From 2311d590cc3460d0c84d45b4e9cdc1ca7510456b Mon Sep 17 00:00:00 2001 From: Julien Perrochet Date: Thu, 31 Oct 2024 15:48:28 +0100 Subject: [PATCH 1/4] [uss_qualifier] netrid: DSS0020 - check DSS endpoints are encrypted --- .../configurations/dev/dss_probing.yaml | 3 +- .../configurations/dev/library/resources.yaml | 14 ++ .../configurations/dev/netrid_v19.yaml | 2 + .../configurations/dev/netrid_v22a.yaml | 2 + .../configurations/dev/uspace.yaml | 5 +- .../netrid/common/dss/endpoint_encryption.py | 169 ++++++++++++++++++ .../scenarios/astm/netrid/v19/dss/__init__.py | 1 + .../netrid/v19/dss/endpoint_encryption.md | 51 ++++++ .../netrid/v19/dss/endpoint_encryption.py | 8 + .../astm/netrid/v22a/dss/__init__.py | 1 + .../netrid/v22a/dss/endpoint_encryption.md | 39 ++++ .../netrid/v22a/dss/endpoint_encryption.py | 8 + .../suites/astm/netrid/f3411_19.md | 5 + .../suites/astm/netrid/f3411_19.yaml | 3 + .../astm/netrid/f3411_19/dss_probing.md | 26 +-- .../astm/netrid/f3411_19/dss_probing.yaml | 6 + .../suites/astm/netrid/f3411_22a.md | 5 + .../suites/astm/netrid/f3411_22a.yaml | 4 + .../astm/netrid/f3411_22a/dss_probing.md | 26 +-- .../astm/netrid/f3411_22a/dss_probing.yaml | 6 + .../suites/interuss/dss/all_tests.md | 10 ++ .../suites/interuss/dss/all_tests.yaml | 5 + .../suites/uspace/network_identification.md | 5 + .../suites/uspace/network_identification.yaml | 2 + .../suites/uspace/required_services.md | 5 + .../suites/uspace/required_services.yaml | 2 + 26 files changed, 390 insertions(+), 23 deletions(-) create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md create mode 100644 monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py diff --git a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml index 57047b0c01..41eb7eb97b 100644 --- a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml +++ b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml @@ -6,7 +6,7 @@ v1: kentland_service_area: { $ref: 'library/resources.yaml#/kentland_service_area' } kentland_planning_area: { $ref: 'library/resources.yaml#/kentland_planning_area' } kentland_problematically_big_area: { $ref: 'library/resources.yaml#/kentland_problematically_big_area' } - + kentland_acceptable_search_area: { $ref: 'library/resources.yaml#/kentland_acceptable_search_area' } utm_auth: { $ref: 'library/environment.yaml#/utm_auth' } second_utm_auth: {$ref: 'library/environment.yaml#/second_utm_auth'} utm_client_identity: { $ref: 'library/resources.yaml#/utm_client_identity' } @@ -35,6 +35,7 @@ v1: service_area: kentland_service_area planning_area: kentland_planning_area problematically_big_area: kentland_problematically_big_area + acceptable_search_area: kentland_acceptable_search_area second_utm_auth: second_utm_auth flight_intents: che_non_conflicting_flights test_exclusions: test_exclusions diff --git a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml index 5b3a48093f..fa2df41441 100644 --- a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml +++ b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml @@ -41,6 +41,20 @@ kentland_service_area: time_start: '2023-01-10T00:00:01.123456+00:00' time_end: '2023-01-10T01:00:01.123456+00:00' +kentland_acceptable_search_area: + dependencies: { } + resource_type: resources.VerticesResource + specification: + vertices: + - lat: 37.1853 + lng: -80.614 + - lat: 37.2148 + lng: -80.614 + - lat: 37.2148 + lng: -80.544 + - lat: 37.1853 + lng: -80.544 + kentland_planning_area: $content_schema: monitoring/uss_qualifier/resources/definitions/ResourceDeclaration.json resource_type: resources.astm.f3548.v21.PlanningAreaResource diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml index 155e4eccea..5442d8fa90 100644 --- a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml +++ b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml @@ -8,6 +8,7 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} + kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -34,6 +35,7 @@ v1: id_generator: id_generator service_area: kentland_service_area problematically_big_area: au_problematically_big_area + acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml index 6c8883c988..1056bec2dc 100644 --- a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml +++ b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml @@ -8,6 +8,7 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} + kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -34,6 +35,7 @@ v1: id_generator: id_generator service_area: kentland_service_area problematically_big_area: au_problematically_big_area + acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/configurations/dev/uspace.yaml b/monitoring/uss_qualifier/configurations/dev/uspace.yaml index 0d9f03d7b9..2b8f07ac7d 100644 --- a/monitoring/uss_qualifier/configurations/dev/uspace.yaml +++ b/monitoring/uss_qualifier/configurations/dev/uspace.yaml @@ -14,6 +14,7 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} + kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -73,7 +74,7 @@ v1: service_area: kentland_service_area planning_area: che_planning_area problematically_big_area: au_problematically_big_area - + acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions specification: mock_uss_instances_source: mock_uss_instances @@ -106,7 +107,7 @@ v1: service_area: service_area planning_area: planning_area problematically_big_area: problematically_big_area - + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py new file mode 100644 index 0000000000..1d14b64582 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py @@ -0,0 +1,169 @@ +import errno +import socket +from urllib.parse import urlparse + +import requests +from future.backports.datetime import datetime + +from monitoring.monitorlib import infrastructure +from monitoring.monitorlib.fetch import rid as fetch +from monitoring.uss_qualifier.resources import VerticesResource +from monitoring.uss_qualifier.resources.astm.f3411.dss import DSSInstanceResource +from monitoring.uss_qualifier.scenarios.scenario import GenericTestScenario +from monitoring.uss_qualifier.suites.suite import ExecutionContext + + +class EndpointEncryption(GenericTestScenario): + """ + Ensures that the endpoints of a DSS are not accessible unencrypted: + - HTTP access should be impossible or redirect to HTTPS + - HTTPS access should be possible + + TODO: add a check for minimal cipher strength to a 128bit AES equivalent or more. + """ + + def __init__( + self, + dss: DSSInstanceResource, + test_search_area: VerticesResource, + ): + super().