diff --git a/README.md b/README.md index 50867af6824681748050848e2665962c0e3aaec1..a094ed372397b491a088216ec6df872f5132f1e0 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # NFV SOL023 APIs -This repository hosts the [OpenAPI](https://www.openapis.org/) specifications and other documentation for the APIs defined in ETSI GS NFV-SOL 023 v5.2.1. +This repository hosts the [OpenAPI](https://www.openapis.org/) specifications and other documentation for the APIs defined in ETSI GS NFV-SOL 023 v5.3.1. The APIs described in this repository are defined for the following reference point diff --git a/src/SOL023/APIVersion/APIVersion.yaml b/src/SOL023/APIVersion/APIVersion.yaml index e975da66da4b4c5ff1a5f3bca954f84966d5f7a0..75208903d40a84d8d944cd3d03026d25bc9aa46f 100644 --- a/src/SOL023/APIVersion/APIVersion.yaml +++ b/src/SOL023/APIVersion/APIVersion.yaml @@ -19,7 +19,7 @@ info: version: 1.0.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 paths: - /cert/api_versions: + /nfv-cert/api_versions: $ref: ../endpoints/SOL023_endpoints.yaml#/endpoints/api-versions /vnflcm/api_versions: $ref: ../endpoints/SOL023_endpoints.yaml#/endpoints/api-versions diff --git a/src/SOL023/CertificateManagement/CertificateManagement.yaml b/src/SOL023/CertificateManagement/CertificateManagement.yaml index fdfa8f34305012a0a9b10992f5f120bcb7f39a9a..f33f09ce54196df30c4063bbab5e14a3ff3fb27c 100644 --- a/src/SOL023/CertificateManagement/CertificateManagement.yaml +++ b/src/SOL023/CertificateManagement/CertificateManagement.yaml @@ -19,8 +19,8 @@ info: version: 1.0.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 023 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.02.01_60/gs_nfv-sol023v050201p.pdf + description: ETSI GS NFV-SOL 023 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.03.01_60/gs_nfv-sol023v050301p.pdf servers: - url: http://127.0.0.1/cm/v2 @@ -38,9 +38,9 @@ paths: post: description: | - The POST method creates a new subject resource. See clause 5.5.3.3.1. + The POST method creates a new subject resource. See clause 5.6.3.3.3.1. requestBody: - $ref: "#/components/requestBodies/CreateSubjectRequest" + $ref: "#/components/requestBodies/RegistrationRequest" responses: "201": $ref: "#/components/responses/SubjectInstance.Post.201" @@ -67,7 +67,7 @@ paths: get: description: | - The GET method queries information about multiple subject instances. See clause 5.5.3.3.2. + The GET method queries information about multiple subject instances. See clause 5.6.3.3.3.2. parameters: - $ref: '#/components/parameters/filter_subject_instances' - $ref: ../components/SOL023_params.yaml#/components/parameters/all_fields_cmf @@ -108,7 +108,7 @@ paths: get: description: | The GET method retrieves information about a Subject instance by reading an "Individual Subject instance" - resource. See clause 5.5.4.3.2. + resource. See clause 5.6.3.4.3.2. parameters: - $ref: ../components/SOL023_params.yaml#/components/parameters/Accept responses: @@ -137,7 +137,7 @@ paths: delete: description: | - This method deletes an "Individual Subject instance" resource. See clause 5.5.4.3.5. + This method deletes an "Individual Subject instance" resource. See clause 5.6.3.4.3.5. responses: "204": $ref: "#/components/responses/IndividualSubjectInstance.Delete.204" @@ -160,180 +160,6 @@ paths: "503": $ref: ../responses/SOL023_resp.yaml#/responses/503 - /subjects/{subjectId}/certificates: - parameters: - - $ref: "#/components/parameters/subjectId" - - $ref: ../components/SOL023_params.yaml#/components/parameters/Accept - - $ref: ../components/SOL023_params.yaml#/components/parameters/Authorization - - $ref: ../components/SOL023_params.yaml#/components/parameters/Version - - post: - description: | - The POST method creates a new Certificate resource with certificate for VNFCI and VNF OAM. See clause 5.5.5.3.1. - requestBody: - $ref: "#/components/requestBodies/CSRRequest" - responses: - "201": - $ref: "#/components/responses/CertificateInstance.Post.201" - "409": - $ref: "#/components/responses/CertificateInstance.Post.409" - "400": - $ref: ../responses/SOL023_resp.yaml#/responses/400 - "401": - $ref: ../responses/SOL023_resp.yaml#/responses/401 - "403": - $ref: ../responses/SOL023_resp.yaml#/responses/403 - "404": - $ref: ../responses/SOL023_resp.yaml#/responses/404 - "405": - $ref: ../responses/SOL023_resp.yaml#/responses/405 - "406": - $ref: ../responses/SOL023_resp.yaml#/responses/406 - "422": - $ref: ../responses/SOL023_resp.yaml#/responses/422 - "500": - $ref: ../responses/SOL023_resp.yaml#/responses/500 - "503": - $ref: ../responses/SOL023_resp.yaml#/responses/503 - "504": - $ref: ../responses/SOL023_resp.yaml#/responses/504 - - get: - description: | - The GET method queries information about multiple subject instances. See clause 5.5.5.3.2. - parameters: - - $ref: '#/components/parameters/filter_certificate_instances' - - $ref: ../components/SOL023_params.yaml#/components/parameters/all_fields_cmf - - $ref: ../components/SOL023_params.yaml#/components/parameters/fields_cmf - - $ref: ../components/SOL023_params.yaml#/components/parameters/exclude_fields_cmf - - $ref: '#/components/parameters/exclude_default_certificate_instances' - - $ref: ../components/SOL023_params.yaml#/components/parameters/nextpage_opaque_marker_cmf - responses: - "200": - $ref: "#/components/responses/CertificateInstances.Get.200" - "400": - $ref: ../responses/SOL023_resp.yaml#/responses/400 - "401": - $ref: ../responses/SOL023_resp.yaml#/responses/401 - "403": - $ref: ../responses/SOL023_resp.yaml#/responses/403 - "404": - $ref: ../responses/SOL023_resp.yaml#/responses/404 - "405": - $ref: ../responses/SOL023_resp.yaml#/responses/405 - "406": - $ref: ../responses/SOL023_resp.yaml#/responses/406 - "416": - $ref: ../responses/SOL023_resp.yaml#/responses/416 - "500": - $ref: ../responses/SOL023_resp.yaml#/responses/500 - "503": - $ref: ../responses/SOL023_resp.yaml#/responses/503 - "504": - $ref: ../responses/SOL023_resp.yaml#/responses/504 - - /subjects/{subjectId}/certificates/{certificateId}: - parameters: - - $ref: "#/components/parameters/subjectId" - - $ref: "#/components/parameters/certificateId" - - $ref: ../components/SOL023_params.yaml#/components/parameters/Authorization - - $ref: ../components/SOL023_params.yaml#/components/parameters/Version - - get: - description: | - The GET method retrieves information about a Certificate instance by reading an - "Individual Certificate instance" resource. See clause 5.5.6.3.2. - parameters: - - $ref: ../components/SOL023_params.yaml#/components/parameters/Accept - - responses: - "200": - $ref: "#/components/responses/IndividualCertificateInstance.Get.200" - "400": - $ref: ../responses/SOL023_resp.yaml#/responses/400 - "401": - $ref: ../responses/SOL023_resp.yaml#/responses/401 - "403": - $ref: ../responses/SOL023_resp.yaml#/responses/403 - "404": - $ref: ../responses/SOL023_resp.yaml#/responses/404 - "405": - $ref: ../responses/SOL023_resp.yaml#/responses/405 - "406": - $ref: ../responses/SOL023_resp.yaml#/responses/406 - "416": - $ref: ../responses/SOL023_resp.yaml#/responses/416 - "500": - $ref: ../responses/SOL023_resp.yaml#/responses/500 - "503": - $ref: ../responses/SOL023_resp.yaml#/responses/503 - "504": - $ref: ../responses/SOL023_resp.yaml#/responses/504 - - delete: - description: | - This method deletes an "Individual Certificate instance" resource. See clause 5.5.6.3.5. - responses: - "204": - $ref: "#/components/responses/IndividualCertificateInstance.Delete.204" - "409": - $ref: "#/components/responses/IndividualCertificateInstance.Delete.409" - "400": - $ref: ../responses/SOL023_resp.yaml#/responses/400 - "401": - $ref: ../responses/SOL023_resp.yaml#/responses/401 - "403": - $ref: ../responses/SOL023_resp.yaml#/responses/403 - "404": - $ref: ../responses/SOL023_resp.yaml#/responses/404 - "405": - $ref: ../responses/SOL023_resp.yaml#/responses/405 - "406": - $ref: ../responses/SOL023_resp.yaml#/responses/406 - "500": - $ref: ../responses/SOL023_resp.yaml#/responses/500 - "503": - $ref: ../responses/SOL023_resp.yaml#/responses/503 - - /subjects/{subjectId}/certificates/{certificateId}/certificate_content: - parameters: - - $ref: "#/components/parameters/subjectId" - - $ref: "#/components/parameters/certificateId" - - get: - description: | - The GET method fetches the content of a certificate content identified by the certificate - identifier allocated by the CMF. See clause 5.5.7.3.2. - responses: - "200": - $ref: "#/components/responses/IndividualCertificateContentInstance.Get.200" - "206": - $ref: "#/components/responses/IndividualCertificateContentInstance.Get.206" - "409": - $ref: "#/components/responses/IndividualCertificateContentInstance.Get.409" - "416": - $ref: "#/components/responses/IndividualCertificateContentInstance.Get.416" - "400": - $ref: ../responses/SOL023_resp.yaml#/responses/400 - "401": - $ref: ../responses/SOL023_resp.yaml#/responses/401 - "403": - $ref: ../responses/SOL023_resp.yaml#/responses/403 - "404": - $ref: ../responses/SOL023_resp.yaml#/responses/404 - "405": - $ref: ../responses/SOL023_resp.yaml#/responses/405 - "406": - $ref: ../responses/SOL023_resp.yaml#/responses/406 - "422": - $ref: ../responses/SOL023_resp.yaml#/responses/422 - "500": - $ref: ../responses/SOL023_resp.yaml#/responses/500 - "503": - $ref: ../responses/SOL023_resp.yaml#/responses/503 - "504": - $ref: ../responses/SOL023_resp.yaml#/responses/504 - ####################################################################### ###################### Subscription Endpoints ######################## ####################################################################### @@ -347,7 +173,7 @@ paths: description: | The POST method creates a new subscription. See clause 7.5.3.3.1. requestBody: - $ref: "#/components/requestBodies/CertificateSubscriptionRequest" + $ref: "#/components/requestBodies/RegistrationRequest" responses: 201: $ref: '#/components/responses/Subscriptions.Post.201' @@ -469,9 +295,9 @@ components: filter_subject_instances: name: filter description: > - Attribute-based filtering expression according to clause 5.2 of ETSI GS NFV SOL 013 [4]. - The CMF shall support receiving this parameter as part of the URI query string. The VNFM may - supply this parameter. + Attribute-based filtering expression according to clause 5.2 of ETSI GS NFV SOL 013. + The CMF shall support receiving this parameter as part of the URI query string. The VNFM + may supply this parameter. All attribute names that appear in the SubjectInstance and in data types referenced from it shall be supported by the CMF in the filter expression. in: query @@ -483,39 +309,12 @@ components: name: exclude_default in: query description: >- - Indicates to exclude the following complex attributes from the response. See clause 5.3 of - ETSI GS NFV-SOL 013 for details. The CMF shall support this parameter. - The following attributes shall be excluded from the SubjectInstance structure in the response - body if this parameter is provided, or none of the parameters "all_fields", "fields", "exclude_fields", + Indicates to exclude the following complex attributes from the response. See clause 5.3 of ETSI + GS NFV-SOL 013 for details. The CMF shall support this parameter. + The following attributes shall be excluded from the SubjectInstance structure in the response body + if this parameter is provided, or none of the parameters "all_fields", "fields", "exclude_fields", "exclude_default" are provided: - - pkiBody - required: false - schema: - type: string - - filter_certificate_instances: - name: filter - description: > - Attribute-based filtering expression according to clause 5.2 of ETSI GS NFV SOL 013 [4]. - The CMF shall support receiving this parameter as part of the URI query string. The VNFM may - supply this parameter. - All attribute names that appear in the SubjectInstance and in data types referenced from it - shall be supported by the CMF in the filter expression. - in: query - required: false - schema: - type: string - - exclude_default_certificate_instances: - name: exclude_default - in: query - description: >- - Indicates to exclude the following complex attributes from the response. See clause 5.3 of - ETSI GS NFV-SOL 013 for details. The CMF shall support this parameter. - The following attributes shall be excluded from the SubjectInstance structure in the response - body if this parameter is provided, or none of the parameters "all_fields", "fields", "exclude_fields", - "exclude_default" are provided: - - pkiBody + - subjectId required: false schema: type: string @@ -535,23 +334,10 @@ components: schema: type: string - certificateId: - name: certificateId - in: path - description: | - certificateId Identifier of the Certificate instance. See note. - - NOTE: This identifier can be retrieved from the resource referenced by the "Location" HTTP - header in the response to a POST request creating a new "Individual Certificate instance" resource. - It can also be retrieved from the "id" attribute in the message content of that response. - required: true - style: simple - explode: false - schema: - type: string + ####################################################################### + ################# Parameters for Subscriptions Resources ############## + ####################################################################### -############################# For Subscriptions Resources ############################# - filter_subscriptions: name: filter description: > @@ -588,14 +374,13 @@ components: description: > 201 CREATED - Shall be returned when a new "Individual Subject instance" resource and the associated Subject - instance identifier has been created successfully. + Shall be returned when a new "Individual Subject instance" resource and the associated Subject instance + identifier has been created successfully. - The response body shall contain a representation of the created Subject instance, as defined in - clause 5.6.2.2. + The response body shall contain a representation of the created Subject instance, as defined in clause 5.6.2.2. - The HTTP response shall include a "Location" HTTP header that contains the resource URI of the - created Subject instance. + The HTTP response shall include a "Location" HTTP header that contains the resource URI of the created + Subject instance. headers: Location: description: | @@ -678,16 +463,16 @@ components: Shall be returned when information about zero or more subject instances has been queried successfully. The response body shall contain in an array the representations of zero or more subject instances, as - defined in clause 5.6.2.2. + defined in clause 5.6.b.2.2. If the "filter" URI parameter or one of the "all_fields", "fields" (if supported), "exclude_fields" (if supported) or "exclude_default" URI parameters was supplied in the request, the data in the response - body shall have been transformed according to the rules specified in clauses 5.2.2 and 5.3.2 of - ETSI GS NFV SOL 013, respectively. + body shall have been transformed according to the rules specified in clauses 5.2.2 and 5.3.2 of ETSI GS + NFV SOL 013, respectively. - If the CMF supports alternative 2 (paging) according to clause 5.4.2.1 of ETSI GS NFV SOL 013 for - this resource, inclusion of the Link HTTP header in this response shall follow the provisions in - clause 5.4.2.3 of ETSI GS NFV SOL 013. + If the CMF supports alternative 2 (paging) according to clause 5.4.2.1 of ETSI GS NFV SOL 013 for this + resource, inclusion of the Link HTTP header in this response shall follow the provisions in clause 5.4.2.3 + of ETSI GS NFV SOL 013. headers: Location: description: | @@ -735,7 +520,8 @@ components: 200 OK Shall be returned when information about an individual Subject instance has been read successfully. - The response body shall contain a representation of the Subject instance, as defined in clause 5.6.2.2. + + The response body shall contain a representation of the Subject instance, as defined in clause 5.6.4.2.2. headers: WWW-Authenticate: description: | @@ -765,8 +551,9 @@ components: description: | 204 NO CONTENT - Shall be returned when the "Individual Subject instance" resource and the associated - Subject identifier were deleted successfully. + Shall be returned when the "Individual Subject instance" resource and the associated Subject + identifier were deleted successfully. + The response body shall be empty. headers: WWW-Authenticate: @@ -788,217 +575,12 @@ components: description: | 409 CONFLICT - Shall be returned upon the following error: The operation cannot be executed currently, due to a - conflict with the state of the resource. - Typically, this is due to the fact that the "Individual VNF instance" resource is in INSTANTIATED state. - The response body shall contain a ProblemDetails structure, in which the "detail" attribute shall convey - more information about the error. - headers: - WWW-Authenticate: - description: | - Challenge if the corresponding HTTP request has not provided authorization, or error details if the - corresponding HTTP request has provided an invalid authorization token. - style: simple - explode: false - schema: - type: string - Version: - description: The used API version. - style: simple - explode: false - schema: - type: string - Content-Type: - description: | - The MIME type of the body of the response. Reference: IETF RFC 9110 - style: simple - explode: false - schema: - type: string - content: - application/json: - schema: - $ref: "../definitions/SOL023_def.yaml#/definitions/ProblemDetails" - - CertificateInstance.Post.201: - description: > - 201 CREATED - - Shall be returned when a new "Individual Certificate instance" resource and the associated Certificate instance identifier has been created successfully. - - The response body shall contain a representation of the created Certificate instance, as defined in clause 5.6.2.3. - - The HTTP response shall include a "Location" HTTP header that contains the resource URI of the created Certificate instance. - headers: - Location: - description: | - The resource URI of the created subject resource. - style: simple - explode: false - schema: - type: string - format: url - WWW-Authenticate: - description: > - Challenge if the corresponding HTTP request has not provided - authorization, or error details if the corresponding HTTP - request has provided an invalid authorization token. - schema: - type: string - Version: - description: > - Version of the API used in the response. - schema: - type: string - Content-Type: - description: | - The MIME type of the body of the response. Reference: IETF RFC 9110 - style: simple - explode: false - schema: - type: string - content: - application/json: - schema: - $ref: "./definitions/SOL023CertificateManagement_def.yaml#/definitions/CertificateInstance" - - CertificateInstance.Post.409: - description: > - 409 CONFLICT - - Shall be returned upon the following error: The operation cannot be executed currently, due to a conflict with the state of the resource. - - The response body shall contain a ProblemDetails structure, in which the "detail" attribute shall convey more information about the error. - headers: - WWW-Authenticate: - description: > - Challenge if the corresponding HTTP request has not provided - authorization, or error details if the corresponding HTTP - request has provided an invalid authorization token. - schema: - type: string - Version: - description: > - Version of the API used in the response. - schema: - type: string - content: - application/json: - schema: - $ref: "../definitions/SOL023_def.yaml#/definitions/ProblemDetails" - - CertificateInstances.Get.200: - description: > - 201 OK - - Shall be returned when information about zero or more subject instances has been queried successfully. - - The response body shall contain in an array the representations of zero or more subject instances, as - defined in clause 5.6.2.3. - - If the "filter" URI parameter or one of the "all_fields", "fields" (if supported), "exclude_fields" - (if supported) or "exclude_default" URI parameters was supplied in the request, the data in the response - body shall have been transformed according to the rules specified in clauses 5.2.2 and 5.3.2 of - ETSI GS NFV SOL 013, respectively. - - If the CMF supports alternative 2 (paging) according to clause 5.4.2.1 of ETSI GS NFV SOL 013 for - this resource, inclusion of the Link HTTP header in this response shall follow the provisions in - clause 5.4.2.3 of ETSI GS NFV SOL 013. - headers: - WWW-Authenticate: - description: > - Challenge if the corresponding HTTP request has not provided - authorization, or error details if the corresponding HTTP - request has provided an invalid authorization token. - schema: - type: string - Version: - description: > - Version of the API used in the response. - schema: - type: string - Link: - description: | - Reference to other resources. Used for paging in the present document. - style: simple - explode: false - schema: - type: string - Content-Type: - description: | - The MIME type of the body of the response. Reference: IETF RFC 9110 - style: simple - explode: false - schema: - type: string - content: - application/json: - schema: - type: array - items: - $ref: "./definitions/SOL023CertificateManagement_def.yaml#/definitions/CertificateInstance" - - IndividualCertificateInstance.Get.200: - description: > - 200 OK - - Shall be returned when information about an individual Certificate instance has been read successfully. - The response body shall contain a representation of the Certificate instance, as defined in clause 5.6.2.3. - headers: - WWW-Authenticate: - description: | - Challenge if the corresponding HTTP request has not provided - authorization, or error details if the corresponding HTTP - request has provided an invalid authorization token. - schema: - type: string - Version: - description: > - Version of the API used in the response. - schema: - type: string - Content-Type: - description: | - The MIME type of the body of the response. Reference: IETF RFC 9110 - style: simple - explode: false - schema: - type: string - content: - application/json: - schema: - $ref: "./definitions/SOL023CertificateManagement_def.yaml#/definitions/CertificateInstance" - - IndividualCertificateInstance.Delete.204: - description: | - 204 NO CONTENT - - Shall be returned when the "Individual Certificate instance" resource and the associated - Certificate identifier were deleted successfully. - The response body shall be empty. - headers: - WWW-Authenticate: - description: | - Challenge if the corresponding HTTP request has not provided authorization, or error details if the - corresponding HTTP request has provided an invalid authorization token. - style: simple - explode: false - schema: - type: string - Version: - description: The used API version. - style: simple - explode: false - schema: - type: string + Shall be returned upon the following error: The operation cannot be executed currently, due to a conflict + with the state of the resource. - IndividualCertificateInstance.Delete.409: - description: | - 409 CONFLICT + Typically, this is due to the fact that not all certificates under the “Individual Subject instance” are + either expired or have been revoked. - Shall be returned upon the following error: The operation cannot be executed currently, due to a - conflict with the state of the resource. - Typically, this is due to the fact that the "Individual VNF instance" resource is in INSTANTIATED state. The response body shall contain a ProblemDetails structure, in which the "detail" attribute shall convey more information about the error. headers: @@ -1027,119 +609,6 @@ components: application/json: schema: $ref: "../definitions/SOL023_def.yaml#/definitions/ProblemDetails" - - IndividualCertificateContentInstance.Get.200: - description: > - 200 OK - - Shall be returned when the whole content of the certificate file has been read successfully. - - The response body shall include a copy of the certificate file. - - The "Content-Type HTTP" header shall be set according to the type of the file, i.e. to "application/text" for a certificate content according to IETF RFC 7468[a]. - headers: - WWW-Authenticate: - description: > - Challenge if the corresponding HTTP request has not provided - authorization, or error details if the corresponding HTTP - request has provided an invalid authorization token. - schema: - type: string - Version: - description: > - Version of the API used in the response. - schema: - type: string - - IndividualCertificateContentInstance.Get.206: - description: | - 206 PARTIAL CONTENT - - If the CMF supports range requests, this response shall be returned when a single consecutive byte range from the content of the certificate file has been read successfully according to the request. - - The response body shall contain the requested part of the certificate file. - - The "Content-Range" HTTP header shall be provided according to IETF RFC 9110 [c]. - - The "Content-Type" HTTP header shall be set as defined above for the "200 OK" response. - headers: - WWW-Authenticate: - description: | - Challenge if the corresponding HTTP request has not provided authorization, or error details if the - corresponding HTTP request has provided an invalid