[uss_qualifier] constraint reference endpoint authentication checks

interuss · Aug 7, 2024 · 427263f · 427263f
1 parent 843e69a
commit 427263f
Show file tree

Hide file tree

Showing 5 changed files with 943 additions and 139 deletions.
diff --git a/monitoring/uss_qualifier/configurations/dev/utm_implementation_us_lib/baseline.libsonnet b/monitoring/uss_qualifier/configurations/dev/utm_implementation_us_lib/baseline.libsonnet
@@ -387,6 +387,21 @@ function(env) {
             },
           },
         },
+         {
+          applicability: {
+            // We also want to make sure we don't skip more scenarios that we should
+            skipped_actions: {},
+          },
+          pass_condition: {
+            elements: {
+              count: {
+                // We currently expect this amount of skipped scenarios: making it an equality
+                // to make sure this is reduced if some scenarios start to be executed
+                equal_to: 7,
+              },
+            },
+          },
+        },
       ], // criteria
     }, // validation
   }, // v1

diff --git a/monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py b/monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py
@@ -725,7 +725,7 @@ def participant_id(self) -> str:
     def base_url(self) -> str:
         return self._specification.base_url
 
-    def get_authorized_scope_not_in(self, ignored_scopes: List[str]) -> Optional[str]:
+    def get_authorized_scope_not_in(self, ignored_scopes: List[str]) -> Optional[Scope]:
         """Returns a scope that this DSS Resource is allowed to use but that is not any of the ones that are passed
         in 'ignored_scopes'. If no such scope is found, None is returned.
 

diff --git a/...ss_qualifier/scenarios/astm/utm/dss/authentication/authentication_validation.md b/...ss_qualifier/scenarios/astm/utm/dss/authentication/authentication_validation.md
@@ -13,17 +13,21 @@ Note that this does not cover authorization.
 [`DSSInstanceResource`](../../../../../resources/astm/f3548/v21/dss.py) to be tested in this scenario.
 
 Note that to benefit from the maximum coverage, the DSS' AuthAdapterResource must be able to obtain credentials
-for multiple scopes (so that a wrong scope may be used in place of the correct one) as well as an empty scope (that is, provide credentials where the scope is an empty string).
+for multiple scopes (so that a wrong scope may be used in place of the correct one) as well as an empty scope
+(that is, provide credentials where the scope is an empty string).
 
 This scenario will check for the scope's availability and transparently ignore checks that can't be conducted.
 
-Required scopes for running this scenario:
+At least one of the following scopes needs to be available for this scenario to at least partially run:
 
 - `utm.strategic_coordination`
+- `utm.constraint_management`
+- `utm.availability_arbitration`
+
+In order to verify each endpoint group, all scopes above must be available.
 
 Optional scopes that will allow the scenario to provide additional coverage:
 
-- `utm.availability_arbitration`
 - `""` (empty string)
 
 ### id_generator
@@ -317,6 +321,146 @@ it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../require
 If the DSS does not allow searching for operational intents when valid credentials are presented,
 it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.
 
+### Constraint reference endpoints authentication test step
+
+#### 🛑 Unauthorized requests return the proper error message body check
+
+If the DSS under test does not return a proper error message body when an unauthorized request is received,
+it fails to properly implement the OpenAPI specification that is part of **[astm.f3548.v21.DSS0005,3](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create constraint reference with missing credentials check
+
+If the DSS under test allows the creation of a constraint reference without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create constraint reference with invalid credentials check
+
+If the DSS under test allows the creation of a constraint reference with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create constraint reference with missing scope check
+
+If the DSS under test allows the creation of a constraint reference with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create constraint reference with incorrect scope check
+
+If the DSS under test allows the creation of a constraint reference with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Create constraint reference with valid credentials check
+
+If the DSS does not allow the creation of a constraint reference when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### [Create response format](../fragments/cr/crud/create_format.md)
+
+Check response format of a creation request.
+
+#### 🛑 Get constraint reference with missing credentials check
+
+If the DSS under test allows the fetching of a constraint reference without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get constraint reference with invalid credentials check
+
+If the DSS under test allows the fetching of a constraint reference with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get constraint reference with missing scope check
+
+If the DSS under test allows the fetching of a constraint reference with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get constraint reference with incorrect scope check
+
+If the DSS under test allows the fetching of a constraint reference with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Get constraint reference with valid credentials check
+
+If the DSS does not allow fetching a constraint reference when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate constraint reference with missing credentials check
+
+If the DSS under test allows the mutation of a constraint reference without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate constraint reference with invalid credentials check
+
+If the DSS under test allows the mutation of a constraint reference with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate constraint reference with missing scope check
+
+If the DSS under test allows the mutation of a constraint reference with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate constraint reference with incorrect scope check
+
+If the DSS under test allows the mutation of a constraint reference with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Mutate constraint reference with valid credentials check
+
+If the DSS does not allow the mutation of a constraint reference when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### [Mutate response format](../fragments/cr/crud/update_format.md)
+
+Check response format of a mutation.
+
+#### 🛑 Delete constraint reference with missing credentials check
+
+If the DSS under test allows the deletion of a constraint reference without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete constraint reference with invalid credentials check
+
+If the DSS under test allows the deletion of a constraint reference with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete constraint reference with missing scope check
+
+If the DSS under test allows the deletion of a constraint reference with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete constraint reference with incorrect scope check
+
+If the DSS under test allows the deletion of a constraint reference with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Delete constraint reference with valid credentials check
+
+If the DSS does not allow the deletion of a constraint reference when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search constraint references with missing credentials check
+
+If the DSS under test allows searching for constraint references without any credentials being presented,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search constraint references with invalid credentials check
+
+If the DSS under test allows searching for constraint references with credentials that are well-formed but invalid,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search constraint references with missing scope check
+
+If the DSS under test allows searching for constraint references with valid credentials but a missing scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search constraint references with incorrect scope check
+
+If the DSS under test allows searching for constraint references with valid credentials but an incorrect scope,
+it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.
+
+#### 🛑 Search constraint references with valid credentials check
+
+If the DSS does not allow searching for constraint references when valid credentials are presented,
+it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.
+
 ### Availability endpoints authentication test step
 
 #### 🛑 Unauthorized requests return the proper error message body check