__init__() + self._dss = dss.dss_instance + self._search_area = [ + v.as_s2sphere() for v in test_search_area.specification.vertices + ] + + self._parsed_url = urlparse(self._dss.base_url) + self._hostname = self._parsed_url.hostname + + self._http_base_url = f"http://{self._hostname}/{self._parsed_url.path}" + + def run(self, context: ExecutionContext): + self.begin_test_scenario(context) + + if self._hostname is None: + self.record_note( + "hostname", + "Cannot check encryption requirement when DSS hostname is unspecified", + ) + self.end_test_scenario() + return + + if not self._dss.base_url.startswith("https://"): + self.record_note( + "encrypted_endpoints", + "Cannot check encryption requirement when DSS endpoint is specified with an http:// base URL", + ) + self.end_test_scenario() + return + + self._case_http_unavailable_or_redirect() + self._case_https_works() + + self.end_test_scenario() + + def _case_http_unavailable_or_redirect(self): + self.begin_test_case("Connect to HTTP port") + self.begin_test_step("Attempt GET on root path via HTTP") + + with self.check( + "Connection to HTTP port fails or redirects to HTTPS port", + self._dss.participant_id, + ) as check: + try: + response = requests.get( + self._http_base_url, + timeout=10, + allow_redirects=False, + ) + _check_is_redirect(self._parsed_url, check, response) + except socket.error as e: + if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]: + check.record_failed( + "Connection to HTTP port failed for the unexpected reason", + details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.", + ) + + self.begin_test_step("Attempt GET on a known valid path via HTTP") + + with self.check( + "Connection to HTTP port fails or redirects to HTTPS port", + self._dss.participant_id, + ) as check: + try: + response = fetch.isas( + area=self._search_area, + start_time=datetime.now(), + end_time=datetime.now() + datetime.timedelta(days=1), + rid_version=self._dss.rid_version, + session=infrastructure.UTMClientSession( + self._http_base_url, self._dss.client.auth_adapter + ), + participant_id=self._dss.participant_id, + ) + _check_is_redirect(self._parsed_url, check, response) + except socket.error as e: + if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]: + check.record_failed( + "Connection to HTTP port failed for the unexpected reason", + details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.", + ) + + self.end_test_step() + self.end_test_case() + + def _case_https_works(self): + parsed_url = urlparse(self._dss.base_url) + hostname = parsed_url.hostname + + self.begin_test_case("Connect to HTTPS port") + self.begin_test_step("Attempt GET on root path via HTTP test") + + if hostname is not None: + with self.check( + "Connection fails or response redirects to HTTPS endpoint", + self._dss.participant_id, + ) as check: + try: + requests.get( + f"https://{hostname}/{parsed_url.path}", + timeout=10, + allow_redirects=False, + ) + # We don't care about the response details, just that the connection was successful + # (a 404 would still indicate that HTTPS is working well) + except requests.RequestException as e: + check.record_failed( + "Connection to HTTPS port failed", + details=f"Encountered exception while attempting HTTPS request: {e}", + ) + + self.end_test_step() + self.end_test_case() + + +def _check_is_redirect(parsed_url, check, response): + # If we can connect, we want to check that we are being redirected: + # (a 4XX response is already a form of communication that we don't want in cleartext) + if response.status_code not in [301, 302, 307, 308]: + check.record_failed( + "Connection to HTTP port did not redirect", + details=f"Was expecting a 301 or 308 response, but obtained status code: {response.status_code}", + ) + if "Location" not in response.headers: + check.record_failed( + "Location header missing in redirect response", + details="Was expecting a Location header in the response, but it was not present", + ) + if response.headers.get("Location").startswith("http://"): + check.record_failed( + "Connection to HTTP port redirected to HTTP", + details=f"Was expecting a redirection to an https:// URL. Location header: {response.headers.get('Location')}", + ) + if not response.headers.get("Location").startswith( + f"https://{parsed_url.hostname}/{parsed_url.path}" + ): + check.record_failed( + "Redirect to unexpected destination", + details=f"Was expecting a redirection to https://{parsed_url.hostname}/{parsed_url.path}, was {response.headers.get('Location')}", + ) diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py index a89cb054cb..d004702b51 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/__init__.py @@ -7,3 +7,4 @@ from .token_validation import TokenValidation from .crdb_access import CRDBAccess from .heavy_traffic_concurrent import HeavyTrafficConcurrent +from .endpoint_encryption import EndpointEncryption diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md new file mode 100644 index 0000000000..ada85050b7 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md @@ -0,0 +1,51 @@ +# ASTM NetRID DSS: Endpoint encryption test scenario + +## Overview + +Ensures that a DSS only exposes its endpoints via HTTPS. + +## Resources + +### dss + +[`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario. + +### test_search_area + +[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query. + +## Connect to HTTP port test case + +Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection, +or a redirection to the https port (443). + +Note: this test case will be skipped if the DSS instance is configured to use HTTP. + +### Attempt GET on root path via HTTP test step + +This test step attempts an HTTP GET request on the root path of the DSS instance, using plain HTTP, +and expects either a connection refusal or a redirection to the equivalent HTTPS URL. + +#### 🛑 Connection fails or response redirects to HTTPS endpoint check + +If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port +upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. + +### Attempt GET on a known valid path via HTTP test step + +This test step attempts an HTTP GET request on a known valid path by searching for ISAs in the configured planning area. + +#### 🛑 Connection fails or response redirects to HTTPS endpoint check + +If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port +upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. + +## Connect to HTTPS port test case + +Try to connect to the DSS instance over HTTPS. + +### Attempt to connect to the DSS instance on the HTTPS port test step + +#### 🛑 A request can be sent over HTTPS check + +If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py new file mode 100644 index 0000000000..0732eb04d2 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.py @@ -0,0 +1,8 @@ +from monitoring.uss_qualifier.scenarios.astm.netrid.common.dss.endpoint_encryption import ( + EndpointEncryption as CommonEndpointEncryption, +) +from monitoring.uss_qualifier.scenarios.scenario import TestScenario + + +class EndpointEncryption(TestScenario, CommonEndpointEncryption): + pass diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py index a89cb054cb..d004702b51 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/__init__.py @@ -7,3 +7,4 @@ from .token_validation import TokenValidation from .crdb_access import CRDBAccess from .heavy_traffic_concurrent import HeavyTrafficConcurrent +from .endpoint_encryption import EndpointEncryption diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md new file mode 100644 index 0000000000..bdeb75d84a --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md @@ -0,0 +1,39 @@ +# ASTM NetRID DSS: Endpoint encryption test scenario + +## Overview + +Ensures that a DSS only exposes its endpoints via HTTPS. + +## Resources + +### dss + +[`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario. + +### test_search_area + +[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query. + +## Connect to HTTP port test case + +Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection, +or a redirection to the https port (443). + +Note: this test case will be skipped if the DSS instance is configured to use HTTP. + +### Attempt to connect to the DSS instance on the HTTP port test step + +#### 🛑 Connection to HTTP port fails or redirects to HTTPS port check + +If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port +upon reception of an HTTP request, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. + +## Connect to HTTPS port test case + +Try to connect to the DSS instance over HTTPS. + +### Attempt to connect to the DSS instance on the HTTPS port test step + +#### 🛑 A request can be sent over HTTPS check + +If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py new file mode 100644 index 0000000000..0732eb04d2 --- /dev/null +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.py @@ -0,0 +1,8 @@ +from monitoring.uss_qualifier.scenarios.astm.netrid.common.dss.endpoint_encryption import ( + EndpointEncryption as CommonEndpointEncryption, +) +from monitoring.uss_qualifier.scenarios.scenario import TestScenario + + +class EndpointEncryption(TestScenario, CommonEndpointEncryption): + pass diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md index d8e43f13e9..1b6ccff012 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md @@ -26,6 +26,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030,a Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml index 8bba99aed7..f921fbd90b 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml @@ -10,6 +10,7 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - action_generator: @@ -21,6 +22,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -34,6 +36,7 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md index d3b2aec8f3..0bf69a74e2 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md @@ -4,16 +4,17 @@ ## [Actions](../../../README.md#actions) -1. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v19/dss/isa_simple.md) ([`scenarios.astm.netrid.v19.dss.ISASimple`](../../../../scenarios/astm/netrid/v19/dss/isa_simple.py)) -2. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v19/dss/isa_validation.md) ([`scenarios.astm.netrid.v19.dss.ISAValidation`](../../../../scenarios/astm/netrid/v19/dss/isa_validation.py)) -3. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.md) ([`scenarios.astm.netrid.v19.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.py)) -4. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v19.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.py)) -5. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.py)) -6. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.py)) -7. Scenario: [ASTM F3411-19 NetRID DSS interoperability](../../../../scenarios/astm/netrid/v19/dss_interoperability.md) ([`scenarios.astm.netrid.v19.DSSInteroperability`](../../../../scenarios/astm/netrid/v19/dss_interoperability.py)) -8. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v19/dss/token_validation.md) ([`scenarios.astm.netrid.v19.dss.TokenValidation`](../../../../scenarios/astm/netrid/v19/dss/token_validation.py)) -9. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v19/dss/crdb_access.md) ([`scenarios.astm.netrid.v19.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v19/dss/crdb_access.py)) -10. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v19.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.py)) +1. Scenario: [ASTM NetRID DSS: Endpoint encryption](../../../../scenarios/astm/netrid/v19/dss/endpoint_encryption.md) ([`scenarios.astm.netrid.v19.dss.EndpointEncryption`](../../../../scenarios/astm/netrid/v19/dss/endpoint_encryption.py)) +2. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v19/dss/isa_simple.md) ([`scenarios.astm.netrid.v19.dss.ISASimple`](../../../../scenarios/astm/netrid/v19/dss/isa_simple.py)) +3. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v19/dss/isa_validation.md) ([`scenarios.astm.netrid.v19.dss.ISAValidation`](../../../../scenarios/astm/netrid/v19/dss/isa_validation.py)) +4. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.md) ([`scenarios.astm.netrid.v19.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v19/dss/isa_expiry.py)) +5. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v19.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v19/dss/isa_subscription_interactions.py)) +6. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v19/dss/subscription_validation.py)) +7. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.md) ([`scenarios.astm.netrid.v19.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v19/dss/subscription_simple.py)) +8. Scenario: [ASTM F3411-19 NetRID DSS interoperability](../../../../scenarios/astm/netrid/v19/dss_interoperability.md) ([`scenarios.astm.netrid.v19.DSSInteroperability`](../../../../scenarios/astm/netrid/v19/dss_interoperability.py)) +9. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v19/dss/token_validation.md) ([`scenarios.astm.netrid.v19.dss.TokenValidation`](../../../../scenarios/astm/netrid/v19/dss/token_validation.py)) +10. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v19/dss/crdb_access.md) ([`scenarios.astm.netrid.v19.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v19/dss/crdb_access.py)) +11. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v19.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v19/dss/heavy_traffic_concurrent.py)) ## [Checked requirements](../../../README.md#checked-requirements) @@ -30,6 +31,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030,a Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml index 0d9a041f38..b9acc57f81 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml @@ -7,8 +7,14 @@ resources: utm_client_identity: resources.communications.ClientIdentityResource isa: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: + - test_scenario: + scenario_type: scenarios.astm.netrid.v19.dss.EndpointEncryption + resources: + dss: dss + test_search_area: acceptable_search_area - test_scenario: scenario_type: scenarios.astm.netrid.v19.dss.ISASimple resources: diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md index 93a5776ce0..6bfe6fb910 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md @@ -26,6 +26,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml index d1644bf1e1..293d851f85 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml @@ -10,6 +10,7 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - action_generator: @@ -21,6 +22,8 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area + planning_area: problematically_big_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -35,6 +38,7 @@ actions: isa: service_area client_identity: utm_client_identity problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md index f7061b0495..a3a79155a3 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md @@ -4,16 +4,17 @@ ## [Actions](../../../README.md#actions) -1. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.md) ([`scenarios.astm.netrid.v22a.dss.ISASimple`](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.py)) -2. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.md) ([`scenarios.astm.netrid.v22a.dss.ISAValidation`](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.py)) -3. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.md) ([`scenarios.astm.netrid.v22a.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.py)) -4. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v22a.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.py)) -5. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.py)) -6. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.py)) -7. Scenario: [ASTM F3411-22a NetRID DSS interoperability](../../../../scenarios/astm/netrid/v22a/dss_interoperability.md) ([`scenarios.astm.netrid.v22a.DSSInteroperability`](../../../../scenarios/astm/netrid/v22a/dss_interoperability.py)) -8. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v22a/dss/token_validation.md) ([`scenarios.astm.netrid.v22a.dss.TokenValidation`](../../../../scenarios/astm/netrid/v22a/dss/token_validation.py)) -9. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.md) ([`scenarios.astm.netrid.v22a.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.py)) -10. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v22a.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.py)) +1. Scenario: [ASTM NetRID DSS: Endpoint encryption](../../../../scenarios/astm/netrid/v22a/dss/endpoint_encryption.md) ([`scenarios.astm.netrid.v22a.dss.EndpointEncryption`](../../../../scenarios/astm/netrid/v22a/dss/endpoint_encryption.py)) +2. Scenario: [ASTM NetRID DSS: Simple ISA](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.md) ([`scenarios.astm.netrid.v22a.dss.ISASimple`](../../../../scenarios/astm/netrid/v22a/dss/isa_simple.py)) +3. Scenario: [ASTM NetRID DSS: Submitted ISA Validations](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.md) ([`scenarios.astm.netrid.v22a.dss.ISAValidation`](../../../../scenarios/astm/netrid/v22a/dss/isa_validation.py)) +4. Scenario: [ASTM NetRID DSS: ISA Expiry](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.md) ([`scenarios.astm.netrid.v22a.dss.ISAExpiry`](../../../../scenarios/astm/netrid/v22a/dss/isa_expiry.py)) +5. Scenario: [ASTM NetRID DSS: ISA Subscription Interactions](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.md) ([`scenarios.astm.netrid.v22a.dss.ISASubscriptionInteractions`](../../../../scenarios/astm/netrid/v22a/dss/isa_subscription_interactions.py)) +6. Scenario: [ASTM NetRID DSS: Subscription Validation](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionValidation`](../../../../scenarios/astm/netrid/v22a/dss/subscription_validation.py)) +7. Scenario: [ASTM NetRID DSS: Subscription Simple](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.md) ([`scenarios.astm.netrid.v22a.dss.SubscriptionSimple`](../../../../scenarios/astm/netrid/v22a/dss/subscription_simple.py)) +8. Scenario: [ASTM F3411-22a NetRID DSS interoperability](../../../../scenarios/astm/netrid/v22a/dss_interoperability.md) ([`scenarios.astm.netrid.v22a.DSSInteroperability`](../../../../scenarios/astm/netrid/v22a/dss_interoperability.py)) +9. Scenario: [ASTM NetRID DSS: Token Validation](../../../../scenarios/astm/netrid/v22a/dss/token_validation.md) ([`scenarios.astm.netrid.v22a.dss.TokenValidation`](../../../../scenarios/astm/netrid/v22a/dss/token_validation.py)) +10. Scenario: [ASTM NetRID DSS: Direct CRDB access](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.md) ([`scenarios.astm.netrid.v22a.dss.CRDBAccess`](../../../../scenarios/astm/netrid/v22a/dss/crdb_access.py)) +11. Scenario: [ASTM NetRID DSS: Concurrent Requests](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.md) ([`scenarios.astm.netrid.v22a.dss.HeavyTrafficConcurrent`](../../../../scenarios/astm/netrid/v22a/dss/heavy_traffic_concurrent.py)) ## [Checked requirements](../../../README.md#checked-requirements) @@ -30,6 +31,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml index 576c701f3f..a6dde142cf 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml @@ -7,8 +7,14 @@ resources: utm_client_identity: resources.communications.ClientIdentityResource isa: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: + - test_scenario: + scenario_type: scenarios.astm.netrid.v22a.dss.EndpointEncryption + resources: + dss: dss + test_search_area: acceptable_search_area - test_scenario: scenario_type: scenarios.astm.netrid.v22a.dss.ISASimple resources: diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md index 3002507348..50e3c3ea9d 100644 --- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md +++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md @@ -26,6 +26,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030,a Implemented @@ -227,6 +232,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml index 01a5da0dfc..6a69db8b43 100644 --- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml +++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml @@ -11,6 +11,7 @@ resources: service_area: resources.netrid.ServiceAreaResource? planning_area: resources.astm.f3548.v21.PlanningAreaResource? problematically_big_area: resources.VerticesResource? + acceptable_search_area: resources.VerticesResource? second_utm_auth: resources.communications.AuthAdapterResource? flight_intents: resources.flight_planning.FlightIntentsResource? @@ -57,6 +58,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -70,6 +72,7 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances @@ -84,6 +87,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -97,6 +101,7 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.md b/monitoring/uss_qualifier/suites/uspace/network_identification.md index f6ed7c9169..55f0184099 100644 --- a/monitoring/uss_qualifier/suites/uspace/network_identification.md +++ b/monitoring/uss_qualifier/suites/uspace/network_identification.md @@ -22,6 +22,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml index f9dd59e48a..012bb40f36 100644 --- a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml +++ b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml @@ -10,6 +10,7 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - test_suite: @@ -25,6 +26,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Abort - test_scenario: diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.md b/monitoring/uss_qualifier/suites/uspace/required_services.md index 17438df8c0..fb5fbb0afd 100644 --- a/monitoring/uss_qualifier/suites/uspace/required_services.md +++ b/monitoring/uss_qualifier/suites/uspace/required_services.md @@ -23,6 +23,11 @@ Implemented ASTM NetRID DSS: Token Validation + + DSS0020 + Implemented + ASTM NetRID DSS: Endpoint encryption + DSS0030 Implemented diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.yaml b/monitoring/uss_qualifier/suites/uspace/required_services.yaml index e21216bc1e..8c74f3dfdd 100644 --- a/monitoring/uss_qualifier/suites/uspace/required_services.yaml +++ b/monitoring/uss_qualifier/suites/uspace/required_services.yaml @@ -25,6 +25,7 @@ resources: service_area: resources.netrid.ServiceAreaResource planning_area: resources.astm.f3548.v21.PlanningAreaResource problematically_big_area: resources.VerticesResource + acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? local_resources: @@ -75,6 +76,7 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area + acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue participant_verifiable_capabilities: From f8757c27eed47d9b99cb72cb5efccbc38f897154 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Misbach?