Skip to content

Commit

Permalink
[uss_qualifier] constraint reference endpoint authentication checks
Browse files Browse the repository at this point in the history
  • Loading branch information
Shastick committed Aug 13, 2024
1 parent 8b760a6 commit ed3c9a9
Show file tree
Hide file tree
Showing 4 changed files with 768 additions and 2 deletions.
2 changes: 1 addition & 1 deletion monitoring/uss_qualifier/resources/astm/f3548/v21/dss.py
Original file line number Diff line number Diff line change
Expand Up @@ -725,7 +725,7 @@ def participant_id(self) -> str:
def base_url(self) -> str:
return self._specification.base_url

def get_authorized_scope_not_in(self, ignored_scopes: List[str]) -> Optional[str]:
def get_authorized_scope_not_in(self, ignored_scopes: List[str]) -> Optional[Scope]:
"""Returns a scope that this DSS Resource is allowed to use but that is not any of the ones that are passed
in 'ignored_scopes'. If no such scope is found, None is returned.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ At least one of the following scopes needs to be available for this scenario to

- `utm.strategic_coordination`
- `utm.availability_arbitration`
- `utm.constraint_management`

In order to verify each endpoint group, all scopes above must be available.

Expand Down Expand Up @@ -387,6 +388,146 @@ it is in violation of **[astm.f3548.v21.DSS0100,1](../../../../../requirements/a
The response to a successful USS Availability Set request is expected to conform to the format defined by the OpenAPI specification under the `A3.1` Annex of ASTM F3548−21,
otherwise, the DSS is failing to implement **[astm.f3548.v21.DSS0100,1](../../../../../requirements/astm/f3548/v21.md)**.

### Constraint reference endpoints authentication test step

#### 🛑 Unauthorized requests return the proper error message body check

If the DSS under test does not return a proper error message body when an unauthorized request is received,
it fails to properly implement the OpenAPI specification that is part of **[astm.f3548.v21.DSS0005,3](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with missing credentials check

If the DSS under test allows the creation of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with invalid credentials check

If the DSS under test allows the creation of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with missing scope check

If the DSS under test allows the creation of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with incorrect scope check

If the DSS under test allows the creation of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Create constraint reference with valid credentials check

If the DSS does not allow the creation of a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### [Create response format](../fragments/cr/crud/create_format.md)

Check response format of a creation request.

#### 🛑 Get constraint reference with missing credentials check

If the DSS under test allows the fetching of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with invalid credentials check

If the DSS under test allows the fetching of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with missing scope check

If the DSS under test allows the fetching of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with incorrect scope check

If the DSS under test allows the fetching of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Get constraint reference with valid credentials check

If the DSS does not allow fetching a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with missing credentials check

If the DSS under test allows the mutation of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with invalid credentials check

If the DSS under test allows the mutation of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with missing scope check

If the DSS under test allows the mutation of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with incorrect scope check

If the DSS under test allows the mutation of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Mutate constraint reference with valid credentials check

If the DSS does not allow the mutation of a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### [Mutate response format](../fragments/cr/crud/update_format.md)

Check response format of a mutation.

#### 🛑 Delete constraint reference with missing credentials check

If the DSS under test allows the deletion of a constraint reference without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with invalid credentials check

If the DSS under test allows the deletion of a constraint reference with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with missing scope check

If the DSS under test allows the deletion of a constraint reference with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with incorrect scope check

If the DSS under test allows the deletion of a constraint reference with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Delete constraint reference with valid credentials check

If the DSS does not allow the deletion of a constraint reference when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with missing credentials check

If the DSS under test allows searching for constraint references without any credentials being presented,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with invalid credentials check

If the DSS under test allows searching for constraint references with credentials that are well-formed but invalid,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with missing scope check

If the DSS under test allows searching for constraint references with valid credentials but a missing scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with incorrect scope check

If the DSS under test allows searching for constraint references with valid credentials but an incorrect scope,
it is in violation of **[astm.f3548.v21.DSS0210,A2-7-2,7](../../../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Search constraint references with valid credentials check

If the DSS does not allow searching for constraint references when valid credentials are presented,
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../../../requirements/astm/f3548/v21.md)**.

