diff --git a/.42c/conf.yaml b/.42c/conf.yaml deleted file mode 100644 index c5ac58a5f2aa8cd5b9cfe1fa730d4995454675d0..0000000000000000000000000000000000000000 --- a/.42c/conf.yaml +++ /dev/null @@ -1,3 +0,0 @@ -apis: - src/SOL009/NFVManoConfigurationAndInformationManagement/NFVManoConfigurationAndInformationManagement.yaml: - alias: sol009-nfv-mano-configuration-an diff --git a/README.md b/README.md index 4a83dd8fce6e0a9c3d1af01811275ebc20e0dc94..a489dcb100664f3b3db4d086cb9decbbb6694124 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # NFV SOL009 - OpenAPIs for the management of NFV-MANO -This repository contains OpenAPIs for ETSI GS NFV-SOL 009 v5.2.1, RESTful protocols +This repository contains OpenAPIs for ETSI GS NFV-SOL 009 v5.3.1, RESTful protocols specification for the management of NFV-MANO functional entities. **IMPORTANT: In case of discrepancies the published ETSI Group Specification takes precedence.** diff --git a/src/SOL009/APIVersion/APIVersion.yaml b/src/SOL009/APIVersion/APIVersion.yaml index 242545148bdadb83c8dfcf23b3124d1f78364a7e..7e4368bcbba516c24eefcf4d34ffcd6a189afb9d 100644 --- a/src/SOL009/APIVersion/APIVersion.yaml +++ b/src/SOL009/APIVersion/APIVersion.yaml @@ -19,8 +19,8 @@ info: version: 1.1.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf paths: /nfvmanocim/api_versions: diff --git a/src/SOL009/NFVManoConfigurationAndInformationManagement/NFVManoConfigurationAndInformationManagement.yaml b/src/SOL009/NFVManoConfigurationAndInformationManagement/NFVManoConfigurationAndInformationManagement.yaml index 95cacb31f03d481d8cbc349db89d2e1628fbb9d2..741cd8fa3cf7dfa9e064ca9ef06eeeff73c8cd80 100644 --- a/src/SOL009/NFVManoConfigurationAndInformationManagement/NFVManoConfigurationAndInformationManagement.yaml +++ b/src/SOL009/NFVManoConfigurationAndInformationManagement/NFVManoConfigurationAndInformationManagement.yaml @@ -16,11 +16,11 @@ info: license: name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt - version: 2.14.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 + version: 2.15.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/nfvmanocim/v2 diff --git a/src/SOL009/NFVManoConfigurationAndInformationManagement/definitions/NFVManoConfigurationAndInformationManagement_def.yaml b/src/SOL009/NFVManoConfigurationAndInformationManagement/definitions/NFVManoConfigurationAndInformationManagement_def.yaml index 2366ee3eecd869c616793edd7db010fc4ca22c0b..9b12b964225fa8327a1bf8d5bc67d0a188e84c40 100644 --- a/src/SOL009/NFVManoConfigurationAndInformationManagement/definitions/NFVManoConfigurationAndInformationManagement_def.yaml +++ b/src/SOL009/NFVManoConfigurationAndInformationManagement/definitions/NFVManoConfigurationAndInformationManagement_def.yaml @@ -227,6 +227,11 @@ definitions: New value of the "defaultLogCompileByTimerValue" attribute in the "ManoEntityConfigurableParams". $ref: "../../definitions/SOL009_def.yaml#/definitions/schemas/UnsignedInt" + defaultLcmOpOccExpiryTime: + description: > + New value of the "defaultLcmOpOccExpiryTime" attribute in the + "ManoEntityConfigurableParams". + $ref: "../../definitions/SOL009_def.yaml#/definitions/schemas/UnsignedInt" manoServiceModifications: description: > New content of certain entries in the "manoServices" attribute array @@ -301,6 +306,12 @@ definitions: "defaultLogCompileByTimerValue" attribute in the "ManoEntityConfigurableParams". $ref: "../../definitions/SOL009_def.yaml#/definitions/schemas/UnsignedInt" + defaultLcmOpOccExpiryTime: + description: > + If present, this attribute signals modifications of the + "defaultLcmOpOccExpiryTime" attribute in the + "ManoEntityConfigurableParams". + $ref: "../../definitions/SOL009_def.yaml#/definitions/schemas/UnsignedInt" manoServiceModifications: description: > If present, this attribute signals modifications of the "manoServices" @@ -1494,6 +1505,7 @@ definitions: - clockSyncs - defaultLogCompileBySizeValue - defaultLogCompileByTimerValue + - defaultLcmOpOccExpiryTime properties: clockSyncs: description: > @@ -1528,6 +1540,14 @@ definitions: enum: - DELEGATION-MODE - DIRECT-MODE + defaultLcmOpOccExpiryTime: + description: > + Default value for the expiration time for LCM operation + occurrences managed by an NFV-MANO functional entity. + This applies only if the NFV-MANO function is responsible + for handling LCM operation occurrences. This attribute + applies to configuration of VNFM and NFVO only. + $ref: "../../definitions/SOL009_def.yaml#/definitions/schemas/UnsignedInt" ConsumedManoInterfaceInfo: description: > @@ -2242,4 +2262,4 @@ definitions: type: array minItems: 1 items: - type: string \ No newline at end of file + type: string diff --git a/src/SOL009/NFVManoConfigurationAndInformationManagementNotification/NFVManoConfigurationAndInformationManagementNotification.yaml b/src/SOL009/NFVManoConfigurationAndInformationManagementNotification/NFVManoConfigurationAndInformationManagementNotification.yaml index 470da1ca4ea962a6966d32f8ca6c18589dd13566..c96101a1f795de77b89b09cda3e4dbab447de1fe 100644 --- a/src/SOL009/NFVManoConfigurationAndInformationManagementNotification/NFVManoConfigurationAndInformationManagementNotification.yaml +++ b/src/SOL009/NFVManoConfigurationAndInformationManagementNotification/NFVManoConfigurationAndInformationManagementNotification.yaml @@ -16,11 +16,11 @@ info: license: name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt - version: 2.14.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 + version: 2.15.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/callback/v2 diff --git a/src/SOL009/NFVManoFaultManagement/NFVManoFaultManagement.yaml b/src/SOL009/NFVManoFaultManagement/NFVManoFaultManagement.yaml index 188db8b837e8a8fff60c91f658ae39f0ce2a4e7d..dc8ede31cd05c0af48fba35f097ca4a2ab1d0295 100644 --- a/src/SOL009/NFVManoFaultManagement/NFVManoFaultManagement.yaml +++ b/src/SOL009/NFVManoFaultManagement/NFVManoFaultManagement.yaml @@ -19,8 +19,8 @@ info: version: 1.2.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/nfvmanofm/v1 diff --git a/src/SOL009/NFVManoFaultManagementNotification/NFVManoFaultManagementNotification.yaml b/src/SOL009/NFVManoFaultManagementNotification/NFVManoFaultManagementNotification.yaml index 4555ec8141bb4398cf064ad707d54dc7d6b5ed94..ae340f5a3463647987e3fd483261d034e3029ef6 100644 --- a/src/SOL009/NFVManoFaultManagementNotification/NFVManoFaultManagementNotification.yaml +++ b/src/SOL009/NFVManoFaultManagementNotification/NFVManoFaultManagementNotification.yaml @@ -19,8 +19,8 @@ info: version: 1.2.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/callback/v1 diff --git a/src/SOL009/NFVManoLogManagement/NFVManoLogManagement.yaml b/src/SOL009/NFVManoLogManagement/NFVManoLogManagement.yaml index 4f61e9102b4d483715c16cbcb57dcf28834768dd..69339195bff231ff0a9de91554b60dfc084bad74 100644 --- a/src/SOL009/NFVManoLogManagement/NFVManoLogManagement.yaml +++ b/src/SOL009/NFVManoLogManagement/NFVManoLogManagement.yaml @@ -19,8 +19,8 @@ info: version: 1.1.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/nfvmanologm/v1 diff --git a/src/SOL009/NFVManoLogManagement/definitions/NFVManoLogManagement_def.yaml b/src/SOL009/NFVManoLogManagement/definitions/NFVManoLogManagement_def.yaml index 4387468123f2dcf5eda146f9161f6937f2a4bb6d..c35fcb1cebd513ca4c2c1a1c1c276c933c7f2008 100644 --- a/src/SOL009/NFVManoLogManagement/definitions/NFVManoLogManagement_def.yaml +++ b/src/SOL009/NFVManoLogManagement/definitions/NFVManoLogManagement_def.yaml @@ -203,9 +203,9 @@ definitions: Permitted values: - HTTPS: transmission over HTTP Secure (HTTPS). - - SFTP: transmission over SSH file transfer protocol (SFTP). - - SCP: transmission over secure copy protocol (SCP). - - FTPS: transmission over file transfer protocol secure (FTPS), as specified in IETF RFC 2228, + - SFTP: transmission over SSH File Transfer Protocol (SFTP). + - SCP: transmission over Secure Copy Protocol (SCP). + - FTPS: transmission over File Transfer Protocol Secure (FTPS), as specified in IETF RFC 2228, using explicit mode as specified in IETF RFC 4217. If FTPS is supported, "private" protection level shall be used. HTTPS shall be supported, and other protocols may be supported. diff --git a/src/SOL009/NFVManoLogManagementNotification/NFVManoLogManagementNotification.yaml b/src/SOL009/NFVManoLogManagementNotification/NFVManoLogManagementNotification.yaml index 25d5c6b2463d5afb83ceaa3cf227bf26e083dd06..661322d1763ac61dcbeaebf911024e5b9f8185dd 100644 --- a/src/SOL009/NFVManoLogManagementNotification/NFVManoLogManagementNotification.yaml +++ b/src/SOL009/NFVManoLogManagementNotification/NFVManoLogManagementNotification.yaml @@ -19,8 +19,8 @@ info: version: 1.1.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/callback/v1 diff --git a/src/SOL009/NFVManoPerformanceManagement/NFVManoPerformanceManagement.yaml b/src/SOL009/NFVManoPerformanceManagement/NFVManoPerformanceManagement.yaml index ee57a16f5fe9f80d406fcbc5d80dccbe7a9df48c..8e935a0983af2d68c250d5ca4885599514d599cd 100644 --- a/src/SOL009/NFVManoPerformanceManagement/NFVManoPerformanceManagement.yaml +++ b/src/SOL009/NFVManoPerformanceManagement/NFVManoPerformanceManagement.yaml @@ -20,8 +20,8 @@ info: version: 2.1.