Google Git
Sign in
pigweed / third_party / github / project-chip / connectedhomeip / be581ef5d8df13bbdfd541488eb704425188e163 / . / src / app / tests / suites / certification / Test_TC_ACE_1_1.yaml
blob: e0728d5eed4b7cecfd43988803daaa6829eecfad [file] [log] [blame]
# Copyright (c) 2021 Project CHIP Authors
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: 42.1.1. [TC-ACE-1.1] Privileges
PICS:
- MCORE.ROLE.COMMISSIONEE
config:
nodeId: 0x12344321
cluster: "Access Control"
endpoint: 0
tests:
- label: "Step 1: TH1 commissions DUT using admin node ID N1"
cluster: "DelayCommands"
command: "WaitForCommissionee"
arguments:
values:
- name: "nodeId"
value: nodeId
- label: "Read the commissioner node ID"
cluster: "CommissionerCommands"
command: "GetCommissionerNodeId"
response:
values:
- name: "nodeId"
saveAs: commissionerNodeId
- label:
"Step 2: TH writes the ACL attribute with a list of
AccessControlEntryStruct entries containing 1 elements, granting
itself administer privileges on all of Endpoint 0 : struct a)Fabric
Index: 1 b)Privilege field: Administer (5) c)AuthMode field: CASE
(2) d)Subjects field: [N1] e)Targets field: [{Cluster: null, Endpoint:
0, DeviceType: null}]"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 1,
Privilege: 5, # administer
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: null, Endpoint: 0, DeviceType: null }],
},
]
- label:
"Step 3: TH reads the NOCs attribute from the Node Operational
Credentials cluster using a fabric-scoped read (requires administer
privilege)"
cluster: "Operational Credentials"
command: "readAttribute"
attribute: "NOCs"
response:
constraints:
minLength: 1
maxLength: 1
- label:
"Step 4: TH writes the Location attribute in the Basic Information
cluster with 'XX' (requires administer privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "Location"
arguments:
value: "XX"
- label:
"Step 5: TH sends the UpdateFabricLabel command to the Node
Operational Credentials cluster with the Label field set to
'TestFabric' (requires administer privilege)"
cluster: "Operational Credentials"
command: "UpdateFabricLabel"
arguments:
values:
- name: "Label"
value: "TestFabric"
- label:
"Step 6: TH writes the NodeLabel attribute in the Basic Information
cluster with the string 'TestNode' (requires manage privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "NodeLabel"
arguments:
value: "TestNode"
- label:
"Step 7: TH sends the TestEventTrigger command to the General
Diagnostics cluster with the EnableKey set to 0 and the EventTrigger
set to 0 (requires manage privilege). Note that this will cause an
error to be returned because the EnableKey is invalid, but still
indicates that the TH passed the ACL check."
cluster: "General Diagnostics"
command: "TestEventTrigger"
arguments:
values:
- name: "EnableKey"
value: "0"
- name: "EventTrigger"
value: 0
response:
error: CONSTRAINT_ERROR
- label:
"Step 8: TH reads the VendorID attribute from the Basic Information
cluster (requires view privilege)"
cluster: "Basic Information"
command: "readAttribute"
attribute: "VendorID"
# MANAGE
- label:
"Step 9: TH writes the ACL attribute with a list of
AccessControlEntryStruct entries containing 2 elements, giving itself
administer privilege only on the Access Control cluster and manage
privilege on everything else on EP0 : 1.Struct : a)Fabric Index:1
b)Privilege field: Administer (5) c)AuthMode field: CASE (2)
d)Subjects field: [N1] e)Targets field: [{Cluster: 0x001F, Endpoint:
0}] 2.struct : a)Fabric Index: 1 b)Privilege field: Manage (4)
c)AuthMode field: CASE (2) d)Subjects field: [N1] e)Targets field:
[{Endpoint: 0}]"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 1,
Privilege: 5, # administer
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: 0x001F, Endpoint: 0, DeviceType: null }],
},
{
FabricIndex: 1,
Privilege: 4, # manage
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: null, Endpoint: 0, DeviceType: null }],
},
]
- label:
"Step 10: TH reads the NOCs attribute from the Node Operational
Credentials cluster using a fabric-filtered read (requires administer
privilege)"
cluster: "Operational Credentials"
command: "readAttribute"
attribute: "NOCs"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 11: TH writes the Location attribute in the Basic Information
