diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.md b/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.md index de87a4b816..cea81af4d9 100644 --- a/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.md +++ b/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.md @@ -48,7 +48,7 @@ For the purpose of this scenario, the `second_utm_auth` resource must provide ac ##### Separate subscription -Note that the subscription (or 'sub' claim, not to be confused with an SCD DSS subscription) of the token that will be obtained for this resource +Note that the subject (or 'sub' claim) of the token that will be obtained for this resource MUST be different from the one of the `dss` resources mentioned above: this will be verified at runtime, and the depending checks will not be run if this is not the case. @@ -56,7 +56,10 @@ this will be verified at runtime, and the depending checks will not be run if th ### [Ensure clean workspace test step](../clean_workspace.md) -This step ensures that no subscription with the known test ID exists in the DSS. +This step ensures that no subscriptions with the known test IDs exists in the DSS. + +This includes the main test subscription used in this test, as well as the extra subscription +used for testing the `manager` field sync, if the test is configured to test for it. ## Subscription Synchronization test case @@ -147,18 +150,22 @@ Verify that the subscription returned by every DSS is correctly formatted and co Verify that the version of the subscription returned by every DSS is as expected. -### Verify manager synchronization test step - -Checks that the manager of a subscription is properly synchronized across all DSS instances. +### Create subscription with different credentials test step -This is done by means of using a separate set of credentials to create a subscription on the primary DSS, -and then verifying that the main credentials are not able to mutate this subscription via one of the secondary DSS instances +If the second set of credentials is provided, this test step will create a subscription using these credentials, +in order to prepare the next step that checks manager synchronization. #### [Create subscription](../fragments/sub/crud/create.md) -Verify that a subscription can be created on the primary DSS. +Verify that a subscription can be created on the primary DSS using the separate set of credentials. + +### Verify manager synchronization test step + +If the second set of credentials is provided, checks that the manager of a subscription is properly synchronized across all DSS instances. + +This is done by verifying that the main credentials are not able to delete the subscription via any of the secondary DSS instances. -#### 🛑 Subscription deletion with different non-managing credentials on secondary DSS fails check +#### ⚠️ Subscription deletion with different non-managing credentials on secondary DSS fails check If the subscription can be deleted by a client which did not create it, via a DSS instance to which the subscription was synced following its creation on the primary DSS, either one of the primary DSS or the DSS that accepted the deletion failed to properly broadcast, respectively take into account, the manage of the subscription, @@ -192,3 +199,8 @@ If a DSS returns a subscription that was previously successfully deleted from th either one of the primary DSS or the DSS that returned the subscription is in violation of **[astm.f3548.v21.DSS0210,1a](../../../../../requirements/astm/f3548/v21.md)**. ## [Cleanup](../clean_workspace.md) + +This step ensures that no subscriptions with the known test IDs exists in the DSS. + +This includes the main test subscription used in this test, as well as the extra subscription +used for testing the `manager` field sync, if the test is configured to test for it. diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.py b/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.py index f32e07b333..7d229f0438 100644 --- a/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.py +++ b/monitoring/uss_qualifier/scenarios/astm/utm/dss/synchronization/subscription_synchronization.py @@ -44,7 +44,9 @@ class SubscriptionSynchronization(TestScenario): """ SUB_TYPE = register_resource_type(379, "Subscription") - ACL_SUB_TYPE = register_resource_type(380, "Subscription with different credentials") + ACL_SUB_TYPE = register_resource_type( + 380, "Subscription with different credentials" + ) _dss: DSSInstance @@ -156,15 +158,15 @@ def run(self, context: ExecutionContext): return self.begin_test_scenario(context) - self._setup_case() + self._step_setup_case() self.begin_test_case("Subscription Synchronization") self.begin_test_step("Create subscription validation") - self._create_sub_with_params(self._sub_params) + self._step_create_sub_with_params(self._sub_params) self.end_test_step() self.begin_test_step("Query newly created subscription") - self._query_secondaries_and_compare(self._sub_params) + self._step_query_secondaries_and_compare(self._sub_params) self.end_test_step() self.begin_test_step("Mutate subscription") @@ -172,12 +174,12 @@ def run(self, context: ExecutionContext): self.end_test_step() self.begin_test_step("Query updated subscription") - self._query_secondaries_and_compare(self._sub_params) + self._step_query_secondaries_and_compare(self._sub_params) self.end_test_step() if self._dss_separate_creds: self.begin_test_step("Create subscription with different credentials") - + self._step_create_sub_separate_creds() self.end_test_step() self.begin_test_step("Verify manager synchronization") self._step_test_delete_sub_with_separate_creds() @@ -189,17 +191,17 @@ def run(self, context: ExecutionContext): ) self.begin_test_step("Delete subscription") - self._test_delete_sub() + self._step_test_delete_sub() self.end_test_step() self.begin_test_step("Query deleted subscription") - self._test_get_deleted_sub() + self._step_test_get_deleted_sub() self.end_test_step() self.end_test_case() self.end_test_scenario() - def _setup_case(self): + def _step_setup_case(self): self.begin_test_case("Setup") # Multiple runs of the scenario seem to rely on the same instance of it: # thus we need to reset the state of the scenario before running it. @@ -229,7 +231,7 @@ def _ensure_no_active_subs_exist(self): self._planning_area_volume4d, ) - def _create_sub_with_params(self, creation_params: SubscriptionParams): + def _step_create_sub_with_params(self, creation_params: SubscriptionParams): # TODO migrate to the try/except pattern for queries newly_created = self._dss.upsert_subscription( @@ -261,7 +263,9 @@ def _create_sub_with_params(self, creation_params: SubscriptionParams): # Store the subscription self._current_subscription = newly_created.subscription - def _query_secondaries_and_compare(self, expected_sub_params: SubscriptionParams): + def _step_query_secondaries_and_compare( + self, expected_sub_params: SubscriptionParams + ): for secondary_dss in self._dss_read_instances: self._validate_get_sub_from_secondary( secondary_dss=secondary_dss, @@ -631,7 +635,7 @@ def _step_test_delete_sub_with_separate_creds(self): check.record_failed( "Subscription deletion with main credentials did not fail", details=f"Subscription deletion with main credentials did not fail with the expected " - f"status code of 403; instead returned {deleted_sub.status_code}", + f"status code of 403; instead returned {deleted_sub.status_code}", query_timestamps=[deleted_sub.request.timestamp], ) @@ -646,7 +650,7 @@ def _credentials_are_different(self): != self._dss.client.auth_adapter.get_sub() ) - def _test_delete_sub(self): + def _step_test_delete_sub(self): deleted_sub = self._dss.delete_subscription( sub_id=self._sub_id, sub_version=self._current_subscription.version ) @@ -676,7 +680,7 @@ def _test_delete_sub(self): self._current_subscription = None - def _test_get_deleted_sub(self): + def _step_test_get_deleted_sub(self): for secondary_dss in self._dss_read_instances: self._confirm_secondary_has_no_sub(secondary_dss)