From e6138bf1acc9b4d2176b7aa66910cf301c9f3387 Mon Sep 17 00:00:00 2001 From: Julien Perrochet Date: Thu, 31 Oct 2024 15:48:28 +0100 Subject: [PATCH] [uss_qualifier] netrid: DSS0020 - check DSS endpoints are encrypted --- .../configurations/dev/dss_probing.yaml | 3 +- .../configurations/dev/library/resources.yaml | 14 ++ .../configurations/dev/netrid_v19.yaml | 2 + .../configurations/dev/netrid_v22a.yaml | 2 + .../configurations/dev/uspace.yaml | 5 +- .../netrid/common/dss/endpoint_encryption.py | 169 ++++++++++++++++++ .../scenarios/astm/netrid/v19/dss/__init__.py | 1 + .../netrid/v19/dss/endpoint_encryption.md | 51 ++++++ .../netrid/v19/dss/endpoint_encryption.py | 8 + .../astm/netrid/v22a/dss/__init__.py | 1 + .../netrid/v22a/dss/endpoint_encryption.md | 39 ++++ .../netrid/v22a/dss/endpoint_encryption.py | 8 + .../suites/astm/netrid/f3411_19.md | 7 +- .../suites/astm/netrid/f3411_19.yaml | 3 + .../astm/netrid/f3411_19/dss_probing.md | 28 +-- .../astm/netrid/f3411_19/dss_probing.yaml | 6 + .../suites/astm/netrid/f3411_22a.md | 7 +- .../suites/astm/netrid/f3411_22a.yaml | 4 + .../astm/netrid/f3411_22a/dss_probing.md | 28 +-- .../astm/netrid/f3411_22a/dss_probing.yaml | 6 + .../suites/interuss/dss/all_tests.md | 14 +- .../suites/interuss/dss/all_tests.yaml | 5 + .../suites/uspace/network_identification.md | 7 +- .../suites/uspace/network_identification.yaml | 2 + .../suites/uspace/required_services.md | 7 +- .../suites/uspace/required_services.yaml | 2 + 26 files changed, 398 insertions(+), 31 deletions(-) create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py diff --git a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml index 57047b0c01..41eb7eb97b 100644 --- a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml +++ b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml @@ -6,7 +6,7 @@ v1: kentland_service_area: { $ref: 'library/resources.yaml#/kentland_service_area' } kentland_planning_area: { $ref: 'library/resources.yaml#/kentland_planning_area' } kentland_problematically_big_area: { $ref: 'library/resources.yaml#/kentland_problematically_big_area' } - + kentland_acceptable_search_area: { $ref: 'library/resources.yaml#/kentland_acceptable_search_area' } utm_auth: { $ref: 'library/environment.yaml#/utm_auth' } second_utm_auth: {$ref: 'library/environment.yaml#/second_utm_auth'} utm_client_identity: { $ref: 'library/resources.yaml#/utm_client_identity' } @@ -35,6 +35,7 @@ v1: service_area: kentland_service_area planning_area: kentland_planning_area problematically_big_area: kentland_problematically_big_area + acceptable_search_area: kentland_acceptable_search_area second_utm_auth: second_utm_auth flight_intents: che_non_conflicting_flights test_exclusions: test_exclusions diff --git a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml index 5b3a48093f..fa2df41441 100644 --- a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml +++ b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml @@ -41,6 +41,20 @@ kentland_service_area: time_start: '2023-01-10T00:00:01.123456+00:00' time_end: '2023-01-10T01:00:01.123456+00:00' +kentland_acceptable_search_area: + dependencies: { } + resource_type: resources.VerticesResource + specification: + vertices: + - lat: 37.1853 + lng: -80.614 + - lat: 37.2148 + lng: -80.614 + - lat: 37.2148 + lng: -80.544 + - lat: 37.1853 + lng: -80.544 + kentland_planning_area: $content_schema: monitoring/uss_qualifier/resources/definitions/ResourceDeclaration.json resource_type: resources.astm.f3548.v21.PlanningAreaResource diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml index 155e4eccea..5442d8fa90 100644 --- a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml +++ b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml @@ -8,6 +8,7 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} + kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -34,6 +35,7 @@ v1: id_generator: id_generator service_area: kentland_service_area problematically_big_area: au_problematically_big_area + acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml index 6c8883c988..1056bec2dc 100644 --- a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml +++ b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml @@ -8,6 +8,7 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} + kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -34,6 +35,7 @@ v1: id_generator: id_generator service_area: kentland_service_area problematically_big_area: au_problematically_big_area + acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/configurations/dev/uspace.yaml b/monitoring/uss_qualifier/configurations/dev/uspace.yaml index 0d9f03d7b9..2b8f07ac7d 100644 --- a/monitoring/uss_qualifier/configurations/dev/uspace.yaml +++ b/monitoring/uss_qualifier/configurations/dev/uspace.yaml @@ -14,6 +14,7 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} + kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -73,7 +74,7 @@ v1: service_area: kentland_service_area planning_area: che_planning_area problematically_big_area: au_problematically_big_area - + acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions specification: mock_uss_instances_source: mock_uss_instances @@ -106,7 +107,7 @@ v1: service_area: service_area planning_area: planning_area problematically_big_area: problematically_big_area - + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py new file mode 100644 index 0000000000..1d14b64582 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py @@ -0,0 +1,169 @@ +import errno +import socket +from urllib.parse import urlparse + +import requests +from future.backports.datetime import datetime + +from monitoring.monitorlib import infrastructure +from monitoring.monitorlib.fetch import rid as fetch +from monitoring.uss_qualifier.resources import VerticesResource +from monitoring.uss_qualifier.resources.astm.f3411.dss import DSSInstanceResource +from monitoring.uss_qualifier.scenarios.scenario import GenericTestScenario +from monitoring.uss_qualifier.suites.suite import ExecutionContext + + +class EndpointEncryption(GenericTestScenario): + """ + Ensures that the endpoints of a DSS are not accessible unencrypted: + - HTTP access should be impossible or redirect to HTTPS + - HTTPS access should be possible + + TODO: add a check for minimal cipher strength to a 128bit AES equivalent or more. + """ + + def __init__( + self, + dss: DSSInstanceResource, + test_search_area: VerticesResource, + ): + super().__init__() + self._dss = dss.dss_instance + self._search_area = [ + v.as_s2sphere() for v in test_search_area.specification.vertices + ] + + self._parsed_url = urlparse(self._dss.base_url) + self._hostname = self._parsed_url.hostname + + self._http_base_url = f"http://{self._hostname}/{self._parsed_url.path}" + + def run(self, context: ExecutionContext): + self.begin_test_scenario(context) + + if self._hostname is None: + self.record_note( + "hostname", + "Cannot check encryption requirement when DSS hostname is unspecified", + ) + self.end_test_scenario() + return + + if not self._dss.base_url.startswith("https://"): + self.record_note( + "encrypted_endpoints", + "Cannot check encryption requirement when DSS endpoint is specified with an http:// base URL", + ) + self.end_test_scenario() + return + + self._case_http_unavailable_or_redirect() + self._case_https_works() + + self.end_test_scenario() + + def _case_http_unavailable_or_redirect(self): + self.begin_test_case("Connect to HTTP port") + self.begin_test_step("Attempt GET on root path via HTTP") + + with self.check( + "Connection to HTTP port fails or redirects to HTTPS port", + self._dss.participant_id, + ) as check: + try: + response = requests.get( + self._http_base_url, + timeout=10, + allow_redirects=False, + ) + _check_is_redirect(self._parsed_url, check, response) + except socket.error as e: + if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]: + check.record_failed( + "Connection to HTTP port failed for the unexpected reason", + details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.", + ) + + self.begin_test_step("Attempt GET on a known valid path via HTTP") + + with self.check( + "Connection to HTTP port fails or redirects to HTTPS port", + self._dss.participant_id, + ) as check: + try: + response = fetch.isas( + area=self._search_area, + start_time=datetime.now(), + end_time=datetime.now() + datetime.timedelta(days=1), + rid_version=self._dss.rid_version, + session=infrastructure.UTMClientSession( + self._http_base_url, self._dss.client.auth_adapter + ), + participant_id=self._dss.participant_id, + ) + _check_is_redirect(self._parsed_url, check, response) + except socket.error as e: + if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]: + check.record_failed( + "Connection to HTTP port failed for the unexpected reason", + details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.", + ) + + self.end_test_step() + self.end_test_case() + + def _case_https_works(self): + parsed_url = urlparse(self._dss.base_url) + hostname = parsed_url.hostname + + self.begin_test_case("Connect to HTTPS port") + self.begin_test_step("Attempt GET on root path via HTTP test") + + if hostname is not None: + with self.check( + "Connection fails or response redirects to HTTPS endpoint", + self._dss.participant_id, + ) as check: + try: + requests.get( + f"https://{hostname}/{parsed_url.path}", + timeout=10, + allow_redirects=False, + ) + # We don't care about the response