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/nfvmanopm/v2 diff --git a/src/SOL009/NFVManoPerformanceManagementNotification/NFVManoPerformanceManagementNotification.yaml b/src/SOL009/NFVManoPerformanceManagementNotification/NFVManoPerformanceManagementNotification.yaml index 931397e4ac1cb65acfd8207e6f2587072841ad98..bcf337112a92fe29ef0080aaf99730505fef9cd2 100644 --- a/src/SOL009/NFVManoPerformanceManagementNotification/NFVManoPerformanceManagementNotification.yaml +++ b/src/SOL009/NFVManoPerformanceManagementNotification/NFVManoPerformanceManagementNotification.yaml @@ -19,8 +19,8 @@ info: version: 2.1.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 009 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.02.01_60/gs_nfv-sol009v050201p.pdf + description: ETSI GS NFV-SOL 009 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/009/05.03.01_60/gs_nfv-sol009v050301p.pdf servers: - url: http://127.0.0.1/callback/v2 diff --git a/src/SOL009/components/__SOL009_schemas.yaml b/src/SOL009/components/__SOL009_schemas.yaml index badff57c02c79c3ededa77706c413c1d064ba754..09aa2c7ce334743928b80a7d06ea3c3b8cbe227d 100644 --- a/src/SOL009/components/__SOL009_schemas.yaml +++ b/src/SOL009/components/__SOL009_schemas.yaml @@ -216,6 +216,19 @@ components: - objectId SubscriptionAuthentication: + description: > + * NOTE 1 : The clientId and clientPassword passed in a subscription shall not be the same as the clientId and + clientPassword that are used to obtain authorization for API requests. Client credentials may differ between + subscriptions. The value of clientPassword should be generated by a random process. + * NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 + certificates, this mode which uses client password to authenticate may be used in the access token request + toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations + (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. + * NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: + "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. + "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been + removed because the method is no longer supported. + * NOTE 4: The client certificate is established by means outside the scope of the present document. type: object required: - authType @@ -224,71 +237,89 @@ components: description: > Defines the types of Authentication / Authorization which the API consumer is willing to accept when receiving a notification. - Permitted values: - * BASIC: In every HTTP request to the notification endpoint, use - HTTP Basic authentication with the client credentials. - * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the - notification endpoint, use an OAuth 2.0 Bearer token, obtained - using the client credentials grant type. - * TLS_CERT: Every HTTP request to the notification endpoint is sent - over a mutually authenticated TLS session, i.e. not only the - server is authenticated, but also the client is authenticated - during the TLS tunnel setup. + Permitted values (see note 3): + * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the notification endpoint, use + an OAuth 2.0 token, obtained using the client credentials grant type after authenticating + using client identifier and client password towards the token endpoint. + * OAUTH2_CLIENT_CERT: In every HTTP request to the notification endpoint, use an + OAuth 2.0 token, obtained using the client credentials grant type after mutually + authenticating using client identifier and X.509 certificates towards the token endpoint. type: array items: type: string enum: - - BASIC - OAUTH2_CLIENT_CREDENTIALS - - TLS_CERT - paramsBasic: + - OAUTH2_CLIENT_CERT + paramsOauth2ClientCert: description: > - Parameters for authentication/authorization using BASIC. - Shall be present if authType is "BASIC" and the contained - information has not been provisioned out of band. + Parameters for authentication/authorization using + OAUTH2_CLIENT_CERT. + + Shall be present if authType is "OAUTH2_CLIENT_CERT" and the contained + information has not been provisioned out of band. + Shall be absent otherwise. type: object + required: + - clientId + - certificateRef + - tokenEndpoint properties: - userName: + clientId: description: > - Username to be used in HTTP Basic authentication. Shall be - present if it has not been provisioned out of band. + Client identifier to be used in the access token request + of the OAuth 2.0 client credentials grant type. The client + identifier is unique in the scope of