Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[uss_qualifier] improve documentation for op intent reference ACL validation #402

Merged
merged 1 commit into from
Dec 15, 2023
Merged

[uss_qualifier] improve documentation for op intent reference ACL validation #402

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions monitoring/uss_qualifier/requirements/astm/f3548/v21.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,11 @@ For information on these requirements, refer to [the ASTM standard F3548-21](htt
## Discovery and Synchronization Service

* <tt>DSS0005</tt>
* <tt>DSS0005,1</tt>
* <tt>DSS0005,2</tt>
* <tt>DSS0005,3</tt>
* <tt>DSS0005,4</tt>
* <tt>DSS0005,5</tt>
* <tt>DSS0010</tt>
* <tt>DSS0015</tt>
* <tt>DSS0020</tt>
Expand Down
2 changes: 1 addition & 1 deletion monitoring/uss_qualifier/scenarios/astm/utm/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,4 @@
from .off_nominal_planning.down_uss_equal_priority_not_permitted import (
DownUSSEqualPriorityNotPermitted,
)
from .op_intent_access_control import OpIntentAccessControl
from .op_intent_ref_access_control import OpIntentReferenceAccessControl
2 changes: 1 addition & 1 deletion monitoring/uss_qualifier/scenarios/astm/utm/off_nominal_planning/down_uss.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ The USS qualifier, acting as a virtual USS, creates an operational intent at the
The objective is to make the later request by the tested USS to retrieve operational intent details to fail.

#### Operational intent successfully created check
If the creation of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005](../../../../requirements/astm/f3548/v21.md)**.
If the creation of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005,1](../../../../requirements/astm/f3548/v21.md)**.

### [Declare virtual USS as down at DSS test step](../set_uss_down.md)

Expand Down
8 changes: 4 additions & 4 deletions ...cenarios/astm/utm/off_nominal_planning/down_uss_equal_priority_not_permitted.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,14 +58,14 @@ The USS qualifier, acting as a virtual USS, creates an operational intent at the
The objective is to make the later request by the tested USS to retrieve operational intent details to fail.

#### Operational intent successfully created check
If the creation of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005](../../../../requirements/astm/f3548/v21.md)**.
If the creation of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005,1](../../../../requirements/astm/f3548/v21.md)**.

### Virtual USS activates conflicting operational intent test step
The USS qualifier, acting as a virtual USS, activates the operational intent previously created at the DSS with a non-working base URL.
The objective is to make the later request by the tested USS to retrieve operational intent details to fail.

#### Operational intent successfully activated check
If the activation of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005](../../../../requirements/astm/f3548/v21.md)**.
If the activation of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005,1](../../../../requirements/astm/f3548/v21.md)**.

### [Declare virtual USS as down at DSS test step](../set_uss_down.md)

Expand Down Expand Up @@ -102,7 +102,7 @@ The USS qualifier, acting as a virtual USS, transitions to Nonconforming the ope
The objective is to make the later request by the tested USS to retrieve operational intent details to fail.

#### Operational intent successfully transitioned to Nonconforming check
If the transition of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005](../../../../requirements/astm/f3548/v21.md)**.
If the transition of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005,1](../../../../requirements/astm/f3548/v21.md)**.

### [Declare virtual USS as down at DSS test step](../set_uss_down.md)

Expand Down Expand Up @@ -139,7 +139,7 @@ The USS qualifier, acting as a virtual USS, transitions to Contingent the operat
The objective is to make the later request by the tested USS to retrieve operational intent details to fail.

#### Operational intent successfully transitioned to Contingent check
If the transition of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005](../../../../requirements/astm/f3548/v21.md)**.
If the transition of the operational intent reference at the DSS fails, this check fails per **[astm.f3548.v21.DSS0005,1](../../../../requirements/astm/f3548/v21.md)**.

### [Declare virtual USS as down at DSS test step](../set_uss_down.md)

Expand Down
56 changes: 28 additions & 28 deletions ...rios/astm/utm/op_intent_access_control.md → .../astm/utm/op_intent_ref_access_control.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
# ASTM F3548-21 UTM DSS Operational Intent Access Control test scenario
# ASTM F3548-21 UTM DSS Operational Intent Reference Access Control test scenario

## Overview

This scenario ensures that a DSS will only let the owner of an operational intent modify it.
This scenario ensures that a DSS will only let the owner of an operational intent reference modify it.

## Resources

Expand All @@ -11,7 +11,7 @@ This scenario ensures that a DSS will only let the owner of an operational inten
A `resources.flight_planning.FlightIntentsResource` containing the flight intents to be used in this scenario:

This scenario expects to find at least two separate flight intents in this resource, as it will use their extent
to create two operational intents.
to create two operational intents references.

### dss

Expand Down Expand Up @@ -48,79 +48,79 @@ this will be verified at runtime, and this scenario will fail if the second set

### id_generator

A `resources.interuss.IDGeneratorResource` that will be used to generate the IDs of the operational intents created in this scenario.
A `resources.interuss.IDGeneratorResource` that will be used to generate the IDs of the operational intent references created in this scenario.

## Setup test case

Makes sure that the DSS is in a clean and expected state before running the test, and that the passed resources work as required.

The setup will create two separate operational intents: one for each set of the available credentials.
The setup will create two separate operational intent references: one for each set of the available credentials.

### Ensure clean workspace test step

#### 🛑 Operational intents can be queried directly by their ID check
#### 🛑 Operational intent references can be queried directly by their ID check

If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of
**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
If an existing operational intent reference cannot directly be queried by its ID, the DSS implementation is in violation of
**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Operational intents can be searched using valid credentials check
#### 🛑 Operational intent references can be searched using valid credentials check

A client with valid credentials should be allowed to search for operational intents in a given area.
Otherwise, the DSS is not in compliance with **[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
Otherwise, the DSS is not in compliance with **[astm.f3548.v21.DSS0005,2](../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Operational intents can be deleted by their owner check
#### 🛑 Operational intent references can be deleted by their owner check

If an existing operational intent cannot be deleted when providing the proper ID and OVN, the DSS implementation is in violation of
**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**.

### Create operational intents with different credentials test step
### Create operational intent references with different credentials test step

This test step ensures that an operation intent created with the main credentials is available for the main test case.
This test step ensures that an operation intent reference created with the main credentials is available for the main test case.

To verify that the second credentials are valid, it will also create an operational intent with those credentials.
To verify that the second credentials are valid, it will also create an operational intent reference with those credentials.

#### 🛑 Can create an operational intent with valid credentials check

If the DSS does not allow the creation of operation intents when the required parameters and credentials are provided,
it is in violation of **[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
it is in violation of **[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Passed sets of credentials are different check

This scenario requires two sets of credentials that have a different 'sub' claim in order to validate that the
DSS properly controls access to operational intents.

## Attempt unauthorized flight intent modification test case
## Attempt unauthorized operational intent reference modification test case

This test case ensures that the DSS does not allow a caller to modify or delete operational intent that they did not create.
This test case ensures that the DSS does not allow a caller to modify or delete operational intent references that they did not create.

### Attempt unauthorized flight intent modification test step
### Attempt unauthorized operational intent reference modification test step

This test step will attempt to modify the operational intent that was created using the configured `dss` resource,
This test step will attempt to modify the operational intent references that was created using the configured `dss` resource,
using the credentials provided in the `second_utm_auth` resource, and expect all such attempts to fail.

#### 🛑 Operational intents can be queried directly by their ID check
#### 🛑 Operational intent references can be queried directly by their ID check

If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of
**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Non-owning credentials cannot modify operational intent check

If an operational intent can be modified by a client which did not create it, the DSS implementation is
If an operational intent reference can be modified by a client which did not create it, the DSS implementation is
in violation of **[astm.f3548.v21.OPIN0035](../../../requirements/astm/f3548/v21.md)**.

#### 🛑 Non-owning credentials cannot delete operational intent check

If an operational intent can be deleted by a client which did not create it, the DSS implementation is
If an operational intent reference can be deleted by a client which did not create it, the DSS implementation is
in violation of **[astm.f3548.v21.OPIN0035](../../../requirements/astm/f3548/v21.md)**.

## Cleanup

### 🛑 Operational intents can be queried directly by their ID check
### 🛑 Operational intent references can be queried directly by their ID check

If an existing operational intent cannot directly be queried by its ID, the DSS implementation is in violation of
**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**.

### 🛑 Operational intents can be deleted by their owner check
### 🛑 Operational intent references can be deleted by their owner check

If an existing operational intent cannot be deleted when providing the proper ID and OVN, the DSS implementation is in violation of
**[astm.f3548.v21.DSS0005](../../../requirements/astm/f3548/v21.md)**.
**[astm.f3548.v21.DSS0005,1](../../../requirements/astm/f3548/v21.md)**.
48 changes: 31 additions & 17 deletions ...rios/astm/utm/op_intent_access_control.py → .../astm/utm/op_intent_ref_access_control.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,13 @@
from monitoring.uss_qualifier.suites.suite import ExecutionContext


class OpIntentAccessControl(TestScenario):
class OpIntentReferenceAccessControl(TestScenario):
"""
Tests that the DSS only allows a client to edit their own flight intents, but not those of another USS.
"""

