Align quality-on-demand API and tests with Commonalities 0.8.0 (r4.3)#579
Open
hdamker wants to merge 4 commits into
Open
Align quality-on-demand API and tests with Commonalities 0.8.0 (r4.3)#579hdamker wants to merge 4 commits into
hdamker wants to merge 4 commits into
Conversation
Reuse CAMARA_common.yaml components via $ref at each use-site, embed the mandatory info.description templates, and add OWASP request/response constraints; align the five test definitions to the r4.3 sample template. Event/notification alignment follows in a separate commit.
…alities 0.8.0 Consume the shared CloudEvent and SinkCredential from CAMARA_event_common.yaml via $ref, express the QoS status-changed notification as a CloudEvent subtype with its own event-type enum and discriminator, and adopt the common SinkCredential (ACCESSTOKEN, PRIVATE_KEY_JWT), adding PRIVATE_KEY_JWT_NOT_CONFIGURED to the create operation's 422 response.
…ponses Rename the local code-subset error responses that shadowed common component names (`Generic403`/`Generic404` -> `PermissionDenied403`/`NotFound404`), reference the common `Port` schema (`minimum: 1`) instead of a local copy, and embed the mandatory `identifying-device-from-access-token` info.description template (with the QoS-profile error note moved into the createSession operation).
jlurien
added a commit
to jlurien/QualityOnDemand
that referenced
this pull request
Jun 30, 2026
- Operations requiring NOT_FOUND + IDENTIFIER_NOT_FOUND (POST /qos-assignments,
POST /retrieve-qos-assignment) now reference CAMARA_common.yaml#Generic404
directly at the path level, replacing the former GenericDevice404 local alias
- Operations requiring only NOT_FOUND (GET and DELETE /qos-assignments/{assignmentId})
now reference a local NotFound404 response, replacing the former Generic404 alias
- Remove the Generic404 and GenericDevice404 local aliases from components/responses
…e common SinkCredential Allow `ACCESSTOKEN` or `PRIVATE_KEY_JWT` in the notification-token prose, change the create-session unsupported-credential-type test to expect `400 INVALID_ARGUMENT` (`PLAIN` and `REFRESHTOKEN` are no longer schema enum values), and add a create-session `422 PRIVATE_KEY_JWT_NOT_CONFIGURED` scenario.
Collaborator
Author
|
In 560058e I aligned the sink-credential prose and tests with the common
|
Collaborator
Author
|
Added |
eric-murray
approved these changes
Jul 10, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
enhancement/feature
What this PR does / why we need it:
Brings the
quality-on-demandAPI specification and its test definitions into line with CAMARA Commonalities 0.8.0 (r4.3). The change is backward-compatible with the released1.1.0: each tightened constraint makes an already-intended, domain-limited bound machine-readable and rejects no previously-valid request.Highlights:
$refintocode/common/at each use-site:openId,x-correlator,Device/DeviceResponse,ErrorInfo, and the generic error responses. API-specific code-subset error responses are kept local.info.descriptiontemplates (authorization-and-authentication, additional-error-responses, request-body-strictness) and setx-camara-commonalities: 0.8.0.maxLength/maxItems/minimum/maximum/format/pattern) to the remaining local schemas.CloudEventandSinkCredentialfromCAMARA_event_common.yaml, express the event as a CloudEvent subtype with its own event-type enum and discriminator, and adoptACCESSTOKEN+PRIVATE_KEY_JWT(addingPRIVATE_KEY_JWT_NOT_CONFIGUREDto the create-session422).quality-on-demand-*.featuretest definitions (repoint the renamed device schema, addinvalid_x-correlatorand429scenarios, quote scope values).The event and notification changes (the single semantic change) are isolated in their own commit, separate from the metadata/reuse/constraints/tests, so each part can be reviewed independently.
Which issue(s) this PR fixes:
Fixes #571
Special notes for reviewers:
1.1.0, so each addition is constrained by Commonalities #658. DroppingPLAIN/REFRESHTOKENfrom theSinkCredentialenum is a non-breaking restatement (both were already documented as disallowed);PRIVATE_KEY_JWTis additive.durationintentionally has no API-level maximum (the limit is the QoS ProfilemaxDuration);maximum: 2147483647is the int32 ceiling, added only to satisfy the linter without restricting any valid value.Portnow references the commonPortschema (minimum: 1); the previous local copy allowedminimum: 0. Port 0 is not a usable flow port, so this tightening is a Commonalities #658 clarification that rejects no valid request.S-211(potentially unused component) onEventQosStatusChanged— the known false-positive for a discriminator subtype, which Spectral does not follow through the discriminator mapping.Changelog input
Additional documentation
This section can be blank.