Service API at CCF
+ 3. Retrieve {apiId} from body and Location header with new resource created from response.
+ 4. Register and onboard Invoker at CCF
+ 5. Store signed **Invoker Certificate**
+ 6. Update published API at CCF as Invoker
+ 7. Retrieve detail of Service API as publisher
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
3. Update published API at CCF:
- * Send PUT to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
- * body [service api description] with overrided apiName to ***service_1_modified***
- * Use invoker certificate
+ * Send **PUT** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
+ * body [service api description] with overrided apiName to ***service_1**_modified***
+ * Use **Invoker Certificate**
4. Retrieve detail of service API:
- * Send Get to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}*
- * check apiName is service_1
- * Use APF Certificate
+ * Send **GET** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}**
+ * check apiName is **service_1**
+ * Use **APF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Publish Service API at CCF
- 3. Retrieve {apiId} from body and Location header with new resource created from response.
- 4. Register and onboard Invoker at CCF
- 5. Store signed Invoker Certificate
- 6. Update published API at CCF as Invoker
- 7. Retrieve detail of Service API as publisher
-
**Expected Result**:
1. Response to Update published API acting as Invoker must accomplish:
@@ -502,7 +505,7 @@ At this documentation you will have all information and related files and exampl
2. Response to Retrieve Detail of Service API:
1. **200 OK**
2. Response Body must follow **ServiceAPIDescription** data structure with:
- * apiName service_1.
+ * apiName **service_1**.
## Test Case 11: Delete API Published by Authorised apfId with valid serviceApiId
@@ -510,46 +513,46 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-11***
**Description**:
-
+
This test case will check that an API Publisher can Delete published API with a valid serviceApiId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
* A service APIs is published.
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Publish Service API
+ 3. Retrieve {apiId} from body and Location header with new resource created from response
+ 4. Remove published API at CCF
+ 5. Try to retreive deleted service API from CCF
+
**Information of Test**:
1. Perform [Provider Registration]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
3. Remove published Service API at CCF:
- * Send DELETE to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
- * Use APF Certificate
+ * Send **DELETE** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
+ * Use **APF Certificate**
4. Retrieve detail of service API:
- * Send Get to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}*
- * Use APF Certificate
+ * Send **GET** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}**
+ * Use **APF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Publish Service API
- 3. Retrieve {apiId} from body and Location header with new resource created from response
- 4. Remove published API at CCF
- 5. Try to retreive deleted service API from CCF
-
**Expected Result**:
1. Response to Publish request must accomplish:
1. **201 Created**
2. Response Body must follow **ServiceAPIDescription** data structure with:
* apiId
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}**
2. Published Service API is stored in CAPIF Database
@@ -570,26 +573,26 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-12***
**Description**:
-
+
This test case will check that an API Publisher cannot Delete with invalid serviceApiId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Remove published API at CCF with invalid serviceId
+
**Information of Test**:
1. Perform [Provider Registration]
2. Remove published Service API at CCF with invalid serviceId:
- * Send DELETE to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}*
- * Use APF Certificate
+ * Send **DELETE** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}**
+ * Use **APF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Remove published API at CCF with invalid serviceId
-
**Expected Result**:
1. Response to Remove published Service API at CCF:
@@ -606,33 +609,33 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_api_publish_service-12***
**Description**:
-
+
This test case will check that an API Publisher cannot Delete API published when apfId is not authorised
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
+**Execution Steps**:
+
+ 1. Register Provider at CCF and store certificates.
+ 2. Register Invoker and onboard Invoker at CCF
+ 3. Remove published API at CCF with invalid serviceId as Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis*
- * body [service api description] with apiName service_1
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
* Get apiId
- * Use APF Certificate
+ * Use **APF Certificate**
3. Remove published Service API at CCF with invalid serviceId as Invoker:
- * Send DELETE to resource URL *https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}*
- * Use invoker certificate.
+ * Send **DELETE** to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}**
+ * Use **Invoker Certificate**.
-**Execution Steps**:
-
- 1. Register Provider at CCF and store certificates.
