2 Documentation Test suite tests access controll procedures related to accessControlPolicy resource described
3 ... in OneM2M specifications:
4 ... TS-0001: 9.6.2 Resource Type accessControlPolicy
5 ... TS-0004: 7.3.3.15 Check authorization of the originator
6 ... TS-0003: 7.1 Access Control Mechanism
7 Suite Setup Create Session session http://${ODL_SYSTEM_1_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS_XML}
8 Suite Teardown Delete All Sessions
9 Library RequestsLibrary
10 Library ../../../libraries/Common.py
11 Resource ../../../libraries/Utils.robot
12 Resource ../../../variables/Variables.robot
17 1.01.01 ACP cseBase: Permit: privileges: AE, CRUD
18 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
19 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
20 ... CRUD operations. Test CRUD requests which are permitted by ACP.
21 [Tags] not-implemented exclude
24 1.01.02 ACP cseBase: Deny: privileges: AE, CRUD
25 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
26 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
27 ... CRUD operations. Test CRUD requests which are denied by ACP due to different request originator
28 ... AE-ID or CSE as originator.
29 [Tags] not-implemented exclude
32 1.01.03 ACP cseBase: Deny: privileges: AE, other than REQ operations
33 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
34 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
35 ... all operations expect to the operation used in the request.
36 ... Test CRUD requests which are denied by ACP due to non-permitted operation.
37 [Tags] not-implemented exclude
40 1.01.04 ACP cseBase: Permit: privileges: AE, N
41 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
42 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
43 ... to N operation. Test the notification request which is permitted by ACP.
44 [Tags] not-implemented exclude
47 1.01.05 ACP cseBase: Deny: privileges: AE, N
48 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
49 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
50 ... to N operation. Test notify reques which is denied by ACP due to different request originator
51 ... AE-ID or CSE as originator.
52 [Tags] not-implemented exclude
55 1.01.06 ACP cseBase: Deny: privileges: AE, CRUD + Discovery
56 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
57 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
58 ... to CRUD + Discovery operations. Test CRUD + Discovery requests which are denied by ACP because
59 ... the notify operation is not permitted.
60 [Tags] not-implemented exclude
63 1.01.07 ACP cseBase: Permit: privileges: AE, Discovery
64 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
65 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
66 ... to Discovery operation. Test the discovery request which is permitted by ACP.
67 [Tags] not-implemented exclude
70 1.01.08 ACP cseBase: Deny: privileges: AE, Discovery
71 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
72 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
73 ... to Discovery operation. Test discovery request which is denied by ACP due to different request
74 ... originator AE-ID or CSE as originator.
75 [Tags] not-implemented exclude
78 1.01.09 ACP cseBase: Deny: privileges: AE, CRUDN
79 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
80 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
81 ... to CRUDN operations. Test discovery request which is denied by ACP because the discovery operation
83 [Tags] not-implemented exclude
86 1.01.10 ACP cseBase: Permit: privileges: AE, CRUDN + Discovery, multiple accessControlRules
87 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with three
88 ... accessControlRules and only one of them permits tested requests. Used ACPs have set AE-ID in
89 ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
90 [Tags] not-implemented exclude
93 1.01.11 ACP cseBase: Permit: selfPrivileges: AE, CRUDN + Discovery, multiple accessControlRules
94 [Documentation] Test ACPs of cseBase and test their selfPrivileges with three
95 ... accessControlRules and only one of them permits tested requests. Used ACPs have set AE-ID in
96 ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
97 [Tags] not-implemented exclude
100 1.01.12 ACP cseBase: Deny: selfPrivileges: AE, CRUDN + Discovery, multiple accessControlRules
101 [Documentation] Test ACPs of cseBase and test their selfPrivileges with three
102 ... accessControlRules and all of them deny tested requests. Used ACPs have set AE-ID in
103 ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
104 [Tags] not-implemented exclude
107 1.01.13 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlWindow
108 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
109 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
110 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlWindow and tested requests
111 ... meet all cryteria and are permitted.
112 [Tags] not-implemented exclude
115 1.01.14 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlWindow
116 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
117 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
118 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlWindow and tested requests
119 ... do not meet this cryteria and are denied.
