From 7f1b84cad8e1698386a2ed176e5de8b8de4d9a1a Mon Sep 17 00:00:00 2001
From: Jorge Moratinos Salcines <jorge.moratinossalcines@telefonica.com>
Date: Tue, 28 May 2024 12:32:58 +0200
Subject: [PATCH] New Event tests defined on test suite
---
.../testplan/api_events_service/README.md | 249 +++++++++++++++---
1 file changed, 211 insertions(+), 38 deletions(-)
diff --git a/doc/testing/testplan/api_events_service/README.md b/doc/testing/testplan/api_events_service/README.md
index 770c112..76ff8c6 100644
--- a/doc/testing/testplan/api_events_service/README.md
+++ b/doc/testing/testplan/api_events_service/README.md
@@ -12,7 +12,7 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF subscriber (Invoker or Publisher) can Subscribe to Events
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
**Information of Test**:
@@ -25,11 +25,11 @@ At this documentation you will have all information and related files and exampl
3. Use **Invoker Certificate**
**Execution Steps**:
-
+
1. Register Invoker and Onboard Invoker at CCF
2. Subscribe to Events
3. Retrieve {subscriberId} and {subscriptionId} from Location Header
-
+
**Expected Result**:
1. Response to Onboard request must accomplish:
@@ -56,7 +56,7 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Subscribe to Events without valid SubcriberId
**Pre-Conditions**:
-
+
* CAPIF subscriber is not pre-authorised (has invalid InvokerId or apfId)
**Information of Test**:
@@ -69,7 +69,7 @@ At this documentation you will have all information and related files and exampl
3. Use **Invoker Certificate**
**Execution Steps**:
-
+
1. Register Invoker and Onboard Invoker at CCF
2. Subscribe to Events
@@ -102,7 +102,7 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF subscriber (Invoker or Publisher) can Delete an Event Subscription
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
**Information of Test**:
@@ -119,12 +119,12 @@ At this documentation you will have all information and related files and exampl
2. Use **Invoker Certificate**
**Execution Steps**:
-
+
1. Register Invoker and Onboard Invoker at CCF
2. Subscribe to Events
3. Retrieve {subscriberId} and {subscriptionId} from Location Header
4. Remove Event Subscription
-
+
**Expected Result**:
1. Response to Onboard request must accomplish:
@@ -155,7 +155,7 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Delete to Events without valid SubcriberId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId).
* CAPIF subscriber is subscribed to Events.
@@ -173,12 +173,12 @@ At this documentation you will have all information and related files and exampl
2. Use **Invoker Certificate**
**Execution Steps**:
-
+
1. Register Invoker and Onboard Invoker at CCF
2. Subscribe to Events
3. Retrieve Location Header with subscriptionId.
4. Remove Event Subscribed with not valid Subscriber.
-
+
**Expected Result**:
1. Response to Onboard request must accomplish:
@@ -210,7 +210,7 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF subscriber (Invoker or Publisher) cannot Delete an Event Subscription without valid SubscriptionId
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has invalid InvokerId or apfId).
* CAPIF subscriber is subscribed to Events.
@@ -228,7 +228,7 @@ At this documentation you will have all information and related files and exampl
2. Use **Invoker Certificate**
**Execution Steps**:
-
+
1. Register Invoker and Onboard Invoker at CCF
2. Subscribe to Events
3. Retrieve Location Header with subscriptionId.
@@ -266,7 +266,7 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
* CAPIF provider is correctly registered and published APIs.
* API Provider had a Service API Published on CAPIF
@@ -304,17 +304,16 @@ At this documentation you will have all information and related files and exampl
4. apiName of published API
5. 200 and 400 results in two logs.