- 2. Register Invoker and onboard Invoker at CCF
- 3. Remove published API at CCF with invalid serviceId as Invoker
-
**Expected Result**:
1. Response to Remove published Service API at CCF:
diff --git a/doc/testing/testplan/api_security_service/README.md b/doc/testing/testplan/api_security_service/README.md
index e051f90fc1e32645e24cf099fd6108f6520200f5..7b871ccea5303a8cb253c429648ef9996f44f2c1 100644
--- a/doc/testing/testplan/api_security_service/README.md
+++ b/doc/testing/testplan/api_security_service/README.md
@@ -6,33 +6,33 @@ At this documentation you will have all information and related files and exampl
**Test ID**: ***capif_security_api-1***
**Description**:
-
+
This test case will check that an API Invoker can create a Security context
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Store signed Certificate
+ 3. Create Security Context
+
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Store signed Certificate
- 3. Create Security Context
-
**Expected Result**:
1. Create security context:
1. **201 Created** response.
2. body returned must accomplish **ServiceSecurity** data structure.
- 3. Location Header must contain the new resource URL *{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}*
+ 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
## Test Case 2: Create a security context for an API invoker with Provider role
@@ -40,28 +40,28 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-2***
**Description**:
-
+
This test case will check that an Provider cannot create a Security context with valid apiInvokerId.
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with Provider role
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context using Provider certificate
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker but using Provider certificate.
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using AEF certificate
+ * Using **AEF Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context using Provider certificate
-
**Expected Result**:
1. Create security context using Provider certificate:
@@ -74,6 +74,7 @@ At this documentation you will have all information and related files and exampl
2. No context stored at DB
+
## Test Case 3: Create a security context for an API invoker with Provider entity role and invalid apiInvokerId
**Test ID**:: ***capif_security_api-3***
@@ -83,23 +84,23 @@ At this documentation you will have all information and related files and exampl
This test case will check that an Provider cannot create a Security context with invalid apiInvokerID.
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with Provider role
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Create Security Context using Provider certificate
+
**Information of Test**:
1. Perform [Provider Registration]
2. Create Security Context for this not valid apiInvokerId and using Provider certificate.
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
* body [service security body]
- * Using AEF certificate
+ * Using **AEF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Create Security Context using Provider certificate
-
**Expected Result**:
1. Create security context using Provider certificate:
@@ -111,32 +112,33 @@ At this documentation you will have all information and related files and exampl
* cause with message "User role must be invoker".
2. No context stored at DB
+
## Test Case 4: Create a security context for an API invoker with Invoker entity role and invalid apiInvokerId
**Test ID**:: ***capif_security_api-4***
**Description**:
-
+
This test case will check that an Invoker cannot create a Security context with valid apiInvokerId.
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with invalid apiInvokerId
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Create Security Context using Provider certificate
+
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Create Security Context for this Invoker:
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
* body [service security body]
- * Use Invoker Certificate
+ * Use **Invoker Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Create Security Context using Provider certificate
-
**Expected Result**:
1. Create security context using Provider certificate:
@@ -149,39 +151,39 @@ At this documentation you will have all information and related files and exampl
2. No context stored at DB
-
+
## Test Case 5: Retrieve the Security Context of an API Invoker
**Test ID**:: ***capif_security_api-5***
**Description**:
-
+
This test case will check that an provider can retrieve the Security context of an API Invoker
**Pre-Conditions**:
-
+
* Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context using Provider certificate
+ 4. Retrieve Security Context by Provider
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker.
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker certificate
+ * Using **Invoker Certificate**
3. Retrieve Security Context of Invoker by Provider:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
- * Using AEF Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Using **AEF Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context using Provider certificate
- 4. Retrieve Security Context by Provider
-
**Expected Result**:
1. Retrieve security context:
@@ -194,27 +196,27 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-6***
**Description**:
-
+
This test case will check that an provider can retrieve the Security context of an API Invoker
**Pre-Conditions**:
-
+
* Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context
+**Execution Steps**:
+
+ 2. Register Provider at CCF
+ 3. Create Security Context using Provider certificate
+ 4. Retrieve Security Context by Provider of invalid invoker
+
**Information of Test**:
1. Perform [Provider Registration]
2. Retrieve Security Context of invalid Invoker by Provider:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}*
- * Using AEF Certificate.
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
+ * Using **AEF Certificate**.
-**Execution Steps**:
-
- 2. Register Provider at CCF
- 3. Create Security Context using Provider certificate
- 4. Retrieve Security Context by Provider of invalid invoker
-
**Expected Result**:
1. Retrieve security context:
@@ -231,33 +233,33 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-7***
**Description**:
-
+
This test case will check that an Provider cannot retrieve the Security context of an API Invoker without valid apfId
**Pre-Conditions**:
-
+
* API Exposure Function is not pre-authorised (has invalid apfId)
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Store signed Certificate
+ 3. Create Security Context
+ 4. Retrieve Security Context as Provider.
