Merge branch 'SOL023_V531_CR_215_draft_GS_NFV_SOL023ed531v000012' into '5.3.1-dev' (5b844783) · Commits · NFV - Network Functions Virtualisation / SOL023

README.md

+1 −1

Original line number	Diff line number	Diff line
		# NFV SOL023 APIs

		This repository hosts the [OpenAPI](https://www.openapis.org/) specifications and other documentation for the APIs defined in ETSI GS NFV-SOL 023 v5.2.1.
		This repository hosts the [OpenAPI](https://www.openapis.org/) specifications and other documentation for the APIs defined in ETSI GS NFV-SOL 023 v5.3.1.

		The APIs described in this repository are defined for the following reference point

src/SOL023/APIVersion/APIVersion.yaml

+1 −1

Original line number	Diff line number	Diff line
		@@ -19,7 +19,7 @@ info:
		version: 1.0.0-impl:etsi.org:ETSI_NFV_OpenAPI:1

		paths:
		/cert/api_versions:
		/nfv-cert/api_versions:
		$ref: ../endpoints/SOL023_endpoints.yaml#/endpoints/api-versions
		/vnflcm/api_versions:
		$ref: ../endpoints/SOL023_endpoints.yaml#/endpoints/api-versions

src/SOL023/CertificateManagement/CertificateManagement.yaml

+42 −582

File changed.

Preview size limit exceeded, changes collapsed.

src/SOL023/CertificateManagement/definitions/SOL023CertificateManagement_def.yaml

+142 −342

Original line number	Diff line number	Diff line
		definitions:
		PkiHeader:
		description: >
		This type represents a PkiHeadear.

		NOTE: At the time of use "PkiHeader" data type, e.g. for CreateSubjectRequest, nothing about the
		sender is known to the sending entity (the end entity may not know its own Distinguished Name (DN),
		e-mail name, IP address, etc.), then the "sender" field shall contain a "NULL" value.
		type: object
		required:
		- sender
		- recipient
		- generalInfo
		properties:
		sender:
		description: >
		Name of the sender of the Request. See note.
		type: string
		recipient:
		description: >
		Name of the recipient of the Request.
		type: string
		generalInfo:
		description: >
		It shall contain two of the attributes.
		The first generallInfo shall contain the set of
		• InfoType for Certificate type
		• Infovalue for Choice of VNFC or VNF OAM

		Unless the InfoValue of the first generallInfo is MANO, the second generallInfo shall contain
		the set of
		• InfoType for Type of VNFC certification handling
		• Infovalue for Choice of direct or delegation
		type: object
		required:
		- InfoType
		properties:
		InfoType:
		description: >
		Indicate the type of Info. The namespaces and conventions for the values of this attribute that
		is OID defined as clause 5.7.
		Permit values:
		• Certificate type
		• Type of VNFC certification handling
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		InfoValue:
		description: >
		If the value of “InfoType” is “Certificate type”, it shall be set.
		Permit values:
		• VNFCI certificate
		• VNF OAM certificate

		If the value of “InfoType” is “Type of certificate handling”, it shall be set.
		Permit values:
		• Direct mode
		• Delegation mode
		Only the value "Delegation mode" is allowed for this version of the present document.
		type: string

		CertRepMessages:
		description: >
		This type represents a CertRepMessages.
		type: object
		required:
		- certResponse
		properties:
		certResponse:
		description: >
		The structure and attributes are defined in IETF RFC 5912.
		type: object
		required:
		- certReqId
		- status
		properties:
		certReqId:
		description: >
		Identifier of "CertReqMessages" or “CSRRequest” to corresponding to this "CertRepMessages".
		type: integer
		status:
		description: >
		State of the subject.
		$ref: "#/definitions/PKIStatusInfoType"

		SubjectInstance:
		description: >
		This type represents a subject instance.

		NOTE: Wherever mentioned, attributes of the type "SubjectInstance", in the table 5.6.2.2-1
		are aligned with the mandatory-defined parameters in the CMPv2 in IETF RFC 4210.
		NOTE 1: Registration of target certificates of type 'MANO certificate' is not covered in this version
		of the present document.

