OPIN0035 access control for op intents

monitoring/prober/infrastructure.py

@@ -100,7 +100,7 @@ def wrapper_default_scope(*args, **kwargs):
 resource_type_code_descriptions: Dict[ResourceType, str] = {}
 
 
-# Next code: 375
+# Next code: 377
 def register_resource_type(code: int, description: str) -> ResourceType:
     """Register that the specified code refers to the described resource.
 

monitoring/uss_qualifier/configurations/dev/f3548_self_contained.yaml

@@ -13,13 +13,15 @@ v1:
 
         # Mapping of <resource name in test suite> to <resource name in resource pool>
         resources:
+          id_generator: id_generator
           flight_planners: flight_planners
           conflicting_flights: conflicting_flights
           invalid_flight_intents: invalid_flight_intents
           non_conflicting_flights: non_conflicting_flights
           dss: dss
           dss_instances: dss_instances
           mock_uss: mock_uss
+          second_utm_auth: second_utm_auth
 
     # This block defines all the resources available in the resource pool.
     # Presumably all resources defined below would be used either
@@ -35,6 +37,30 @@ v1:
             # To avoid putting secrets in configuration files, the auth spec (including sensitive information) will be read from the AUTH_SPEC environment variable
             environment_variable_containing_auth_spec: AUTH_SPEC
 
+        # Means by which uss_qualifier can discover which subscription ('sub' claim of its tokes) it is described by
+        utm_client_identity:
+          resource_type: resources.communications.ClientIdentityResource
+          dependencies:
+            auth_adapter: utm_auth
+          specification:
+            # Audience and scope to be used to issue a dummy query, should it be required to discover the subscription
+            whoami_audience: localhost
+            whoami_scope: rid.display_provider
+
+        # Means by which uss_qualifier generates identifiers
+        id_generator:
+          $content_schema: monitoring/uss_qualifier/resources/definitions/ResourceDeclaration.json
+          resource_type: resources.interuss.IDGeneratorResource
+          dependencies:
+            client_identity: utm_client_identity
+
+        # A second auth adapter, for checks that require a second set of credentials for accessing the ecosystem.
+        # Note that the 'sub' claim of the tokens obtained through this adepter MUST be different from the first auth adapter.
+        second_utm_auth:
+          resource_type: resources.communications.AuthAdapterResource
+          specification:
+            environment_variable_containing_auth_spec: AUTH_SPEC_2
+
         # Set of USSs capable of being tested as flight planners
         flight_planners:
           resource_type: resources.flight_planning.FlightPlannersResource

monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py

@@ -28,6 +28,7 @@
     SetUssAvailabilityStatusParameters,
     UssAvailabilityState,
     UssAvailabilityStatusResponse,
+    GetOperationalIntentReferenceResponse,
 )
 
 
@@ -90,6 +91,30 @@ def find_op_intent(
             ).operational_intent_references
         return result, query
 
+    def get_op_intent(
+        self,
+        op_intent_id: str,
+    ) -> Tuple[OperationalIntentReference, fetch.Query]:
+        """
+        Retrieve an OP Intent from the DSS, using only its ID
+        """
+        url = f"/dss/v1/operational_intent_references/{op_intent_id}"
+        query = fetch.query_and_describe(
+            self.client,
+            "GET",
+            url,
+            QueryType.F3548v21DSSGetOperationalIntentReference,
+            self.participant_id,
+            scope=SCOPE_SC,  #
+        )
+        if query.status_code != 200:
+            result = None
+        else:
+            result = ImplicitDict.parse(
+                query.response.json, GetOperationalIntentReferenceResponse
+            ).operational_intent_reference
+        return result, query
+
     def get_full_op_intent(
         self,
         op_intent_ref: OperationalIntentReference,
@@ -128,6 +153,9 @@ def put_op_intent(
         if id is None:
             url = f"/dss/v1/operational_intent_references/{str(uuid.uuid4())}"
             query_type = QueryType.F3548v21DSSCreateOperationalIntentReference
+        elif ovn is None:
+            url = f"/dss/v1/operational_intent_references/{id}"
+            query_type = QueryType.F3548v21DSSCreateOperationalIntentReference
         else:
             url = f"/dss/v1/operational_intent_references/{id}/{ovn}"
             query_type = QueryType.F3548v21DSSUpdateOperationalIntentReference

monitoring/uss_qualifier/resources/flight_planning/flight_intents_resource.py

@@ -1,16 +1,21 @@
-from typing import Dict
+from typing import Dict, List
 
+import arrow
 from implicitdict import ImplicitDict
+from uas_standards.astm.f3548.v21.api import OperationalIntentState
+
 from monitoring.monitorlib.clients.flight_planning.flight_info_template import (
     FlightInfoTemplate,
 )
+from monitoring.monitorlib.geotemporal import Volume4DCollection
 
 from monitoring.uss_qualifier.resources.files import load_dict
 from monitoring.uss_qualifier.resources.resource import Resource
 from monitoring.uss_qualifier.resources.flight_planning.flight_intent import (
     FlightIntentCollection,
     FlightIntentsSpecification,
     FlightIntentID,
+    FlightIntent,
 )
 
