Skip to content

Commit

Permalink
[uss_qualifier] constraint reference endpoint authentication checks
Browse files Browse the repository at this point in the history
  • Loading branch information
Shastick committed Aug 7, 2024
1 parent cac1298 commit ed0ff98
Show file tree
Hide file tree
Showing 5 changed files with 937 additions and 141 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -387,6 +387,21 @@ function(env) {
},
},
},
{
applicability: {
// We also want to make sure we don't skip more scenarios that we should
skipped_actions: {},
},
pass_condition: {
elements: {
count: {
// We currently expect this amount of skipped scenarios: making it an equality
// to make sure this is reduced if some scenarios start to be executed
equal_to: 7,
},
},
},
},
], // criteria
}, // validation
}, // v1
Expand Down
2 changes: 1 addition & 1 deletion monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py
Original file line number Diff line number Diff line change
Expand Up @@ -725,7 +725,7 @@ def participant_id(self) -> str:
def base_url(self) -> str:
return self._specification.base_url

def get_authorized_scope_not_in(self, ignored_scopes: List[str]) -> Optional[str]:
def get_authorized_scope_not_in(self, ignored_scopes: List[str]) -> Optional[Scope]:
"""Returns a scope that this DSS Resource is allowed to use but that is not any of the ones that are passed
in 'ignored_scopes'. If no such scope is found, None is returned.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,21 @@ Note that this does not cover authorization.
[`DSSInstanceResource`](../../../../../resources/astm/f3548/v21/dss.py) to be tested in this scenario.

Note that to benefit from the maximum coverage, the DSS' AuthAdapterResource must be able to obtain credentials
for multiple scopes (so that a wrong scope may be used in place of the correct one) as well as an empty scope (that is, provide credentials where the scope is an empty string).
for multiple scopes (so that a wrong scope may be used in place of the correct one) as well as an empty scope
(that is, provide credentials where the scope is an empty string).

This scenario will check for the scope's availability and transparently ignore checks that can't be conducted.

Required scopes for running this scenario:
At least one of the following scopes needs to be available for this scenario to at least partially run:

- `utm.strategic_coordination`
- `utm.constraint_management`
- `utm.availability_arbitration`

In order to verify each endpoint group, all scopes above must be available.

Optional scopes that will allow the scenario to provide additional coverage:

- `utm.availability_arbitration`
- `""` (empty string)

### id_generator
Expand Down Expand Up @@ -317,6 +321,146 @@ it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../require
If the DSS does not allow searching for operational intents when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

### Constraint reference endpoints authentication test step

#### 🛑 Unauthorized requests return the proper error message body check

If the DSS under test does not return a proper error message body when an unauthorized request is received,
it fails to properly implement the OpenAPI specification that is part of **[astm.f3548.v21.DSS0005,3](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with missing credentials check

If the DSS under test allows the creation of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with invalid credentials check

If the DSS under test allows the creation of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with missing scope check

If the DSS under test allows the creation of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with incorrect scope check

If the DSS under test allows the creation of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with valid credentials check

If the DSS does not allow the creation of a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### [Create response format](../fragments/cr/crud/create_format.md)

Check response format of a creation request.

#### 🛑 Get constraint reference with missing credentials check

If the DSS under test allows the fetching of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with invalid credentials check

If the DSS under test allows the fetching of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with missing scope check

If the DSS under test allows the fetching of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with incorrect scope check

If the DSS under test allows the fetching of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with valid credentials check

If the DSS does not allow fetching a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with missing credentials check

If the DSS under test allows the mutation of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with invalid credentials check

If the DSS under test allows the mutation of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with missing scope check

If the DSS under test allows the mutation of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with incorrect scope check

If the DSS under test allows the mutation of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with valid credentials check

If the DSS does not allow the mutation of a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### [Mutate response format](../fragments/cr/crud/update_format.md)

Check response format of a mutation.

#### 🛑 Delete constraint reference with missing credentials check

If the DSS under test allows the deletion of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with invalid credentials check

If the DSS under test allows the deletion of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with missing scope check

If the DSS under test allows the deletion of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with incorrect scope check

If the DSS under test allows the deletion of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with valid credentials check

If the DSS does not allow the deletion of a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with missing credentials check

If the DSS under test allows searching for constraint references without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with invalid credentials check

If the DSS under test allows searching for constraint references with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with missing scope check

If the DSS under test allows searching for constraint references with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with incorrect scope check

If the DSS under test allows searching for constraint references with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with valid credentials check

If the DSS does not allow searching for constraint references when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

### Availability endpoints authentication test step

#### 🛑 Unauthorized requests return the proper error message body check
Expand Down
Loading

0 comments on commit ed0ff98

Please sign in to comment.