--- /dev/null
+*** Settings ***
+Documentation Test suite tests access controll procedures related to accessControlPolicy resource described
+... in OneM2M specifications:
+... TS-0001: 9.6.2 Resource Type accessControlPolicy
+... TS-0004: 7.3.3.15 Check authorization of the originator
+... TS-0003: 7.1 Access Control Mechanism
+Suite Setup Create Session session http://${ODL_SYSTEM_1_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS_XML}
+Suite Teardown Delete All Sessions
+Library RequestsLibrary
+Library ../../../libraries/Common.py
+Resource ../../../libraries/Utils.robot
+Resource ../../../variables/Variables.robot
+
+*** Variables ***
+
+*** Test Cases ***
+1.01.01 ACP cseBase: Permit: privileges: AE, CRUD
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
+ ... CRUD operations. Test CRUD requests which are permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.02 ACP cseBase: Deny: privileges: AE, CRUD
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
+ ... CRUD operations. Test CRUD requests which are denied by ACP due to different request originator
+ ... AE-ID or CSE as originator.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.03 ACP cseBase: Deny: privileges: AE, other than REQ operations
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
+ ... all operations expect to the operation used in the request.
+ ... Test CRUD requests which are denied by ACP due to non-permitted operation.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.04 ACP cseBase: Permit: privileges: AE, N
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to N operation. Test the notification request which is permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.05 ACP cseBase: Deny: privileges: AE, N
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to N operation. Test notify reques which is denied by ACP due to different request originator
+ ... AE-ID or CSE as originator.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.06 ACP cseBase: Deny: privileges: AE, CRUD + Discovery
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUD + Discovery operations. Test CRUD + Discovery requests which are denied by ACP because
+ ... the notify operation is not permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.07 ACP cseBase: Permit: privileges: AE, Discovery
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to Discovery operation. Test the discovery request which is permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.08 ACP cseBase: Deny: privileges: AE, Discovery
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to Discovery operation. Test discovery request which is denied by ACP due to different request
+ ... originator AE-ID or CSE as originator.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.09 ACP cseBase: Deny: privileges: AE, CRUDN
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN operations. Test discovery request which is denied by ACP because the discovery operation
+ ... is not permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.10 ACP cseBase: Permit: privileges: AE, CRUDN + Discovery, multiple accessControlRules
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with three
+ ... accessControlRules and only one of them permits tested requests. Used ACPs have set AE-ID in
+ ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.11 ACP cseBase: Permit: selfPrivileges: AE, CRUDN + Discovery, multiple accessControlRules
+ [Documentation] Test ACPs of cseBase and test their selfPrivileges with three
+ ... accessControlRules and only one of them permits tested requests. Used ACPs have set AE-ID in
+ ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.12 ACP cseBase: Deny: selfPrivileges: AE, CRUDN + Discovery, multiple accessControlRules
+ [Documentation] Test ACPs of cseBase and test their selfPrivileges with three
+ ... accessControlRules and all of them deny tested requests. Used ACPs have set AE-ID in
+ ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.13 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlWindow
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlWindow and tested requests
+ ... meet all cryteria and are permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.14 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlWindow
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlWindow and tested requests
+ ... do not meet this cryteria and are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.15 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv4Addresses
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv4Addresses
+ ... and tested requests meet all cryteria and are permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.16 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv4Addresses
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv4Addresses
+ ... and tested requests do not meet this cryteria and are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.17 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv6Addresses
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv6Addresses
+ ... and tested requests meet all cryteria and are permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.18 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv6Addresses
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv6Addresses
+ ... and tested requests do not meet this cryteria and are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.19 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlLocationRegions
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlLocationRegions
+ ... and tested requests meet all cryteria and are permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.20 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlLocationRegions
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlLocationRegions
+ ... and tested requests do not meet this cryteria and are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.21 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlObjectDetails
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlObjectDetails
+ ... and tested requests meet all cryteria and are permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.22 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlObjectDetails
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlObjectDetails
+ ... and tested requests do not meet this cryteria and are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.23 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlAuthenticationFlag
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlAuthenticationFlag
+ ... and tested requests meet all cryteria and are permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.01.24 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlAuthenticationFlag
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
+ ... to CRUDN + Discovery operations. Used ACPs have set also accessControlAuthenticationFlag
+ ... and tested requests do not meet this cryteria and are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.01 ACP cseBase: Permit: existing Group including originator, CRUD
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group with the request originator
+ ... included and accessControlOperations set
+ ... to CRUD operations. Test CRUD requests which are permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.02 ACP cseBase: Deny: not existing Group including originator, CRUD
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to not existing Group with the
+ ... request originator included and accessControlOperations set to CRUD operations.
