From f1a0fe2b81f36c8db3d4c901812617e804ebc9a1 Mon Sep 17 00:00:00 2001 From: Julien Perrochet Date: Thu, 12 Oct 2023 10:04:24 +0200 Subject: [PATCH] [uss_qualifier] attach participant id to net0210 check, fix Issue #244 --- monitoring/monitorlib/fetch/rid.py | 14 ++- .../resources/netrid/service_providers.py | 25 ++-- .../astm/netrid/common/aggregate_checks.py | 7 +- .../astm/netrid/common/misbehavior.py | 107 ++++++++---------- .../astm/netrid/display_data_evaluator.py | 2 +- .../scenarios/astm/netrid/v19/misbehavior.md | 2 +- .../scenarios/astm/netrid/v22a/misbehavior.md | 2 +- .../suites/astm/netrid/f3411_19.md | 7 +- .../suites/astm/netrid/f3411_22a.md | 7 +- .../suites/uspace/network_identification.md | 7 +- .../suites/uspace/required_services.md | 7 +- 11 files changed, 110 insertions(+), 77 deletions(-) diff --git a/monitoring/monitorlib/fetch/rid.py b/monitoring/monitorlib/fetch/rid.py index 8d3867af11..82857034e4 100644 --- a/monitoring/monitorlib/fetch/rid.py +++ b/monitoring/monitorlib/fetch/rid.py @@ -1163,8 +1163,13 @@ def all_flights( session: UTMClientSession, dss_base_url: str = "", enhanced_details: bool = False, - server_id: Optional[str] = None, + dss_server_id: Optional[str] = None, + flights_urls_to_server_id: Optional[Dict[str, str]] = None, ) -> FetchedFlights: + + if flights_urls_to_server_id is None: + flights_urls_to_server_id = {} + t = datetime.datetime.utcnow() isa_list = isas( geo.get_latlngrect_vertices(area), @@ -1173,7 +1178,7 @@ def all_flights( rid_version, session, dss_base_url, - server_id=server_id, + server_id=dss_server_id, ) uss_flight_queries: Dict[str, FetchedUSSFlights] = {} @@ -1185,7 +1190,8 @@ def all_flights( include_recent_positions, rid_version, session, - server_id=server_id, + # TODO we need an exact match of the flight url for this to work here + server_id=flights_urls_to_server_id.get(flights_url, None), ) uss_flight_queries[flights_url] = flights_for_url @@ -1197,7 +1203,7 @@ def all_flights( enhanced_details, rid_version, session, - server_id=server_id, + server_id=flights_urls_to_server_id.get(flights_url, None), ) uss_flight_details_queries[flight.id] = details diff --git a/monitoring/uss_qualifier/resources/netrid/service_providers.py b/monitoring/uss_qualifier/resources/netrid/service_providers.py index 76c02a981f..491a2c65b1 100644 --- a/monitoring/uss_qualifier/resources/netrid/service_providers.py +++ b/monitoring/uss_qualifier/resources/netrid/service_providers.py @@ -20,6 +20,12 @@ class ServiceProviderConfiguration(ImplicitDict): injection_base_url: str """Base URL for the Service Provider's implementation of the interfaces/automated-testing/rid/injection.yaml API""" + # TODO confirm that: + # 1, this is fine to have in the configuration? + # 2, we should instaed use a list of flight urls here? SPs could in theory use multiple ones + flights_url: str + """URL the Service Provider will register with the DSS for providing flights information.""" + local_debug: Optional[bool] """Whether this Service Provider instance is running locally for debugging or development purposes. Mostly used for relaxing constraints around encryption. @@ -41,25 +47,30 @@ class NetRIDServiceProvidersSpecification(ImplicitDict): class NetRIDServiceProvider(object): participant_id: str - base_url: str - client: infrastructure.UTMClientSession + injection_base_url: str + flights_url: str + flights_injection_client: infrastructure.UTMClientSession local_debug: bool def __init__( self, participant_id: str, - base_url: str, + injection_base_url: str, + flights_url: str, auth_adapter: infrastructure.AuthAdapter, local_debug: bool, ): self.participant_id = participant_id - self.base_url = base_url - self.client = infrastructure.UTMClientSession(base_url, auth_adapter) + self.injection_base_url = injection_base_url + self.flights_url = flights_url + self.flights_injection_client = infrastructure.UTMClientSession( + injection_base_url, auth_adapter + ) self.local_debug = local_debug def submit_test(self, request: CreateTestParameters, test_id: str) -> fetch.Query: return fetch.query_and_describe( - self.client, + self.flights_injection_client, "PUT", url=f"/tests/{test_id}", json=request, @@ -69,7 +80,7 @@ def submit_test(self, request: CreateTestParameters, test_id: str) -> fetch.Quer def delete_test(self, test_id: str, version: str) -> fetch.Query: return fetch.query_and_describe( - self.client, + self.flights_injection_client, "DELETE", url=f"/tests/{test_id}/{version}", scope=SCOPE_RID_QUALIFIER_INJECT, diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py b/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py index 9edd3b416e..b61f0d9f1e 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/common/aggregate_checks.py @@ -51,7 +51,10 @@ def __init__( # identify SPs and observers by their base URL self._participants_by_base_url.update( - {sp.base_url: sp.participant_id for sp in self._service_providers} + {sp.injection_base_url: sp.participant_id for sp in self._service_providers} + ) + self._participants_by_base_url.update( + {sp.flights_url: sp.participant_id for sp in self._service_providers} ) self._participants_by_base_url.update( {dp.base_url: dp.participant_id for dp in self._observers} @@ -101,7 +104,7 @@ def run(self): for sp in self._service_providers: self.record_note( "service_providers", - f"configured service providers: {sp.participant_id} - {sp.base_url}", + f"configured service providers: {sp.participant_id} - {sp.injection_base_url}", ) for o in self._observers: diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/common/misbehavior.py b/monitoring/uss_qualifier/scenarios/astm/netrid/common/misbehavior.py index a6fada8caf..577d45a782 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/common/misbehavior.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/common/misbehavior.py @@ -1,23 +1,16 @@ import time import traceback -import uuid -from typing import List +from typing import List, Dict import arrow import s2sphere -from implicitdict import ImplicitDict from loguru import logger from requests.exceptions import RequestException -from uas_standards.interuss.automated_testing.rid.v1.injection import ChangeTestResponse from monitoring.monitorlib import fetch from monitoring.monitorlib.fetch import rid from monitoring.monitorlib.infrastructure import UTMClientSession from monitoring.monitorlib.rid import RIDVersion -from monitoring.monitorlib.rid_automated_testing.injection_api import ( - CreateTestParameters, -) -from monitoring.monitorlib.rid_automated_testing.injection_api import TestFlight from monitoring.uss_qualifier.common_data_definitions import Severity from monitoring.uss_qualifier.resources.astm.f3411.dss import DSSInstancesResource from monitoring.uss_qualifier.resources.netrid import ( @@ -25,18 +18,11 @@ NetRIDServiceProviders, EvaluationConfigurationResource, ) -from monitoring.uss_qualifier.scenarios.astm.netrid import display_data_evaluator from monitoring.uss_qualifier.scenarios.astm.netrid.common import nominal_behavior -from monitoring.uss_qualifier.scenarios.astm.netrid.injected_flight_collection import ( - InjectedFlightCollection, -) from monitoring.uss_qualifier.scenarios.astm.netrid.injection import ( InjectedFlight, InjectedTest, ) -from monitoring.uss_qualifier.scenarios.astm.netrid.virtual_observer import ( - VirtualObserver, -) from monitoring.uss_qualifier.scenarios.scenario import GenericTestScenario @@ -50,6 +36,7 @@ class Misbehavior(GenericTestScenario): _evaluation_configuration: EvaluationConfigurationResource _injected_flights: List[InjectedFlight] _injected_tests: List[InjectedTest] + _flights_urls_to_participant_id: Dict[str, str] def __init__( self, @@ -70,6 +57,11 @@ def __init__( ) self._dss = dss_pool.dss_instances[0] + self._flights_urls_to_participant_id = { + sp.flights_url: sp.participant_id + for sp in self._service_providers.service_providers + } + @property def _rid_version(self) -> RIDVersion: raise NotImplementedError( @@ -167,52 +159,53 @@ def _evaluate_and_test_authentication( no flights were yet returned by the authenticated queries. """ - with self.check("Missing credentials") as check: - # We grab all flights from the SP's. This is authenticated - # and is expected to succeed - sp_observation = rid.all_flights( - rect, - include_recent_positions=True, - get_details=True, - rid_version=self._rid_version, - session=self._dss.client, - server_id=self._dss.participant_id, - ) - # We fish out the queries that were used to grab the flights from the SP, - # and attempt to re-query without credentials. This should fail. + # We grab all flights from the SP's (which we know how to reach by first querying the DSS). + # This is authenticated and is expected to succeed + sp_observation = rid.all_flights( + rect, + include_recent_positions=True, + get_details=True, + rid_version=self._rid_version, + session=self._dss.client, + dss_server_id=self._dss.participant_id, + flights_urls_to_server_id=self._flights_urls_to_participant_id, + ) - unauthenticated_session = UTMClientSession( - prefix_url=self._dss.client.get_prefix_url(), - auth_adapter=None, - timeout_seconds=self._dss.client.timeout_seconds, - ) + # We fish out the queries that were used to grab the flights from the SP, + # and attempt to re-query without credentials. This should fail. + unauthenticated_session = UTMClientSession( + prefix_url=self._dss.client.get_prefix_url(), + auth_adapter=None, + timeout_seconds=self._dss.client.timeout_seconds, + ) - queries_to_repeat = list(sp_observation.uss_flight_queries.values()) + list( - sp_observation.uss_flight_details_queries.values() - ) + queries_to_repeat = list(sp_observation.uss_flight_queries.values()) + list( + sp_observation.uss_flight_details_queries.values() + ) - if len(queries_to_repeat) == 0: - logger.debug("no flights queries to repeat at this point.") - return False + if len(queries_to_repeat) == 0: + logger.debug("no flights queries to repeat at this point.") + return False - logger.debug( - f"about to repeat {len(queries_to_repeat)} flights queries without credentials" - ) + logger.debug( + f"about to repeat {len(queries_to_repeat)} flights queries without credentials" + ) - # Attempt to re-query the flights and flight details URLs: - for fq in queries_to_repeat: - failed_q = fetch.query_and_describe( - client=unauthenticated_session, - verb=fq.query.request.method, - url=fq.query.request.url, - json=fq.query.request.json, - data=fq.query.request.body, - server_id=self._dss.participant_id, - ) - logger.info( - f"Repeating query to {fq.query.request.url} without credentials" - ) - server_id = fq.query.get("server_id", "unknown") + # Attempt to re-query the flights and flight details URLs: + for fq in queries_to_repeat: + failed_q = fetch.query_and_describe( + client=unauthenticated_session, + verb=fq.query.request.method, + url=fq.query.request.url, + json=fq.query.request.json, + data=fq.query.request.body, + server_id=self._dss.participant_id, + ) + logger.info( + f"Repeating query to {fq.query.request.url} without credentials" + ) + server_id = fq.query.get("server_id", "unknown") + with self.check("Missing credentials", [server_id]) as check: if failed_q.response.code not in [401, 403]: check.record_failed( "unauthenticated request was fulfilled", @@ -227,7 +220,7 @@ def _evaluate_and_test_authentication( # Keep track of the failed queries, too self.record_query(failed_q) - return True + return True def cleanup(self): self.begin_cleanup() diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/display_data_evaluator.py b/monitoring/uss_qualifier/scenarios/astm/netrid/display_data_evaluator.py index c64257741f..206f30cc65 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/display_data_evaluator.