 
@@ -39,3 +44,56 @@ def __init__(self, specification: FlightIntentsSpecification):
 
     def get_flight_intents(self) -> Dict[FlightIntentID, FlightInfoTemplate]:
         return self._intent_collection.resolve()
+
+
+def unpack_flight_intents(
+    flight_intents: FlightIntentsResource, flight_identifiers: List[str]
+):
+    """
+    Wraps some validation logic for flight intents resources
+
+    Args:
+        flight_intents: the flight intents resources as configured and passed to a scenario
+        flight_identifiers: flight identifiers expected to be found in the flight_intent resource,
+                            and for which a few sanity checks will be done.
+
+    Returns: A tuple of the intents' extent and a dict of the flight intents
+
+    """
+    flight_intents = {
+        k: FlightIntent.from_flight_info_template(v)
+        for k, v in flight_intents.get_flight_intents().items()
+    }
+
+    extents = []
+    for intent in flight_intents.values():
+        extents.extend(intent.request.operational_intent.volumes)
+        extents.extend(intent.request.operational_intent.off_nominal_volumes)
+
+    intents_extent = Volume4DCollection.from_interuss_scd_api(
+        extents
+    ).bounding_volume.to_f3548v21()
+
+    # Check that we have a least one intent active now
+    # TODO possibly this check should be moved to the scenarios that actually require this
+    now = arrow.utcnow().datetime
+    for intent_name, intent in flight_intents.items():
+        if intent.request.operational_intent.state == OperationalIntentState.Activated:
+            assert Volume4DCollection.from_interuss_scd_api(
+                intent.request.operational_intent.volumes
+                + intent.request.operational_intent.off_nominal_volumes
+            ).has_active_volume(
+                now
+            ), f"at least one volume of activated intent {intent_name} must be active now (now is {now})"
+
+    # Check that the flights we are interested in are in an accepted state
+    planned_flights = {}
+    for fi in flight_identifiers:
+        planned_flight = flight_intents[fi]
+        assert (
+            planned_flight.request.operational_intent.state
+            == OperationalIntentState.Accepted
+        ), f"{fi} must have state Accepted"
+        planned_flights[fi] = planned_flight
+
+    return intents_extent, planned_flights

monitoring/uss_qualifier/run_locally.sh

@@ -43,6 +43,7 @@ echo "Running configuration(s): ${CONFIG_NAME}"
 CONFIG_FLAG="--config ${CONFIG_NAME}"
 
 AUTH_SPEC='DummyOAuth(http://oauth.authority.localutm:8085/token,uss_qualifier)'
+AUTH_SPEC_2='DummyOAuth(http://oauth.authority.localutm:8085/token,uss_qualifier_2)'
 
 QUALIFIER_OPTIONS="$CONFIG_FLAG $OTHER_ARGS"
 
@@ -66,6 +67,7 @@ docker run ${docker_args} --name uss_qualifier \
   -u "$(id -u):$(id -g)" \
   -e PYTHONBUFFERED=1 \
   -e AUTH_SPEC=${AUTH_SPEC} \
+  -e AUTH_SPEC_2=${AUTH_SPEC_2} \
   -e MONITORING_GITHUB_ROOT=${MONITORING_GITHUB_ROOT:-} \
   -v "$(pwd)/$OUTPUT_DIR:/app/$OUTPUT_DIR" \
   -v "$(pwd)/$CACHE_DIR:/app/$CACHE_DIR" \

monitoring/uss_qualifier/scenarios/astm/utm/__init__.py

@@ -9,3 +9,4 @@
 from .aggregate_checks import AggregateChecks
 from .prep_planners import PrepareFlightPlanners
 from .off_nominal_planning.down_uss import DownUSS
+from .op_intent_access_control import OpIntentAccessControl

monitoring/uss_qualifier/scenarios/astm/utm/off_nominal_planning/down_uss.py

@@ -17,6 +17,9 @@
 from monitoring.uss_qualifier.resources.flight_planning.flight_intent import (
     FlightIntent,
 )
+from monitoring.uss_qualifier.resources.flight_planning.flight_intents_resource import (
+    unpack_flight_intents,
+)
 from monitoring.uss_qualifier.resources.flight_planning.flight_planner import (
     FlightPlanner,
 )
@@ -57,46 +60,16 @@ def __init__(
         self.tested_uss = tested_uss.flight_planner
         self.dss = dss.dss
 
-        _flight_intents = {
-            k: FlightIntent.from_flight_info_template(v)
-            for k, v in flight_intents.get_flight_intents().items()
-        }
-
-        extents = []
-        for intent in _flight_intents.values():
-            extents.extend(intent.request.operational_intent.volumes)
-            extents.extend(intent.request.operational_intent.off_nominal_volumes)
-        self._intents_extent = Volume4DCollection.from_interuss_scd_api(
-            extents
-        ).bounding_volume.to_f3548v21()
-
         try:
-            (self.flight1_planned, self.flight2_planned,) = (
-                _flight_intents["flight1_planned"],
-                _flight_intents["flight2_planned"],
+
+            (intents_extent, planned_flights) = unpack_flight_intents(
+                flight_intents, ["flight1_planned", "flight2_planned"]
             )
 