authorization token. - style: simple - explode: false - schema: - type: string - Version: - description: The used API version. - style: simple - explode: false - schema: - type: string - Content-Range: - required : true - style: simple - explode: false - schema: - type: string - content: - application/*: - schema: - type: string - format: binary - - IndividualCertificateContentInstance.Get.409: - description: > - 409 CONFLICT - - Shall be returned upon the following error: The operation cannot be executed currently, due to a conflict with the state of the resource. - - The response body shall contain a ProblemDetails structure, in which the "detail" attribute shall convey more information about the error. - headers: - WWW-Authenticate: - description: > - Challenge if the corresponding HTTP request has not provided - authorization, or error details if the corresponding HTTP - request has provided an invalid authorization token. - schema: - type: string - Version: - description: > - Version of the API used in the response. - schema: - type: string - content: - application/json: - schema: - $ref: "../definitions/SOL023_def.yaml#/definitions/ProblemDetails" - - IndividualCertificateContentInstance.Get.416: - description: | - 416 RANGE NOT SATISFIABLE - - Shall be returned upon the following error: The byte range passed in the "Range" header did not match any available byte range in the certificate file (e.g. "access after end of file"). - - The response body may contain a ProblemDetails structure. - headers: - WWW-Authenticate: - description: | - Challenge if the corresponding HTTP request has not provided authorization, or error details if the - corresponding HTTP request has provided an invalid authorization token. - style: simple - explode: false - schema: - type: string - Version: - description: The used API version. - style: simple - explode: false - schema: - type: string - content: - application/json: - schema: - $ref: "../definitions/SOL023_def.yaml#/definitions/ProblemDetails" ####################################################################### ################# Subscription Endpoints Response Bodies ############## @@ -1397,22 +866,13 @@ components: type: string requestBodies: - CreateSubjectRequest: - description: > - Subject resource creation request. - content: - application/json: - schema: - $ref: "./definitions/SOL023CertificateManagement_def.yaml#/definitions/CreateSubjectRequest" - required: true - - CSRRequest: + RegistrationRequest: description: > - Certificate resource creation request. + Subject resource creation request. Defined in clause 5.6.4.2.3. content: application/json: schema: - $ref: "./definitions/SOL023CertificateManagement_def.yaml#/definitions/CSRRequest" + $ref: "./definitions/SOL023CertificateManagement_def.yaml#/definitions/RegistrationRequest" required: true ####################################################################### diff --git a/src/SOL023/CertificateManagement/definitions/SOL023CertificateManagement_def.yaml b/src/SOL023/CertificateManagement/definitions/SOL023CertificateManagement_def.yaml index d880dd6cc9824555b74255c3138d895edf903396..d08137ee4043e28c3d6ba28165e753b5bb0dc675 100644 --- a/src/SOL023/CertificateManagement/definitions/SOL023CertificateManagement_def.yaml +++ b/src/SOL023/CertificateManagement/definitions/SOL023CertificateManagement_def.yaml @@ -1,125 +1,76 @@ definitions: - PkiHeader: - description: > - This type represents a PkiHeadear. - - NOTE: At the time of use "PkiHeader" data type, e.g. for CreateSubjectRequest, nothing about the - sender is known to the sending entity (the end entity may not know its own Distinguished Name (DN), - e-mail name, IP address, etc.), then the "sender" field shall contain a "NULL" value. - type: object - required: - - sender - - recipient - - generalInfo - properties: - sender: - description: > - Name of the sender of the Request. See note. - type: string - recipient: - description: > - Name of the recipient of the Request. - type: string - generalInfo: - description: > - It shall contain two of the attributes. - The first generallInfo shall contain the set of - • InfoType for Certificate type - • Infovalue for Choice of VNFC or VNF OAM - - Unless the InfoValue of the first generallInfo is MANO, the second generallInfo shall contain - the set of - • InfoType for Type of VNFC certification handling - • Infovalue for Choice of direct or delegation - type: object - required: - - InfoType - properties: - InfoType: - description: > - Indicate the type of Info. The namespaces and conventions for the values of this attribute that - is OID defined as clause 5.7. - Permit values: - • Certificate type - • Type of VNFC certification handling - $ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier" - InfoValue: - description: > - If the value of “InfoType” is “Certificate type”, it shall be set. - Permit values: - • VNFCI certificate - • VNF OAM certificate - - If the value of “InfoType” is “Type of certificate handling”, it shall be set. - Permit values: - • Direct mode - • Delegation mode - Only the value "Delegation mode" is allowed for this version of the present document. - type: string - - CertRepMessages: - description: > - This type represents a CertRepMessages. - type: object - required: - - certResponse - properties: - certResponse: - description: > - The structure and attributes are defined in IETF RFC 5912. - type: object - required: - - certReqId - - status - properties: - certReqId: - description: > - Identifier of "CertReqMessages" or “CSRRequest” to corresponding to this "CertRepMessages". - type: integer - status: - description: > - State of the subject. - $ref: "#/definitions/PKIStatusInfoType" - SubjectInstance: description: > This type represents a subject instance. - NOTE: Wherever mentioned, attributes of the type "SubjectInstance", in the table 5.6.2.2-1 - are aligned with the mandatory-defined parameters in the CMPv2 in IETF RFC 4210. + NOTE 1: Registration of target certificates of type 'MANO certificate' is not covered in this version + of the present document. + + NOTE 2: At least one overriding attributes shall be present, otherwise shall be absent. type: object required: - id - - pkiHeader - - pkiBody + - certType + - subjectId + - typeOfVnfcCertHandling - _links properties: id: description: > Identifier of the Subject instance. $ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier" - pkiHeader: + certType: description: > - A common information of PKI message for addressing and transaction identification. - The structure and attributes are defined in IETF RFC 4210 and RFC 9480. - $ref: "#/definitions/PkiHeader" - pkiBody: + Indicate the type of target certificate. The possible values are (see note 1): + - MANO certificate + - VNFCI certificate + - VNF OAM certificate + type: string + enum: + - MANO_certificate + - VNFCI_certificate + - VNF_OAM_certificate + subjectId: description: > - Message-specific information. The structure and attributes are defined in - IETF RFC 4210 and IETF RFC 9480. + Data about subjects and their certificates that need to be registered. This attribute shall be present + only if certType is VNFCI certificate or VNF OAM certificate. type: object required: - - ir - - ip + - subjectId + - certificateData properties: - ir: + subjectId: description: > - Information for Initialization request. - $ref: "#/definitions/CertReqMessages" - ip: + The value of the Identifier of the certificate target VNFCI as subject ID if this operation is used for + the VNFCI certificate or VNF OAM certificate. + $ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier" + certificateData: description: > - Information for Initialization response. - $ref: "#/definitions/CertRepMessages" + Data related to certificates for the target VNFCI. + type: object + required: + - subjectAlternateName + properties: + subjectName: + description: > + Subject data of the of VNFCI certificates, i.e., certificate fields related to common name, organization, + country etc. + $ref: "#/definitions/CertSubjectData" + subjectAlternateName: + description: > + Subject alternate names of VNFCI certificates. + type: string + typeOfVnfcCertHandling: + description: > + This parameter shall be present only if certType is VNFCI certificate or VNF OAM certificate. It indicates the + mode of certificate management for the target entity. The possible values are: + - direct mode + - delegation mode + See note 2. + type: string + enum: + - direct_mode + - delegation_mode _links: description: > Links to resources related to this resource. @@ -132,157 +83,104 @@ definitions: URI of this resource. $ref: "../../definitions/SOL023_def.yaml#/definitions/Link" - CertificateInstance: + RegistrationRequest: description: > - This type represents a certificate instance. It shall comply with the provisions defined in table 5.6.2.3-1. - - NOTE: Wherever mentioned, attributes of the type "CertificateInstance", in the table 5.6.2.3-1 - are aligned with the mandatory-defined parameters in the CMPv2 in IETF RFC 4210. + This type represents request parameters for the "Register" operation as defined in ETSI GS NFV-IFA 033. + + NOTE 1: Registration of target certificates of type 'MANO certificate' is not covered in this version of the + present document. + NOTE 2: Only the value "delegation mode" is allowed for this version of the present document. type: object required: - - id - - pkiHeader - - pkiBody - - _links + - certType + - subjectId + - typeOfVnfcCertHandling properties: - id: - description: > - Identifier of the Certificate instance. - $ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier" - pkiHeader: + certType: description: > - A common information of PKI message for addressing and transaction identification. - The structure and attributes are defined in IETF RFC 4210 and RFC 9480. - $ref: "#/definitions/PkiHeader" - pkiBody: + Indicate the type of target certificate. The possible values are (see note 1): + - MANO certificate + - VNFCI certificate + - VNF OAM certificate + type: string + enum: + - MANO_certificate + - VNFCI_certificate + - VNF_OAM_certificate + subjectId: description: > - Message-specific information. The structure and attributes are defined in - IETF RFC 4210 and IETF RFC 9480. + Data about subjects and their certificates that need to be registered. This attribute shall be present + only if certType is VNFCI certificate or VNF OAM certificate. type: object required: - - p10cr - - cp + - subjectId + - certificateData properties: - p10cr: - description: > - Encoded Information for CSR Request. The structure and attributes are aligned and defined - in IETF RFC 2986. - $ref: "#/definitions/CSRRequest" - cp: + subjectId: description: > - Information for CSR response. - $ref: "#/definitions/CertRepMessages" - _links: - description: > - Links to resources related to this resource. - type: object - required: - - self - properties: - self: + The value of the Identifier of the certificate target VNFCI as subject ID if this operation is used for + the VNFCI certificate or VNF OAM certificate. + $ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier" + certificateData: description: > - URI of this resource. - $ref: "../../definitions/SOL023_def.yaml#/definitions/Link" - - CreateSubjectRequest: + Data related to certificates for the target VNFCI. + type: object + required: + - subjectAlternateName + properties: + subjectName: + description: > + Subject data of the of VNFCI certificates, i.e., certificate fields related to common name, organization, + country etc. + $ref: "#/definitions/CertSubjectData" + subjectAlternateName: + description: > + Subject alternate names of VNFCI certificates. + type: string + typeOfVnfcCertHandling: + description: > + This parameter shall be present only if certType is VNFCI certificate or VNF OAM certificate. It indicates the + mode of certificate management for the target entity. The possible values are: + - direct mode + - delegation mode + See note 2. + type: string + enum: + - direct_mode + - delegation_mode + + CertSubjectData: description: > - This type represents request parameters for the "Register" operation as defined in ETSI GS NFV-IFA 033. + This type provides input information related to subject of certificate. - NOTE: As concept of the design of the type “CreateSubjectReuquest”, the attributes in the table 5.6.2.4-1 - are profiled with the mandatory-defined parameters in the CMP in IETF RFC 4210. + NOTE: At least one overriding attributes shall be present, otherwise shall be absent. type: object - required: - - pkiHeader - - pkiBody properties: - pkiHeader: + commonName: description: > - A common informatio0n of PKI message for addressing and transaction identification. The structure and - attributes are defined in IETF RFC 4210 and RFC 9480. - $ref: "#/definitions/PkiHeader" - pkiBody: + Information of certification target subject FQDN. Can be set empty when this certificate is used for encrypted + communication using IP address. See note. + type: string + organization: description: > - Message specific information. The structure and attributes are defined in IETF RFC 4210 and IETF RFC 9480. - type: object - required: - - ir - properties: - ir: - description: > - Information for Initialization Request. - $ref: "#/definitions/CertReqMessages" - - CSRRequest: - description: > - This type represents request parameters for the "Certificate Signing Request" operation. - - NOTE: As concept of the design of the type “CSRRequest”, the attributes in the table 5.6.2.5-1 - are profiled to the mandatory-defined parameters in the CMPv2 in IETF RFC 4210. - type: object - required: - - pkiHeader - - pkiBody - properties: - pkiHeader: + Information of certification target subject Organization. See note. + type: string + country: description: > - A common information of PKI message for addressing and transaction identification. The structure - and attributes are defined in IETF RFC 4210 and RFC 9480. - $ref: "#/definitions/PkiHeader" - pkiBody: + Information of certification target subject Country. See note. + type: string + state: description: > - Message specific information. The structure and attributes are defined in IETF RFC 4210 and IETF RFC 9480. - type: object - required: - - p10cr - properties: - p10cr: - description: > - Encoded Information for CSR Request. The structure and attributes are aligned and - defined in IETF RFC 2986. - $ref: "#/definitions/CSRMessage" - - CSRMessage: - description: > - Encoded Information for CSR Request. The structure and attributes are aligned - and defined in IETF RFC 2986. - type: object - - CertReqMessages: - description: > - This type represents a CertReqMessages. - type: object - required: - - CertReqMsg - properties: - CertReqMsg: + Information of certification target subject State. See note. + type: string + locality: description: > - The structure and attributes are defined in IETF RFC 5912. - type: object - required: - - CertRequest - properties: - CertRequest: - description: > - Information for the certificate request. - type: object - required: - - CertTemplate - properties: - CertTemplate: - description: > - Information for the certificate to be issued. - type: object - required: - - subjectUID - properties: - subjectUID: - description: > - The value of the Identifier of the certificate target VNFCI as subject ID if - this operation is used for the VNFCI certificate or VNF OAM certificate. See note. - - NOTE: For the case of MANO certificate, this attribute is not supported in this - version of the present document. - type: integer + Information of certification target subject Locality. See note. + type: string + emailAddress: + description: > + Information of certification contact email address. See note. + type: string ####################################################################### ################# Subscriptions Related Data Models ################### @@ -449,7 +347,7 @@ definitions: vnfInstanceSubscriptionFilter: description: > Filter criteria to select VNF instances about which to notify. - $ref: "#/definitions/VnfInstanceSubscriptionFilter" + $ref: "../../definitions/SOL023_def.yaml#/definitions/VnfInstanceSubscriptionFilter" cetificateState: description: > Match particular Certificate state values as reported in notifications of type @@ -512,7 +410,7 @@ definitions: ip: description: > Information for Initialization response. - $ref: "#/definitions/CertRepMessages" + $ref: "#/definitions/CertRepMessage" AffectedCertificate: description: > @@ -547,12 +445,12 @@ definitions: The structure and attributes are defined in IETF RFC 4210 and IETF RFC 9480. type: object required: - - ip + - cp properties: cp: description: > Information for CSR response. - $ref: "#/definitions/CertRepMessages" + $ref: "#/definitions/CertRepMessage" CertificateNotificationVerbosityType: description: > @@ -563,112 +461,14 @@ definitions: - FULL - SHORT + # ToDo - populate PKIStatusInfoType when defined PKIStatusInfoType: description: > - The enumeration PKIStatusInfoType shall comply with the provisions defined in table 4.3.4.1-1. - type: string - enum: - - ACCEPTED - - GRANTED_WITH_MODS - - REJECTED - - WAITING - - REVOCATION_WARNING - - REVOCATION_NOTIFICATION - - KEY_UPDATE_WARNING - - VnfInstanceSubscriptionFilter: - description: > - This type represents subscription filter criteria to match VNF - instances. - * NOTE 1: The attributes "vnfdIds" and "vnfProductsFromProviders" are alternatives to reference to VNF instances - that are based on certain VNFDs in a filter. They should not be used both in the same filter instance, - but one alternative should be chosen. - NOTE 2: The attributes "vnfInstanceIds" and "vnfInstanceNames" are alternatives to reference to particular VNF - instances in a filter. They should not be used both in the same filter instance, but one alternative - should be chosen. + Not provided. type: object - anyOf: - - oneOf: - - required: - - vnfdIds - - required: - - vnfProductsFromProviders - - oneOf: - - required: - - vnfInstanceIds - - required: - - vnfInstanceNames - properties: - vnfdIds: - description: > - If present, match VNF instances that were created based on a VNFD - identified by one of the vnfdId values listed in this attribute. See note 1. - type: array - items: - $ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier" - vnfProductsFromProviders: - description: > - If present, match VNF instances that belong to VNF products from - certain providers. See note 1. - type: array - items: - type: object - required: - - vnfProvider - properties: - vnfProvider: - description: > - Name of the VNF provider to match. - type: string - vnfProducts: - description: > - If present, match VNF instances that belong to VNF products - with certain product names, from one particular provider. - type: array - items: - type: object - required: - - vnfProductName - properties: - vnfProductName: - description: > - Name of the VNF product to match. - type: string - versions: - description: > - If present, match VNF instances that belong to VNF - products with certain versions and a certain product - name, from one particular provider. - type: array - items: - type: object - required: - - vnfSoftwareVersion - properties: - vnfSoftwareVersion: - description: > - Software version to match. - $ref: "../../definitions/SOL023_def.yaml#/definitions/Version" - vnfdVersions: - description: > - If present, match VNF instances that belong to VNF - products with certain VNFD versions, a certain - software version and a certain product name, from - one particular provider. - type: array - items: - $ref: "../../definitions/SOL023_def.yaml#/definitions/Version" - vnfInstanceIds: - description: > - If present, match VNF instances with an instance identifier listed - in this attribute. See note 2. - type: array - items: - $ref: "../../definitions/SOL023_def.yaml#/definitions/Identifier" - vnfInstanceNames: - description: > - If present, match VNF instances with a VNF Instance Name listed in - this attribute. See note 2. - type: array - items: - type: string \ No newline at end of file + + # ToDo - populate CertRepMessage when defined + CertRepMessage: + description: > + Indicates CMPv2 CertRepMessage structure. + type: object \ No newline at end of file diff --git a/src/SOL023/CertificateNotification/CertificateNotification.yaml b/src/SOL023/CertificateNotification/CertificateNotification.yaml index d1006082da4867edff3e86b4a44162caf7fecc60..73898fc2373d43f6c556436bd3ec328219ab3f1d 100644 --- a/src/SOL023/CertificateNotification/CertificateNotification.yaml +++ b/src/SOL023/CertificateNotification/CertificateNotification.yaml @@ -19,8 +19,8 @@ info: version: 1.0.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 023 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.02.01_60/gs_nfv-sol023v050201p.pdf + description: ETSI GS NFV-SOL 023 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.03.01_60/gs_nfv-sol023v050301p.pdf servers: - url: http://127.0.0.1/callback/v2 diff --git a/src/SOL023/VNFLifecycleManagement/VNFLifecycleManagement.yaml b/src/SOL023/VNFLifecycleManagement/VNFLifecycleManagement.yaml index 1605d54b9a237c3ef44a631d360e7be59336f85c..707fae881491107db5f322b78f6bdaf9c2f5d93c 100644 --- a/src/SOL023/VNFLifecycleManagement/VNFLifecycleManagement.yaml +++ b/src/SOL023/VNFLifecycleManagement/VNFLifecycleManagement.yaml @@ -19,8 +19,8 @@ info: version: 1.0.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 023 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.02.01_60/gs_nfv-sol023v050201p.pdf + description: ETSI GS NFV-SOL 023 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.03.01_60/gs_nfv-sol023v050301p.pdf servers: - url: http://127.0.0.1/vnflcm/v2 diff --git a/src/SOL023/VNFLifecycleManagementNotification/VNFLifecycleManagementNotification.yaml b/src/SOL023/VNFLifecycleManagementNotification/VNFLifecycleManagementNotification.yaml index 80303773f691c1433330b42d12f3894b4193e584..0437a7bbed5d261625729fe7be7ed676ecab1c7f 100644 --- a/src/SOL023/VNFLifecycleManagementNotification/VNFLifecycleManagementNotification.yaml +++ b/src/SOL023/VNFLifecycleManagementNotification/VNFLifecycleManagementNotification.yaml @@ -19,8 +19,8 @@ info: version: 1.0.0-impl:etsi.org:ETSI_NFV_OpenAPI:1 externalDocs: - description: ETSI GS NFV-SOL 023 V5.2.1 - url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.02.01_60/gs_nfv-sol023v050201p.pdf + description: ETSI GS NFV-SOL 023 V5.3.1 + url: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/023/05.03.01_60/gs_nfv-sol023v050301p.pdf servers: - url: http://127.0.0.1/vnflcm/v2 diff --git a/src/SOL023/definitions/SOL023_def.yaml b/src/SOL023/definitions/SOL023_def.yaml index 559a4c0067a7d2afabae4b649d584b7c85ff2dda..77591ea36e79b16a618e717194cca620de2a7eb4 100644 --- a/src/SOL023/definitions/SOL023_def.yaml +++ b/src/SOL023/definitions/SOL023_def.yaml @@ -197,7 +197,7 @@ definitions: subscriptions. The value of clientPassword should be generated by a random process. * NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 certificates, this mode which uses client password to authenticate may be used in the access token request - toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations + toward the authorization server (as defined by IETF RFC 6749), only to support legacy implementations (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. * NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. diff --git a/src/SOL023/responses/SOL023_resp.yaml b/src/SOL023/responses/SOL023_resp.yaml index 43d54941e23792f2820733692007693039748491..0136c4be6406f9e2ea6349afac9b669929fb9fb2 100644 --- a/src/SOL023/responses/SOL023_resp.yaml +++ b/src/SOL023/responses/SOL023_resp.yaml @@ -48,7 +48,7 @@ responses: If the request is malformed or syntactically incorrect (e.g. if the request URI contains incorrect query parameters or the message content contains a syntactically incorrect data structure), the API producer shall respond with this response code. - More details are defined in IETF RFC 9110 [24]. The "ProblemDetails" structure + More details are defined in IETF RFC 9110. The "ProblemDetails" structure shall be provided, and should include in the "detail" attribute more information about the source of the problem. @@ -66,7 +66,7 @@ responses: If the request contains a malformed access token, the API producer should respond with this response. The details of the error shall be returned in the - WWW-Authenticate HTTP header, as defined in IETF RFC 6750 [8]. The + WWW-Authenticate HTTP header, as defined in IETF RFC 6750. The ProblemDetails structure may be provided. The use of this HTTP error response code described above is applicable to the use of the OAuth 2.0 for @@ -493,7 +493,7 @@ responses: If the API consumer has sent too many requests in a defined period of time and the API producer is able to detect that condition ("rate limiting"), the API producer shall respond with this response code, - following the provisions in IETF RFC 6585 [17] for the use of the "Retry-After" HTTP header. + following the provisions in IETF RFC 6585 for the use of the "Retry-After" HTTP header. The "ProblemDetails" structure shall be provided and shall include in the "detail" attribute more information about the source of the problem.