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate
+ * Using **Invoker Certificate**
3. Retrieve Security Context as Invoker role:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
- * Using Invoker Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Using **Invoker Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Store signed Certificate
- 3. Create Security Context
- 4. Retrieve Security Context as Provider.
-
**Expected Result**:
1. Create security context:
@@ -274,37 +276,37 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-8***
**Description**:
-
+
This test case will check that an Provider can delete a Security context
**Pre-Conditions**:
-
+
* Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context using Provider certificate
+ 4. Delete Security Context by Provider
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker but using Provider certificate.
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using AEF certificate
+ * Using **AEF Certificate**
3. Delete Security Context of Invoker by Provider:
- * Send DELETE *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
- * Use AEF certificate
+ * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Use **AEF Certificate**
4. Retrieve Security Context of Invoker by Provider:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
- * Using AEF Certificate
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Using **AEF Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context using Provider certificate
- 4. Delete Security Context by Provider
-
**Expected Result**:
1. Delete security context:
@@ -324,32 +326,32 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-9***
**Description**:
-
+
This test case will check that an Invoker cannot delete a Security context
**Pre-Conditions**:
-
+
* Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Create Security Context using Provider certificate
+ 3. Delete Security Context by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker:
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker certificate
+ * Using **Invoker Certificate**
3. Delete Security Context of Invoker:
- * Send DELETE *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
- * Use Invoker certificate
+ * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Use **Invoker Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Create Security Context using Provider certificate
- 3. Delete Security Context by Invoker
-
**Expected Result**:
1. Delete security context:
@@ -366,26 +368,26 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-10***
**Description**:
-
+
This test case will check that an Invoker cannot delete a Security context with invalid
**Pre-Conditions**:
-
+
* Invoker is pre-authorised.
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Delete Security Context by invoker
+
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Delete Security Context of Invoker:
- * Send DELETE *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}*
- * Use Invoker certificate
+ * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
+ * Use **Invoker Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Delete Security Context by invoker
-
**Expected Result**:
1. Delete security context:
@@ -402,26 +404,26 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-11***
**Description**:
-
+
This test case will check that an Provider cannot delete a Security context of invalid apiInvokerId
**Pre-Conditions**:
-
+
* Provider is pre-authorised (has valid apfId from CAPIF Authority).
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Delete Security Context by provider
+
**Information of Test**:
1. Perform [Provider Registration]
2. Delete Security Context of Invoker by Provider:
- * Send DELETE *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}*
- * Use AEF certificate
+ * Send **DELETE** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
+ * Use **AEF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Delete Security Context by provider
-
**Expected Result**:
1. Retrieve security context:
@@ -438,45 +440,45 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-12***
**Description**:
-
+
This test case will check that an API Invoker can update a Security context
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context By Invoker
+ 4. Update Security Context By Invoker
+ 5. Retrieve Security Context By Provider
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker:
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
-
+ * Using **Invoker Certificate**.
+
3. Update Security Context of Invoker:
- * Send POST *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/update*
- * body [service security body] but with notification destination modified to http://robot.testing2
- * Using Invoker Certificate.
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/update**
+ * body [service security body] but with notification destination modified to **http://robot.testing2**
+ * Using **Invoker Certificate**.
4. Retrieve Security Context of Invoker by Provider:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
- * Using AEF Certificate.
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Using **AEF Certificate**.
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context By Invoker
- 4. Update Security Context By Invoker
- 5. Retrieve Security Context By Provider
-
**Expected Result**:
1. Update security context:
1. **200 OK** response.
2. body returned must accomplish **ServiceSecurity** data structure.
-
+
2. Retrieve security context:
1. **200 OK** response.
2. body returned must accomplish **ServiceSecurity** data structure.
@@ -488,35 +490,35 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-13***
**Description**:
-
+
This test case will check that an Provider cannot update a Security context
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized.
* Invoker has created the Security Context previously.
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context
+ 4. Update Security Context as Provider
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker:
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
-
+ * Using **Invoker Certificate**.
+
3. Update Security Context of Invoker by Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/update*
- * body [service security body] but with notification destination modified to http://robot.testing2
- * Using AEF Certificate
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/update**
+ * body [service security body] but with notification destination modified to **http://robot.testing2**
+ * Using **AEF Certificate**
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context
- 4. Update Security Context as Provider
-
**Expected Result**:
1. Update security context:
@@ -533,28 +535,28 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-14***
**Description**:
-
+
This test case will check that an Provider cannot update a Security context of invalid apiInvokerId
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized.
