Skip to content

Align quality-on-demand API and tests with Commonalities 0.8.0 (r4.3)#579

Open
hdamker wants to merge 4 commits into
camaraproject:mainfrom
hdamker:feat/571-quality-on-demand-commonalities-0.8.0
Open

Align quality-on-demand API and tests with Commonalities 0.8.0 (r4.3)#579
hdamker wants to merge 4 commits into
camaraproject:mainfrom
hdamker:feat/571-quality-on-demand-commonalities-0.8.0

Conversation

@hdamker

@hdamker hdamker commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

What type of PR is this?

enhancement/feature

What this PR does / why we need it:

Brings the quality-on-demand API specification and its test definitions into line with CAMARA Commonalities 0.8.0 (r4.3). The change is backward-compatible with the released 1.1.0: each tightened constraint makes an already-intended, domain-limited bound machine-readable and rejects no previously-valid request.

Highlights:

  • Reuse the synced common components via $ref into code/common/ at each use-site: openId, x-correlator, Device / DeviceResponse, ErrorInfo, and the generic error responses. API-specific code-subset error responses are kept local.
  • Embed the mandatory info.description templates (authorization-and-authentication, additional-error-responses, request-body-strictness) and set x-camara-commonalities: 0.8.0.
  • Add OWASP-aligned constraints (maxLength / maxItems / minimum / maximum / format / pattern) to the remaining local schemas.
  • Align the QoS status-change notifications to the CloudEvents model: consume the shared CloudEvent and SinkCredential from CAMARA_event_common.yaml, express the event as a CloudEvent subtype with its own event-type enum and discriminator, and adopt ACCESSTOKEN + PRIVATE_KEY_JWT (adding PRIVATE_KEY_JWT_NOT_CONFIGURED to the create-session 422).
  • Align the five quality-on-demand-*.feature test definitions (repoint the renamed device schema, add invalid_x-correlator and 429 scenarios, quote scope values).

The event and notification changes (the single semantic change) are isolated in their own commit, separate from the metadata/reuse/constraints/tests, so each part can be reviewed independently.

Which issue(s) this PR fixes:

Fixes #571

Special notes for reviewers:

  • Backward compatibility: every change is backward-compatible with the released 1.1.0, so each addition is constrained by Commonalities #658. Dropping PLAIN / REFRESHTOKEN from the SinkCredential enum is a non-breaking restatement (both were already documented as disallowed); PRIVATE_KEY_JWT is additive.
  • duration intentionally has no API-level maximum (the limit is the QoS Profile maxDuration); maximum: 2147483647 is the int32 ceiling, added only to satisfy the linter without restricting any valid value.
  • Port now references the common Port schema (minimum: 1); the previous local copy allowed minimum: 0. Port 0 is not a usable flow port, so this tightening is a Commonalities #658 clarification that rejects no valid request.
  • The validator reports S-211 (potentially unused component) on EventQosStatusChanged — the known false-positive for a discriminator subtype, which Spectral does not follow through the discriminator mapping.

Changelog input

 release-note
Align the quality-on-demand API and test definitions with CAMARA Commonalities 0.8.0 (r4.3): reuse common components via $ref, add request-body strictness and OWASP constraints, and align the CloudEvents notifications including PRIVATE_KEY_JWT sink credentials. Backward-compatible with 1.1.0.

Additional documentation

This section can be blank.

docs

hdamker added 3 commits June 29, 2026 16:04
Reuse CAMARA_common.yaml components via $ref at each use-site, embed the
mandatory info.description templates, and add OWASP request/response
constraints; align the five test definitions to the r4.3 sample template.
Event/notification alignment follows in a separate commit.
…alities 0.8.0

Consume the shared CloudEvent and SinkCredential from CAMARA_event_common.yaml
via $ref, express the QoS status-changed notification as a CloudEvent subtype
with its own event-type enum and discriminator, and adopt the common
SinkCredential (ACCESSTOKEN, PRIVATE_KEY_JWT), adding PRIVATE_KEY_JWT_NOT_CONFIGURED
to the create operation's 422 response.
…ponses

Rename the local code-subset error responses that shadowed common component
names (`Generic403`/`Generic404` -> `PermissionDenied403`/`NotFound404`), reference
the common `Port` schema (`minimum: 1`) instead of a local copy, and embed the
mandatory `identifying-device-from-access-token` info.description template (with
the QoS-profile error note moved into the createSession operation).
jlurien added a commit to jlurien/QualityOnDemand that referenced this pull request Jun 30, 2026
- Operations requiring NOT_FOUND + IDENTIFIER_NOT_FOUND (POST /qos-assignments,
  POST /retrieve-qos-assignment) now reference CAMARA_common.yaml#Generic404
  directly at the path level, replacing the former GenericDevice404 local alias
- Operations requiring only NOT_FOUND (GET and DELETE /qos-assignments/{assignmentId})
  now reference a local NotFound404 response, replacing the former Generic404 alias
- Remove the Generic404 and GenericDevice404 local aliases from components/responses
…e common SinkCredential

Allow `ACCESSTOKEN` or `PRIVATE_KEY_JWT` in the notification-token prose, change the
create-session unsupported-credential-type test to expect `400 INVALID_ARGUMENT` (`PLAIN`
and `REFRESHTOKEN` are no longer schema enum values), and add a create-session
`422 PRIVATE_KEY_JWT_NOT_CONFIGURED` scenario.
@hdamker

hdamker commented Jul 4, 2026

Copy link
Copy Markdown
Collaborator Author

In 560058e I aligned the sink-credential prose and tests with the common SinkCredential this PR adopts:

  • info.description — the notification-token note now allows ACCESSTOKEN or PRIVATE_KEY_JWT (it previously said ACCESSTOKEN only).
  • createSession unsupported credentialType testPLAIN / REFRESHTOKEN are no longer values in the common SinkCredential enum, so a request carrying them now fails schema validation; the scenario expects 400 INVALID_ARGUMENT accordingly.
  • New createSession 422 scenario — covers PRIVATE_KEY_JWT_NOT_CONFIGURED, which the response now documents.

@jlurien jlurien left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hdamker

hdamker commented Jul 10, 2026

Copy link
Copy Markdown
Collaborator Author

Added Fixes #560 so that issue will be closed also on merge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Adapt the quality-on-demand API spec to the latest Commonalities release (r4.3 - Spring26)

3 participants