= Date: Tue, 3 Dec 2024 15:40:14 +0100 Subject: [PATCH 2/4] formatting --- monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md | 2 +- .../uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md | 2 +- monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md | 2 +- .../uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md | 2 +- monitoring/uss_qualifier/suites/interuss/dss/all_tests.md | 4 ++-- .../uss_qualifier/suites/uspace/network_identification.md | 2 +- monitoring/uss_qualifier/suites/uspace/required_services.md | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md index 1b6ccff012..942774eac2 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.md @@ -21,7 +21,7 @@ Checked in - astm
.f3411
.v19 + astm
.f3411
.v19 DSS0010 Implemented ASTM NetRID DSS: Token Validation diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md index 0bf69a74e2..ceefb1395a 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.md @@ -26,7 +26,7 @@ Checked in - astm
.f3411
.v19 + astm
.f3411
.v19 DSS0010 Implemented ASTM NetRID DSS: Token Validation diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md index 6bfe6fb910..c845b85901 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.md @@ -21,7 +21,7 @@ Checked in - astm
.f3411
.v22a + astm
.f3411
.v22a DSS0010 Implemented ASTM NetRID DSS: Token Validation diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md index a3a79155a3..a4444beecd 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.md @@ -26,7 +26,7 @@ Checked in - astm
.f3411
.v22a + astm
.f3411
.v22a DSS0010 Implemented ASTM NetRID DSS: Token Validation diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md index 50e3c3ea9d..08a7e7c471 100644 --- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md +++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.md @@ -21,7 +21,7 @@ Checked in - astm
.f3411
.v19 + astm
.f3411
.v19 DSS0010 Implemented ASTM NetRID DSS: Token Validation @@ -227,7 +227,7 @@ ASTM NetRID DSS: Concurrent Requests
ASTM NetRID DSS: ISA Expiry
ASTM NetRID DSS: ISA Subscription Interactions
ASTM NetRID DSS: Simple ISA
ASTM NetRID DSS: Submitted ISA Validations
ASTM NetRID DSS: Subscription Simple
ASTM NetRID DSS: Subscription Validation
ASTM NetRID DSS: Token Validation - astm
.f3411
.v22a + astm
.f3411
.v22a DSS0010 Implemented ASTM NetRID DSS: Token Validation diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.md b/monitoring/uss_qualifier/suites/uspace/network_identification.md index 55f0184099..0e87acbd6d 100644 --- a/monitoring/uss_qualifier/suites/uspace/network_identification.md +++ b/monitoring/uss_qualifier/suites/uspace/network_identification.md @@ -17,7 +17,7 @@ Checked in - astm
.f3411
.v22a + astm
.f3411
.v22a DSS0010 Implemented ASTM NetRID DSS: Token Validation diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.md b/monitoring/uss_qualifier/suites/uspace/required_services.md index fb5fbb0afd..7849bdc42c 100644 --- a/monitoring/uss_qualifier/suites/uspace/required_services.md +++ b/monitoring/uss_qualifier/suites/uspace/required_services.md @@ -18,7 +18,7 @@ Checked in - astm
.f3411
.v22a + astm
.f3411
.v22a DSS0010 Implemented ASTM NetRID DSS: Token Validation From cc967b60bce2dfb01b6518ca704be5c74732f812 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Misbach?= Date: Thu, 5 Dec 2024 11:34:33 +0100 Subject: [PATCH 3/4] revisit-simplify scenario --- .../configurations/dev/dss_probing.yaml | 2 - .../configurations/dev/library/resources.yaml | 14 -- .../configurations/dev/netrid_v19.yaml | 2 - .../configurations/dev/netrid_v22a.yaml | 2 - .../configurations/dev/uspace.yaml | 3 - .../netrid/common/dss/endpoint_encryption.py | 162 ++++++------------ .../netrid/v19/dss/endpoint_encryption.md | 43 ++--- .../netrid/v22a/dss/endpoint_encryption.md | 33 ++-- .../suites/astm/netrid/f3411_19.yaml | 3 - .../astm/netrid/f3411_19/dss_probing.yaml | 2 - .../suites/astm/netrid/f3411_22a.yaml | 4 - .../astm/netrid/f3411_22a/dss_probing.yaml | 2 - .../suites/interuss/dss/all_tests.yaml | 5 - .../suites/uspace/network_identification.yaml | 2 - .../suites/uspace/required_services.yaml | 2 - 15 files changed, 84 insertions(+), 197 deletions(-) diff --git a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml index 41eb7eb97b..cb4dd327a1 100644 --- a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml +++ b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml @@ -6,7 +6,6 @@ v1: kentland_service_area: { $ref: 'library/resources.yaml#/kentland_service_area' } kentland_planning_area: { $ref: 'library/resources.yaml#/kentland_planning_area' } kentland_problematically_big_area: { $ref: 'library/resources.yaml#/kentland_problematically_big_area' } - kentland_acceptable_search_area: { $ref: 'library/resources.yaml#/kentland_acceptable_search_area' } utm_auth: { $ref: 'library/environment.yaml#/utm_auth' } second_utm_auth: {$ref: 'library/environment.yaml#/second_utm_auth'} utm_client_identity: { $ref: 'library/resources.yaml#/utm_client_identity' } @@ -35,7 +34,6 @@ v1: service_area: kentland_service_area planning_area: kentland_planning_area problematically_big_area: kentland_problematically_big_area - acceptable_search_area: kentland_acceptable_search_area second_utm_auth: second_utm_auth flight_intents: che_non_conflicting_flights test_exclusions: test_exclusions diff --git a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml index fa2df41441..5b3a48093f 100644 --- a/monitoring/uss_qualifier/configurations/dev/library/resources.yaml +++ b/monitoring/uss_qualifier/configurations/dev/library/resources.yaml @@ -41,20 +41,6 @@ kentland_service_area: time_start: '2023-01-10T00:00:01.123456+00:00' time_end: '2023-01-10T01:00:01.123456+00:00' -kentland_acceptable_search_area: - dependencies: { } - resource_type: resources.VerticesResource - specification: - vertices: - - lat: 37.1853 - lng: -80.614 - - lat: 37.2148 - lng: -80.614 - - lat: 37.2148 - lng: -80.544 - - lat: 37.1853 - lng: -80.544 - kentland_planning_area: $content_schema: monitoring/uss_qualifier/resources/definitions/ResourceDeclaration.json resource_type: resources.astm.f3548.v21.PlanningAreaResource diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml index 5442d8fa90..155e4eccea 100644 --- a/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml +++ b/monitoring/uss_qualifier/configurations/dev/netrid_v19.yaml @@ -8,7 +8,6 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} - kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -35,7 +34,6 @@ v1: id_generator: id_generator service_area: kentland_service_area problematically_big_area: au_problematically_big_area - acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml index 1056bec2dc..6c8883c988 100644 --- a/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml +++ b/monitoring/uss_qualifier/configurations/dev/netrid_v22a.yaml @@ -8,7 +8,6 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} - kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -35,7 +34,6 @@ v1: id_generator: id_generator service_area: kentland_service_area problematically_big_area: au_problematically_big_area - acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/configurations/dev/uspace.yaml b/monitoring/uss_qualifier/configurations/dev/uspace.yaml index 2b8f07ac7d..8b17dccf66 100644 --- a/monitoring/uss_qualifier/configurations/dev/uspace.yaml +++ b/monitoring/uss_qualifier/configurations/dev/uspace.yaml @@ -14,7 +14,6 @@ v1: utm_client_identity: {$ref: 'library/resources.yaml#/utm_client_identity'} id_generator: {$ref: 'library/resources.yaml#/id_generator'} kentland_service_area: {$ref: 'library/resources.yaml#/kentland_service_area'} - kentland_acceptable_search_area: {$ref: 'library/resources.yaml#/kentland_acceptable_search_area'} au_problematically_big_area: {$ref: 'library/resources.yaml#/au_problematically_big_area'} utm_auth: {$ref: 'library/environment.yaml#/utm_auth'} @@ -74,7 +73,6 @@ v1: service_area: kentland_service_area planning_area: che_planning_area problematically_big_area: au_problematically_big_area - acceptable_search_area: kentland_acceptable_search_area test_exclusions: test_exclusions specification: mock_uss_instances_source: mock_uss_instances @@ -107,7 +105,6 @@ v1: service_area: service_area planning_area: planning_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions execution: stop_fast: true diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py index 1d14b64582..f601c086a3 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/common/dss/endpoint_encryption.py @@ -1,15 +1,16 @@ import errno +import requests import socket +import uas_standards.astm.f3411.v19.api +import uas_standards.astm.f3411.v22a.api +from uas_standards.astm.f3411 import v19, v22a from urllib.parse import urlparse -import requests -from future.backports.datetime import datetime - -from monitoring.monitorlib import infrastructure -from monitoring.monitorlib.fetch import rid as fetch -from monitoring.uss_qualifier.resources import VerticesResource +from monitoring.monitorlib.rid import RIDVersion from monitoring.uss_qualifier.resources.astm.f3411.dss import DSSInstanceResource -from monitoring.uss_qualifier.scenarios.scenario import GenericTestScenario +from monitoring.uss_qualifier.scenarios.scenario import ( + GenericTestScenario, +) from monitoring.uss_qualifier.suites.suite import ExecutionContext @@ -25,30 +26,31 @@ class EndpointEncryption(GenericTestScenario): def __init__( self, dss: DSSInstanceResource, - test_search_area: VerticesResource, ): super().__init__() self._dss = dss.dss_instance - self._search_area = [ - v.as_s2sphere() for v in test_search_area.specification.vertices - ] - self._parsed_url = urlparse(self._dss.base_url) - self._hostname = self._parsed_url.hostname + if self._dss.rid_version == RIDVersion.f3411_19: + op = v19.api.OPERATIONS[v19.api.OperationID.GetIdentificationServiceArea] + elif self._dss.rid_version == RIDVersion.f3411_22a: + op = v22a.api.OPERATIONS[v22a.api.OperationID.GetIdentificationServiceArea] + else: + raise NotImplementedError( + f"Scenario does not support RID version {self._dss.rid_version}" + ) - self._http_base_url = f"http://{self._hostname}/{self._parsed_url.path}" + non_existing_id = "00000000-0000-0000-0000-000000000000" + http_base_url = urlparse(self._dss.base_url)._replace(scheme="http") + self._http_get_url = f"{http_base_url.geturl()}{op.path}".replace( + "{id}", non_existing_id + ) + self._https_get_url = f"{self._dss.base_url}{op.path}".replace( + "{id}", non_existing_id + ) def run(self, context: ExecutionContext): self.begin_test_scenario(context) - if self._hostname is None: - self.record_note( - "hostname", - "Cannot check encryption requirement when DSS hostname is unspecified", - ) - self.end_test_scenario() - return - if not self._dss.base_url.startswith("https://"): self.record_note( "encrypted_endpoints", @@ -57,113 +59,63 @@ def run(self, context: ExecutionContext): self.end_test_scenario() return - self._case_http_unavailable_or_redirect() - self._case_https_works() + self.begin_test_case("Validate endpoint encryption") + self._step_http_unavailable_or_redirect() + self._step_https_works() + self.end_test_case() self.end_test_scenario() - def _case_http_unavailable_or_redirect(self): - self.begin_test_case("Connect to HTTP port") - self.begin_test_step("Attempt GET on root path via HTTP") + def _step_http_unavailable_or_redirect(self): + self.begin_test_step("Attempt GET on a known valid path via HTTP") with self.check( - "Connection to HTTP port fails or redirects to HTTPS port", + "HTTP GET fails or redirects to HTTPS", self._dss.participant_id, ) as check: try: response = requests.get( - self._http_base_url, + self._http_get_url, timeout=10, - allow_redirects=False, ) - _check_is_redirect(self._parsed_url, check, response) + if not response.url.startswith("https://"): + # response.url contains the url of the final request after all redirects have been followed, if any + check.record_failed( + "HTTP GET request did not redirect to HTTPS", + details=f"Made an http GET request and obtained status code {response.status_code} with response {str(response.content)} that was not redirected to https", + ) + except socket.error as e: if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]: check.record_failed( - "Connection to HTTP port failed for the unexpected reason", + "Connection to HTTP port failed for an unexpected reason", details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.", ) - self.begin_test_step("Attempt GET on a known valid path via HTTP") + self.end_test_step() + + def _step_https_works(self): + self.begin_test_step("Attempt GET on a known valid path via HTTPS") with self.check( - "Connection to HTTP port fails or redirects to HTTPS port", + "HTTPS GET succeeds", self._dss.participant_id, ) as check: try: - response = fetch.isas( - area=self._search_area, - start_time=datetime.now(), - end_time=datetime.now() + datetime.timedelta(days=1), - rid_version=self._dss.rid_version, - session=infrastructure.UTMClientSession( - self._http_base_url, self._dss.client.auth_adapter - ), - participant_id=self._dss.participant_id, + response = requests.get( + self._https_get_url, + timeout=10, ) - _check_is_redirect(self._parsed_url, check, response) - except socket.error as e: - if e.errno not in [errno.ECONNREFUSED, errno.ETIMEDOUT]: - check.record_failed( - "Connection to HTTP port failed for the unexpected reason", - details=f"Encountered socket error: {e}, while the expectation is to either run into a straight up connection refusal or a timeout.", - ) - - self.end_test_step() - self.end_test_case() - - def _case_https_works(self): - parsed_url = urlparse(self._dss.base_url) - hostname = parsed_url.hostname - - self.begin_test_case("Connect to HTTPS port") - self.begin_test_step("Attempt GET on root path via HTTP test") - - if hostname is not None: - with self.check( - "Connection fails or response redirects to HTTPS