* Invoker has created the Security Context previously.
+**Execution Steps**:
+
+ 1. Register Provider at CCF
+ 2. Update Security Context as Provider
+
**Information of Test**:
1. Perform [Provider Registration]
-
+
2. Update Security Context of Invoker by Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
* body [service security body]
- * Using AEF Certificate
+ * Using **AEF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF
- 2. Update Security Context as Provider
-
**Expected Result**:
1. Update security context:
@@ -571,27 +573,27 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-15***
**Description**:
-
+
This test case will check that an API Invoker cannot update a Security context not valid apiInvokerId
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority)
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Update Security Context
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
-
+
2. Update Security Context of Invoker:
- * Send POST *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/update**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Update Security Context
-
**Expected Result**:
1. Retrieve security context:
@@ -608,40 +610,39 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-16***
**Description**:
-
+
This test case will check that a Provider can revoke the authorization for APIs
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context by Invoker
+ 4. Revoke Security Context by Provider
+ 5. Retrieve Security Context by Provider
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context By Invoker:
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate
-
+ * Using **Invoker Certificate**
+
3. Revoke Authorization by Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
* body [security notification body]
- * Using AEF Certificate.
+ * Using **AEF Certificate**.
4. Retrieve Security Context by Provider:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
- * Using AEF Certificate.
-
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Using **AEF Certificate**.
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context by Invoker
- 4. Revoke Security Context by Provider
- 5. Retrieve Security Context by Provider
-
**Expected Result**:
1. Revoke Authorization:
@@ -661,39 +662,39 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-17***
**Description**:
-
+
This test case will check that an Invoker can't revoke the authorization for APIs
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context
+ 4. Revoke Security Context by invoker
+ 5. Retrieve Security Context
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker:
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
-
+ * Using **Invoker Certificate**.
+
3. Revoke Authorization by invoker:
- * Send POST *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
* body [security notification body]
- * Using Invoker Certificate
+ * Using **Invoker Certificate**
4. Retrieve Security Context of Invoker by Provider:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* Using Provider Certificate
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context
- 4. Revoke Security Context by invoker
- 5. Retrieve Security Context
-
**Expected Result**:
1. Revoke Security Context by invoker:
@@ -715,40 +716,40 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-18***
**Description**:
-
+
This test case will check that an API Exposure Function cannot revoke the authorization for APIs for invalid apiInvokerId
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register and onboard Invoker at CCF
+ 2. Register Provider at CCF
+ 3. Create Security Context
+ 4. Revoke Security Context by Provider
+ 5. Retrieve Security Context
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker:
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
-
+ * Using **Invoker Certificate**.
+
3. Revoke Authorization by Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/delete*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}/delete**
* body [security notification body]
- * Using AEF Certificate.
+ * Using **AEF Certificate**.
4. Retrieve Security Context of Invoker by Provider:
- * Send GET *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true*
+ * Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&authorizationInfo=true**
* This request will ask with parameter to retrieve authenticationInfo and authorizationInfo
- * Using AEF Certificate.
+ * Using **AEF Certificate**.
-**Execution Steps**:
-
- 1. Register and onboard Invoker at CCF
- 2. Register Provider at CCF
- 3. Create Security Context
- 4. Revoke Security Context by Provider
- 5. Retrieve Security Context
-
**Expected Result**:
1. Revoke Security Context by invoker:
@@ -770,50 +771,50 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-19***
**Description**:
-
+
This test case will check that an API Invoker can retrieve a security access token OAuth 2.0.
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerId)
* Service API of Provider is published
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by invoker:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{securityId}/token*:
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{securityId}/token**:
* body [access token req body] and example [example]
* ***securityId*** is apiInvokerId.
* ***grant_type=client_credentials***.
* Create Scope properly for request: ***3gpp#{aef_id}:{api_name}***
- * Using Invoker Certificate.
-
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token
-
+ * Using **Invoker Certificate**.