		NOTE 2: At least one overriding attributes shall be present, otherwise shall be absent.
		type: object
		required:
		- id
		- pkiHeader
		- pkiBody
		- certType
		- subjectId
		- typeOfVnfcCertHandling
		- _links
		properties:
		id:
		description: >
		Identifier of the Subject instance.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		pkiHeader:
		description: >
		A common information of PKI message for addressing and transaction identification.
		The structure and attributes are defined in IETF RFC 4210 and RFC 9480.
		$ref: "#/definitions/PkiHeader"
		pkiBody:
		certType:
		description: >
		Message-specific information. The structure and attributes are defined in
		IETF RFC 4210 and IETF RFC 9480.
		type: object
		required:
		- ir
		- ip
		properties:
		ir:
		description: >
		Information for Initialization request.
		$ref: "#/definitions/CertReqMessages"
		ip:
		description: >
		Information for Initialization response.
		$ref: "#/definitions/CertRepMessages"
		_links:
		description: >
		Links to resources related to this resource.
		type: object
		required:
		- self
		properties:
		self:
		description: >
		URI of this resource.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Link"

		CertificateInstance:
		Indicate the type of target certificate. The possible values are (see note 1):
		- MANO certificate
		- VNFCI certificate
		- VNF OAM certificate
		type: string
		enum:
		- MANO_certificate
		- VNFCI_certificate
		- VNF_OAM_certificate
		subjectId:
		description: >
		This type represents a certificate instance. It shall comply with the provisions defined in table 5.6.2.3-1.

		NOTE: Wherever mentioned, attributes of the type "CertificateInstance", in the table 5.6.2.3-1
		are aligned with the mandatory-defined parameters in the CMPv2 in IETF RFC 4210.
		Data about subjects and their certificates that need to be registered. This attribute shall be present
		only if certType is VNFCI certificate or VNF OAM certificate.
		type: object
		required:
		- id
		- pkiHeader
		- pkiBody
		- _links
		- subjectId
		- certificateData
		properties:
		id:
		subjectId:
		description: >
		Identifier of the Certificate instance.
		The value of the Identifier of the certificate target VNFCI as subject ID if this operation is used for
		the VNFCI certificate or VNF OAM certificate.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		pkiHeader:
		certificateData:
		description: >
		A common information of PKI message for addressing and transaction identification.
		The structure and attributes are defined in IETF RFC 4210 and RFC 9480.
		$ref: "#/definitions/PkiHeader"
		pkiBody:
		description: >
		Message-specific information. The structure and attributes are defined in
		IETF RFC 4210 and IETF RFC 9480.
		Data related to certificates for the target VNFCI.
		type: object
		required:
		- p10cr
		- cp
		- subjectAlternateName
		properties:
		p10cr:
		subjectName:
		description: >
		Encoded Information for CSR Request. The structure and attributes are aligned and defined
		in IETF RFC 2986.
		$ref: "#/definitions/CSRRequest"
		cp:
		Subject data of the of VNFCI certificates, i.e., certificate fields related to common name, organization,
		country etc.
		$ref: "#/definitions/CertSubjectData"
		subjectAlternateName:
		description: >
		Information for CSR response.
		$ref: "#/definitions/CertRepMessages"
		Subject alternate names of VNFCI certificates.
		type: string
		typeOfVnfcCertHandling:
		description: >
		This parameter shall be present only if certType is VNFCI certificate or VNF OAM certificate. It indicates the
		mode of certificate management for the target entity. The possible values are:
		- direct mode
		- delegation mode
		See note 2.
		type: string
		enum:
		- direct_mode
		- delegation_mode
		_links:
		description: >
		Links to resources related to this resource.
		@@ -184,105 +83,104 @@ definitions:
		URI of this resource.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Link"

		CreateSubjectRequest:
		RegistrationRequest:
		description: >
		This type represents request parameters for the "Register" operation as defined in ETSI GS NFV-IFA 033.

		NOTE: As concept of the design of the type “CreateSubjectReuquest”, the attributes in the table 5.6.2.4-1
		are profiled with the mandatory-defined parameters in the CMP in IETF RFC 4210.
		NOTE 1: Registration of target certificates of type 'MANO certificate' is not covered in this version of the
		present document.
		NOTE 2: Only the value "delegation mode" is allowed for this version of the present document.
		type: object
		required:
		- pkiHeader
		- pkiBody
		- certType
		- subjectId
		- typeOfVnfcCertHandling
		properties:
		pkiHeader:
		certType:
		description: >
		A common informatio0n of PKI message for addressing and transaction identification. The structure and
		attributes are defined in IETF RFC 4210 and RFC 9480.
		$ref: "#/definitions/PkiHeader"
		pkiBody:
		Indicate the type of target certificate. The possible values are (see note 1):
		- MANO certificate
		- VNFCI certificate
		- VNF OAM certificate
		type: string
		enum:
		- MANO_certificate
		- VNFCI_certificate
		- VNF_OAM_certificate
		subjectId:
		description: >
		Message specific information. The structure and attributes are defined in IETF RFC 4210 and IETF RFC 9480.
		Data about subjects and their certificates that need to be registered. This attribute shall be present
		only if certType is VNFCI certificate or VNF OAM certificate.
		type: object
		required:
		- ir
		- subjectId
		- certificateData
		properties:
		ir:
		subjectId:
		description: >
		Information for Initialization Request.
		$ref: "#/definitions/CertReqMessages"