3. Use AEF Certificate
-
**Execution Steps**:
-
+
1. Register provider and publish one API at CCF
2. Register Invoker and Onboard Invoker at CCF
3. Discover published APIs and extract apiIds and apiNames
4. Subscribe to **SERVICE_API_INVOCATION_SUCCESS** and **SERVICE_API_INVOCATION_FAILURE** event filtering by aefId.
5. Retrieve {subscriberId} and {subscriptionId} from Location Header
6. Emulate Success and Failure on API invocation of provider by Invoker, using Invocation Logs API.
-
+
**Expected Result**:
1. Response to Event Subscription must accomplish:
@@ -340,14 +339,14 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_AVAILABLE and SERVICE_API_UNAVAILABLE, receive the notification when AEF publish and remove it.
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
* CAPIF provider is correctly registered and published APIs.
* **Mock Server is up and running to receive requests.**
* **Mock Server is clean.**
**Execution Steps**:
-
+
1. Register provider and publish one API at CCF
2. Register Invoker and Onboard Invoker at CCF
3. Discover published APIs and extract apiIds and apiNames
@@ -355,7 +354,6 @@ At this documentation you will have all information and related files and exampl
5. Retrieve {subscriberId} and {subscriptionId} from Location Header
6. Provider publish new API.
7. Provider remove published API.
-
**Information of Test**:
@@ -390,7 +388,7 @@ At this documentation you will have all information and related files and exampl
* Send DELETE to resource URL **https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID}**
* Use **APF Certificate**
-
+
**Expected Result**:
1. Response to Event Subscription must accomplish:
@@ -414,7 +412,7 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF Invoker subscribed to SERVICE_API_UPDATE, receive the notification when AEF Update some information on API Published.
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
* CAPIF provider is correctly registered and published APIs.
* API Provider had a Service API Published on CAPIF
@@ -422,7 +420,7 @@ At this documentation you will have all information and related files and exampl
* **Mock Server is clean.**
**Execution Steps**:
-
+
1. Register Provider and publish one API at CCF
2. Register Invoker and Onboard Invoker at CCF
3. Discover published APIs and extract apiIds and apiNames
@@ -483,14 +481,14 @@ At this documentation you will have all information and related files and exampl
This test case will check that a CAPIF Provider subscribed to API Invoker events (API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED), receive the notifications when Invoker is onboarded, updated and removed respectively.
**Pre-Conditions**:
-
+
* CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
* CAPIF provider is correctly registered.
* **Mock Server is up and running to receive requests.**
* **Mock Server is clean.**
**Execution Steps**:
-
+
1. Register Provider at CCF
2. Subscribe Provider to **API_INVOKER_ONBOARDED, API_INVOKER_UPDATED and API_INVOKER_OFFBOARDED** events.
3. Register Invoker and Onboard Invoker at CCF
@@ -505,7 +503,7 @@ At this documentation you will have all information and related files and exampl
1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
2. body [event subscription request body] with:
1. events: **['API_INVOKER_ONBOARDED', 'API_INVOKER_UPDATED', 'API_INVOKER_OFFBOARDED']**
- 3. Use **Provider Certificate**
+ 3. Use **Provider AMF Certificate**
4. Perform [invoker onboarding]
5. Update information of previously onboarded Invoker:
* Send *PUT* to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers/{onboardingId}**
@@ -538,42 +536,216 @@ At this documentation you will have all information and related files and exampl
2. One Event should be **API_INVOKER_UPDATED** with **eventDetail** with modified **apiInvokerId**.
3. One Event should be **API_INVOKER_OFFBOARDED** with **eventDetail** with modified **apiInvokerId**.
---
-## Test Case 10: Invoker subscribe to ACL update event
+## Test Case 10: Provider subscribed to ACL update event
**Test ID**: ***capif_api_events-10***
**Description**:
- This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
+ This test case will check that a CAPIF Provider subscribed to ACCESS_CONTROL_POLICY_UPDATE receive a notification when ACL Changes.
+
+**Pre-Conditions**:
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered.
+ * API Provider had one Service API Published on CAPIF
+ * API Invoker had a Security Context for the Service API published by provider.
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF.
+ 2. Publish a provider API with name **service_1**.
+ 3. Register Invoker and Onboard Invoker at CCF.
+ 4. Subscribe Provider to **ACCESS_CONTROL_POLICY_UPDATE** event.