the tokenEndpoint. type: string - password: + certificateRef: description: > - Password to be used in HTTP Basic authentication. Shall be - present if it has not been provisioned out of band. + Fingerprint of the client certificate. The hash function shall use SHA256 or higher. See note 4. type: string + required: + - type + - value + properties: + type: + description: > + The type of the fingerprint. + Permitted values: + - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of + IETF RFC 7515 [23]. + $ref: "#/components/schemas/String" + enum: + - x5t#S256 + value: + description: > + The fingerprint value as defined by the type. + $ref: "#/components/schemas/String" + tokenEndpoint: + description: > + The token endpoint from which the access token can be + obtained. + $ref: "#/components/schemas/Uri" paramsOauth2ClientCredentials: description: > - Parameters for authentication/authorization using - OAUTH2_CLIENT_CREDENTIALS. - Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the - contained information has not been provisioned out of band. + Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. + + Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained + information has not been provisioned out of band. + Shall be absent otherwise. + + See note 2. type: object properties: clientId: description: > - Client identifier to be used in the access token request of the - OAuth 2.0 client credentials grant type. - Shall be present if it has not been provisioned out of band. - The clientId and clientPassword passed in a subscription shall - not be the same as the clientId and clientPassword that are used - to obtain authorization for API requests. Client credentials may - differ between subscriptions. The value of clientPassword should - be generated by a random process. + Client identifier to be used in the access token request of the OAuth 2.0 client credentials grant type. + The client identifier is unique in the scope of the tokenEndpoint. Shall be present if it has not been + provisioned out of band. + See note 1. type: string clientPassword: description: > - Client password to be used in the access token request of the - OAuth 2.0 client credentials grant type. - Shall be present if it has not been provisioned out of band. - The clientId and clientPassword passed in a subscription shall - not be the same as the clientId and clientPassword that are used - to obtain authorization for API requests. Client credentials may - differ between subscriptions. The value of clientPassword should - be generated by a random process. + Client password to be used in the access token request of the OAuth 2.0 client credentials grant type. + Shall be present if it has not been provisioned out of band. See note 1. type: string tokenEndpoint: description: > diff --git a/src/SOL009/definitions/SOL009_def.yaml b/src/SOL009/definitions/SOL009_def.yaml index a961acd9d4c6a3b5632c16ea75772b23c3535ddc..6f7a88aad337748d6118101529be5cb461eda270 100644 --- a/src/SOL009/definitions/SOL009_def.yaml +++ b/src/SOL009/definitions/SOL009_def.yaml @@ -216,6 +216,19 @@ definitions: - objectId SubscriptionAuthentication: + description: > + * NOTE 1 : The clientId and clientPassword passed in a subscription shall not be the same as the clientId and + clientPassword that are used to obtain authorization for API requests. Client credentials may differ between + subscriptions. The value of clientPassword should be generated by a random process. + * NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 + certificates, this mode which uses client password to authenticate may be used in the access token request + toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations + (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. + * NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: + "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. + "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been + removed because the method is no longer supported. + * NOTE 4: The client certificate is established by means outside the scope of the present document. type: object required: - authType @@ -224,71 +237,89 @@ definitions: description: > Defines the types of Authentication / Authorization which the API consumer is willing to accept when receiving a notification. - Permitted values: - * BASIC: In every HTTP request to the notification endpoint, use - HTTP Basic authentication with the client credentials. - * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the - notification endpoint, use an OAuth 2.0 Bearer token, obtained - using the client credentials grant type. - * TLS_CERT: Every HTTP request to the notification endpoint is sent - over a mutually authenticated TLS session, i.e. not only the - server is authenticated, but also the client is authenticated - during the TLS tunnel setup. + Permitted values (see note 3): + * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the notification endpoint, use + an OAuth 2.0 token, obtained using the client credentials grant type after authenticating + using client identifier and client password towards the token endpoint. + * OAUTH2_CLIENT_CERT: In every HTTP request to the notification endpoint, use an + OAuth 2.0 token, obtained using the client credentials grant type after mutually + authenticating using client identifier and X.509 certificates towards the token endpoint. type: array items: type: string enum: - - BASIC - OAUTH2_CLIENT_CREDENTIALS - - TLS_CERT - paramsBasic: + - OAUTH2_CLIENT_CERT + paramsOauth2ClientCert: description: > - Parameters for authentication/authorization using BASIC. - Shall be present if authType is "BASIC" and the contained - information has not been provisioned out of band. + Parameters for authentication/authorization using + OAUTH2_CLIENT_CERT. + + Shall be present if authType is "OAUTH2_CLIENT_CERT" and the contained + information has not been provisioned out of band. + Shall be absent otherwise. type: object + required: + - clientId + - certificateRef + - tokenEndpoint properties: - userName: + clientId: description: > - Username to be used in HTTP Basic authentication. Shall be - present if it has not been provisioned out of band. + Client identifier to be used in the access token request + of the OAuth 2.0 client credentials grant type. The client + identifier is unique in the scope of the tokenEndpoint. type: string - password: + certificateRef: description: > - Password to be used in HTTP Basic authentication. Shall be - present if it has not been provisioned out of band. + Fingerprint of the client certificate. The hash function shall use SHA256 or higher. See note 4. type: string + required: + - type + - value + properties: + type: + description: > + The type of the fingerprint. + Permitted values: + - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of + IETF RFC 7515 [23]. + $ref: "#/definitions/schemas/String" + enum: + - x5t#S256 + value: + description: > + The fingerprint value as defined by the type. + $ref: "#/definitions/schemas/String" + tokenEndpoint: + description: > + The token endpoint from which the access token can be + obtained. + $ref: "#/definitions/schemas/Uri" paramsOauth2ClientCredentials: description: > - Parameters for authentication/authorization using - OAUTH2_CLIENT_CREDENTIALS. - Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the - contained information has not been provisioned out of band. + Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. + + Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained + information has not been provisioned out of band. + Shall be absent otherwise. + + See note 2. type: object properties: clientId: description: > - Client identifier to be used in the access token request of the - OAuth 2.0 client credentials grant type. - Shall be present if it has not been provisioned out of band. - The clientId and clientPassword passed in a subscription shall - not be the same as the clientId and clientPassword that are used - to obtain authorization for API requests. Client credentials may - differ between subscriptions. The value of clientPassword should - be generated by a random process. + Client identifier to be used in the access token request of the OAuth 2.0 client credentials grant type. + The client identifier is unique in the scope of the tokenEndpoint. Shall be present if it has not been + provisioned out of band. + See note 1. type: string clientPassword: description: > - Client password to be used in the access token request of the - OAuth 2.0 client credentials grant type. - Shall be present if it has not been provisioned out of band. - The clientId and clientPassword passed in a subscription shall - not be the same as the clientId and clientPassword that are used - to obtain authorization for API requests. Client credentials may - differ between subscriptions. The value of clientPassword should - be generated by a random process. + Client password to be used in the access token request of the OAuth 2.0 client credentials grant type. + Shall be present if it has not been provisioned out of band. See note 1. type: string tokenEndpoint: description: >