diff --git a/monitoring/uss_qualifier/requirements/astm/f3548/v21.md b/monitoring/uss_qualifier/requirements/astm/f3548/v21.md index 60867e1f3b..79744b43f8 100644 --- a/monitoring/uss_qualifier/requirements/astm/f3548/v21.md +++ b/monitoring/uss_qualifier/requirements/astm/f3548/v21.md @@ -147,7 +147,12 @@ For information on these requirements, refer to [the ASTM standard F3548-21](htt ## Discovery and Synchronization Service -* DSS0005 +* DSS0005 + * DSS0005,1 + * DSS0005,2 + * DSS0005,3 + * DSS0005,4 + * DSS0005,5 * DSS0010 * DSS0015 * DSS0020 diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/__init__.py b/monitoring/uss_qualifier/scenarios/astm/utm/__init__.py index 3dcf1c54fe..ac9358a974 100644 --- a/monitoring/uss_qualifier/scenarios/astm/utm/__init__.py +++ b/monitoring/uss_qualifier/scenarios/astm/utm/__init__.py @@ -12,4 +12,4 @@ from .off_nominal_planning.down_uss_equal_priority_not_permitted import ( DownUSSEqualPriorityNotPermitted, ) -from .op_intent_access_control import OpIntentAccessControl +from .op_intent_ref_access_control import OpIntentReferenceAccessControl diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_access_control.md b/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_ref_access_control.md similarity index 62% rename from monitoring/uss_qualifier/scenarios/astm/utm/op_intent_access_control.md rename to monitoring/uss_qualifier/scenarios/astm/utm/op_intent_ref_access_control.md index 0f61b6441e..64d391e1b1 100644 --- a/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_access_control.md +++ b/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_ref_access_control.md @@ -1,8 +1,8 @@ -# ASTM F3548-21 UTM DSS Operational Intent Access Control test scenario +# ASTM F3548-21 UTM DSS Operational Intent Reference Access Control test scenario ## Overview -This scenario ensures that a DSS will only let the owner of an operational intent modify it. +This scenario ensures that a DSS will only let the owner of an operational intent reference modify it. ## Resources @@ -11,7 +11,7 @@ This scenario ensures that a DSS will only let the owner of an operational inten A `resources.flight_planning.FlightIntentsResource` containing the flight intents to be used in this scenario: This scenario expects to find at least two separate flight intents in this resource, as it will use their extent -to create two operational intents. +to create two operational intents references. ### dss @@ -48,79 +48,79 @@ this will be verified at runtime, and this scenario will fail if the second set ### id_generator -A `resources.interuss.IDGeneratorResource` that will be used to generate the IDs of the operational intents created in this scenario. +A `resources.interuss.IDGeneratorResource` that will be used to generate the IDs of the operational intent references created in this scenario. ## Setup test case Makes sure that the DSS is in a clean and expected state before running the test, and that the passed resources work as required. -The setup will create two separate operational intents: one for each set of the available credentials. +The setup will create two separate operational intent references: one for each set of the available credentials. ### Ensure clean workspace test step -#### Operational intents can be queried directly by their ID check +#### Operational intent references can be queried directly by their ID check -If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of -**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**. +If an existing operational intent reference cannot directly be queried by its ID, the DSS implementation is in violation of +**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**. -#### Operational intents can be searched using valid credentials check +#### Operational intent references can be searched using valid credentials check A client with valid credentials should be allowed to search for operational intents in a given area. -Otherwise, the DSS is not in compliance with **[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**. +Otherwise, the DSS is not in compliance with **[astm.f3548.v21.DSS0005,2](../../../requirements/astm/f3548/v21.md)**. -#### Operational intents can be deleted by their owner check +#### Operational intent references can be deleted by their owner check If an existing operational intent cannot be deleted when providing the proper ID and OVN, the DSS implementation is in violation of -**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**. +**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**. -### Create operational intents with different credentials test step +### Create operational intent references with different credentials test step -This test step ensures that an operation intent created with the main credentials is available for the main test case. +This test step ensures that an operation intent reference created with the main credentials is available for the main test case. -To verify that the second credentials are valid, it will also create an operational intent with those credentials. +To verify that the second