2 Documentation Test suite tests access controll procedures related to accessControlPolicy resource described
3 ... in OneM2M specifications:
4 ... TS-0001: 9.6.2 Resource Type accessControlPolicy
5 ... TS-0004: 7.3.3.15 Check authorization of the originator
6 ... TS-0003: 7.1 Access Control Mechanism
8 Library RequestsLibrary
9 Library ../../../libraries/Common.py
10 Resource ../../../libraries/Utils.robot
11 Resource ../../../variables/Variables.robot
13 Suite Setup Create Session session http://${ODL_SYSTEM_1_IP}:${RESTCONFPORT} auth=${AUTH} headers=${HEADERS_XML}
14 Suite Teardown Delete All Sessions
18 1.01.01 ACP cseBase: Permit: privileges: AE, CRUD
19 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
20 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
21 ... CRUD operations. Test CRUD requests which are permitted by ACP.
22 [Tags] not-implemented exclude
25 1.01.02 ACP cseBase: Deny: privileges: AE, CRUD
26 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
27 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
28 ... CRUD operations. Test CRUD requests which are denied by ACP due to different request originator
29 ... AE-ID or CSE as originator.
30 [Tags] not-implemented exclude
33 1.01.03 ACP cseBase: Deny: privileges: AE, other than REQ operations
34 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
35 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set to
36 ... all operations expect to the operation used in the request.
37 ... Test CRUD requests which are denied by ACP due to non-permitted operation.
38 [Tags] not-implemented exclude
41 1.01.04 ACP cseBase: Permit: privileges: AE, N
42 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
43 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
44 ... to N operation. Test the notification request which is permitted by ACP.
45 [Tags] not-implemented exclude
48 1.01.05 ACP cseBase: Deny: privileges: AE, N
49 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
50 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
51 ... to N operation. Test notify reques which is denied by ACP due to different request originator
52 ... AE-ID or CSE as originator.
53 [Tags] not-implemented exclude
56 1.01.06 ACP cseBase: Deny: privileges: AE, CRUD + Discovery
57 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
58 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
59 ... to CRUD + Discovery operations. Test CRUD + Discovery requests which are denied by ACP because
60 ... the notify operation is not permitted.
61 [Tags] not-implemented exclude
64 1.01.07 ACP cseBase: Permit: privileges: AE, Discovery
65 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
66 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
67 ... to Discovery operation. Test the discovery request which is permitted by ACP.
68 [Tags] not-implemented exclude
71 1.01.08 ACP cseBase: Deny: privileges: AE, Discovery
72 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
73 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
74 ... to Discovery operation. Test discovery request which is denied by ACP due to different request
75 ... originator AE-ID or CSE as originator.
76 [Tags] not-implemented exclude
79 1.01.09 ACP cseBase: Deny: privileges: AE, CRUDN
80 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
81 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
82 ... to CRUDN operations. Test discovery request which is denied by ACP because the discovery operation
84 [Tags] not-implemented exclude
87 1.01.10 ACP cseBase: Permit: privileges: AE, CRUDN + Discovery, multiple accessControlRules
88 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with three
89 ... accessControlRules and only one of them permits tested requests. Used ACPs have set AE-ID in
90 ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
91 [Tags] not-implemented exclude
94 1.01.11 ACP cseBase: Permit: selfPrivileges: AE, CRUDN + Discovery, multiple accessControlRules
95 [Documentation] Test ACPs of cseBase and test their selfPrivileges with three
96 ... accessControlRules and only one of them permits tested requests. Used ACPs have set AE-ID in
97 ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
98 [Tags] not-implemented exclude
101 1.01.12 ACP cseBase: Deny: selfPrivileges: AE, CRUDN + Discovery, multiple accessControlRules
102 [Documentation] Test ACPs of cseBase and test their selfPrivileges with three
103 ... accessControlRules and all of them deny tested requests. Used ACPs have set AE-ID in
104 ... accessControlOriginators and accessControlOperations set to CRUDN + Discovery operations.
105 [Tags] not-implemented exclude
108 1.01.13 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlWindow
109 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
110 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
111 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlWindow and tested requests
112 ... meet all cryteria and are permitted.
113 [Tags] not-implemented exclude
116 1.01.14 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlWindow
117 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
118 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
119 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlWindow and tested requests
120 ... do not meet this cryteria and are denied.
121 [Tags] not-implemented exclude
124 1.01.15 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv4Addresses
125 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
126 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
127 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv4Addresses
128 ... and tested requests meet all cryteria and are permitted.