-            now = arrow.utcnow().datetime
-            for intent_name, intent in _flight_intents.items():
-                if (
-                    intent.request.operational_intent.state
-                    == OperationalIntentState.Activated
-                ):
-                    assert Volume4DCollection.from_interuss_scd_api(
-                        intent.request.operational_intent.volumes
-                        + intent.request.operational_intent.off_nominal_volumes
-                    ).has_active_volume(
-                        now
-                    ), f"at least one volume of activated intent {intent_name} must be active now (now is {now})"
+            self.flight1_planned = planned_flights["flight1_planned"]
+            self.flight2_planned = planned_flights["flight2_planned"]
 
-            assert (
-                self.flight1_planned.request.operational_intent.state
-                == OperationalIntentState.Accepted
-            ), "flight1_planned must have state Accepted"
-            assert (
-                self.flight2_planned.request.operational_intent.state
-                == OperationalIntentState.Accepted
-            ), "flight2_planned must have state Accepted"
+            self._intents_extent = intents_extent
 
             # TODO: check that flight data is the same across the different versions of the flight
 

monitoring/uss_qualifier/scenarios/astm/utm/op_intent_access_control.md

@@ -0,0 +1,102 @@
+# ASTM F3548-21 UTM DSS Operational Intent Access Control test scenario
+
+## Overview
+
+This scenario ensures that a DSS will only let the owner of an operational intent modify it.
+
+## Resources
+
+### flight_intents
+
+A resources.flight_planning.FlightIntentsResource containing the flight intents to be used in this scenario:
+
+This scenario expects to find at least two non-conflicting flight intents in this resource.
+
+### dss
+
+A resources.astm.f3548.v21.DSSInstanceResource containing the DSS instance to test for this scenario.
+
+### second_utm_auth
+
+A resources.communications.AuthAdapterResource containing a second set of credentials for interacting with the DSS.
+
+Note that the 'sub' claim on the token that will be  obtained for this resource MUST be different from the 'sub' claim on the token for the dss resource.
+
+### id_generator
+
+A resources.ineruss.IDGeneratorResource that will be used to generate the ID of the operational intent to be
+
+## Setup test case
+
+Makes sure that the DSS is in a clean and expected state before running the test, and that the passed resources work as required.
+
+The setup will create two separate operational intents: one for each set of the available credentials.
+
+### Ensure clean workspace test step
+
+#### Operational intents can be queried directly by their ID check
+
+If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of
+**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
+
+#### Operational intents can be searched using valid credentials check
+
+A client with valid credentials should be allowed to search for operational intents in a given area.
+Otherwise, the DSS is not in compliance with **[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
+
+#### Operational intents can be deleted by their owner check
+
+If an existing operational intent cannot be deleted when providing the proper ID and OVN, the DSS implementation is in violation of
+**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
+
+### Create operational intents with different credentials test step
+
+This test step ensures that an operation intent created with the main credentials is available for the main test case.
+
+To ensure that the second credentials are valid, it will also create an operational intent with those credentials.
+
+#### Can create an operational intent with valid credentials check
+
+If the DSS does not allow the creation of operation intents when the required parameters and credentials are provided,
+it is in violation of **[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
+
+#### Passed sets of credentials are different check
+
+This scenario requires two sets of credentials that have a diffrent 'sub' claim in order to validate that the
+DSS properly controls access to operational intents.
+
+## Attempt unauthorized flight intent modification test case
+
+This test case ensures that the DSS does not allow a caller to modify or delete operational intent that they did not create.
+
+### Attempt unauthorized flight intent modification test step
+
+This test step will attempt to modify the operational intent that was created using the configured `dss` resource,
+using the credentials provided in the `second_utm_auth` resource, and expect all such attempts to fail.
+
+#### Operational intents can be queried directly by their ID check
+
+If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of
+**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
+
+#### Second credentials cannot modify operational intent created with main credentials check
+
+If an operational intent can be modified by a client which did not create it, the DSS implementation is
+in violation of **[astm.f3548.v21.OPIN0035](../../../requirements/astm/f3548/v21.md)**.
+
+#### Second credentials cannot delete operational intent created with main credentials check
+
+If an operational intent can be deleted by a client which did not create it, the DSS implementation is
+in violation of **[astm.f3548.v21.OPIN0035](../../../requirements/astm/f3548/v21.md)**.
+
+## Cleanup
+
+### Operational intents can be queried directly by their ID check
+
+If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of
+**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
+
+### Operational intents can be deleted by their owner check
+
+If an existing operational intent cannot be deleted when providing the proper ID and OVN, the DSS implementation is in violation of
+**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.