[uss_qualifier] fragments+validation code for operational intent references (CRUD & synchronization) #535
Conversation
Shastick
changed the title
Shastick
force-pushed
the
dss0210-oir-fragments
branch
from
07a7412
to
3269901
Compare
Shastick
force-pushed
the
dss0210-oir-fragments
branch
3 times, most recently
from
5da4b5f
to
c19debb
Compare
| ## 🛑 Create operational intent reference response is correct check | ||
|
|
||
| A successful operational intent reference creation query is expected to return a well-defined body, the content of which reflects the created operational intent reference. | ||
| If the format and content of the response are not conforming, the DSS is failing to implement **[astm.f3548.v21.DSS0005,1](../../../../../../../requirements/astm/f3548/v21.md)**. |
There was a problem hiding this comment.
Is this check checking format? It seems like format is checked in the check after this one
There was a problem hiding this comment.
This check covers both format and content (meaning, that the OIR's fields correspond to what was requested).
The check below will cover only the format, as specified by the OpenAPI spec.
This is due to the way the OIRValidator is implemented: its constructor takes a main_check (in this case the one from line 10), and the one from line 15 (Create operational intent reference response format conforms to spec) is one of the checks run by the validator.
#530 shows how these are used, notably here
The structure of this file is inherited from the structure I picked for the subscription fragments(*): some scenarios may elect to only check the format, and not the content, of responses (thus not requiring the whole validation fragment). This is why the check for conformance with the OpenAPI spec is here, and not in one of the fragments present in the validate folder.
I could update the wording to make it clear that both checks focus on different things (and would welcome suggestions to that effect)
(*): the subscription fragments suffer from the same redundancy in some checks, I'll do a cleanup pass in an upcoming PR
There was a problem hiding this comment.
If we have two logicals checks A ("make sure the format of the response is correct") and B ("make sure the content of the response is correct"), we should declare those checks as A and B rather than A+B and A even if it makes the code slightly less convenient (though clear encapsulation like that should usually force cleaner code).
The primary purpose of test documentation is to serve as the interface between InterUSS developers writing the tests and users consuming the tests (especially regulators understanding the tests to verify coverage and USSs understanding how a failure came about), so the documentation should be able to stand alone regardless of exactly how the implementation works (or whether one exists yet). Regardless of implementation, it doesn't seem to make sense to check the format of the response in the check following this one after the format of the response was already checked in this check.
some scenarios may elect to only check the format, and not the content, of responses (thus not requiring the whole validation fragment)
That's probably something we want to address when possible -- if a test step will never perform a check, that check should not be documented for that test step. Linking to a fragment includes the fragment's contents in the test step. Note that fragments are kind of like documentary subroutines and while it often makes sense to have them map to programmatic subroutines, there is no need for a 1:1 correspondence there. Instead, the primary goal of documentation is to be maximally readable and intelligible.
I could update the wording to make it clear that both checks focus on different things (and would welcome suggestions to that effect)
The check following this one seems pretty clear -- the format is checked according to the OpenAPI spec. It seems like this check could apply only to the content (does the content match what we put in), and in that case, I would expect it to be checked following the format check (can't check the content of an improperly-formatted response). The actual implementation could still go about the checks in different phases; e.g.,:
- Decode response to ImplicitDict object; upon decoding failure, indicate format check failure and skip following two checks
- Check content is as was provided
- Perform rigorous format validation against OpenAPI (failure attributed to same check as phase 1)
The documentation for a content-only check would presumably be something like
The operational intent reference created is expected to have content which reflects the creation request. If the content of the response does not match the request, the DSS is failing to implement astm.f3548.v21.DSS0005,1
There was a problem hiding this comment.
The check following this one seems pretty clear -- the format is checked according to the OpenAPI spec. It seems like this check could apply only to the content (does the content match what we put in), and in that case, I would expect it to be checked following the format check (can't check the content of an improperly-formatted response)
That makes sense. I'll reword things so that the check of line 10 (and any equivalents in other fragments) becomes about the content only.
some scenarios may elect to only check the format, and not the content, of responses (thus not requiring the whole validation fragment)
That's probably something we want to address when possible [...]
I believe that is currently limited, but I'll make sure to avoid that in the scenarios I currently work on: the solution is probably to either accept some duplication of checks in Markdown files, or have a few more very small fragments.
There was a problem hiding this comment.
It seems like this check could apply only to the content (does the content match what we put in), and in that case, I would expect it to be checked following the format check (can't check the content of an improperly-formatted response).
The documentation is still indicating that content is going to be checked before format, but it seems like we can't check whether the values (content) are as expected before we determine that we actually have values that we can check (format is correct). I tried to find where the "Create operational intent reference response content is correct" check is performed in code (to see if it's before or after the "Create operational intent reference response format conforms to spec" check) and I don't see it in this PR -- will it be added in a separate PR?
There was a problem hiding this comment.
My bad, I did not switch the order of the checks (that's now corrected)
Code using the fragments is in #530 (I probably chose the wrong way to slice these PRs :/)
|
|
||
| If it does not, the DSS is failing to implement **[astm.f3548.v21.DSS0005,1](../../../../../../../requirements/astm/f3548/v21.md)**. | ||
|
|
||
| ## 🛑 Response to operational intent reference creation contains correct body check |
There was a problem hiding this comment.
It seems like the previous check checks the body of the response; in what way is this check different than the previous one?