+ 5. Discover APIs filtered by **aef_id**
+ 6. Create Security Context for Invoker.
+ 7. Provider Retrieve ACL
+
+**Information of Test**:
+
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Perform [invoker onboarding]
+ 4. Event Subscription to **ACCESS_CONTROL_POLICY_UPDATE** event:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['ACCESS_CONTROL_POLICY_UPDATE']**
+ 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
+ 3. Use **Provider AMF Certificate**
+ 5. Discover published APIs
+ 6. Create Security Context for Invoker
+ * Send PUT **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * body [service security body]
+ * Use Invoker Certificate
+ 7. Provider Retrieve ACL
+ * Send GET **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use AEF Provider Certificate
+
+**Expected Result**:
+
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Create security context:
+ 1. **201 Created** response.
+ 2. body returned must accomplish **ServiceSecurity** data structure.
+ 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
+ 3. ACL Response:
+ 1. **200 OK** Response.
+ 2. body returned must accomplish **AccessControlPolicyList** data structure.
+ 3. apiInvokerPolicies must:
+ 1. contain only one object.
+ 2. apiInvokerId must match apiInvokerId registered previously.
+ 4. Mock Server received messages must accomplish:
+ 1. **One Event has been received**.
+ 2. Validate received event follow **EventNotification** data structure, with **accCtrlPolListExt** in **eventDetail** parameter.
+ 1. One Event should be **ACCESS_CONTROL_POLICY_UPDATE** with **eventDetail** with **accCtrlPolListExt** including the **apiId** and **apiInvokerPolicies**.
---
-## Test Case 11: Invoker subscribe to Service API Available and Unavailable events
+## Test Case 11: Provider receives an ACL unavailable event when invoker remove Security Context.
**Test ID**: ***capif_api_events-11***
**Description**:
- This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
+ This test case will check that a CAPIF Invoker subscribed to ACCESS_CONTROL_POLICY_UNAVAILABLE will receive the notification when AEF remove Security Context created previously.
+
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered.
+ * API Provider had one Service API Published on CAPIF
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
+
+ 1. Register Provider at CCF.
+ 2. Publish a provider API with name **service_1**.
+ 3. Register Invoker and Onboard Invoker at CCF.
+ 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event.
+ 5. Discover APIs filtered by **aef_id**
+ 6. Create Security Context for Invoker.
+ 7. Provider Retrieve ACL.
+ 8. Remove Security Context for Invoker.
+
+**Information of Test**:
+
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Perform [invoker onboarding]
+ 4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE** event:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE']**
+ 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
+ 3. Use **Invoker Certificate**
+ 5. Discover published APIs
+ 6. Create Security Context for Invoker
+ * Send PUT **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * body [service security body]
+ * Use Invoker Certificate
+ 7. Provider Retrieve ACL
+ * Send GET **https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}**
+ * Use **serviceApiId** and **aefId**
+ * Use **AEF Provider Certificate**
+ 3. Delete Security Context of Invoker by Provider:
+ * Send DELETE **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * Use **AEF certificate**
+
+**Expected Result**:
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Create security context:
+ 1. **201 Created** response.
+ 2. body returned must accomplish **ServiceSecurity** data structure.
+ 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
+ 3. ACL Response:
+ 1. **200 OK** Response.
+ 2. body returned must accomplish **AccessControlPolicyList** data structure.
+ 3. apiInvokerPolicies must:
+ 1. contain only one object.
+ 2. apiInvokerId must match apiInvokerId registered previously.
+ 4. Delete security context:
+ 1. **204 No Content** response.
+ 5. Mock Server received messages must accomplish:
+ 1. **One Event has been received**.
+ 2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
---
-## Test Case 12: Invoker subscribe to ACL unavailable event
+## Test Case 12: Invoker receives an Invoker Authorization Revoked and ACL unavailable event when Provider revoke Invoker Authorization.
**Test ID**: ***capif_api_events-12***
**Description**:
- This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
+ This test case will check that a CAPIF Invoker subscribed to API_INVOKER_AUTHORIZATION_REVOKED and ACCESS_CONTROL_POLICY_UNAVAILABLE receive both notification when AEF revoke invoker's authorization.