credentials are valid, it will also create an operational intent reference with those credentials. #### Can create an operational intent with valid credentials check If the DSS does not allow the creation of operation intents when the required parameters and credentials are provided, -it is in violation of **[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**. +it is in violation of **[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**. #### Passed sets of credentials are different check This scenario requires two sets of credentials that have a different 'sub' claim in order to validate that the DSS properly controls access to operational intents. -## Attempt unauthorized flight intent modification test case +## Attempt unauthorized operational intent reference modification test case -This test case ensures that the DSS does not allow a caller to modify or delete operational intent that they did not create. +This test case ensures that the DSS does not allow a caller to modify or delete operational intent references that they did not create. -### Attempt unauthorized flight intent modification test step +### Attempt unauthorized operational intent reference modification test step -This test step will attempt to modify the operational intent that was created using the configured `dss` resource, +This test step will attempt to modify the operational intent references that was created using the configured `dss` resource, using the credentials provided in the `second_utm_auth` resource, and expect all such attempts to fail. -#### Operational intents can be queried directly by their ID check +#### Operational intent references can be queried directly by their ID check If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of -**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**. +**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**. #### Non-owning credentials cannot modify operational intent check -If an operational intent can be modified by a client which did not create it, the DSS implementation is +If an operational intent reference can be modified by a client which did not create it, the DSS implementation is in violation of **[astm.f3548.v21.OPIN0035](../../../requirements/astm/f3548/v21.md)**. #### Non-owning credentials cannot delete operational intent check -If an operational intent can be deleted by a client which did not create it, the DSS implementation is +If an operational intent reference can be deleted by a client which did not create it, the DSS implementation is in violation of **[astm.f3548.v21.OPIN0035](../../../requirements/astm/f3548/v21.md)**. ## Cleanup -### Operational intents can be queried directly by their ID check +### Operational intent references can be queried directly by their ID check If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of -**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**. +**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**. -### Operational intents can be deleted by their owner check +### Operational intent references can be deleted by their owner check If an existing operational intent cannot be deleted when providing the proper ID and OVN, the DSS implementation is in violation of -**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**. +**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**. diff --git a/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_access_control.py b/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_ref_access_control.py similarity index 91% rename from monitoring/uss_qualifier/scenarios/astm/utm/op_intent_access_control.py rename to monitoring/uss_qualifier/scenarios/astm/utm/op_intent_ref_access_control.py index 76b69bf214..ba53662627 100644 --- a/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_access_control.py +++ b/monitoring/uss_qualifier/scenarios/astm/utm/op_intent_ref_access_control.py @@ -25,13 +25,13 @@ from monitoring.uss_qualifier.suites.suite import ExecutionContext -class OpIntentAccessControl(TestScenario): +class OpIntentReferenceAccessControl(TestScenario): """ Tests that the DSS only allows a client to edit their own flight intents, but not those of another USS. """ - OP_INTENT_1 = register_resource_type(375, "Operational Intent") - OP_INTENT_2 = register_resource_type(376, "Operational Intent") + OP_INTENT_1 = register_resource_type(375, "Operational Intent Reference") + OP_INTENT_2 = register_resource_type(376, "Operational Intent Reference") # The DSS under test _dss: DSSInstance @@ -106,15 +106,21 @@ def run(self, context: ExecutionContext): self._ensure_clean_workspace() self.end_test_step() - self.begin_test_step("Create operational intents with different credentials") + self.begin_test_step( + "Create operational intent references with different credentials" + ) self._create_op_intents() self._ensure_credentials_are_different() self.end_test_step() self.end_test_case() - self.begin_test_case("Attempt unauthorized flight intent modification") - self.begin_test_step("Attempt unauthorized flight intent modification") + self.begin_test_case( + "Attempt unauthorized