endpoint", - self._dss.participant_id, - ) as check: - try: - requests.get( - f"https://{hostname}/{parsed_url.path}", - timeout=10, - allow_redirects=False, - ) - # We don't care about the response details, just that the connection was successful - # (a 404 would still indicate that HTTPS is working well) - except requests.RequestException as e: + if not response.url.startswith("https://"): + # response.url contains the url of the final request after all redirects have been followed, if any check.record_failed( - "Connection to HTTPS port failed", - details=f"Encountered exception while attempting HTTPS request: {e}", + "HTTPS GET request redirected to HTTP", + details=f"Made an https GET request and obtained status code {response.status_code} with response {str(response.content)} that was redirected to http", ) + except requests.RequestException as e: + check.record_failed( + "Connection to HTTPS port failed", + details=f"Encountered exception while attempting HTTPS request: {e}", + ) self.end_test_step() - self.end_test_case() - - -def _check_is_redirect(parsed_url, check, response): - # If we can connect, we want to check that we are being redirected: - # (a 4XX response is already a form of communication that we don't want in cleartext) - if response.status_code not in [301, 302, 307, 308]: - check.record_failed( - "Connection to HTTP port did not redirect", - details=f"Was expecting a 301 or 308 response, but obtained status code: {response.status_code}", - ) - if "Location" not in response.headers: - check.record_failed( - "Location header missing in redirect response", - details="Was expecting a Location header in the response, but it was not present", - ) - if response.headers.get("Location").startswith("http://"): - check.record_failed( - "Connection to HTTP port redirected to HTTP", - details=f"Was expecting a redirection to an https:// URL. Location header: {response.headers.get('Location')}", - ) - if not response.headers.get("Location").startswith( - f"https://{parsed_url.hostname}/{parsed_url.path}" - ): - check.record_failed( - "Redirect to unexpected destination", - details=f"Was expecting a redirection to https://{parsed_url.hostname}/{parsed_url.path}, was {response.headers.get('Location')}", - ) diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md index ada85050b7..c8ee0d0279 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v19/dss/endpoint_encryption.md @@ -10,42 +10,25 @@ Ensures that a DSS only exposes its endpoints via HTTPS. [`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario. -### test_search_area - -[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query. - -## Connect to HTTP port test case +## Validate endpoint encryption test case Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection, or a redirection to the https port (443). -Note: this test case will be skipped if the DSS instance is configured to use HTTP. - -### Attempt GET on root path via HTTP test step - -This test step attempts an HTTP GET request on the root path of the DSS instance, using plain HTTP, -and expects either a connection refusal or a redirection to the equivalent HTTPS URL. - -#### 🛑 Connection fails or response redirects to HTTPS endpoint check - -If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port -upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. +Note that this test case will be skipped if the DSS instance is configured to use HTTP. +Note that the requests made in this case are made without any form of authentication, as the completion of any form +of communication over an unencrypted channel, even a 40X status response, is considered a failure. ### Attempt GET on a known valid path via HTTP test step +Attempts the operation `GetIdentificationServiceArea` on the DSS through HTTP with a non-existing ID. -This test step attempts an HTTP GET request on a known valid path by searching for ISAs in the configured planning area. - -#### 🛑 Connection fails or response redirects to HTTPS endpoint check - -If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port -upon reception of an HTTP request, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. - -## Connect to HTTPS port test case - -Try to connect to the DSS instance over HTTPS. - -### Attempt to connect to the DSS instance on the HTTPS port test step +#### 🛑 HTTP GET fails or redirects to HTTPS check +If the DSS instance serves the request through unencrypted HTTP, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. +Only the last request after all redirections are followed is considered. -#### 🛑 A request can be sent over HTTPS check +### Attempt GET on a known valid path via HTTPS test step +Attempts the operation `GetIdentificationServiceArea` on the DSS through HTTPS with a non-existing ID. -If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. +#### 🛑 HTTPS GET succeeds check +If the DSS instance does not serve the request through encrypted HTTPS, or redirects it to HTTP, it is in violation of **[astm.f3411.v19.DSS0020](../../../../../requirements/astm/f3411/v19.md)**. +Only the last request after all redirections are followed is considered. diff --git a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md index bdeb75d84a..04647c9247 100644 --- a/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md +++ b/monitoring/uss_qualifier/scenarios/astm/netrid/v22a/dss/endpoint_encryption.md @@ -10,30 +10,25 @@ Ensures that a DSS only exposes its endpoints via HTTPS. [`DSSInstanceResource`](../../../../../resources/astm/f3411/dss.py) to be tested in this scenario. -### test_search_area - -[`VerticesResource`](../../../../../resources/vertices.py) to be used in this scenario for a search query. - -## Connect to HTTP port test case +## Validate endpoint encryption test case Tries to connect to the http port (80) of the DSS instance, and expects either a refusal of the connection, or a redirection to the https port (443). -Note: this test case will be skipped if the DSS instance is configured to use HTTP. - -### Attempt to connect to the DSS instance on the HTTP port test step - -#### 🛑 Connection to HTTP port fails or redirects to HTTPS port check - -If the DSS instance accepts the connection on the HTTP port and does not immediately redirect to the HTTPS port -upon reception of an HTTP request, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. - -## Connect to HTTPS port test case +Note that this test case will be skipped if the DSS instance is configured to use HTTP. +Note that the requests made in this case are made without any form of authentication, as the completion of any form +of communication over an unencrypted channel, even a 40X status response, is considered a failure. -Try to connect to the DSS instance over HTTPS. +### Attempt GET on a known valid path via HTTP test step +Attempts the operation `GetIdentificationServiceArea` on the DSS through HTTP with a non-existing ID. -### Attempt to connect to the DSS instance on the HTTPS port test step +#### 🛑 HTTP GET fails or redirects to HTTPS check +If the DSS instance serves the request through unencrypted HTTP, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. +Only the last request after all