129 [Tags] not-implemented exclude
132 1.01.16 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv4Addresses
133 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
134 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
135 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv4Addresses
136 ... and tested requests do not meet this cryteria and are denied.
137 [Tags] not-implemented exclude
140 1.01.17 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv6Addresses
141 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
142 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
143 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv6Addresses
144 ... and tested requests meet all cryteria and are permitted.
145 [Tags] not-implemented exclude
148 1.01.18 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlIpAddresses/ipv6Addresses
149 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
150 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
151 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlIpAddresses/ipv6Addresses
152 ... and tested requests do not meet this cryteria and are denied.
153 [Tags] not-implemented exclude
156 1.01.19 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlContexts/accessControlLocationRegions
157 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
158 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
159 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlLocationRegions
160 ... and tested requests meet all cryteria and are permitted.
161 [Tags] not-implemented exclude
164 1.01.20 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlContexts/accessControlLocationRegions
165 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
166 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
167 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlLocationRegions
168 ... and tested requests do not meet this cryteria and are denied.
169 [Tags] not-implemented exclude
172 1.01.21 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlObjectDetails
173 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
174 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
175 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlObjectDetails
176 ... and tested requests meet all cryteria and are permitted.
177 [Tags] not-implemented exclude
180 1.01.22 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlObjectDetails
181 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
182 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
183 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlObjectDetails
184 ... and tested requests do not meet this cryteria and are denied.
185 [Tags] not-implemented exclude
188 1.01.23 ACP cseBase: Permit: AE, CRUDN + Discovery, accessControlAuthenticationFlag
189 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
190 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
191 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlAuthenticationFlag
192 ... and tested requests meet all cryteria and are permitted.
193 [Tags] not-implemented exclude
196 1.01.24 ACP cseBase: Deny: AE, CRUDN + Discovery, accessControlAuthenticationFlag
197 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
198 ... accessControlRule with accessControlOriginators set to AE-ID and accessControlOperations set
199 ... to CRUDN + Discovery operations. Used ACPs have set also accessControlAuthenticationFlag
200 ... and tested requests do not meet this cryteria and are denied.
201 [Tags] not-implemented exclude
204 1.02.01 ACP cseBase: Permit: existing Group including originator, CRUD
205 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
206 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
207 ... included and accessControlOperations set
208 ... to CRUD operations. Test CRUD requests which are permitted by ACP.
209 [Tags] not-implemented exclude
212 1.02.02 ACP cseBase: Deny: not existing Group including originator, CRUD
213 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
214 ... accessControlRule with accessControlOriginators set to not existing Group with the
215 ... request originator included and accessControlOperations set to CRUD operations.
216 ... Test CRUD requests which are denied by ACP.
217 [Tags] not-implemented exclude
220 1.02.03 ACP cseBase: Deny: existing Group not including originator, CRUD
221 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
222 ... accessControlRule with accessControlOriginators set to existing Group without the request
223 ... originator included and accessControlOperations set to CRUD operations. Test CRUD requests which
224 ... are denied by ACP.
225 [Tags] not-implemented exclude
228 1.02.04 ACP cseBase: Deny: existing Group including originator, other than request operations
229 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
230 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
231 ... included and accessControlOperations set
232 ... to CRUD operations other than operation used in request so the requests are denied.
233 [Tags] not-implemented exclude
236 1.02.05 ACP cseBase: Permit: existing Group including originator, N
237 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
238 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
239 ... included and accessControlOperations set to notify operation. Test notify requests which are
240 ... permitted by ACP.
241 [Tags] not-implemented exclude
244 1.02.06 ACP cseBase: Deny: not existing Group including originator, N
245 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
246 ... accessControlRule with accessControlOriginators set to not existing Group with the
247 ... request originator included and accessControlOperations set to notify operation.
248 ... Test notify requests which are denied by ACP.
249 [Tags] not-implemented exclude
252 1.02.07 ACP cseBase: Deny: existing Group not including originator, N
253 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
254 ... accessControlRule with accessControlOriginators set to existing Group without the request
255 ... originator included and accessControlOperations set to notify operation. Test notify requests which
256 ... are denied by ACP.
257 [Tags] not-implemented exclude
260 1.02.08 ACP cseBase: Deny: existing Group including originator, CRUD + Discovery
261 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
262 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
263 ... included and accessControlOperations set
264 ... to CRUD + Discovery operations so the tested notification requests are denied.
265 [Tags] not-implemented exclude
268 1.02.09 ACP cseBase: Permit: existing Group including originator, Discovery
269 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
270 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
271 ... included and accessControlOperations set to discovery operation. Test discovery requests which are
272 ... permitted by ACP.