+
**Expected Result**:
1. Response to Request of Access Token:
@@ -827,48 +828,48 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-20***
**Description**:
-
+
This test case will check that an API Exposure Function cannot revoke the authorization for APIs for invalid apiInvokerId
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority) and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Provider
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by provider:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{securityId}/token*:
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{securityId}/token**:
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=client_credentials***
- * Using AEF certificate
+ * Using **AEF Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Provider
-
**Expected Result**:
1. Response to Request of Access Token:
@@ -877,53 +878,54 @@ At this documentation you will have all information and related files and exampl
* error unauthorized_client
* error_description=Role not authorized for this API route
+
## Test Case 21: Retrieve access token by Provider with invalid apiInvokerId
**Test ID**:: ***capif_security_api-21***
**Description**:
-
+
This test case will check that an API Exposure Function cannot retrieve a security access token without valid apiInvokerId
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Provider
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by provider:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{API_INVOKER_NOT_VALID}/token*.
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{API_INVOKER_NOT_VALID}/token**.
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=client_credentials***
- * Using AEF certificate
-
-**Execution Steps**:
+ * Using **AEF Certificate**
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Provider
-
**Expected Result**:
1. Response to Request of Access Token:
@@ -931,50 +933,50 @@ At this documentation you will have all information and related files and exampl
2. body returned must accomplish **AccessTokenErr** data structure, with:
* error unauthorized_client
* error_description=Role not authorized for this API route
-
+
## Test Case 22: Retrieve access token with invalid apiInvokerId
**Test ID**:: ***capif_security_api-22***
**Description**:
-
+
This test case will check that an API Invoker can't retrieve a security access token without valid apiInvokerId
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised (has valid apiInvokerId)
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by invoker:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{API_INVOKER_NOT_VALID}/token*.
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{API_INVOKER_NOT_VALID}/token**.
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=client_credentials***
- * Using Invoker certificate
-
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Invoker
+ * Using **Invoker Certificate**
**Expected Result**:
@@ -989,54 +991,55 @@ At this documentation you will have all information and related files and exampl
**NOTE: ProblemDetails29571 is the definition present for this request at swagger of ProblemDetails, and this is different from definition of ProblemDetails across other CAPIF Services**
+
## Test Case 23: Retrieve access token with invalid client_id
**Test ID**:: ***capif_security_api-23***
**Description**:
-
+
This test case will check that an API Exposure Function cannot retrieve a security access token without valid client_id at body
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by invoker:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{securityId}/token*.
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{securityId}/token**.
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=client_credentials***
* **client_id is not-valid**
- * Using Invoker certificate
-
-**Execution Steps**:
+ * Using **Invoker Certificate**
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Invoker
-
**Expected Result**:
1. Response to Request of Access Token:
@@ -1051,48 +1054,48 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-24***
**Description**:
-
+
This test case will check that an API Exposure Function cannot retrieve a security access token with unsupported grant_type
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
-
+
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by invoker:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{securityId}/token*.
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{securityId}/token**.
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=not_valid***
- * Using Invoker certificate
-
-**Execution Steps**:
+ * Using **Invoker Certificate**
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Invoker
-
**Expected Result**:
1. Response to Request of Access Token:
@@ -1106,49 +1109,49 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-25***
**Description**:
-
+
This test case will check that an API Exposure Function cannot retrieve a security access token with complete invalid scope
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by invoker:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{securityId}/token*.
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{securityId}/token**.
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=client_credentials***
* ***scope=not-valid-scope***
- * Using Invoker certificate
-
-**Execution Steps**:
+ * Using **Invoker Certificate**
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Invoker
-
**Expected Result**:
1. Response to Request of Access Token:
@@ -1163,49 +1166,49 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-26***
**Description**:
-
+
This test case will check that an API Exposure Function cannot retrieve a security access token with invalid aefId at scope
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by invoker:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{securityId}/token*.
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{securityId}/token**.
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=client_credentials***
- * ***scope=3gpp#1234:service_1***
- * Using Invoker certificate
+ * ***scope=3gpp#1234:**service_1***
+ * Using **Invoker Certificate**
-**Execution Steps**:
-
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Invoker
-
**Expected Result**:
1. Response to Request of Access Token:
@@ -1220,49 +1223,49 @@ At this documentation you will have all information and related files and exampl
**Test ID**:: ***capif_security_api-27***
**Description**:
-
+
This test case will check that an API Exposure Function cannot retrieve a security access token with invalid apiName at scope
**Pre-Conditions**:
-
+
* API Invoker is pre-authorised and Provider is also authorized
+**Execution Steps**:
+
+ 1. Register Provider at CCF, store certificates and Publish Service API **service_1** at CCF
+ 2. Register and onboard Invoker at CCF
+ 3. Discover Service APIs by Invoker.
