Test Plan for CAPIF Api Access Control Policy
At this documentation you will have all information and related files and examples of test plan for this API.
Test Case 1: Retrieve ACL
Test ID: capif_api_acl-1
Description:
This test case will check that an API Provider can retrieve ACL from CAPIF
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- ACL Response:
- 200 OK Response.
- body returned must accomplish AccessControlPolicyList data structure.
- apiInvokerPolicies must:
- contain only one object.
- apiInvokerId must match apiInvokerId registered previously.
Test Case 2: Retrieve ACL with 2 Service APIs published
Test ID: capif_api_acl-2
Description:
This test case will check that an API Provider can retrieve ACL from CAPIF for 2 different serviceApis published.
Pre-Conditions:
- API Provider had two Service API Published on CAPIF
- API Invoker had a Security Context for both Service APIs published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_2
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker for both published APIs
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL for serviceApiId1
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use AEF Provider Certificate
-
Provider Retrieve ACL for serviceApiId2
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId2}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1 and service_2
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information for service_1.
- Provider Get ACL information for service_2.
Expected Result:
- ACL Response:
- 200 OK Response.
- body returned must accomplish AccessControlPolicyList data structure.
- apiInvokerPolicies must:
- contain one object.
- apiInvokerId must match apiInvokerId registered previously.
Test Case 3: Retrieve ACL with security context created by two different Invokers
Test ID: capif_api_acl-3
Description:
This test case will check that an API Provider can retrieve ACL from CAPIF containing 2 objects.
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- Two API Invokers had a Security Context for same Service API published by provider.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker for both published APIs
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Repeat previous 3 steps in order to have a new Invoker.
-
Provider Retrieve ACL for serviceApiId
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1 and service_2
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- ACL Response:
- 200 OK Response.
- body returned must accomplish AccessControlPolicyList data structure.
- apiInvokerPolicies must:
- Contain two objects.
- One object must match with apiInvokerId1 and the other one with apiInvokerId2 an registered previously.
Test Case 4: Retrieve ACL filtered by api-invoker-id
Test ID: capif_api_acl-4
Description:
This test case will check that an API Provider can retrieve ACL filtering by apiInvokerId from CAPIF containing 1 objects.
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- Two API Invokers had a Security Context for same Service API published by provider.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker for both published APIs
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Repeat previous 3 steps in order to have a new Invoker.
-
Provider Retrieve ACL for serviceApiId
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&api-invoker-id={apiInvokerId1}
- Use serviceApiId, aefId and apiInvokerId1
- Use AEF Provider Certificate
-
Provider Retrieve ACL for serviceApiId
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&api-invoker-id={apiInvokerId2}
- Use serviceApiId, aefId and apiInvokerId2
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1 and service_2
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information with query parameter indicating first api-invoker-id.
- Provider Get ACL information with query parameter indicating second api-invoker-id.
Expected Result:
-
ACL Response:
- 200 OK Response.
- body returned must accomplish AccessControlPolicyList data structure.
- apiInvokerPolicies must:
- Contain one objects.
- Object must match with apiInvokerId1.
-
ACL Response:
- 200 OK Response.
- body returned must accomplish AccessControlPolicyList data structure.
- apiInvokerPolicies must:
- Contain one objects.
- Object must match with apiInvokerId2.
Test Case 5: Retrieve ACL filtered by supported-features
Test ID: capif_api_acl-5
Description:
CURRENTLY NOT SUPPORTED FEATURE
This test case will check that an API Provider can retrieve ACL filtering by supportedFeatures from CAPIF containing 1 objects.
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- Two API Invokers had a Security Context for same Service API published by provider.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker for both published APIs
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Repeat previous 3 steps in order to have a new Invoker.
-
Provider Retrieve ACL for serviceApiId
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&supported-features={apiInvokerId1}
- Use serviceApiId, aefId and apiInvokerId1
- Use AEF Provider Certificate
-
Provider Retrieve ACL for serviceApiId
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId1}?aef-id=${aef_id}&supported-features={apiInvokerId2}
- Use serviceApiId, aefId and apiInvokerId2
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1 and service_2
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information with query parameter indicating first supported-features.
- Provider Get ACL information with query parameter indicating second supported-features.
Expected Result:
-
ACL Response:
- 200 OK Response.
- body returned must accomplish AccessControlPolicyList data structure.
- apiInvokerPolicies must:
- Contain one objects.
- Object must match with supportedFeatures1.
-
ACL Response:
- 200 OK Response.
- body returned must accomplish AccessControlPolicyList data structure.
- apiInvokerPolicies must:
- Contain one objects.
- Object must match with supportedFeatures1.
Test Case 6: Retrieve ACL with aef-id not valid
Test ID: capif_api_acl-6
Description:
This test case will check that an API Provider can't retrieve ACL from CAPIF if aef-id is not valid
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${AEF_ID_NOT_VALID}
- Use serviceApiId and AEF_ID_NOT_VALID
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- ACL Response:
- 404 Not Found Response.
- body returned must accomplish Problem Details data structure.
- apiInvokerPolicies must:
- status 404
- title with message "Not Found"
- detail with message "No ACLs found for the requested service: {service_api_id}, aef_id: {aef_id}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
- cause with message "Wrong id".
Test Case 7: Retrieve ACL with service-id not valid
Test ID: capif_api_acl-7
Description:
This test case will check that an API Provider can't retrieve ACL from CAPIF if service-api-id is not valid
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${NOT_VALID_SERVICE_API_ID}?aef-id=${aef_id}
- Use NOT_VALID_SERVICE_API_ID and aef_id
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- ACL Response:
- 404 Not Found Response.
- body returned must accomplish Problem Details data structure.
- apiInvokerPolicies must:
- status 404
- title with message "Not Found"
- detail with message "No ACLs found for the requested service: {service_api_id}, aef_id: {aef_id}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
- cause with message "Wrong id".
Test Case 8: Retrieve ACL with service-api-id and aef-id not valid
Test ID: capif_api_acl-8
Description:
This test case will check that an API Provider can't retrieve ACL from CAPIF if service-api-id and aef-id are not valid
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${NOT_VALID_SERVICE_API_ID}?aef-id=${AEF_ID_NOT_VALID}
- Use NOT_VALID_SERVICE_API_ID and aef_id
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- ACL Response:
- 404 Not Found Response.
- body returned must accomplish Problem Details data structure.
- apiInvokerPolicies must:
- status 404
- title with message "Not Found"
- detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
- cause with message "Wrong id".
Test Case 9: Retrieve ACL without SecurityContext created previously by Invoker
Test ID: capif_api_acl-9
Description:
This test case will check that an API Provider can't retrieve ACL if no invoker had requested Security Context to CAPIF
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker created but no Security Context for Service API published had been requested.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
-
Discover published APIs
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- ACL Response:
- 404 Not Found Response.
- body returned must accomplish Problem Details data structure.
- apiInvokerPolicies must:
- status 404
- title with message "Not Found"
- detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
- cause with message "Wrong id".
Test Case 10: Retrieve ACL filtered by api-invoker-id not present
Test ID: capif_api_acl-10
Description:
This test case will check that an API Provider get not found response if filter by not valid api-invoker-id doesn't match any registered ACL.
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={NOT_VALID_API_INVOKER_ID}
- Use serviceApiId, aefId and NOT_VALID_API_INVOKER_ID
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- ACL Response:
- 404 Not Found Response.
- body returned must accomplish Problem Details data structure.
- apiInvokerPolicies must:
- status 404
- title with message "Not Found"
- detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: {api_invoker_id} and supportedFeatures: {supported_features}".
- cause with message "Wrong id".
Test Case 11: Retrieve ACL with APF Certificate
Test ID: capif_api_acl-11
Description:
This test case will check that an API Provider can't retrieve ACL from CAPIF using APF Certificate
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use APF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- Response to Logging Service must accomplish:
- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "Role not authorized for this API route".
- cause with message "Certificate not authorized".
Test Case 12: Retrieve ACL with AMF Certificate
Test ID: capif_api_acl-12
Description:
This test case will check that an API Provider can't retrieve ACL from CAPIF using AMF Certificate
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use AMF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- Response to Logging Service must accomplish:
- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "Role not authorized for this API route".
- cause with message "Certificate not authorized".
Test Case 13: Retrieve ACL with Invoker Certificate
Test ID: capif_api_acl-13
Description:
This test case will check that an API Provider can't retrieve ACL from CAPIF using Invoker Certificate
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}
- Use serviceApiId and aefId
- Use Invoker Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information.
Expected Result:
- Response to Logging Service must accomplish:
- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "Role not authorized for this API route".
- cause with message "Certificate not authorized".
Test Case 14: No ACL for invoker after be removed
Test ID: capif_api_acl-14
Description:
This test case will check that ACLs are removed after invoker is removed.
Pre-Conditions:
- API Provider had a Service API Published on CAPIF
- API Invoker had a Security Context for Service API published and ACL is present
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Store serviceApiId
- Use APF Certificate
-
Perform Invoker Onboarding store apiInvokerId
- Discover published APIs
-
Create Security Context for this Invoker
- Send PUT https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}
- body service security body
- Use Invoker Certificate
-
Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={api-invoker-id}
- Use serviceApiId, aefId and api-invoker-id
- Use AEF Provider Certificate
- Remove Invoker from CAPIF
- Provider Retrieve ACL
- Send GET https://{CAPIF_HOSTNAME}/access-control-policy/v1/accessControlPolicyList/${serviceApiId}?aef-id=${aef_id}&api-invoker-id={api-invoker-id}
- Use serviceApiId, aefId and api-invoker-id
- Use AEF Provider Certificate
Execution Steps:
- Register and onboard Provider at CCF.
- Publish a provider API with name service_1
- Register and onboard Invoker at CCF
- Store signed Certificate
- Create Security Context
- Provider Get ACL information of invoker.
- Remove Invoker from CAPIF.
- Provider Get ACL information of invoker.
Expected Result: 1. ACL Response: 1. 200 OK Response. 2. body returned must accomplish AccessControlPolicyList data structure. 3. apiInvokerPolicies must: 1. contain only one object. 2. apiInvokerId must match apiInvokerId registered previously.
- ACL Response:
- 404 Not Found Response.
- body returned must accomplish Problem Details data structure.
- apiInvokerPolicies must:
- status 404
- title with message "Not Found"
- detail with message "No ACLs found for the requested service: {NOT_VALID_SERVICE_API_ID}, aef_id: {AEF_ID_NOT_VALID}, invoker: None and supportedFeatures: None".
- cause with message "Wrong id".