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/display_data_evaluator.py @@ -239,7 +239,7 @@ def evaluate_system_instantaneously( get_details=True, rid_version=self._rid_version, session=self._dss.client, - server_id=self._dss.participant_id, + dss_server_id=self._dss.participant_id, ) for q in sp_observation.queries: self._test_scenario.record_query(q) diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/misbehavior.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/misbehavior.md index 0602647f31..537364b92f 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/misbehavior.md +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/misbehavior.md @@ -48,7 +48,7 @@ It then repeats the exact same request while omitting the credentials, and expec #### Missing credentials check -This check ensures that all requests are properly authenticated, as required by **[astm.f3411.v19.NET0500](../../../../requirements/astm/f3411/v19.md)**, +This check ensures that all requests are properly authenticated, as required by **[astm.f3411.v19.NET0210](../../../../requirements/astm/f3411/v19.md)**, and that requests for existing flights that are executed with missing or incorrect credentials fail. ## Cleanup diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/misbehavior.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/misbehavior.md index d94a021a73..5089d9d23c 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/misbehavior.md +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/misbehavior.md @@ -48,7 +48,7 @@ It then repeats the exact same request while omitting the credentials, and expec #### Missing credentials check -This check ensures that all requests are properly authenticated, as required by **[astm.f3411.v22a.NET0500](../../../../requirements/astm/f3411/v22a.md)**, +This check ensures that all requests are properly authenticated, as required by **[astm.f3411.v22a.NET0210](../../../../requirements/astm/f3411/v22a.md)**, and that requests for existing flights that are executed with missing or incorrect credentials fail. ## Cleanup diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md index 4a00bf06f7..c354bb768e 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md @@ -21,7 +21,7 @@ Checked in - astm
.f3411
.v19
+ astm
.f3411
.v19
A2-6-1,1a Implemented ASTM F3411-19 NetRID DSS interoperability @@ -186,6 +186,11 @@ TODO ASTM NetRID: Operator interactions + + NET0210 + Implemented + ASTM NetRID SP clients misbehavior handling + NET0220 Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md index b0d5e2fbc9..d605e67cea 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md @@ -21,7 +21,7 @@ Checked in - astm
.f3411
.v22a
+ astm
.f3411
.v22a
A2-6-1,1a Implemented ASTM F3411-22a NetRID DSS interoperability @@ -186,6 +186,11 @@ TODO ASTM NetRID: Operator interactions + + NET0210 + Implemented + ASTM NetRID SP clients misbehavior handling + NET0220 Implemented diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.md b/monitoring/uss_qualifier/suites/uspace/network_identification.md index ddee175bc9..b9390d4cf8 100644 --- a/monitoring/uss_qualifier/suites/uspace/network_identification.md +++ b/monitoring/uss_qualifier/suites/uspace/network_identification.md @@ -16,7 +16,7 @@ Checked in - astm
.f3411
.v22a
+ astm
.f3411
.v22a
A2-6-1,1a Implemented ASTM F3411-22a NetRID DSS interoperability @@ -181,6 +181,11 @@ TODO ASTM NetRID: Operator interactions + + NET0210 + Implemented + ASTM NetRID SP clients misbehavior handling + NET0220 Implemented diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.md b/monitoring/uss_qualifier/suites/uspace/required_services.md index a690bb7ab8..e12bff6a33 100644 --- a/monitoring/uss_qualifier/suites/uspace/required_services.md +++ b/monitoring/uss_qualifier/suites/uspace/required_services.md @@ -17,7 +17,7 @@ Checked in - astm
.f3411
.v22a
+ astm
.f3411
.v22a
A2-6-1,1a Implemented ASTM F3411-22a NetRID DSS interoperability @@ -182,6 +182,11 @@ TODO ASTM NetRID: Operator interactions + + NET0210 + Implemented + ASTM NetRID SP clients misbehavior handling + NET0220 Implemented