120 [Tags] not-implemented exclude
123 1.01.15 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv4Addresses
124 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
125 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
126 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv4Addresses
127 ... and tested requests meet all cryteria and are permitted.
128 [Tags] not-implemented exclude
131 1.01.16 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv4Addresses
132 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
133 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
134 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv4Addresses
135 ... and tested requests do not meet this cryteria and are denied.
136 [Tags] not-implemented exclude
139 1.01.17 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv6Addresses
140 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
141 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
142 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv6Addresses
143 ... and tested requests meet all cryteria and are permitted.
144 [Tags] not-implemented exclude
147 1.01.18 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv6Addresses
148 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
149 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
150 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv6Addresses
151 ... and tested requests do not meet this cryteria and are denied.
152 [Tags] not-implemented exclude
155 1.01.19 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlLocationRegions
156 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
157 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
158 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlLocationRegions
159 ... and tested requests meet all cryteria and are permitted.
160 [Tags] not-implemented exclude
163 1.01.20 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlLocationRegions
164 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
165 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
166 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlLocationRegions
167 ... and tested requests do not meet this cryteria and are denied.
168 [Tags] not-implemented exclude
171 1.01.21 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlObjectDetails
172 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
173 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
174 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlObjectDetails
175 ... and tested requests meet all cryteria and are permitted.
176 [Tags] not-implemented exclude
179 1.01.22 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlObjectDetails
180 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
181 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
182 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlObjectDetails
183 ... and tested requests do not meet this cryteria and are denied.
184 [Tags] not-implemented exclude
187 1.01.23 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlAuthenticationFlag
188 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
189 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
190 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlAuthenticationFlag
191 ... and tested requests meet all cryteria and are permitted.
192 [Tags] not-implemented exclude
195 1.01.24 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlAuthenticationFlag
196 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
197 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
198 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlAuthenticationFlag
199 ... and tested requests do not meet this cryteria and are denied.
200 [Tags] not-implemented exclude
203 1.02.01 ACP cseBase: Permit: existing Group including originator, CRUD
204 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
205 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
206 ... included and accessControlOperations set
207 ... to CRUD operations. Test CRUD requests which are permitted by ACP.
208 [Tags] not-implemented exclude
211 1.02.02 ACP cseBase: Deny: not existing Group including originator, CRUD
212 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
213 ... accessControlRule with accessControlOriginators set to not existing Group with the
214 ... request originator included and accessControlOperations set to CRUD operations.
215 ... Test CRUD requests which are denied by ACP.
216 [Tags] not-implemented exclude
219 1.02.03 ACP cseBase: Deny: existing Group not including originator, CRUD
220 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
221 ... accessControlRule with accessControlOriginators set to existing Group without the request
222 ... originator included and accessControlOperations set to CRUD operations. Test CRUD requests which
223 ... are denied by ACP.
224 [Tags] not-implemented exclude
227 1.02.04 ACP cseBase: Deny: existing Group including originator, other than request operations
228 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
229 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
230 ... included and accessControlOperations set
231 ... to CRUD operations other than operation used in request so the requests are denied.
232 [Tags] not-implemented exclude
235 1.02.05 ACP cseBase: Permit: existing Group including originator, N
236 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
237 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
238 ... included and accessControlOperations set to notify operation. Test notify requests which are
239 ... permitted by ACP.
240 [Tags] not-implemented exclude
243 1.02.06 ACP cseBase: Deny: not existing Group including originator, N
244 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
245 ... accessControlRule with accessControlOriginators set to not existing Group with the
246 ... request originator included and accessControlOperations set to notify operation.
247 ... Test notify requests which are denied by ACP.
248 [Tags] not-implemented exclude
251 1.02.07 ACP cseBase: Deny: existing Group not including originator, N
252 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
253 ... accessControlRule with accessControlOriginators set to existing Group without the request
254 ... originator included and accessControlOperations set to notify operation. Test notify requests which
255 ... are denied by ACP.
256 [Tags] not-implemented exclude
259 1.02.08 ACP cseBase: Deny: existing Group including originator, CRUD + Discovery
260 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
261 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
262 ... included and accessControlOperations set
263 ... to CRUD + Discovery operations so the tested notification requests are denied.
