Resolve problems with XML in tutorial 405 and 406

Author: Fernando López Aguilar

features/405.XACML_Rules-based_Permissions.feature

@@ -1,4 +1,5 @@
 Feature: Test tutorial 405.XACML Rules-based Permissions
+
   This is feature file of the FIWARE step by step tutorial for XACML rules-based permissions
   url: https://fiware-tutorials.readthedocs.io/en/latest/xacml-access-rules.html
   git-clone: https://github.com/FIWARE/tutorials.XACML-Access-Rules.git
@@ -21,16 +22,16 @@ Feature: Test tutorial 405.XACML Rules-based Permissions
     Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response405-02.json"
 
   Scenario: 03 - AuthZForce - Read a single domain
-    When  I set the "AuthZForce" domains url with the "domainId"
+    When  I set the "AuthZForce" domains url with the previous "domainId"
     And   I send a GET HTTP request to that url
     Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response405-03.json"
 
   Scenario: 04 - AuthZForce - List all PolicySets available within a domain
-    When  I set the "AuthZForce" pap policies url with the "domainId"
+    When  I set the "AuthZForce" pap policies url with the previous "domainId"
     And   I send a GET HTTP request to that url
     Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response405-04.json"
 
-  Scenario: 05 - AuthZForce - List the available revisions of a policyset
+  Scenario: 05 - AuthZForce - List the available revisions of a PolicySet
     When  I set the "AuthZForce" a pap policy set url with the "domainId" and "policyId"
     And   I send a GET HTTP request to that url
     Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response405-05.json"
@@ -41,19 +42,20 @@ Feature: Test tutorial 405.XACML Rules-based Permissions
     Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response405-06.json"
 
   Scenario: 07 - AuthZForce - Permit access to a resource
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request405-07.xml"
     And   I send a POST HTTP request to that url
     Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response405-07.json"
 
   Scenario: 08 - AuthZForce - Deny access to a resource
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request405-08.xml"
     And   I send a POST HTTP request to that url
     Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response405-08.json"
 
+  # Assertion Failed: The token_type received is not the expected value, received: bearer, but was expected Bearer
   Scenario: 09 - Keystone - User obtain an access token
     When  I set the "Authorization" header with the value "Basic dHV0b3JpYWwtZGNrci1zaXRlLTAwMDAteHByZXNzd2ViYXBwOnR1dG9yaWFsLWRja3Itc2l0ZS0wMDAwLWNsaWVudHNlY3JldA=="
     And   I set the "Content-Type" header with the value "application/x-www-form-urlencoded"
@@ -65,6 +67,7 @@ Feature: Test tutorial 405.XACML Rules-based Permissions
             | access_token | token_type | scope         |
             | any          | Bearer     | ["permanent"] |
 
+  # The result obtained is obsolete, there are changes in idm
   Scenario: 10 - Keystone - Obtain roles and domain
     When  I set the user url to obtain roles and domain with the following data
             | access_token | app_id                               |
@@ -73,7 +76,7 @@ Feature: Test tutorial 405.XACML Rules-based Permissions
     Then  I receive a HTTP "200" response code from Keyrock with the body equal to "response405-10.json"
 
   Scenario: 11 - AuthZForce - Apply a policy to a request
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request405-11.xml"
     And   I send a POST HTTP request to that url

features/406.Administrating_XACML_Rules.feature

@@ -1,4 +1,5 @@
 Feature: Test tutorial 406.Administrating_XACML_Rules
+
   This is feature file of the FIWARE step by step tutorial for Administrating XACML rules
   url: https://fiware-tutorials.readthedocs.io/en/latest/administrating-xacml.html
   git-clone: https://github.com/FIWARE/tutorials.Administrating-XACML.git
@@ -10,75 +11,75 @@ Feature: Test tutorial 406.Administrating_XACML_Rules
     Given I set the tutorial 406
 
   Scenario: 01 - Creating a new domain
-    When  I set the url to "http://localhost:8080/authzforce-ce/domains"
+    When  I set the "AuthZForce" to the domain url
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-01.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-01.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body containing a href attribute
 
   Scenario: 02 - Request a decision from AuthZForce
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-02.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-02.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-02.json"
 
   Scenario: 03 - Creating an initial policy set
-    When  I set the "AuthZForce" pap policies url with the "domainId"
+    When  I set the "AuthZForce" pap policies url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-03.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-03.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-03.json"
 