273 [Tags] not-implemented exclude
276 1.02.10 ACP cseBase: Deny: not existing Group including originator, Discovery
277 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
278 ... accessControlRule with accessControlOriginators set to not existing Group with the
279 ... request originator included and accessControlOperations set to discovery operation.
280 ... Test discovery requests which are denied by ACP.
281 [Tags] not-implemented exclude
284 1.02.11 ACP cseBase: Deny: existing Group not including originator, Discovery
285 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
286 ... accessControlRule with accessControlOriginators set to existing Group without the request
287 ... originator included and accessControlOperations set to discovery operation. Test discovery requests which
288 ... are denied by ACP.
289 [Tags] not-implemented exclude
292 1.02.12 ACP cseBase: Deny: existing Group including originator, CRUDN
293 [Documentation] Test ACP of cseBase which are used by target container resource. Test only privileges with single
294 ... accessControlRule with accessControlOriginators set to existing Group with the request originator
295 ... included and accessControlOperations set
296 ... to CRUDN operations so the tested discovery requests are denied.
297 [Tags] not-implemented exclude
300 1.03.01 ACP cseBase: Permit: All, CRUD
301 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
302 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set to
303 ... CRUD operations. Test CRUD requests which are permitted by ACP.
304 [Tags] not-implemented exclude
307 1.03.02 ACP cseBase: Deny: All, other than REQ operations
308 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
309 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set to
310 ... all operations expect to the operation used in the request.
311 ... Test CRUD requests which are denied by ACP due to non-permitted operation.
312 [Tags] not-implemented exclude
315 1.03.03 ACP cseBase: Permit: All, N
316 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
317 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
318 ... to N operation. Test the notification request which is permitted by ACP.
319 [Tags] not-implemented exclude
322 1.03.04 ACP cseBase: Deny: All, CRUD + Discovery
323 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
324 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
325 ... to CRUD + Discovery operations. Test CRUD + Discovery requests which are denied by ACP because
326 ... the notify operation is not permitted.
327 [Tags] not-implemented exclude
330 1.03.05 ACP cseBase: Permit: All, Discovery
331 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
332 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
333 ... to Discovery operation. Test the discovery request which is permitted by ACP.
334 [Tags] not-implemented exclude
337 1.03.06 ACP cseBase: Deny: All, CRUDN
338 [Documentation] Test ACPs of cseBase which are used by target container resource. Test only privileges with single
339 ... accessControlRule with accessControlOriginators set to All and accessControlOperations set
340 ... to CRUDN operations. Test discovery request which is denied by ACP because the discovery operation
341 ... is not permitted.
342 [Tags] not-implemented exclude
345 1.04 ACP cseBase: accessControlOriginators CSE
346 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
347 ... specific CSE-ID(s). Split into multiple TCs if needed.
348 [Tags] not-implemented exclude
351 1.05 ACP cseBase: accessControlOriginators role
352 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
353 ... specific role(s). Split into multiple TCs if needed.
354 [Tags] not-implemented exclude
357 1.06 ACP cseBase: accessControlOriginators domain
358 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with accessControlOriginators set to
359 ... specific domain(s). Split into multiple TCs if needed.
360 [Tags] not-implemented exclude
364 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with ACP resource created as child
365 ... resource of remoteCSE resource. Split into multiple TCs if needed.
366 [Tags] not-implemented exclude
370 [Documentation] Implement the same scenario as in 1.01.01 - 1.01.09 but with ACP resource created as child
371 ... resource of AE resource. Split into multiple TCs if needed.
372 [Tags] not-implemented exclude
375 4.01 ACP system default
376 [Documentation] Test multiple scenarios with resources with empty accessControlPolicyIDs attribute.
377 ... System default policy should be used.
378 ... Split into multiple TCs if needed.
379 [Tags] not-implemented exclude
382 5.01 ACP cseBase: resources without accessControlPolicyIDs
383 [Documentation] Test ACP procedures with resources without accessControlPolicyIDs attribute,
384 ... e.g.: Oldest, Latest, etc.
385 ... ACP IDs defined for parent resource should be used in such cases. Test also cases when also
386 ... parent resource doesn't have specified ACP IDs, system default ACP should be used.
387 ... Split into multiple TCs if needed.
388 [Tags] not-implemented exclude
391 6.01 ACP cseBase: announced resources
392 [Documentation] Test ACP procedures with announced resources.
393 ... Split into multiple TCs if needed.
394 [Tags] not-implemented exclude
400 Fail "Not implemented"