+ ... Test CRUD requests which are denied by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.03 ACP cseBase: Deny: existing Group not including originator, CRUD
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group without the request
+ ... originator included and accessControlOperations set to CRUD operations. Test CRUD requests which
+ ... are denied by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.04 ACP cseBase: Deny: existing Group including originator, other than request operations
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group with the request originator
+ ... included and accessControlOperations set
+ ... to CRUD operations other than operation used in request so the requests are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.05 ACP cseBase: Permit: existing Group including originator, N
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group with the request originator
+ ... included and accessControlOperations set to notify operation. Test notify requests which are
+ ... permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.06 ACP cseBase: Deny: not existing Group including originator, N
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to not existing Group with the
+ ... request originator included and accessControlOperations set to notify operation.
+ ... Test notify requests which are denied by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.07 ACP cseBase: Deny: existing Group not including originator, N
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group without the request
+ ... originator included and accessControlOperations set to notify operation. Test notify requests which
+ ... are denied by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.08 ACP cseBase: Deny: existing Group including originator, CRUD + Discovery
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group with the request originator
+ ... included and accessControlOperations set
+ ... to CRUD + Discovery operations so the tested notification requests are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.09 ACP cseBase: Permit: existing Group including originator, Discovery
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group with the request originator
+ ... included and accessControlOperations set to discovery operation. Test discovery requests which are
+ ... permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.10 ACP cseBase: Deny: not existing Group including originator, Discovery
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to not existing Group with the
+ ... request originator included and accessControlOperations set to discovery operation.
+ ... Test discovery requests which are denied by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.11 ACP cseBase: Deny: existing Group not including originator, Discovery
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group without the request
+ ... originator included and accessControlOperations set to discovery operation. Test discovery requests which
+ ... are denied by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.02.12 ACP cseBase: Deny: existing Group including originator, CRUDN
+ [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to existing Group with the request originator
+ ... included and accessControlOperations set
+ ... to CRUDN operations so the tested discovery requests are denied.
+ [Tags] not-implemented exclude
+ TODO
+
+1.03.01 ACP cseBase: Permit: All, CRUD
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to All and accessControlOperations set to
+ ... CRUD operations. Test CRUD requests which are permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.03.02 ACP cseBase: Deny: All, other than REQ operations
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to All and accessControlOperations set to
+ ... all operations expect to the operation used in the request.
+ ... Test CRUD requests which are denied by ACP due to non-permitted operation.
+ [Tags] not-implemented exclude
+ TODO
+
+1.03.03 ACP cseBase: Permit: All, N
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
+ ... to N operation. Test the notification request which is permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.03.04 ACP cseBase: Deny: All, CRUD + Discovery
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
+ ... to CRUD + Discovery operations. Test CRUD + Discovery requests which are denied by ACP because
+ ... the notify operation is not permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.03.05 ACP cseBase: Permit: All, Discovery
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
+ ... to Discovery operation. Test the discovery request which is permitted by ACP.
+ [Tags] not-implemented exclude
+ TODO
+
+1.03.06 ACP cseBase: Deny: All, CRUDN
+ [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
+ ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
+ ... to CRUDN operations. Test discovery request which is denied by ACP because the discovery operation
+ ... is not permitted.
+ [Tags] not-implemented exclude
+ TODO
+
+1.04 ACP cseBase: accessControlOriginators CSE
+ [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
+ ... specific CSE-ID(s). Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+1.05 ACP cseBase: accessControlOriginators role
+ [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
+ ... specific role(s). Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+1.06 ACP cseBase: accessControlOriginators domain
+ [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
+ ... specific domain(s). Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+2.00 ACP remoteCSE
+ [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with ACP resource created as child
+ ... resource of remoteCSE resource. Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+3.00 ACP AE
+ [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with ACP resource created as child
+ ... resource of AE resource. Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+4.01 ACP system default
+ [Documentation] Test multiple scenarios with resources with empty accessControlPolicyIDs attribute.
+ ... System default policy should be used.
+ ... Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+5.01 ACP cseBase: resources without accessControlPolicyIDs
+ [Documentation] Test ACP procedures with resources without accessControlPolicyIDs attribute,
+ ... e.g.: Oldest, Latest, etc.
+ ... ACP IDs defined for parent resource should be used in such cases. Test also cases when also
+ ... parent resource doesn't have specified ACP IDs, system default ACP should be used.
+ ... Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+6.01 ACP cseBase: announced resources
+ [Documentation] Test ACP procedures with announced resources.
+ ... Split into multiple TCs if needed.
+ [Tags] not-implemented exclude
+ TODO
+
+*** Keywords ***
+TODO
+ Fail "Not implemented"