   Scenario: 04 - Activating the initial policy set
-    When  I set the "AuthZForce" pap policies with pdp.properties url with the "domainId"
+    When  I set the "AuthZForce" pap policies with pdp.properties url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-04.xml"
     And   I send a PUT HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-04.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-04.json"
 
   Scenario: 05 - Request to access to loading in the white zone
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-05.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-05.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-05.json"
 
   Scenario: 06 - Request to access to loading in the red zone
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-06.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-06.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-06.json"
 
   Scenario: 07 - Updating a policy set
-    When  I set the "AuthZForce" pap policies url with the "domainId"
+    When  I set the "AuthZForce" pap policies url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-07.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-07.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-07.json"
 
 
   Scenario: 08 - Activating an updated policy set
-    When  I set the "AuthZForce" pap policies with pdp.properties url with the "domainId"
+    When  I set the "AuthZForce" pap policies with pdp.properties url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-08.xml"
     And   I send a PUT HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-08.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-08.json"
 
   Scenario: 09 - Request to access to loading in the white zone again
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-09.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-09.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-09.json"
 
   Scenario: 10 - Request to access to loading in the red zone again
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-10.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-10.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-10.json"
 
   Scenario: 11 - Create a token with password
     When   I define the body request described in file "request406-11.json"
@@ -89,13 +90,15 @@ Feature: Test tutorial 406.Administrating_XACML_Rules
       | Status-Code | X-Subject-Token | Connection | data                | excluded                |
       | 201         | any             | keep-alive | response406-11.json | response406-11.excludes |
 
+  # The result obtained is obsolete, there are changes in idm
   Scenario: 12 - Read a Verb-resource permission
     When   I set the "Content-Type" header with the value "application/json"
     And    I set the "X-Auth-token" header with the value "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
     And    I set the url to "http://localhost:3005/v1/applications/tutorial-dckr-site-0000-xpresswebapp/permissions/entrance-open-0000-0000-000000000000"
     And    I send a GET HTTP request to that url
     Then   I receive a HTTP "200" response code from Keystone with the body equal to "response406-12.json"
 
+  # The result obtained is obsolete, there are changes in idm
   Scenario: 13 - Read a XACML rule permission
     When   I set the "Content-Type" header with the value "application/json"
     And    I set the "X-Auth-token" header with the value "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
@@ -104,12 +107,13 @@ Feature: Test tutorial 406.Administrating_XACML_Rules
     Then   I receive a HTTP "200" response code from Keystone with the body equal to "response406-13.json"
 
   Scenario: 14 - Deny access to a resource
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-14.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-14.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-14.json"
 
+  # {"error":{"message":"if use_authorization_service_header is set, authorization_service_header needs to be set","code":400,"title":"Bad Request"}}
   Scenario: 15 - Update an XACML permission
     When   I set the "Content-Type" header with the value "application/json"
     And    I set the "X-Auth-token" header with the value "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
@@ -125,6 +129,7 @@ Feature: Test tutorial 406.Administrating_XACML_Rules
     And    I send a DELETE HTTP request to that url
     Then   I receive a HTTP "204" status code response
 
+# Internal server error: 500
   Scenario: 17 - Passing the updated policy set to AuthZForce, recreating the policy set
     When   I set the "Content-Type" header with the value "application/json"
     And    I set the "X-Auth-token" header with the value "aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa"
@@ -133,9 +138,10 @@ Feature: Test tutorial 406.Administrating_XACML_Rules
     And    I send a POST HTTP request to that url
     Then   I receive a HTTP "201" response code from Keystone with the body equal to "response406-17.json"
 