		CSRRequest:
		The value of the Identifier of the certificate target VNFCI as subject ID if this operation is used for
		the VNFCI certificate or VNF OAM certificate.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		certificateData:
		description: >
		This type represents request parameters for the "Certificate Signing Request" operation.

		NOTE: As concept of the design of the type “CSRRequest”, the attributes in the table 5.6.2.5-1
		are profiled to the mandatory-defined parameters in the CMPv2 in IETF RFC 4210.
		Data related to certificates for the target VNFCI.
		type: object
		required:
		- pkiHeader
		- pkiBody
		- subjectAlternateName
		properties:
		pkiHeader:
		subjectName:
		description: >
		A common information of PKI message for addressing and transaction identification. The structure
		and attributes are defined in IETF RFC 4210 and RFC 9480.
		$ref: "#/definitions/PkiHeader"
		pkiBody:
		Subject data of the of VNFCI certificates, i.e., certificate fields related to common name, organization,
		country etc.
		$ref: "#/definitions/CertSubjectData"
		subjectAlternateName:
		description: >
		Message specific information. The structure and attributes are defined in IETF RFC 4210 and IETF RFC 9480.
		type: object
		required:
		- p10cr
		properties:
		p10cr:
		Subject alternate names of VNFCI certificates.
		type: string
		typeOfVnfcCertHandling:
		description: >
		Encoded Information for CSR Request. The structure and attributes are aligned and
		defined in IETF RFC 2986.
		$ref: "#/definitions/CSRMessage"
		This parameter shall be present only if certType is VNFCI certificate or VNF OAM certificate. It indicates the
		mode of certificate management for the target entity. The possible values are:
		- direct mode
		- delegation mode
		See note 2.
		type: string
		enum:
		- direct_mode
		- delegation_mode

		CSRMessage:
		CertSubjectData:
		description: >
		Encoded Information for CSR Request. The structure and attributes are aligned
		and defined in IETF RFC 2986.
		type: object
		This type provides input information related to subject of certificate.

		CertReqMessages:
		description: >
		This type represents a CertReqMessages.
		NOTE: At least one overriding attributes shall be present, otherwise shall be absent.
		type: object
		required:
		- CertReqMsg
		properties:
		CertReqMsg:
		commonName:
		description: >
		The structure and attributes are defined in IETF RFC 5912.
		type: object
		required:
		- CertRequest
		properties:
		CertRequest:
		Information of certification target subject FQDN. Can be set empty when this certificate is used for encrypted
		communication using IP address. See note.
		type: string
		organization:
		description: >
		Information for the certificate request.
		type: object
		required:
		- CertTemplate
		properties:
		CertTemplate:
		Information of certification target subject Organization. See note.
		type: string
		country:
		description: >
		Information for the certificate to be issued.
		type: object
		required:
		- subjectUID
		properties:
		subjectUID:
		Information of certification target subject Country. See note.
		type: string
		state:
		description: >
		The value of the Identifier of the certificate target VNFCI as subject ID if
		this operation is used for the VNFCI certificate or VNF OAM certificate. See note.

		NOTE: For the case of MANO certificate, this attribute is not supported in this
		version of the present document.
		type: integer
		Information of certification target subject State. See note.
		type: string
		locality:
		description: >
		Information of certification target subject Locality. See note.
		type: string
		emailAddress:
		description: >
		Information of certification contact email address. See note.
		type: string

		#######################################################################
		################# Subscriptions Related Data Models ###################
		@@ -449,7 +347,7 @@ definitions:
		vnfInstanceSubscriptionFilter:
		description: >
		Filter criteria to select VNF instances about which to notify.
		$ref: "#/definitions/VnfInstanceSubscriptionFilter"
		$ref: "../../definitions/SOL023_def.yaml#/definitions/VnfInstanceSubscriptionFilter"
		cetificateState:
		description: >
		Match particular Certificate state values as reported in notifications of type
		@@ -512,7 +410,7 @@ definitions:
		ip:
		description: >
		Information for Initialization response.
		$ref: "#/definitions/CertRepMessages"
		$ref: "#/definitions/CertRepMessage"