cluster with 'XX' (requires administer privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "Location"
arguments:
value: "XX"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 12: TH sends the UpdateFabricLabel command to the operational
credentials cluster with the Label field set to 'TestFabric' (requires
administer privilege)"
cluster: "Operational Credentials"
command: "UpdateFabricLabel"
arguments:
values:
- name: "Label"
value: "TestFabric"
response:
error: UNSUPPORTED_ACCESS
- label: "Step 13a: Write NodeLabel attribute (Basic - requires manage)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "NodeLabel"
arguments:
value: "TestNode"
- label:
"Step 13b: Send TestEventTrigger (General Diagnostics - requires
manage)"
cluster: "General Diagnostics"
command: "TestEventTrigger"
arguments:
values:
- name: "EnableKey"
value: "0"
- name: "EventTrigger"
value: 0
response:
error: CONSTRAINT_ERROR
- label: "Step 13c: Tead the VendorID attribute (Basic - requires view)"
cluster: "Basic Information"
command: "readAttribute"
attribute: "VendorID"
# OPERATE
- label:
"Step 14: TH writes the ACL attribute with a list of
AccessControlEntryStruct entries containing 2 elements, giving itself
administer privilege only on the Access Control cluster and operate
privilege on everything else on EP0. 1.Struct : a)Fabric Index: 1
b)Privilege field: Administer (5) c)AuthMode field: CASE (2)
d)Subjects field: [N1] e)Targets field: [{Cluster: 0x001F, Endpoint:
0}] 2.struct : a)Fabric Index: 1 b)Privilege field: Operate (3)
c)AuthMode field: CASE (2) d)Subjects field: [N1] e)Targets field:
[{Endpoint: 0}]"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 1,
Privilege: 5, # administer
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: 0x001F, Endpoint: 0, DeviceType: null }],
},
{
FabricIndex: 1,
Privilege: 3, # operate
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: null, Endpoint: 0, DeviceType: null }],
},
]
- label:
"Step 15a: Repeat steps 10 to 12 to confirm that TH still does not
have administer privileges step:10 p- TH reads the NOCs attribute from
the Node Operational Credentials cluster using a fabric-filtered read
(requires administer privilege)"
cluster: "Operational Credentials"
command: "readAttribute"
attribute: "NOCs"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 15b: Repeat step:11 - TH writes the Location attribute in the
Basic Information cluster with 'XX' (requires administer privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "Location"
arguments:
value: "XX"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 15c: Repeat step:12 - TH sends the UpdateFabricLabel command to
the operational credentials cluster with the Label field set to
'TestFabric' (requires administer privilege) "
cluster: "Operational Credentials"
command: "UpdateFabricLabel"
arguments:
values:
- name: "Label"
value: "TestFabric"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 16: TH writes the NodeLabel attribute in the Basic Information
cluster with the string 'TestNode' (requires manage privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "NodeLabel"
arguments:
value: "TestNode"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 17: TH sends the TestEventTrigger command to the General
Diagnostics cluster with the EnableKey set to 0 and the EventTrigger
set to 0. (requires manage privilege)"
cluster: "General Diagnostics"
command: "TestEventTrigger"
arguments:
values:
- name: "EnableKey"
value: "0"
- name: "EventTrigger"
value: 0
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 18: Repeat step 8 to confirm that the TH still has view
privileges : Step 8 - TH reads the VendorID attribute from the Basic
Information cluster (requires view privilege)"
cluster: "Basic Information"
command: "readAttribute"
attribute: "VendorID"
# VIEW
- label:
"Step 19: TH1 writes the ACL attribute with a list of
AccessControlEntryStruct entries containing 2 elements, giving itself
administer privilege only on the Access Control cluster and view
privilege on everything else on EP0. 1.Struct : a)Fabric Index: 1
b)Privilege field: Administer (5) c)AuthMode field: CASE (2)
d)Subjects field: [N1] e)Targets field: [{Cluster: 0x001F, Endpoint:
