From 4e5621097cf6f3150353e6495e95bc9d5254538f Mon Sep 17 00:00:00 2001 From: Pietro Piscione Date: Fri, 5 Jan 2024 11:18:03 +0100 Subject: [PATCH] Updated SOL012 OAS to SOL012ed451 spec. --- Readme.md | 2 +- .../PolicyManagement/PolicyManagement.yaml | 6 +- .../PolicyManagementNotification.yaml | 4 +- src/SOL012/definitions/SOL012_def.yaml | 150 ++++++++++++------ 4 files changed, 108 insertions(+), 54 deletions(-) diff --git a/Readme.md b/Readme.md index e361549..2cb79ea 100644 --- a/Readme.md +++ b/Readme.md @@ -1,6 +1,6 @@ # NFV SOL012 - OpenAPIs for the Policy Management Interface -This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.4.1, RESTful protocols +This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.5.1, RESTful protocols specification for the Policy Management Interface. More information at [NFV Solutions wiki](https://nfvwiki.etsi.org/index.php?title=NFV_Solutions). diff --git a/src/SOL012/PolicyManagement/PolicyManagement.yaml b/src/SOL012/PolicyManagement/PolicyManagement.yaml index b2d2819..34a548f 100644 --- a/src/SOL012/PolicyManagement/PolicyManagement.yaml +++ b/src/SOL012/PolicyManagement/PolicyManagement.yaml @@ -15,8 +15,8 @@ info: name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt externalDocs: - description: ETSI GS NFV-SOL 012 v4.4.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf + description: ETSI GS NFV-SOL 012 v4.5.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf security: - OauthSecurity: @@ -1234,4 +1234,4 @@ components: content: application/json: schema: - $ref: "definitions/PolicyManagement_def.yaml#/definitions/schemas/PolicySubscriptionRequest" \ No newline at end of file + $ref: "definitions/PolicyManagement_def.yaml#/definitions/schemas/PolicySubscriptionRequest" diff --git a/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml b/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml index 68fbcc5..1754b4a 100644 --- a/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml +++ b/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml @@ -15,8 +15,8 @@ info: name: ETSI Forge copyright notice url: https://forge.etsi.org/etsi-forge-copyright-notice.txt externalDocs: - description: ETSI GS NFV-SOL 012 v4.4.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf + description: ETSI GS NFV-SOL 012 v4.5.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf security: - OauthSecurity: diff --git a/src/SOL012/definitions/SOL012_def.yaml b/src/SOL012/definitions/SOL012_def.yaml index 3fc178b..0eac748 100644 --- a/src/SOL012/definitions/SOL012_def.yaml +++ b/src/SOL012/definitions/SOL012_def.yaml @@ -144,84 +144,138 @@ definitions: type: number SubscriptionAuthentication: + description: > + NOTE 1: The clientId and clientPassword passed in a subscription + shall not be the same as the clientId and + clientPassword that are used to obtain authorization for API + requests. Client credentials may differ between + subscriptions. The value of clientPassword should be generated + by a random process. + NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which + uses mutual authentication based on X.509 + certificates, this mode which uses client password to authenticate + may be used in the access token request + toward the authorization server (as defined by IETF RFC 6749 [7]), + only to support legacy implementations + (version 3.4.1 or earlier version of the present document). + See clause 8.1 for more details. + NOTE 3: The following values that were included up to version 3.4.1 + of the present document have been removed: + "BASIC" (to signal the use of the basic HTTP authentication) + has been removed because it is insecure. + "TLS_CERT" to signal an alternative non-token based authorization + method using TLS certificates has been + removed because the method is no longer supported. + NOTE 4: The client certificate is established by means outside the + scope of the present document. type: object - required: - - authType + oneOf: + - required: + - authType + - paramsOauth2ClientCredentials + - required: + - authType + - paramsOauth2ClientCert properties: authType: description: > - Defines the types of Authentication / Authorization which the API - consumer is willing to accept when receiving a notification. - Permitted values: - * BASIC: In every HTTP request to the notification endpoint, use - HTTP Basic authentication with the client credentials. - * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the - notification endpoint, use an OAuth 2.0 Bearer token, obtained - using the client credentials grant type. - * TLS_CERT: Every HTTP request to the notification endpoint is sent - over a mutually authenticated TLS session, i.e. not only the - server is authenticated, but also the client is authenticated - during the TLS tunnel setup. + Defines the types of Authentication/Authorization which + the API consumer is willing to accept when receiving a + notification. + Permitted values (see note 3): + - OAUTH2_CLIENT_CREDENTIALS: In every + HTTP request to the notification endpoint, use + an OAuth 2.0 token, obtained using the client + credentials grant type after authenticating + using client identifier and client password + towards the token endpoint. + - OAUTH2_CLIENT_CERT: In every HTTP + request to the notification endpoint, use an + OAuth 2.0 token, obtained using the client + credentials grant type after mutually + authenticating using client identifier and X.509 + certificates towards the token endpoint. type: array items: type: string enum: - - BASIC - OAUTH2_CLIENT_CREDENTIALS - - TLS_CERT - paramsBasic: + - OAUTH2_CLIENT_CERT + paramsOauth2ClientCert: description: > - Parameters for authentication/authorization using BASIC. - Shall be present if authType is "BASIC" and the contained - information has not been provisioned out of band. - Shall be absent otherwise. + Parameters for authentication/authorization using + OAUTH2_CLIENT_CERT. + Shall be present if authType is + "OAUTH2_CLIENT_CERT" and the contained type: object + required: + - clientId + - certificateRef + - tokenEndpoint properties: - userName: + clientId: description: > - Username to be used in HTTP Basic authentication. Shall be - present if it has not been provisioned out of band. + Client identifier to be used in the access token request + of the OAuth 2.0 client credentials grant type. The client + identifier is unique in the scope of the tokenEndpoint. type: string - password: + certificateRef: description: > - Password to be used in HTTP Basic authentication. Shall be - present if it has not been provisioned out of band. - type: string + Fingerprint of the client certificate. The hash function + shall use SHA256 or higher. See note 4. + type: object + required: + - type + - value + properties: + type: + description: > + The type of the fingerprint. + Permitted values: + - x5t#S256: The SHA-256 thumbprint of the + X.509 certificate as defined in section 4.1.8 of + IETF RFC 7515 [23]. + type: string + value: + description: > + The fingerprint value as defined by the type. + type: string + tokenEndpoint: + description: > + The token endpoint from which the access token can be + obtained. + paramsOauth2ClientCredentials: description: > Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. - Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the - contained information has not been provisioned out of band. + Shall be present if authType is + "OAUTH2_CLIENT_CREDENTIALS" and the contained + information has not been provisioned out of band. Shall be absent otherwise. + See note 2. type: object properties: clientId: description: > - Client identifier to be used in the access token request of the - OAuth 2.0 client credentials grant type. - Shall be present if it has not been provisioned out of band. - The clientId and clientPassword passed in a subscription shall - not be the same as the clientId and clientPassword that are used - to obtain authorization for API requests. Client credentials may - differ between subscriptions. The value of clientPassword should - be generated by a random process. + Client identifier to be used in the access token request + of the OAuth 2.0 client credentials grant type. The client + identifier is unique in the scope of the tokenEndpoint. + Shall be present if it has not been provisioned out of + band. See note 1. type: string clientPassword: description: > - Client password to be used in the access token request of the - OAuth 2.0 client credentials grant type. - Shall be present if it has not been provisioned out of band. - The clientId and clientPassword passed in a subscription shall - not be the same as the clientId and clientPassword that are used - to obtain authorization for API requests. Client credentials may - differ between subscriptions. The value of clientPassword should - be generated by a random process. + Client password to be used in the access token request + of the OAuth 2.0 client credentials grant type. Shall be + present if it has not been provisioned out of band. See + note 1. type: string tokenEndpoint: description: > - The token endpoint from which the access token can be obtained. - Shall be present if it has not been provisioned out of band. + The token endpoint from which the access token can be + obtained. Shall be present if it has not been provisioned + out of band. $ref: "#/definitions/schemas/Uri" ProblemDetails: -- GitLab