264 [Tags] not-implemented exclude
267 1.02.09 ACP cseBase: Permit: existing Group including originator, Discovery
268 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
269 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
270 ... included and accessControlOperations set to discovery operation. Test discovery requests which are
271 ... permitted by ACP.
272 [Tags] not-implemented exclude
275 1.02.10 ACP cseBase: Deny: not existing Group including originator, Discovery
276 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
277 ... accessControlRule with accessControlOriginators set to not existing Group with the
278 ... request originator included and accessControlOperations set to discovery operation.
279 ... Test discovery requests which are denied by ACP.
280 [Tags] not-implemented exclude
283 1.02.11 ACP cseBase: Deny: existing Group not including originator, Discovery
284 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
285 ... accessControlRule with accessControlOriginators set to existing Group without the request
286 ... originator included and accessControlOperations set to discovery operation. Test discovery requests which
287 ... are denied by ACP.
288 [Tags] not-implemented exclude
291 1.02.12 ACP cseBase: Deny: existing Group including originator, CRUDN
292 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
293 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
294 ... included and accessControlOperations set
295 ... to CRUDN operations so the tested discovery requests are denied.
296 [Tags] not-implemented exclude
299 1.03.01 ACP cseBase: Permit: All, CRUD
300 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
301 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set to
302 ... CRUD operations. Test CRUD requests which are permitted by ACP.
303 [Tags] not-implemented exclude
306 1.03.02 ACP cseBase: Deny: All, other than REQ operations
307 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
308 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set to
309 ... all operations expect to the operation used in the request.
310 ... Test CRUD requests which are denied by ACP due to non-permitted operation.
311 [Tags] not-implemented exclude
314 1.03.03 ACP cseBase: Permit: All, N
315 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
316 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
317 ... to N operation. Test the notification request which is permitted by ACP.
318 [Tags] not-implemented exclude
321 1.03.04 ACP cseBase: Deny: All, CRUD + Discovery
322 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
323 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
324 ... to CRUD + Discovery operations. Test CRUD + Discovery requests which are denied by ACP because
325 ... the notify operation is not permitted.
326 [Tags] not-implemented exclude
329 1.03.05 ACP cseBase: Permit: All, Discovery
330 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
331 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
332 ... to Discovery operation. Test the discovery request which is permitted by ACP.
333 [Tags] not-implemented exclude
336 1.03.06 ACP cseBase: Deny: All, CRUDN
337 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
338 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
339 ... to CRUDN operations. Test discovery request which is denied by ACP because the discovery operation
340 ... is not permitted.
341 [Tags] not-implemented exclude
344 1.04 ACP cseBase: accessControlOriginators CSE
345 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
346 ... specific CSE-ID(s). Split into multiple TCs if needed.
347 [Tags] not-implemented exclude
350 1.05 ACP cseBase: accessControlOriginators role
351 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
352 ... specific role(s). Split into multiple TCs if needed.
353 [Tags] not-implemented exclude
356 1.06 ACP cseBase: accessControlOriginators domain
357 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
358 ... specific domain(s). Split into multiple TCs if needed.
359 [Tags] not-implemented exclude
363 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with ACP resource created as child
364 ... resource of remoteCSE resource. Split into multiple TCs if needed.
365 [Tags] not-implemented exclude
369 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with ACP resource created as child
370 ... resource of AE resource. Split into multiple TCs if needed.
371 [Tags] not-implemented exclude
374 4.01 ACP system default
375 [Documentation] Test multiple scenarios with resources with empty accessControlPolicyIDs attribute.
376 ... System default policy should be used.
377 ... Split into multiple TCs if needed.
378 [Tags] not-implemented exclude
381 5.01 ACP cseBase: resources without accessControlPolicyIDs
382 [Documentation] Test ACP procedures with resources without accessControlPolicyIDs attribute,
383 ... e.g.: Oldest, Latest, etc.
384 ... ACP IDs defined for parent resource should be used in such cases. Test also cases when also
385 ... parent resource doesn't have specified ACP IDs, system default ACP should be used.
386 ... Split into multiple TCs if needed.
387 [Tags] not-implemented exclude
390 6.01 ACP cseBase: announced resources
391 [Documentation] Test ACP procedures with announced resources.
392 ... Split into multiple TCs if needed.
393 [Tags] not-implemented exclude
398 Fail "Not implemented"