+ 4. Create Security Context According to Service APIs discovered.
+ 5. Request Access Token by Invoker
+
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Publish Service API at CCF:
- * Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- * body [service api description] with apiName service_1
- * Use APF Certificate
+ * Send **POST** to ccf_publish_url **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis**
+ * body [service api description] with apiName **service_1**
+ * Use **APF Certificate**
3. Request Discover Published APIs not filtered:
- * Send GET to ccf_discover_url *https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}*
+ * Send **GET** to ccf_discover_url **https://{CAPIF_HOSTNAME}/service-apis/v1/allServiceAPIs?api-invoker-id={apiInvokerId}**
* Param api-invoker-id is mandatory
- * Using invoker certificate
+ * Using **Invoker Certificate**
4. Create Security Context for this Invoker
- * Send PUT *https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}*
+ * Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* body [service security body]
- * Using Invoker Certificate.
+ * Using **Invoker Certificate**.
* Create Security Information Body with one **securityInfo** for each aef present at each serviceAPIDescription present at Discover.
5. Request Access Token by invoker:
- * Sent POST *https://{CAPIF_HOSTNAME}/securities/{securityId}/token*.
+ * Sent POST **https://{CAPIF_HOSTNAME}/securities/{securityId}/token**.
* body [access token req body]
* ***securityId*** is apiInvokerId
* ***grant_type=client_credentials***
* ***scope=3gpp#{aef_id}:not-valid***
- * Using Invoker certificate
-
-**Execution Steps**:
+ * Using **Invoker Certificate**
- 1. Register Provider at CCF, store certificates and Publish Service API service_1 at CCF
- 2. Register and onboard Invoker at CCF
- 3. Discover Service APIs by Invoker.
- 4. Create Security Context According to Service APIs discovered.
- 5. Request Access Token by Invoker
-
**Expected Result**:
1. Response to Request of Access Token:
@@ -1273,9 +1276,6 @@ At this documentation you will have all information and related files and exampl
[Return To All Test Plans]: ../README.md
-
-
-
[service security body]: ./service_security.json "Service Security Request"
[security notification body]: ./security_notification.json "Security Notification Request"
[access token req body]: ./access_token_req.json "Access Token Request"
diff --git a/doc/testing/testplan/common_operations/README.md b/doc/testing/testplan/common_operations/README.md
index 0f8cf9f2cc7271ddefa318648beada778bd8f0af..48d31a83533b4880dbf7eaba12d06388e20e3f4a 100644
--- a/doc/testing/testplan/common_operations/README.md
+++ b/doc/testing/testplan/common_operations/README.md
@@ -22,7 +22,7 @@ The steps to register a new user at Register Service are:
* Send **POST** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/createUser**
* Include Admin **access_token** in **Authorization Bearer Header**
* Body [user_registration_body]
-
+
### User Retrieve access token and other information
@@ -51,7 +51,7 @@ The steps to register a new user at Register Service are:
* Send **POST** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers**
* Reference Request Body: [invoker onboarding body]
* "onboardingInformation"->"apiInvokerPublicKey": must contain public key generated by Invoker.
- * Send at Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
+ * Send in Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
### Checks to ensure onboarding
@@ -64,7 +64,7 @@ The steps to register a new user at Register Service are:
2. Response Body must follow **APIInvokerEnrolmentDetails** data structure with:
* apiInvokerId
* onboardingInformation->apiInvokerCertificate must contain the public key signed.
- 3. Response Header **Location** must be received with URI to new resource created, following this structure: *{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}*
+ 3. Response Header **Location** must be received with URI to new resource created, following this structure: **{apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}**
### Example Flow
@@ -81,9 +81,9 @@ The steps to register a new user at Register Service are:
3. Register Provider:
- * Send POST *https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations*
+ * Send **POST** **https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations**
* body [provider request body]
- * Send at Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
+ * Send in Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
* Store each cert in a file with according name.
### Checks to ensure provider registration
@@ -100,7 +100,7 @@ The steps to register a new user at Register Service are:
3. For each **apiProvFuncs**, we must check:
1. **apiProvFuncId** is set
2. **apiProvCert** under **regInfo** is set properly
- 4. Location Header must contain the new resource URL *{apiRoot}/api-provider-management/v1/registrations/{registrationId}*
+ 4. Location Header must contain the new resource URL **{apiRoot}/api-provider-management/v1/registrations/{registrationId}**
### Example Flow
