From 4e5621097cf6f3150353e6495e95bc9d5254538f Mon Sep 17 00:00:00 2001
From: Pietro Piscione
Date: Fri, 5 Jan 2024 11:18:03 +0100
Subject: [PATCH] Updated SOL012 OAS to SOL012ed451 spec.
---
Readme.md | 2 +-
.../PolicyManagement/PolicyManagement.yaml | 6 +-
.../PolicyManagementNotification.yaml | 4 +-
src/SOL012/definitions/SOL012_def.yaml | 150 ++++++++++++------
4 files changed, 108 insertions(+), 54 deletions(-)
diff --git a/Readme.md b/Readme.md
index e361549..2cb79ea 100644
--- a/Readme.md
+++ b/Readme.md
@@ -1,6 +1,6 @@
# NFV SOL012 - OpenAPIs for the Policy Management Interface
-This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.4.1, RESTful protocols
+This repository contains OpenAPIs for ETSI GS NFV-SOL 012 v4.5.1, RESTful protocols
specification for the Policy Management Interface.
More information at [NFV Solutions wiki](https://nfvwiki.etsi.org/index.php?title=NFV_Solutions).
diff --git a/src/SOL012/PolicyManagement/PolicyManagement.yaml b/src/SOL012/PolicyManagement/PolicyManagement.yaml
index b2d2819..34a548f 100644
--- a/src/SOL012/PolicyManagement/PolicyManagement.yaml
+++ b/src/SOL012/PolicyManagement/PolicyManagement.yaml
@@ -15,8 +15,8 @@ info:
name: ETSI Forge copyright notice
url: https://forge.etsi.org/etsi-forge-copyright-notice.txt
externalDocs:
- description: ETSI GS NFV-SOL 012 v4.4.1
- url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf
+ description: ETSI GS NFV-SOL 012 v4.5.1
+ url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf
security:
- OauthSecurity:
@@ -1234,4 +1234,4 @@ components:
content:
application/json:
schema:
- $ref: "definitions/PolicyManagement_def.yaml#/definitions/schemas/PolicySubscriptionRequest"
\ No newline at end of file
+ $ref: "definitions/PolicyManagement_def.yaml#/definitions/schemas/PolicySubscriptionRequest"
diff --git a/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml b/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml
index 68fbcc5..1754b4a 100644
--- a/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml
+++ b/src/SOL012/PolicyManagementNotification/PolicyManagementNotification.yaml
@@ -15,8 +15,8 @@ info:
name: ETSI Forge copyright notice
url: https://forge.etsi.org/etsi-forge-copyright-notice.txt
externalDocs:
- description: ETSI GS NFV-SOL 012 v4.4.1
- url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.04.01_60/gs_NFV-SOL012v040401p.pdf
+ description: ETSI GS NFV-SOL 012 v4.5.1
+ url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/012/04.05.01_60/gs_NFV-SOL012v040501p.pdf
security:
- OauthSecurity:
diff --git a/src/SOL012/definitions/SOL012_def.yaml b/src/SOL012/definitions/SOL012_def.yaml
index 3fc178b..0eac748 100644
--- a/src/SOL012/definitions/SOL012_def.yaml
+++ b/src/SOL012/definitions/SOL012_def.yaml
@@ -144,84 +144,138 @@ definitions:
type: number
SubscriptionAuthentication:
+ description: >
+ NOTE 1: The clientId and clientPassword passed in a subscription
+ shall not be the same as the clientId and
+ clientPassword that are used to obtain authorization for API
+ requests. Client credentials may differ between
+ subscriptions. The value of clientPassword should be generated
+ by a random process.
+ NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which
+ uses mutual authentication based on X.509
+ certificates, this mode which uses client password to authenticate
+ may be used in the access token request
+ toward the authorization server (as defined by IETF RFC 6749 [7]),
+ only to support legacy implementations
+ (version 3.4.1 or earlier version of the present document).
+ See clause 8.1 for more details.
+ NOTE 3: The following values that were included up to version 3.4.1
+ of the present document have been removed:
+ "BASIC" (to signal the use of the basic HTTP authentication)
+ has been removed because it is insecure.
+ "TLS_CERT" to signal an alternative non-token based authorization
+ method using TLS certificates has been
+ removed because the method is no longer supported.
+ NOTE 4: The client certificate is established by means outside the
+ scope of the present document.
type: object
- required:
- - authType
+ oneOf:
+ - required:
+ - authType
+ - paramsOauth2ClientCredentials
+ - required:
+ - authType
+ - paramsOauth2ClientCert
properties:
authType:
description: >
- Defines the types of Authentication / Authorization which the API
- consumer is willing to accept when receiving a notification.
- Permitted values:
- * BASIC: In every HTTP request to the notification endpoint, use
- HTTP Basic authentication with the client credentials.
- * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the
- notification endpoint, use an OAuth 2.0 Bearer token, obtained
- using the client credentials grant type.
- * TLS_CERT: Every HTTP request to the notification endpoint is sent
- over a mutually authenticated TLS session, i.e. not only the
- server is authenticated, but also the client is authenticated
- during the TLS tunnel setup.
+ Defines the types of Authentication/Authorization which
+ the API consumer is willing to accept when receiving a
+ notification.
+ Permitted values (see note 3):
+ - OAUTH2_CLIENT_CREDENTIALS: In every
+ HTTP request to the notification endpoint, use
+ an OAuth 2.0 token, obtained using the client
+ credentials grant type after authenticating
+ using client identifier and client password
+ towards the token endpoint.
+ - OAUTH2_CLIENT_CERT: In every HTTP
+ request to the notification endpoint, use an
+ OAuth 2.0 token, obtained using the client
+ credentials grant type after mutually
+ authenticating using client identifier and X.509
+ certificates towards the token endpoint.
type: array
items:
type: string
enum:
- - BASIC
- OAUTH2_CLIENT_CREDENTIALS
- - TLS_CERT
- paramsBasic:
+ - OAUTH2_CLIENT_CERT
+ paramsOauth2ClientCert:
description: >
- Parameters for authentication/authorization using BASIC.
- Shall be present if authType is "BASIC" and the contained
- information has not been provisioned out of band.
- Shall be absent otherwise.
+ Parameters for authentication/authorization using
+ OAUTH2_CLIENT_CERT.
+ Shall be present if authType is
+ "OAUTH2_CLIENT_CERT" and the contained
type: object
+ required:
+ - clientId
+ - certificateRef
+ - tokenEndpoint
properties:
- userName:
+ clientId:
description: >
- Username to be used in HTTP Basic authentication. Shall be
- present if it has not been provisioned out of band.
+ Client identifier to be used in the access token request
+ of the OAuth 2.0 client credentials grant type. The client
+ identifier is unique in the scope of the tokenEndpoint.
type: string
- password:
+ certificateRef:
description: >
- Password to be used in HTTP Basic authentication. Shall be
- present if it has not been provisioned out of band.
- type: string
+ Fingerprint of the client certificate. The hash function
+ shall use SHA256 or higher. See note 4.
+ type: object
+ required:
+ - type
+ - value
+ properties:
+ type:
+ description: >
+ The type of the fingerprint.
+ Permitted values:
+ - x5t#S256: The SHA-256 thumbprint of the
+ X.509 certificate as defined in section 4.1.8 of
+ IETF RFC 7515 [23].
+ type: string
+ value:
+ description: >
+ The fingerprint value as defined by the type.
+ type: string
+ tokenEndpoint:
+ description: >
+ The token endpoint from which the access token can be
+ obtained.
+
paramsOauth2ClientCredentials:
description: >
Parameters for authentication/authorization using
OAUTH2_CLIENT_CREDENTIALS.
- Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the
- contained information has not been provisioned out of band.
+ Shall be present if authType is
+ "OAUTH2_CLIENT_CREDENTIALS" and the contained
+ information has not been provisioned out of band.
Shall be absent otherwise.
+ See note 2.
type: object
properties:
clientId:
description: >
- Client identifier to be used in the access token request of the
- OAuth 2.0 client credentials grant type.
- Shall be present if it has not been provisioned out of band.
- The clientId and clientPassword passed in a subscription shall
- not be the same as the clientId and clientPassword that are used
- to obtain authorization for API requests. Client credentials may
- differ between subscriptions. The value of clientPassword should
- be generated by a random process.
+ Client identifier to be used in the access token request
+ of the OAuth 2.0 client credentials grant type. The client
+ identifier is unique in the scope of the tokenEndpoint.
+ Shall be present if it has not been provisioned out of
+ band. See note 1.
type: string
clientPassword:
description: >
- Client password to be used in the access token request of the
- OAuth 2.0 client credentials grant type.
- Shall be present if it has not been provisioned out of band.
- The clientId and clientPassword passed in a subscription shall
- not be the same as the clientId and clientPassword that are used
- to obtain authorization for API requests. Client credentials may
- differ between subscriptions. The value of clientPassword should
- be generated by a random process.
+ Client password to be used in the access token request
+ of the OAuth 2.0 client credentials grant type. Shall be
+ present if it has not been provisioned out of band. See
+ note 1.
type: string
tokenEndpoint:
description: >
- The token endpoint from which the access token can be obtained.
- Shall be present if it has not been provisioned out of band.
+ The token endpoint from which the access token can be
+ obtained. Shall be present if it has not been provisioned
+ out of band.
$ref: "#/definitions/schemas/Uri"
ProblemDetails:
--
GitLab