OP_INTENT_1 = register_resource_type(375, "Operational Intent")
OP_INTENT_2 = register_resource_type(376, "Operational Intent")
OP_INTENT_1 = register_resource_type(375, "Operational Intent Reference")
OP_INTENT_2 = register_resource_type(376, "Operational Intent Reference")

# The DSS under test
_dss: DSSInstance
Expand Down Expand Up @@ -105,15 +105,21 @@ def run(self, context: ExecutionContext):
self._ensure_clean_workspace()
self.end_test_step()

self.begin_test_step("Create operational intents with different credentials")
self.begin_test_step(
"Create operational intent references with different credentials"
)
self._create_op_intents()
self._ensure_credentials_are_different()
self.end_test_step()

self.end_test_case()

self.begin_test_case("Attempt unauthorized flight intent modification")
self.begin_test_step("Attempt unauthorized flight intent modification")
self.begin_test_case(
"Attempt unauthorized operational intent reference modification"
)
self.begin_test_step(
"Attempt unauthorized operational intent reference modification"
)

self._check_mutation_on_non_owned_intent_fails()

Expand All @@ -126,7 +132,8 @@ def _clean_known_op_intents_ids(self):
(oi_ref, q) = self._dss.get_op_intent_reference(self._oid_1)
self.record_query(q)
with self.check(
"Operational intents can be queried directly by their ID", self._pid
"Operational intent references can be queried directly by their ID",
self._pid,
) as check:
# If the Op Intent does not exist, it's fine to run into a 404.
if q.response.status_code not in [200, 404]:
Expand All @@ -140,7 +147,8 @@ def _clean_known_op_intents_ids(self):
self.record_query(dq)
if dq.response.status_code != 200:
with self.check(
"Operational intents can be deleted by their owner", self._pid
"Operational intent references can be deleted by their owner",
self._pid,
) as check:
check.record_failed(
f"Could not delete operational intent using main credentials",
Expand All @@ -151,7 +159,8 @@ def _clean_known_op_intents_ids(self):
(oi_ref, q) = self._dss_separate_creds.get_op_intent_reference(self._oid_2)
self.record_query(q)
with self.check(
"Operational intents can be queried directly by their ID", self._pid
"Operational intent references can be queried directly by their ID",
self._pid,
) as check:
if q.response.status_code not in [200, 404]:
check.record_failed(
Expand All @@ -165,7 +174,7 @@ def _clean_known_op_intents_ids(self):
)
self.record_query(dq)
with self.check(
"Operational intents can be deleted by their owner", self._pid
"Operational intent references can be deleted by their owner", self._pid
) as check:
if dq.response.status_code != 200:
check.record_failed(
Expand All @@ -182,11 +191,12 @@ def _ensure_clean_workspace(self):
self.record_query(q)
loguru.logger.info(f"Search query: {q.response}")
with self.check(
"Operational intents can be searched using valid credentials", self._pid
"Operational intent references can be searched using valid credentials",
self._pid,
) as check:
if q.response.status_code != 200:
check.record_failed(
f"Could not search operational intents using main credentials",
f"Could not search operational intent references using main credentials",
details=f"DSS responded with {q.response.status_code} to attempt to search OIs",
query_timestamps=[q.request.timestamp],
)
Expand All @@ -197,7 +207,8 @@ def _ensure_clean_workspace(self):
(_, _, dq) = self._dss.delete_op_intent(op_intent.id, op_intent.ovn)
self.record_query(dq)
with self.check(
"Operational intents can be deleted by their owner", self._pid
"Operational intent references can be deleted by their owner",
self._pid,
) as check:
if dq.response.status_code != 200:
check.record_failed(
Expand All @@ -211,11 +222,12 @@ def _ensure_clean_workspace(self):
)
self.record_query(q)
with self.check(
"Operational intents can be searched using valid credentials", self._pid
"Operational intent references can be searched using valid credentials",
self._pid,
) as check:
if q.response.status_code != 200:
check.record_failed(
f"Could not search operational intents using second credentials",
f"Could not search operational intent references using second credentials",
details=f"DSS responded with {q.response.status_code} to attempt to search OIs",
query_timestamps=[q.request.timestamp],
)
Expand All @@ -231,7 +243,8 @@ def _ensure_clean_workspace(self):
)
self.record_query(dq)
with self.check(
"Operational intents can be deleted by their owner", self._pid
"Operational intent references can be deleted by their owner",
self._pid,
) as check:
if dq.response.status_code != 200:
check.record_failed(
Expand Down Expand Up @@ -362,7 +375,8 @@ def _check_mutation_on_non_owned_intent_fails(self):
self.record_query(qcheck)

with self.check(
"Operational intents can be queried directly by their ID", self._pid
"Operational intent references can be queried directly by their ID",
self._pid,
) as check:
if qcheck.response.status_code != 200:
check.record_failed(
Expand Down
Loading
Loading