		AffectedCertificate:
		description: >
		@@ -547,12 +445,12 @@ definitions:
		The structure and attributes are defined in IETF RFC 4210 and IETF RFC 9480.
		type: object
		required:
		- ip
		- cp
		properties:
		cp:
		description: >
		Information for CSR response.
		$ref: "#/definitions/CertRepMessages"
		$ref: "#/definitions/CertRepMessage"

		CertificateNotificationVerbosityType:
		description: >
		@@ -563,112 +461,14 @@ definitions:
		- FULL
		- SHORT

		# ToDo - populate PKIStatusInfoType when defined
		PKIStatusInfoType:
		description: >
		The enumeration PKIStatusInfoType shall comply with the provisions defined in table 4.3.4.1-1.
		type: string
		enum:
		- ACCEPTED
		- GRANTED_WITH_MODS
		- REJECTED
		- WAITING
		- REVOCATION_WARNING
		- REVOCATION_NOTIFICATION
		- KEY_UPDATE_WARNING

		VnfInstanceSubscriptionFilter:
		description: >
		This type represents subscription filter criteria to match VNF
		instances.
		* NOTE 1: The attributes "vnfdIds" and "vnfProductsFromProviders" are alternatives to reference to VNF instances
		that are based on certain VNFDs in a filter. They should not be used both in the same filter instance,
		but one alternative should be chosen.
		NOTE 2: The attributes "vnfInstanceIds" and "vnfInstanceNames" are alternatives to reference to particular VNF
		instances in a filter. They should not be used both in the same filter instance, but one alternative
		should be chosen.
		type: object
		anyOf:
		- oneOf:
		- required:
		- vnfdIds
		- required:
		- vnfProductsFromProviders
		- oneOf:
		- required:
		- vnfInstanceIds
		- required:
		- vnfInstanceNames
		properties:
		vnfdIds:
		description: >
		If present, match VNF instances that were created based on a VNFD
		identified by one of the vnfdId values listed in this attribute. See note 1.
		type: array
		items:
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		vnfProductsFromProviders:
		description: >
		If present, match VNF instances that belong to VNF products from
		certain providers. See note 1.
		type: array
		items:
		type: object
		required:
		- vnfProvider
		properties:
		vnfProvider:
		description: >
		Name of the VNF provider to match.
		type: string
		vnfProducts:
		description: >
		If present, match VNF instances that belong to VNF products
		with certain product names, from one particular provider.
		type: array
		items:
		Not provided.
		type: object
		required:
		- vnfProductName
		properties:
		vnfProductName:
		description: >
		Name of the VNF product to match.
		type: string
		versions:

		# ToDo - populate CertRepMessage when defined
		CertRepMessage:
		description: >
		If present, match VNF instances that belong to VNF
		products with certain versions and a certain product
		name, from one particular provider.
		type: array
		items:
		Indicates CMPv2 CertRepMessage structure.
		type: object
		No newline at end of file
		required:
		- vnfSoftwareVersion
		properties:
		vnfSoftwareVersion:
		description: >
		Software version to match.
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Version"
		vnfdVersions:
		description: >
		If present, match VNF instances that belong to VNF
		products with certain VNFD versions, a certain
		software version and a certain product name, from
		one particular provider.
		type: array
		items:
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Version"
		vnfInstanceIds:
		description: >
		If present, match VNF instances with an instance identifier listed
		in this attribute. See note 2.
		type: array
		items:
		$ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier"
		vnfInstanceNames:
		description: >
		If present, match VNF instances with a VNF Instance Name listed in
		this attribute. See note 2.
		type: array
		items:
		type: string
		No newline at end of file

src/SOL023/CertificateNotification/CertificateNotification.yaml

+2 −2

Original line number	Diff line number	Diff line
		@@ -19,8 +19,8 @@ info:
		version: 1.0.0-impl:etsi.org:ETSI_NFV_OpenAPI:1

		externalDocs:
		description: ETSI GS NFV-SOL 023 V5.2.1
		url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.02.01_60/gs_nfv-sol023v050201p.pdf
		description: ETSI GS NFV-SOL 023 V5.3.1
		url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.03.01_60/gs_nfv-sol023v050301p.pdf

		servers:
		- url: http://127.0.0.1/callback/v2

Admin message