details, just that the connection was successful + # (a 404 would still indicate that HTTPS is working well) + except requests.RequestException as e: + check.record_failed( + "Connection to HTTPS port failed", + details=f"Encountered exception while attempting HTTPS request: {e}", + ) + + self.end_test_step() + self.end_test_case() + + +def _check_is_redirect(parsed_url, check, response): + # If we can connect, we want to check that we are being redirected: + # (a 4XX response is already a form of communication that we don't want in cleartext) + if response.status_code not in [301, 302, 307, 308]: + check.record_failed( + "Connection to HTTP port did not redirect", + details=f"Was expecting a 301 or 308 response, but obtained status code: {response.status_code}", + ) + if "Location" not in response.headers: + check.record_failed( + "Location header missing in redirect response", + details="Was expecting a Location header in the response, but it was not present", + ) + if response.headers.get("Location").startswith("http://"): + check.record_failed( + "Connection to HTTP port redirected to HTTP", + details=f"Was expecting a redirection to an https:// URL. Location header: {response.headers.get('Location')}", + ) + if not response.headers.get("Location").startswith( + f"https://{parsed_url.hostname}/{parsed_url.path}" + ): + check.record_failed( + "Redirect to unexpected destination", + details=f"Was expecting a redirection to https://{parsed_url.hostname}/{parsed_url.path}, was {response.headers.get('Location')}", + ) diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py index a89cb054cb..d004702b51 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py @@ -7,3 +7,4 @@ from .token_validation import TokenValidation from .crdb_access import CRDBAccess from .heavy_traffic_concurrent import HeavyTrafficConcurrent +from .endpoint_encryption import EndpointEncryption diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md new file mode 100644 index 0000000000..ada85050b7 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md @@ -0,0 +1,51 @@ +# ASTM NetRID DSS: Endpoint encryption test scenario + +## Overview + +Ensures that a DSS only exposes its endpoints via HTTPS. + +## Resources + +### dss + +[`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario. + +### test_search_area + +[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query. + +## Connect to HTTP port test case + +Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection, +or a redirection to the https port (443). + +Note: this test case will be skipped if the DSS instance is configured to use HTTP. + +### Attempt GET on root path via HTTP test step + +This test step attempts an HTTP GET request on the root path of the DSS instance, using plain HTTP, +and expects either a connection refusal or a redirection to the equivalent HTTPS URL. + +#### 🛑 Connection fails or response redirects to HTTPS endpoint check + +If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port +upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. + +### Attempt GET on a known valid path via HTTP test step + +This test step attempts an HTTP GET request on a known valid path by searching for ISAs in the configured planning area. + +#### 🛑 Connection fails or response redirects to HTTPS endpoint check + +If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port +upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. + +## Connect to HTTPS port test case + +Try to connect to the DSS instance over HTTPS. + +### Attempt to connect to the DSS instance on the HTTPS port test step + +#### 🛑 A request can be sent over HTTPS check + +If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py new file mode 100644 index 0000000000..0732eb04d2 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py @@ -0,0 +1,8 @@ +from monitoring.uss_qualifier.scenarios.astm.netrid.common.dss.endpoint_encryption import ( + EndpointEncryption as CommonEndpointEncryption, +) +from monitoring.uss_qualifier.scenarios.scenario import TestScenario + + +class EndpointEncryption(TestScenario, CommonEndpointEncryption): + pass diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py index a89cb054cb..d004702b51 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py @@ -7,3 +7,4 @@ from .token_validation import TokenValidation from .crdb_access import CRDBAccess from .heavy_traffic_concurrent import HeavyTrafficConcurrent +from .endpoint_encryption import EndpointEncryption diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md new file mode 100644 index 0000000000..bdeb75d84a --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md @@ -0,0 +1,39 @@ +# ASTM NetRID DSS: Endpoint encryption test scenario + +## Overview + +Ensures that a DSS only exposes its endpoints via HTTPS. + +## Resources + +### dss + +[`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario. + +### test_search_area + +[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query. + +## Connect to HTTP port test case + +Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection, +or a redirection to the https port (443). + +Note: this test case will be skipped if the DSS instance is configured to use HTTP. + +### Attempt to connect to the DSS instance on the HTTP port test step + +#### 🛑 Connection to HTTP port fails or redirects to HTTPS port check + +If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port +upon reception of an HTTP request, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. + +## Connect to HTTPS port test case + +Try to connect to the DSS instance over HTTPS. + +### Attempt to connect to the DSS instance on the HTTPS port test step + +#### 🛑 A request can be sent over HTTPS check + +If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py new file mode 100644 index 0000000000..0732eb04d2 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py @@ -0,0 +1,8 @@ +from monitoring.uss_qualifier.scenarios.astm.netrid.common.dss.endpoint_encryption import ( + EndpointEncryption as CommonEndpointEncryption, +) +from monitoring.uss_qualifier.scenarios.scenario import TestScenario + + +class EndpointEncryption(TestScenario, CommonEndpointEncryption): + pass diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md index 23b63987b6..1433085f81 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md @@ -21,11 +21,16 @@ Checked in - astm
.f3411
.v19
+ astm
.f3411
.v19
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030,a Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml index 8bba99aed7..f921fbd90b 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml @@ -10,6 +10,7 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - action_generator: @@ -21,6 +22,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -34,6 +36,7 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md index 270339fa0c..cff1ff77fe 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md @@ -4,16 +4,17 @@ ## [Actions](../../../README.md#actions) -1. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v19/dss/isa_simple.md) ([`scenarios.astm.netrid.v19.dss.ISASimple`](../../../../scenarios/astm/netrid/v19/dss/isa_simple.py)) -2. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v19/dss/isa_validation.md) ([`scenarios.astm.netrid.v19.dss.ISAValidation`](../../../../scenarios/astm/netrid/v19/dss/isa_validation.py)) -3. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.md) ([`scenarios.astm.netrid.v19.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.py)) -4. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v19.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.py)) -5. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.py)) -6. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.py)) -7. Scenario: [ASTM F3411-19 NetRID DSS interoperability](../../../../scenarios/astm/netrid/v19/dss_interoperability.md) ([`scenarios.astm.netrid.v19.DSSInteroperability`](../../../../scenarios/astm/netrid/v19/dss_interoperability.py)) -8. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v19/dss/token_validation.md) ([`scenarios.astm.netrid.v19.dss.TokenValidation`](../../../../scenarios/astm/netrid/v19/dss/token_validation.py)) -9. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v19/dss/crdb_access.md) ([`scenarios.astm.netrid.v19.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v19/dss/crdb_access.py)) -10. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v19.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.py)) +1. Scenario: [ASTM NetRID DSS: Endpoint encryption](../../../../scenarios/astm/netrid/v19/dss/endpoint_encryption.md) ([`scenarios.astm.netrid.v19.dss.EndpointEncryption`](../../../../scenarios/astm/netrid/v19/dss/endpoint_encryption.py)) +2. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v19/dss/isa_simple.md) ([`scenarios.astm.netrid.v19.dss.ISASimple`](../../../../scenarios/astm/netrid/v19/dss/isa_simple.py)) +3. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v19/dss/isa_validation.md) ([`scenarios.astm.netrid.v19.dss.ISAValidation`](../../../../scenarios/astm/netrid/v19/dss/isa_validation.py)) +4. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.md) ([`scenarios.astm.netrid.v19.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.py)) +5. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v19.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.py)) +6. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.py)) +7. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.py)) +8. Scenario: [ASTM F3411-19 NetRID DSS interoperability](../../../../scenarios/astm/netrid/v19/dss_interoperability.md) ([`scenarios.astm.netrid.v19.DSSInteroperability`](../../../../scenarios/astm/netrid/v19/dss_interoperability.py)) +9. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v19/dss/token_validation.md) ([`scenarios.astm.netrid.v19.dss.TokenValidation`](../../../../scenarios/astm/netrid/v19/dss/token_validation.py)) +10. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v19/dss/crdb_access.md) ([`scenarios.astm.netrid.v19.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v19/dss/crdb_access.py)) +11. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v19.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.py)) ## [Checked requirements](../../../README.md#checked-requirements) @@ -25,11 +26,16 @@ Checked in - astm
.f3411
.v19
+ astm
.f3411
.v19
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030,a Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml index 0d9a041f38..b9acc57f81 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml @@ -7,8 +7,14 @@ resources: utm_client_identity: resources.communications.ClientIdentityResource isa: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: + - test_scenario: + scenario_type: scenarios.astm.netrid.v19.dss.EndpointEncryption + resources: + dss: dss + test_search_area: acceptable_search_area - test_scenario: scenario_type: scenarios.astm.netrid.v19.dss.ISASimple resources: diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md index e803f28ab1..ebf19e1189 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md @@ -21,11 +21,16 @@ Checked in - astm
.f3411
.v22a
+ astm
.f3411
.v22a
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml index d1644bf1e1..293d851f85 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml @@ -10,6 +10,7 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - action_generator: @@ -21,6 +22,8 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area + planning_area: problematically_big_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -35,6 +38,7 @@ actions: isa: service_area client_identity: utm_client_identity problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md index 58852e7ad9..c9dddc9eac 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md @@ -4,16 +4,17 @@ ## [Actions](../../../README.md#actions) -1. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.md) ([`scenarios.astm.netrid.v22a.dss.ISASimple`](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.py)) -2. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.md) ([`scenarios.astm.netrid.v22a.dss.ISAValidation`](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.py)) -3. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.md) ([`scenarios.astm.netrid.v22a.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.py)) -4. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v22a.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.py)) -5. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.py)) -6. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.py)) -7. Scenario: [ASTM F3411-22a NetRID DSS interoperability](../../../../scenarios/astm/netrid/v22a/dss_interoperability.md) ([`scenarios.astm.netrid.v22a.DSSInteroperability`](../../../../scenarios/astm/netrid/v22a/dss_interoperability.py)) -8. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v22a/dss/token_validation.md) ([`scenarios.astm.netrid.v22a.dss.TokenValidation`](../../../../scenarios/astm/netrid/v22a/dss/token_validation.py)) -9. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.md) ([`scenarios.astm.netrid.v22a.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.py)) -10. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v22a.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.py)) +1. Scenario: [ASTM NetRID DSS: Endpoint encryption](../../../../scenarios/astm/netrid/v22a/dss/endpoint_encryption.md) ([`scenarios.astm.netrid.v22a.dss.EndpointEncryption`](../../../../scenarios/astm/netrid/v22a/dss/endpoint_encryption.py)) +2. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.md) ([`scenarios.astm.netrid.v22a.dss.ISASimple`](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.py)) +3. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.md) ([`scenarios.astm.netrid.v22a.dss.ISAValidation`](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.py)) +4. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.md) ([`scenarios.astm.netrid.v22a.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.py)) +5. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v22a.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.py)) +6. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.py)) +7. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.py)) +8. Scenario: [ASTM F3411-22a NetRID DSS interoperability](../../../../scenarios/astm/netrid/v22a/dss_interoperability.md) ([`scenarios.astm.netrid.v22a.DSSInteroperability`](../../../../scenarios/astm/netrid/v22a/dss_interoperability.py)) +9. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v22a/dss/token_validation.md) ([`scenarios.astm.netrid.v22a.dss.TokenValidation`](../../../../scenarios/astm/netrid/v22a/dss/token_validation.py)) +10. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.md) ([`scenarios.astm.netrid.v22a.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.py)) +11. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v22a.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.py)) ## [Checked requirements](../../../README.md#checked-requirements) @@ -25,11 +26,16 @@ Checked in - astm
.f3411
.v22a
+ astm
.f3411
.v22a
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml index 576c701f3f..a6dde142cf 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml @@ -7,8 +7,14 @@ resources: utm_client_identity: resources.communications.ClientIdentityResource isa: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: + - test_scenario: + scenario_type: scenarios.astm.netrid.v22a.dss.EndpointEncryption + resources: + dss: dss + test_search_area: acceptable_search_area - test_scenario: scenario_type: scenarios.astm.netrid.v22a.dss.ISASimple resources: diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md index e7cd7252a0..63dc463cf2 100644 --- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md +++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md @@ -21,11 +21,16 @@ Checked in - astm
.f3411
.v19
+ astm
.f3411
.v19
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030,a Implemented @@ -217,11 +222,16 @@ ASTM NetRID DSS: Concurrent Requests
ASTM NetRID DSS: ISA Expiry
ASTM NetRID DSS: ISA Subscription Interactions
ASTM NetRID DSS: Simple ISA
ASTM NetRID DSS: Submitted ISA Validations
ASTM NetRID DSS: Subscription Simple
ASTM NetRID DSS: Subscription Validation
ASTM NetRID DSS: Token Validation - astm
.f3411
.v22a
+ astm
.f3411
.v22a
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml index 01a5da0dfc..6a69db8b43 100644 --- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml +++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml @@ -11,6 +11,7 @@ resources: service_area: resources.netrid.ServiceAreaResource? planning_area: resources.astm.f3548.v21.PlanningAreaResource? problematically_big_area: resources.VerticesResource? + acceptable_search_area: resources.VerticesResource? second_utm_auth: resources.communications.AuthAdapterResource? flight_intents: resources.flight_planning.FlightIntentsResource? @@ -57,6 +58,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -70,6 +72,7 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances @@ -84,6 +87,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -97,6 +101,7 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.md b/monitoring/uss_qualifier/suites/uspace/network_identification.md index 84373e6627..f59661589d 100644 --- a/monitoring/uss_qualifier/suites/uspace/network_identification.md +++ b/monitoring/uss_qualifier/suites/uspace/network_identification.md @@ -17,11 +17,16 @@ Checked in - astm
.f3411
.v22a
+ astm
.f3411
.v22a
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml index f9dd59e48a..012bb40f36 100644 --- a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml +++ b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml @@ -10,6 +10,7 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - test_suite: @@ -25,6 +26,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Abort - test_scenario: diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.md b/monitoring/uss_qualifier/suites/uspace/required_services.md index 20054687de..0ad1c7e702 100644 --- a/monitoring/uss_qualifier/suites/uspace/required_services.md +++ b/monitoring/uss_qualifier/suites/uspace/required_services.md @@ -18,11 +18,16 @@ Checked in - astm
.f3411
.v22a
+ astm
.f3411
.v22a
DSS0010 Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.yaml b/monitoring/uss_qualifier/suites/uspace/required_services.yaml index e21216bc1e..8c74f3dfdd 100644 --- a/monitoring/uss_qualifier/suites/uspace/required_services.yaml +++ b/monitoring/uss_qualifier/suites/uspace/required_services.yaml @@ -25,6 +25,7 @@ resources: service_area: resources.netrid.ServiceAreaResource planning_area: resources.astm.f3548.v21.PlanningAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? local_resources: @@ -75,6 +76,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue participant_verifiable_capabilities: