From 8a2e25c29691594e181884f8a096aba56d5d9b7b Mon Sep 17 00:00:00 2001 From: Ayesha Ayub Date: Mon, 26 Aug 2024 11:38:08 +0500 Subject: [PATCH 1/2] Update SOL011 document version in all testcases of NSLifecycleOpetaionGranting API --- SOL011/NSLifecycleOperationGranting-API/Grants.robot | 12 ++++++------ .../IndividualGrant.robot | 12 ++++++------ SOL011/README.md | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/SOL011/NSLifecycleOperationGranting-API/Grants.robot b/SOL011/NSLifecycleOperationGranting-API/Grants.robot index ff8921e30..51a6e3127 100644 --- a/SOL011/NSLifecycleOperationGranting-API/Grants.robot +++ b/SOL011/NSLifecycleOperationGranting-API/Grants.robot @@ -12,7 +12,7 @@ Requests a grant for a particular NS lifecycle operation ... Test title: Requests a grant for a particular NS lifecycle operation ... Test objective: The objective is to request a grant for a particular NS lifecycle operation and perform a JSON schema validation on the returned grant data structure ... Pre-conditions: - ... Reference: Clause 7.5.3.3.1 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.3.3.1 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: The NFVO can decide immediately what to respond to a grant request ... Post-Conditions: The grant information is available to the NFVO. @@ -27,7 +27,7 @@ Requests a grant for a particular NS lifecycle operation - Forbidden ... Test title: Requests a grant for a particular NS lifecycle operation - Forbidden ... Test objective: The objective is to request a grant for a particular NS lifecycle operation and the grant is rejected ... Pre-conditions: none - ... Reference: Clause 7.5.3.3.1 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.3.3.1 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -40,7 +40,7 @@ GET Grants - Method not implemented ... Test title: GET Grants - Method not implemented ... Test objective: The objective is to test that GET method is not allowed for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.3.3.2 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.3.3.2 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -52,7 +52,7 @@ PUT Grants - Method not implemented ... Test title: PUT Grants - Method not implemented ... Test objective: The objective is to test that PUT method is not allowed for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.3.3.3 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.3.3.3 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -64,7 +64,7 @@ PATCH Grants - Method not implemented ... Test title: PATCH Grants - Method not implemented ... Test objective: The objective is to test that PATCH method is not allowed for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.3.3.4 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.3.3.4 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -76,7 +76,7 @@ DELETE Grants - Method not implemented ... Test title: DELETE Grants - Method not implemented ... Test objective: The objective is to test that DELETE method is not allowed for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.3.3.5 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.3.3.5 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: Resources are not deleted diff --git a/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot b/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot index 0bad5cd0d..ee13f40b5 100644 --- a/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot +++ b/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot @@ -15,7 +15,7 @@ POST Individual Grant - Method not implemented ... Test title: POST Individual Grant - Method not implemented ... Test objective: The objective is to test that POST method is not allowed for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.4.3.1 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.4.3.1 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -27,7 +27,7 @@ GET an individual grant - Successful ... Test title: GET an individual grant - Successful ... Test objective: The objective is to retrieve a grant for a particular NS Lifecycle Operation. ... Pre-conditions: The grant information is available to the NFVO - ... Reference: Clause 7.5.4.3.2 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.4.3.2 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -40,7 +40,7 @@ PUT an individual grant - Method not implemented ... Test title: PUT an individual grant - Method not implemented ... Test objective: The objective is to test that PUT method is not allowed to for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.4.3.3 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.4.3.3 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -52,7 +52,7 @@ PATCH an individual grant - Method not implemented ... Test title: PATCH an individual grant - Method not implemented ... Test objective: The objective is to test that PATCH method is not allowed to for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.4.3.4 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.4.3.4 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -64,7 +64,7 @@ DELETE an individual grant - Method not implemented ... Test title: DELETE an individual grant - Method not implemented ... Test objective: The objective is to test that DELETE method is not allowed to for Lifecycle operation granting ... Pre-conditions: none - ... Reference: Clause 7.5.4.3.5 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.4.3.5 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: none ... Post-Conditions: none @@ -76,7 +76,7 @@ GET an individual grant - NOT FOUND ... Test title: GET an individual grant - NOT FOUND ... Test objective: The objective is to test that the retrieval of individual grant for a particular Lifecycle operation fails when using an invalid resource identifier ... Pre-conditions: The grant information is available to the NFVO - ... Reference: Clause 7.5.4.3.2 - ETSI GS NFV-SOL 011 [8] v4.4.1 + ... Reference: Clause 7.5.4.3.2 - ETSI GS NFV-SOL 011 [8] v4.5.1 ... Config ID: Config_prod_NFVO ... Applicability: Invalid resource identifier is used ... Post-Conditions: none diff --git a/SOL011/README.md b/SOL011/README.md index bdd8bde54..dd99d87b4 100644 --- a/SOL011/README.md +++ b/SOL011/README.md @@ -2,7 +2,7 @@ This folder includes the NFV API conformance test descriptions for NFV SOL011 APIs. -The reference spec version is v4.4.1: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/011/04.04.01_60/gs_NFV-SOL011v040401p.pdf +The reference spec version is v4.5.1: https://www.etsi.org/deliver/etsi_gs/NFV-SOL/001_099/011/04.05.01_60/gs_NFV-SOL011v040501p.pdf ## Applicable Tests In addition to the SOL011 tests included in this folder for NS Instance Usage Notification API and NS Lifecycle Operation Granting API, the SOL011 tests make use of applicable SOL005 tests. -- GitLab From 6cef99602cbea7cf7604a662a80070679032ba7e Mon Sep 17 00:00:00 2001 From: "mudassar.sabeel" Date: Thu, 12 Sep 2024 15:15:02 +0500 Subject: [PATCH 2/2] implement OAuth scope test for NSLifeCycleOperationGranting API of SOL011 --- .../Grants.robot | 28 ++++++++++- .../IndividualGrant.robot | 24 +++++++++ .../NSLCOperationGrantingKeywords.robot | 49 ++++++++++++++++++- .../environment/variables.txt | 4 ++ 4 files changed, 103 insertions(+), 2 deletions(-) diff --git a/SOL011/NSLifecycleOperationGranting-API/Grants.robot b/SOL011/NSLifecycleOperationGranting-API/Grants.robot index 51a6e3127..7742892b4 100644 --- a/SOL011/NSLifecycleOperationGranting-API/Grants.robot +++ b/SOL011/NSLifecycleOperationGranting-API/Grants.robot @@ -82,4 +82,30 @@ DELETE Grants - Method not implemented ... Post-Conditions: Resources are not deleted Delete Grants Check HTTP Response Status Code Is 405 - Check Postcondition Grants Exist \ No newline at end of file + Check Postcondition Grants Exist +Requests a grant for a particular NS lifecycle operation with permitted authorization scope + [Documentation] Test ID: 