operational intent reference modification" + ) + self.begin_test_step( + "Attempt unauthorized operational intent reference modification" + ) self._check_mutation_on_non_owned_intent_fails() @@ -127,7 +133,8 @@ def _clean_known_op_intents_ids(self): (oi_ref, q) = self._dss.get_op_intent_reference(self._oid_1) self.record_query(q) with self.check( - "Operational intents can be queried directly by their ID", self._pid + "Operational intent references can be queried directly by their ID", + self._pid, ) as check: # If the Op Intent does not exist, it's fine to run into a 404. if q.response.status_code not in [200, 404]: @@ -142,7 +149,8 @@ def _clean_known_op_intents_ids(self): self.record_query(dq) if dq.response.status_code != 200: with self.check( - "Operational intents can be deleted by their owner", self._pid + "Operational intent references can be deleted by their owner", + self._pid, ) as check: check.record_failed( f"Could not delete operational intent using main credentials", @@ -154,7 +162,8 @@ def _clean_known_op_intents_ids(self): (oi_ref, q) = self._dss_separate_creds.get_op_intent_reference(self._oid_2) self.record_query(q) with self.check( - "Operational intents can be queried directly by their ID", self._pid + "Operational intent references can be queried directly by their ID", + self._pid, ) as check: if q.response.status_code not in [200, 404]: check.record_failed( @@ -169,7 +178,7 @@ def _clean_known_op_intents_ids(self): ) self.record_query(dq) with self.check( - "Operational intents can be deleted by their owner", self._pid + "Operational intent references can be deleted by their owner", self._pid ) as check: if dq.response.status_code != 200: check.record_failed( @@ -187,11 +196,12 @@ def _ensure_clean_workspace(self): self.record_query(q) loguru.logger.info(f"Search query: {q.response}") with self.check( - "Operational intents can be searched using valid credentials", self._pid + "Operational intent references can be searched using valid credentials", + self._pid, ) as check: if q.response.status_code != 200: check.record_failed( - f"Could not search operational intents using main credentials", + f"Could not search operational intent references using main credentials", Severity.High, f"DSS responded with {q.response.status_code} to attempt to search OIs", query_timestamps=[q.request.timestamp], @@ -203,7 +213,8 @@ def _ensure_clean_workspace(self): (_, _, dq) = self._dss.delete_op_intent(op_intent.id, op_intent.ovn) self.record_query(dq) with self.check( - "Operational intents can be deleted by their owner", self._pid + "Operational intent references can be deleted by their owner", + self._pid, ) as check: if dq.response.status_code != 200: check.record_failed( @@ -218,11 +229,12 @@ def _ensure_clean_workspace(self): ) self.record_query(q) with self.check( - "Operational intents can be searched using valid credentials", self._pid + "Operational intent references can be searched using valid credentials", + self._pid, ) as check: if q.response.status_code != 200: check.record_failed( - f"Could not search operational intents using second credentials", + f"Could not search operational intent references using second credentials", Severity.High, f"DSS responded with {q.response.status_code} to attempt to search OIs", query_timestamps=[q.request.timestamp], @@ -239,7 +251,8 @@ def _ensure_clean_workspace(self): ) self.record_query(dq) with self.check( - "Operational intents can be deleted by their owner", self._pid + "Operational intent references can be deleted by their owner", + self._pid, ) as check: if dq.response.status_code != 200: check.record_failed( @@ -377,7 +390,8 @@ def _check_mutation_on_non_owned_intent_fails(self): self.record_query(qcheck) with self.check( - "Operational intents can be queried directly by their ID", self._pid + "Operational intent references can be queried directly by their ID", + self._pid, ) as check: if qcheck.response.status_code != 200: check.record_failed( diff --git a/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md b/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md index 44fe733e30..dc2f1dda93 100644 --- a/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md +++ b/monitoring/uss_qualifier/suites/astm/utm/dss_probing.md @@ -4,7 +4,7 @@ ## [Actions](../../README.md#actions) -1. Scenario: [ASTM F3548-21 UTM DSS Operational Intent Access Control](../../../scenarios/astm/utm/op_intent_access_control.md) ([`scenarios.astm.utm.OpIntentAccessControl`](../../../scenarios/astm/utm/op_intent_access_control.py)) +1. Scenario: [ASTM F3548-21 UTM DSS Operational Intent Reference Access Control](../../../scenarios/astm/utm/op_intent_ref_access_control.md) ([`scenarios.astm.utm.OpIntentReferenceAccessControl`](../../../scenarios/astm/utm/op_intent_ref_access_control.py)) 2. Scenario: [ASTM F3548-21 UTM DSS interoperability](../../../scenarios/astm/utm/dss_interoperability.md) ([`scenarios.astm.utm.DSSInteroperability`](../../../scenarios/astm/utm/dss_interoperability.py)) ## [Checked requirements](../../README.md#checked-requirements) @@ -17,10 +17,15 @@