## [Cleanup](../clean_workspace.md)

### [Availability can be requested](../fragments/availability/read.md)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@
from monitoring.uss_qualifier.scenarios.astm.utm.dss.authentication.availability_api_validator import (
AvailabilityAuthValidator,
)
from monitoring.uss_qualifier.scenarios.astm.utm.dss.authentication.cr_api_validator import (
ConstraintRefAuthValidator,
)
from monitoring.uss_qualifier.scenarios.astm.utm.dss.authentication.generic import (
GenericAuthValidator,
)
Expand Down Expand Up @@ -59,6 +62,7 @@ class AuthenticationValidation(TestScenario):

_scd_dss: Optional[DSSInstance] = None
_availability_dss: Optional[DSSInstance] = None
_constraints_dss: Optional[DSSInstance] = None

def __init__(
self,
Expand Down Expand Up @@ -119,6 +123,27 @@ def __init__(
availability_scopes = None
self._wrong_scope_for_availability = None

if dss.can_use_scope(Scope.ConstraintManagement):
constraints_scopes = {
Scope.ConstraintManagement: "Create, update, and delete constraints",
}

self._wrong_scope_for_constraints = dss.get_authorized_scope_not_in(
[
Scope.ConstraintManagement, # Allowed to get and update
Scope.ConstraintProcessing, # Allowed to get
"", # Already Used for empty scope testing
]
)

if self._wrong_scope_for_constraints is not None:
constraints_scopes[
self._wrong_scope_for_constraints
] = "Attempt to query constraints with wrong scope"
else:
constraints_scopes = None
self._wrong_scope_for_constraints = None

self._test_missing_scope = False
if dss.can_use_scope(""):
# Add empty scope to every map when they are non-empty:
Expand All @@ -131,6 +156,10 @@ def __init__(
availability_scopes[
""
] = "Attempt to query availability with missing scope"
if constraints_scopes:
constraints_scopes[
""
] = "Attempt to query constraints with missing scope"
self._test_missing_scope = True

# Note: .get_instance should be called once we know every scope we will need,
Expand All @@ -139,6 +168,8 @@ def __init__(
# and skip .get_instance altogether (otherwise the scenario would not be run)
if scd_scopes:
self._scd_dss = dss.get_instance(scd_scopes)
if constraints_scopes:
self._constraints_dss = dss.get_instance(constraints_scopes)
if availability_scopes:
self._availability_dss = dss.get_instance(availability_scopes)

Expand All @@ -162,7 +193,11 @@ def __init__(
self._scd_dss.base_url, auth_adapter=InvalidTokenSignatureAuth()
)

if not self._scd_dss and not self._availability_dss:
if (
not self._scd_dss
and not self._constraints_dss
and not self._availability_dss
):
raise MissingResourceError(
f"AuthAdapterResource provided to {fullname(type(self))} has none of the required scopes for this scenario.",
"<unknown>",
Expand Down Expand Up @@ -269,6 +304,37 @@ def run(self, context: ExecutionContext):
else:
self.record_note("availability", "Skipping Availability endpoints")

if self._constraints_dss:
self.record_note("constraints", "Testing Constraint Reference endpoints")
self.begin_test_step("Constraint reference endpoints authentication")
if self._wrong_scope_for_constraints:
self.record_note(
"constraints_wrong_scope",
f"Incorrect scope testing enabled with scope {self._wrong_scope_for_constraints}.",
)
else:
self.record_note(
"constraints_wrong_scope", "Incorrect scope testing disabled."
)
cr_validator = ConstraintRefAuthValidator(
scenario=self,
generic_validator=GenericAuthValidator(
self, self._constraints_dss, Scope.ConstraintManagement
),
dss=self._constraints_dss,
test_id=self._test_id,
planning_area=self._planning_area,
planning_area_volume4d=self._planning_area_volume4d,
no_auth_session=self._no_auth_session,
invalid_token_session=self._invalid_token_session,
test_wrong_scope=self._wrong_scope_for_constraints,
test_missing_scope=self._test_missing_scope,
)
cr_validator.verify_cr_endpoints_authentication()
self.end_test_step()
else:
self.record_note("constraints", "Skipping Constraint Reference endpoints")

self.end_test_case()
self.end_test_scenario()

Expand Down
Loading

0 comments on commit ed3c9a9

Please sign in to comment.