redirections are followed is considered. -#### 🛑 A request can be sent over HTTPS check +### Attempt GET on a known valid path via HTTPS test step +Attempts the operation `GetIdentificationServiceArea` on the DSS through HTTPS with a non-existing ID. -If the DSS instance cannot be reached over HTTPS, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. +#### 🛑 HTTPS GET succeeds check +If the DSS instance does not serve the request through encrypted HTTPS, or redirects it to HTTP, it is in violation of **[astm.f3411.v22a.DSS0020](../../../../../requirements/astm/f3411/v22a.md)**. +Only the last request after all redirections are followed is considered. diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml index f921fbd90b..8bba99aed7 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19.yaml @@ -10,7 +10,6 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource - acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - action_generator: @@ -22,7 +21,6 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -36,7 +34,6 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml index b9acc57f81..c78d1b32e4 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_19/dss_probing.yaml @@ -7,14 +7,12 @@ resources: utm_client_identity: resources.communications.ClientIdentityResource isa: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource - acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - test_scenario: scenario_type: scenarios.astm.netrid.v19.dss.EndpointEncryption resources: dss: dss - test_search_area: acceptable_search_area - test_scenario: scenario_type: scenarios.astm.netrid.v19.dss.ISASimple resources: diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml index 293d851f85..d1644bf1e1 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a.yaml @@ -10,7 +10,6 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource - acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - action_generator: @@ -22,8 +21,6 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area - planning_area: problematically_big_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -38,7 +35,6 @@ actions: isa: service_area client_identity: utm_client_identity problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml index a6dde142cf..a60f8793ef 100644 --- a/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml +++ b/monitoring/uss_qualifier/suites/astm/netrid/f3411_22a/dss_probing.yaml @@ -7,14 +7,12 @@ resources: utm_client_identity: resources.communications.ClientIdentityResource isa: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource - acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - test_scenario: scenario_type: scenarios.astm.netrid.v22a.dss.EndpointEncryption resources: dss: dss - test_search_area: acceptable_search_area - test_scenario: scenario_type: scenarios.astm.netrid.v22a.dss.ISASimple resources: diff --git a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml index 6a69db8b43..01a5da0dfc 100644 --- a/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml +++ b/monitoring/uss_qualifier/suites/interuss/dss/all_tests.yaml @@ -11,7 +11,6 @@ resources: service_area: resources.netrid.ServiceAreaResource? planning_area: resources.astm.f3548.v21.PlanningAreaResource? problematically_big_area: resources.VerticesResource? - acceptable_search_area: resources.VerticesResource? second_utm_auth: resources.communications.AuthAdapterResource? flight_intents: resources.flight_planning.FlightIntentsResource? @@ -58,7 +57,6 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -72,7 +70,6 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances @@ -87,7 +84,6 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? specification: action_to_repeat: @@ -101,7 +97,6 @@ actions: id_generator: id_generator isa: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue dss_instances_source: dss_instances diff --git a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml index 012bb40f36..f9dd59e48a 100644 --- a/monitoring/uss_qualifier/suites/uspace/network_identification.yaml +++ b/monitoring/uss_qualifier/suites/uspace/network_identification.yaml @@ -10,7 +10,6 @@ resources: id_generator: resources.interuss.IDGeneratorResource service_area: resources.netrid.ServiceAreaResource problematically_big_area: resources.VerticesResource - acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? actions: - test_suite: @@ -26,7 +25,6 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Abort - test_scenario: diff --git a/monitoring/uss_qualifier/suites/uspace/required_services.yaml b/monitoring/uss_qualifier/suites/uspace/required_services.yaml index 8c74f3dfdd..e21216bc1e 100644 --- a/monitoring/uss_qualifier/suites/uspace/required_services.yaml +++ b/monitoring/uss_qualifier/suites/uspace/required_services.yaml @@ -25,7 +25,6 @@ resources: service_area: resources.netrid.ServiceAreaResource planning_area: resources.astm.f3548.v21.PlanningAreaResource problematically_big_area: resources.VerticesResource - acceptable_search_area: resources.VerticesResource test_exclusions: resources.dev.TestExclusionsResource? local_resources: @@ -76,7 +75,6 @@ actions: id_generator: id_generator service_area: service_area problematically_big_area: problematically_big_area - acceptable_search_area: acceptable_search_area test_exclusions: test_exclusions? on_failure: Continue participant_verifiable_capabilities: From 963c5a0a74f34934e9c28fbaab95c57609a6ead7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Misbach?= Date: Thu, 5 Dec 2024 11:37:16 +0100 Subject: [PATCH 4/4] fix whitespaces --- monitoring/uss_qualifier/configurations/dev/dss_probing.yaml | 1 + monitoring/uss_qualifier/configurations/dev/uspace.yaml | 2 ++ 2 files changed, 3 insertions(+) diff --git a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml index cb4dd327a1..57047b0c01 100644 --- a/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml +++ b/monitoring/uss_qualifier/configurations/dev/dss_probing.yaml @@ -6,6 +6,7 @@ v1: kentland_service_area: { $ref: 'library/resources.yaml#/kentland_service_area' } kentland_planning_area: { $ref: 'library/resources.yaml#/kentland_planning_area' } kentland_problematically_big_area: { $ref: 'library/resources.yaml#/kentland_problematically_big_area' } + utm_auth: { $ref: 'library/environment.yaml#/utm_auth' } second_utm_auth: {$ref: 'library/environment.yaml#/second_utm_auth'} utm_client_identity: { $ref: 'library/resources.yaml#/utm_client_identity' } diff --git a/monitoring/uss_qualifier/configurations/dev/uspace.yaml b/monitoring/uss_qualifier/configurations/dev/uspace.yaml index 8b17dccf66..0d9f03d7b9 100644 --- a/monitoring/uss_qualifier/configurations/dev/uspace.yaml +++ b/monitoring/uss_qualifier/configurations/dev/uspace.yaml @@ -73,6 +73,7 @@ v1: service_area: kentland_service_area planning_area: che_planning_area problematically_big_area: au_problematically_big_area + test_exclusions: test_exclusions specification: mock_uss_instances_source: mock_uss_instances @@ -105,6 +106,7 @@ v1: service_area: service_area planning_area: planning_area problematically_big_area: problematically_big_area + test_exclusions: test_exclusions execution: stop_fast: true