There was a problem hiding this comment.
The check from line 21 is redundant (and equivalent in its intention) to the check on line 10: I'll remove it. See my other answer for more context.
| ## 🛑 Delete operational intent reference response is correct check | ||
|
|
||
| A successful operational intent reference deletion query is expected to return a well-defined body, the content of which reflects the operational intent reference at the moment of deletion. | ||
| If the format and content of the response are not conforming, the DSS is failing to implement **[astm.f3548.v21.DSS0005,1](../../../../../../../requirements/astm/f3548/v21.md)**. |
There was a problem hiding this comment.
Is the format checked in this check? It seems like that check is performed in the following check
There was a problem hiding this comment.
Same situation as for the comment on create.md
monitoring/uss_qualifier/scenarios/astm/utm/dss/fragments/oir/crud/update.md
Outdated
Show resolved
Hide resolved
| ## 🛑 Mutate operational intent reference query succeeds check | ||
|
|
||
| A successful operational intent reference mutation query is expected to return a well-defined body, the content of which reflects the updated operational intent reference. | ||
| If the format and content of the response are not conforming, the DSS is failing to implement **[astm.f3548.v21.DSS0005,1](../../../../../../../requirements/astm/f3548/v21.md)**. |
There was a problem hiding this comment.
Is the format checked in this check? It seems like that check is performed in the following check
There was a problem hiding this comment.
Same situation as for the comment on create.md
| # Validate the response schema | ||
| self._validate_put_oir_response_schema(new_oir, t_dss, "create") | ||
|
|
||
| # TODO do we want to add a wrapper type? We should check the schema before parsing? |
There was a problem hiding this comment.
If new_oir doesn't have a valid response format, line 314 will nonetheless return (since the check is only Medium severity), so parsing it as an ImplicitDict below could raise a TypeError
Shastick
force-pushed
the
dss0210-oir-fragments
branch
3 times, most recently
from
ee96b43
to
b9e816b
Compare
|
Wording updated, removed redundant checks and code fix, which have been tested locally on #530 (that PR has been updated as well) |
Shastick
force-pushed
the
dss0210-oir-fragments
branch
2 times, most recently
from
1fc3c30
to
0fc8ce3
Compare
There was a problem hiding this comment.
I don't think this PR needs to be reworked, but in the future, the best way to make small PRs is to add small but fully-exercised pieces of functionality in each PR. In this PR, many functions are created but then not called so the content of this PR is not tested by the CI. A better split, for instance, would have been to complete all the create stuff (and perhaps some or all the delete stuff) and move all of the read and update stuff to a later PR. Or, if a PR with all create and delete would be too big, a PR with just create and delete documentation would be great, followed by the implementation of either all that stuff, or just the basic stuff with the remainder of the create and delete in a follow-up PR.
Small PRs have a number of advantages -- in this case specifically, for instance, there is the question of order of checks regarding format and content of responses, and what the severity of the format check should be (since some format errors preclude content checks). Since this is effectively a breadth-first PR rather than a depth-first PR, we end up needing to check that discussion in 4 different places instead of 1 or 2, and changes need to be made in 4 different places rather than 1 or 2.
| # Validate the response schema | ||
| self.validate_searched_oir_format(search_response, t_dss) | ||
|
|
||
| resp_parsed = search_response.parse_json_result( |
There was a problem hiding this comment.
Since the format check is medium severity and therefore does not stop test execution, we don't know if this will succeed (it may throw a QueryError). If the caller of validate_searched_oir needs to handle certain expected exceptions, they need to be documented in the method docstring. But, it seems like we should just make the format check stop execution if it fails. Alternately, we could catch QueryError here and return early if we can't parse into something that can have its content checked.
There was a problem hiding this comment.
I think it makes most sense to move the severity of this to high, the current severity is a leftover from when the check was done last (and where, if the scenario had reached it without failing, it medium severity might have made more sense)
I'll adapt this for all crud fragments.
|
|
||
| If the existing operational intent reference is not returned in a search that covers the area it was created for, the DSS is not properly implementing **[astm.f3548.v21.DSS0005,2](../../../../../../../requirements/astm/f3548/v21.md)**. | ||
|
|
||
| ## ⚠️ Search operational intent reference response format conforms to spec check |
There was a problem hiding this comment.
It looks like this check is performed before the previous check. To have the documentation better match the procedure, this check should be declared before the previous check. That also improves readability since we can't really check content (whether the op intent is in the search results) if we don't have valid content to check (the response doesn't contain valid search results).
This comment may also apply to the other CRUD operations.
|
|
||
| This test step fragment validates that operational intent references are properly synchronized across a set of DSS instances. | ||
|
|
||
| ## 🛑 Operational intent reference can be found at every DSS check |
There was a problem hiding this comment.
Certainly failing this check is high severity since none of the following checks can be performed if this check fails. However, why are any of the checks following this one high severity? It seems like the test can easily proceed if any of the other checks in this fragment fail
Shastick
force-pushed
the
dss0210-oir-fragments
branch
from
0fc8ce3
to
079a5aa
Compare
PR fixes: reword checks in fragment, adapt validator, add cleanup_op_intent
Shastick
force-pushed
the
dss0210-oir-fragments
branch
from
079a5aa
to
c87e3d7
Compare
This adds test step fragments related to Op Intent References in the context of DSS0210,2 (OIR synchronization)
These will be used for the actual scenario implementation being added in #530