----
-## Test Case 13: Invoker subscribe to API Invoker Authorization Revoked
+**Pre-Conditions**:
+
+ * CAPIF subscriber is pre-authorised (has valid InvokerId or apfId from CAPIF Authority)
+ * CAPIF provider is correctly registered.
+ * API Provider had one Service API Published on CAPIF
+ * **Mock Server is up and running to receive requests.**
+ * **Mock Server is clean.**
+
+**Execution Steps**:
-**Test ID**: ***capif_api_events-13***
+ 1. Register Provider at CCF.
+ 2. Publish a provider API with name **service_1**.
+ 3. Register Invoker and Onboard Invoker at CCF.
+ 4. Subscribe Invoker to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** events.
+ 5. Discover APIs filtered by **aef_id**
+ 6. Create Security Context for Invoker.
+ 7. Revoke Authorization by Provider.
-**Description**:
+**Information of Test**:
- This test case will check that a CAPIF Invoker subscribed to SERVICE_API_INVOCATION_SUCCESS and SERVICE_API_INVOCATION_FAILURE, receive the notification when AEF send to logging service result of invocations to their APIs.
+ 1. Check and Clean Mock Server
+ 2. Perform [provider registration]
+ 3. Perform [invoker onboarding]
+ 4. Event Subscription to **ACCESS_CONTROL_POLICY_UNAVAILABLE and API_INVOKER_AUTHORIZATION_REVOKED** event:
+ 1. Send **POST** to **https://{CAPIF_HOSTNAME}/capif-events/v1/{subscriberId}/subscriptions**
+ 2. body [event subscription request body] with:
+ 1. events: **['ACCESS_CONTROL_POLICY_UNAVAILABLE','API_INVOKER_AUTHORIZATION_REVOKED']**
+ 2. eventFilters: apiInvokerIds array with apiInvokerId of invoker
+ 3. Use **Invoker Certificate**
+ 5. Discover published APIs
+ 6. Create Security Context for Invoker
+ * Send PUT **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
+ * body [service security body]
+ * Use Invoker Certificate
+ 7. Revoke Authorization by Provider:
+ * Send POST **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}/delete**
+ * body [security notification body]
+ * Using AEF Certificate.
+
+**Expected Result**:
+ 1. Response to Event Subscription must accomplish:
+ 1. **201 Created**
+ 2. The URI of the created resource shall be returned in the "Location" HTTP header, following this structure: **{apiRoot}/capif-events/{apiVersion}/{subscriberId}/subscriptions/{subscriptionId}**
+ 3. Response Body must follow **EventSubscription** data structure.
+ 2. Create security context:
+ 1. **201 Created** response.
+ 2. body returned must accomplish **ServiceSecurity** data structure.
+ 3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
+ 4. Revoke Authorization:
+ 1. **204 No Content** response.
+ 5. Mock Server received messages must accomplish:
+ 1. **Two Events has been received**.
+ 2. Validate received event follow **EventNotification** data structure, without **eventDetail** parameter.
+ 1. One Event should be **ACCESS_CONTROL_POLICY_UNAVAILABLE** without **eventDetail**.
+ 2. One Event should be **API_INVOKER_AUTHORIZATION_REVOKED** without **eventDetail**.
+
+---
[invoker onboard request body]: ../api_invoker_management/invoker_details_post_example.json "API Invoker Request"
[event subscription request body]: ./event_subscription.json "Event Subscription Request"
@@ -581,6 +753,7 @@ At this documentation you will have all information and related files and exampl
[provider registration]: ../common_operations/README.md#register-a-provider "Provider Registration"
[log entry request body]: ../api_logging_service/invocation_log.json "Log Request Body"
[put register body]: ./invoker_details_put_example.json "API Invoker Update Request"
-
+[service security body]: ../api_security_service/service_security.json "Service Security Request"
+[security notification body]: ./security_notification.json "Security Notification Request"
[Return To All Test Plans]: ../README.md
--
GitLab