+  # Decision Deny...
   Scenario: 18 - Permit access to a resource
-    When  I set the "AuthZForce" to the pdp endpoint url with the "domainId"
+    When  I set the "AuthZForce" to the pdp endpoint url with the previous "domainId"
     And   I set the "Content-Type" header with the value "application/xml"
     And   the body request described in file "request406-18.xml"
     And   I send a POST HTTP request to that url
-    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-18.xml"
+    Then  I receive a HTTP "200" response code from AuthZForce with the body equal to "response406-18.json"

features/data/406.Administrating_XACML_Rules/request406-15.json

@@ -2,6 +2,7 @@
     "permission": {
         "action": "",
         "resource": "",
-        "xml": "<Rule RuleId=\"alrmbell-ring-only-000000000000\" Effect=\"Permit\"> etc..."
+        "use_authorization_service_header" : false,
+        "xml": "<Rule RuleId=\"alrmbell-ring-only-000000000000\" Effect=\"Permit\">\n<Description>Allow Full Access to Charlie the Security Manager</Description>\n<Target>\n<AnyOf>\n<AllOf>\n<Match MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">/bell/ring</AttributeValue>\n<AttributeDesignator Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\" AttributeId=\"urn:thales:xacml:2.0:resource:sub-resource-id\" DataType=\"http://www.w3.org/2001/XMLSchema#string\" MustBePresent=\"true\" />\n</Match>\n</AllOf>\n</AnyOf>\n<AnyOf>\n<AllOf>\n<Match MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">POST</AttributeValue>\n<AttributeDesignator Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:action\" AttributeId=\"urn:oasis:names:tc:xacml:1.0:action:action-id\" DataType=\"http://www.w3.org/2001/XMLSchema#string\" MustBePresent=\"true\" />\n</Match>\n</AllOf>\n</AnyOf>\n<AnyOf>\n<AllOf>\n<Match MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">charlie</AttributeValue>\n<AttributeDesignator Category=\"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject\" AttributeId=\"urn:oasis:names:tc:xacml:1.0:subject:subject-id\" DataType=\"http://www.w3.org/2001/XMLSchema#string\" MustBePresent=\"true\" />\n</Match>\n</AllOf>\n</AnyOf>\n</Target>\n</Rule>\n<Rule RuleId=\"alrmbell-ring-24hr-hours-000000000000\" Effect=\"Permit\">\n<Description>Ring Alarm Bell (Outside Core Hours)</Description>\n<Target>\n<AnyOf>\n<AllOf>\n<Match MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">/bell/ring</AttributeValue>\n<AttributeDesignator Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\" AttributeId=\"urn:thales:xacml:2.0:resource:sub-resource-id\" DataType=\"http://www.w3.org/2001/XMLSchema#string\" MustBePresent=\"true\" />\n</Match>\n</AllOf>\n</AnyOf>\n<AnyOf>\n<AllOf>\n<Match MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">POST</AttributeValue>\n<AttributeDesignator Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:action\" AttributeId=\"urn:oasis:names:tc:xacml:1.0:action:action-id\" DataType=\"http://www.w3.org/2001/XMLSchema#string\" MustBePresent=\"true\" />\n</Match>\n</AllOf>\n</AnyOf>\n<AnyOf>\n<AllOf>\n<Match MatchId=\"urn:oasis:names:tc:xacml:1.0:function:string-equal\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">security-role-0000-0000-000000000000</AttributeValue>\n<AttributeDesignator Category=\"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject\" AttributeId=\"urn:oasis:names:tc:xacml:2.0:subject:role\" DataType=\"http://www.w3.org/2001/XMLSchema#string\" MustBePresent=\"true\" />\n</Match>\n</AllOf>\n</AnyOf>\n</Target>\n<Condition>\n<Apply FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:not\">\n<Apply FunctionId=\"urn:oasis:names:tc:xacml:2.0:function:time-in-range\">\n<Apply FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:time-one-and-only\">\n<AttributeDesignator AttributeId=\"urn:oasis:names:tc:xacml:1.0:environment:current-time\" DataType=\"http://www.w3.org/2001/XMLSchema#time\" Category=\"urn:oasis:names:tc:xacml:3.0:attribute-category:environment\" MustBePresent=\"false\"></AttributeDesignator>\n</Apply>\n<Apply FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:time-one-and-only\">\n<Apply FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:time-bag\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#time\">08:00:00</AttributeValue>\n</Apply>\n</Apply>\n<Apply FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:time-one-and-only\">\n<Apply FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:time-bag\">\n<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#time\">17:00:00</AttributeValue>\n</Apply>\n</Apply>\n</Apply>\n</Apply>\n</Condition>\n</Rule>"
     }
 }

features/data/406.Administrating_XACML_Rules/response406-01.xml

@@ -0,0 +1,3 @@
+{
+    "decision": "Permit"
+}