9.3.1.1.7 + ... Test title: Requests a grant for a particular NS lifecycle operation with permitted authorization scope + ... Test objective: The objective is to request a grant for a particular NS lifecycle operation and perform a JSON schema validation on the returned grant data structure + ... Pre-conditions: + ... Reference: Clause 7.5.3.3.1 - ETSI GS NFV-SOL 011 [8] v4.5.1 + ... Config ID: Config_prod_NFVO + ... Applicability: The NFVO can decide immediately what to respond to a grant request + ... Post-Conditions: The grant information is available to the NFVO. + Send Post Request for Grant with permitted authorization scope + Check HTTP Response Status Code Is 201 + Check HTTP Response Body Json Schema Is Grant + Check HTTP Response Header Contains Location + Check Postcondition Grant Is Set +Requests a grant for a particular NS lifecycle operation with NOT permitted authorization scope + [Documentation] Test ID: 9.3.1.1.8 + ... Test title: Requests a grant for a particular NS lifecycle operation with not permitted authorization scope + ... Test objective: The objective is to request a grant for a particular NS lifecycle operation and perform a JSON schema validation on the returned grant data structure + ... Pre-conditions: + ... Reference: Clause 7.5.3.3.1 - ETSI GS NFV-SOL 011 [8] v4.5.1 + ... Config ID: Config_prod_NFVO + ... Applicability: The NFVO can decide immediately what to respond to a grant request + ... Post-Conditions: The grant information is available to the NFVO. + Send Post Request for Grant with not permitted authorization scope + Check HTTP Response Status Code Is 403 + Check HTTP Response Body Json Schema Is ProblemDetails \ No newline at end of file diff --git a/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot b/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot index ee13f40b5..403ed67a4 100644 --- a/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot +++ b/SOL011/NSLifecycleOperationGranting-API/IndividualGrant.robot @@ -82,4 +82,28 @@ GET an individual grant - NOT FOUND ... Post-Conditions: none Get individual grant Check HTTP Response Status Code Is 404 + Check HTTP Response Body Json Schema Is ProblemDetails +GET an individual grant with permitted authorization scope - Successful + [Documentation] Test ID: 9.3.1.2.7 + ... Test title: GET an individual grant with permitted authorization scope - Successful + ... Test objective: The objective is to retrieve a grant for a particular NS Lifecycle Operation. + ... Pre-conditions: The grant information is available to the NFVO + ... Reference: Clause 7.5.4.3.2 - ETSI GS NFV-SOL 011 [8] v4.5.1 + ... Config ID: Config_prod_NFVO + ... Applicability: none + ... Post-Conditions: none + Get individual grant with permitted authorization scope + Check HTTP Response Status Code Is 200 + Check HTTP Response Body Json Schema Is Grant +GET an individual grant with not permitted authorization scope - Successful + [Documentation] Test ID: 9.3.1.2.8 + ... Test title: GET an individual grant with not permitted authorization scope - Successful + ... Test objective: The objective is to retrieve a grant for a particular NS Lifecycle Operation. + ... Pre-conditions: The grant information is available to the NFVO + ... Reference: Clause 7.5.4.3.2 - ETSI GS NFV-SOL 011 [8] v4.5.1 + ... Config ID: Config_prod_NFVO + ... Applicability: none + ... Post-Conditions: none + Get individual grant with permitted not authorization scope + Check HTTP Response Status Code Is 403 Check HTTP Response Body Json Schema Is ProblemDetails \ No newline at end of file diff --git a/SOL011/NSLifecycleOperationGranting-API/NSLCOperationGrantingKeywords.robot b/SOL011/NSLifecycleOperationGranting-API/NSLCOperationGrantingKeywords.robot index 9838b930b..be8cfda58 100644 --- a/SOL011/NSLifecycleOperationGranting-API/NSLCOperationGrantingKeywords.robot +++ b/SOL011/NSLifecycleOperationGranting-API/NSLCOperationGrantingKeywords.robot @@ -4,6 +4,7 @@ Library REST ${NFVO_SCHEMA}://${NFVO_HOST}:${NFVO_PORT} ssl_verify=fals Library OperatingSystem Library JSONLibrary Library JSONSchemaLibrary schemas/ +Library jwt *** Keywords *** Send Post Request for Grant @@ -141,4 +142,50 @@ Check Postcondition Grant Is Set GET ${apiRoot}/${apiName}/${apiVersion}/grants/${response['body']['id']} ${output}= Output response Set Suite Variable ${response} ${output} - Check HTTP Response Status Code Is 200 \ No newline at end of file + Check HTTP Response Status Code Is 200 +JWT Encode + [Arguments] ${payload} ${key} ${algorithm} + ${encoded}= Evaluate jwt.encode(${payload}, ${key}, ${algorithm}) + [Return] ${encoded} +Send Post Request for Grant with permitted authorization scope + Log Request a new Grant for an NS LCM operation by POST to ${apiRoot}/${apiName}/${apiVersion}/grants + Set Headers {"Accept": "${ACCEPT}"} + Set Headers {"Content-Type": "${CONTENT_TYPE}"} + ${scope_value}= Create Dictionary scopeValue=${OPERATION_GRANTING_SCOPE} + ${authorizationToken}= JWT Encode payload=${scope_value} key='' algorithm=${OAUTH_Encryption_ALGORITHM} + Run Keyword If ${AUTH_USAGE} == 1 Set Headers {"Authorization":"${authorizationToken}"} + ${body}= Get File jsons/grantNSLifecycleOperationRequest.json + Post ${apiRoot}/${apiName}/${apiVersion}/grants ${body} + ${body}= Output response + Set Suite Variable ${response} ${body} +Send Post Request for Grant with not permitted authorization scope + Log Request a new Grant for an NS LCM operation by POST to ${apiRoot}/${apiName}/${apiVersion}/grants + Set Headers {"Accept": "${ACCEPT}"} + Set Headers {"Content-Type": "${CONTENT_TYPE}"} + ${scope_value}= Create Dictionary scopeValue=${NEG_SCOPE} + ${authorizationToken}= JWT Encode payload=${scope_value} key='' algorithm=${OAUTH_Encryption_ALGORITHM} + Run Keyword If ${AUTH_USAGE} == 1 Set Headers {"Authorization":"${authorizationToken}"} + ${body}= Get File jsons/grantNSLifecycleOperationRequest.json + Post ${apiRoot}/${apiName}/${apiVersion}/grants ${body} + ${body}= Output response + Set Suite Variable ${response} ${body} +Get individual grant with permitted authorization scope + log Trying to read an individual grant + Set Headers {"Accept":"${ACCEPT}"} + Set Headers {"Content-Type":"${CONTENT_TYPE}"} + ${scope_value}= Create Dictionary scopeValue=${OPERATION_GRANTING_SCOPE} + ${authorizationToken}= JWT Encode payload=${scope_value} key='' algorithm=${OAUTH_Encryption_ALGORITHM} + Run Keyword If ${AUTH_USAGE} == 1 Set Headers {"Authorization":"${authorizationToken}"} + Get ${apiRoot}/${apiName}/${apiVersion}/grants/${grantId} + ${body}= Output response + Set Suite Variable ${response} ${body} +Get individual grant with permitted not authorization scope + log Trying to read an individual grant + Set Headers {"Accept":"${ACCEPT}"} + Set Headers {"Content-Type":"${CONTENT_TYPE}"} + ${scope_value}= Create Dictionary scopeValue=${NEG_SCOPE} + ${authorizationToken}= JWT Encode payload=${scope_value} key='' algorithm=${OAUTH_Encryption_ALGORITHM} + Run Keyword If ${AUTH_USAGE} == 1 Set Headers {"Authorization":"${authorizationToken}"} + Get ${apiRoot}/${apiName}/${apiVersion}/grants/${grantId} + ${body}= Output response + Set Suite Variable ${response} ${body} \ No newline at end of file diff --git a/SOL011/NSLifecycleOperationGranting-API/environment/variables.txt b/SOL011/NSLifecycleOperationGranting-API/environment/variables.txt index e69f12ee2..816f5f1fc 100644 --- a/SOL011/NSLifecycleOperationGranting-API/environment/variables.txt +++ b/SOL011/NSLifecycleOperationGranting-API/environment/variables.txt @@ -25,6 +25,10 @@ ${VNFM_SCHEMA} https ${CONTENT_TYPE_PATCH} application/merge-patch+json ${WRONG_AUTHORIZATION} Bearer XXXXXWRONGXXXXX +${OPERATION_GRANTING_SCOPE} nslcog:v1:all +${NEG_SCOPE} nslcog:v1:invalid +${OAUTH_Encryption_ALGORITHM} HS256 + ${vnfInstanceDescription} description vnf ${vnfInstanceDescription_Update} Updated description vnf ${SINGLE_FILE_VNFD} 1 # If VNFD is PLAIN TEXT -- GitLab