0}] 2.struct : a)Fabric Index: 1 b)Privilege field: View (1)
c)AuthMode field: CASE (2) d)Subjects field: [N1] e)Targets field:
[{Endpoint: 0}]"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 1,
Privilege: 5, # administer
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: 0x001F, Endpoint: 0, DeviceType: null }],
},
{
FabricIndex: 1,
Privilege: 1, # view
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: null, Endpoint: 0, DeviceType: null }],
},
]
- label:
"Step 20a: Repeat steps 10 to 12 to confirm that TH still does not
have administer privileges. Repeat step:10 - TH reads the NOCs
attribute from the Node Operational Credentials cluster using a
fabric-filtered read (requires administer privilege)"
cluster: "Operational Credentials"
command: "readAttribute"
attribute: "NOCs"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 20b: Repeat step:11 - TH writes the Location attribute in the
Basic Information cluster with 'XX' (requires administer privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "Location"
arguments:
value: "XX"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 20c: Repeat step:12 - TH sends the UpdateFabricLabel command to
the operational credentials cluster with the Label field set to
'TestFabric' (requires administer privilege)"
cluster: "Operational Credentials"
command: "UpdateFabricLabel"
arguments:
values:
- name: "Label"
value: "TestFabric"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 21a: Repeat steps 16 to 17 to confirm that TH still does not
have manage privileges. Step 16 : TH writes the NodeLabel attribute in
the Basic Information cluster with the string 'TestNode' (requires
manage privilege) "
cluster: "Basic Information"
command: "writeAttribute"
attribute: "NodeLabel"
arguments:
value: "TestNode"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 21b: Repeat steps 17 : TH sends the TestEventTrigger command to
the General Diagnostics cluster with the EnableKey set to 0 and the
EventTrigger set to 0. (requires manage privilege)"
cluster: "General Diagnostics"
command: "TestEventTrigger"
arguments:
values:
- name: "EnableKey"
value: "0"
- name: "EventTrigger"
value: 0
response:
error: UNSUPPORTED_ACCESS
- label: "Step 22: Tead the VendorID attribute (Basic - requires view)"
cluster: "Basic Information"
command: "readAttribute"
attribute: "VendorID"
# NO PRIVILEGE
- label:
"Step 23: TH writes the ACL attribute with a list of
AccessControlEntryStruct entries containing a single element, granting
Administer privilege on only the Access Control cluster and no other
access : 1.Struct : a)Fabric Index: 1 b)Privilege field: Administer
(5) c)AuthMode field: CASE (2) d)Subjects field: [N1] e)Targets field:
[{Cluster: 0x001F, Endpoint: 0}]"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 1,
Privilege: 5, # administer
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets:
[{ Cluster: 0x001F, Endpoint: 0, DeviceType: null }],
},
]
- label:
"Step 24a: Repeat steps 10 to 12 to confirm that TH still does not
have administer privileges. Repeat step:10 - TH reads the NOCs
attribute from the Node Operational Credentials cluster using a
fabric-filtered read (requires administer privilege) "
cluster: "Operational Credentials"
command: "readAttribute"
attribute: "NOCs"
response:
error: UNSUPPORTED_ACCESS
- label:
"TStep 24b: Repeat step:11 - TH writes the Location attribute in the
Basic Information cluster with 'XX' (requires administer privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "Location"
arguments:
value: "XX"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 24c: Repeat step:12 - TH sends the UpdateFabricLabel command to
the operational credentials cluster with the Label field set to
'TestFabric' (requires administer privilege)"
cluster: "Operational Credentials"
command: "UpdateFabricLabel"
arguments:
values:
- name: "Label"
value: "TestFabric"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 25a: Repeat steps 16 to 17 to confirm that TH still does not
have manage privileges. Step 16 : TH writes the NodeLabel attribute in
the Basic Information cluster with the string 'TestNode' (requires
manage privilege)"
cluster: "Basic Information"
command: "writeAttribute"
attribute: "NodeLabel"
arguments:
value: "TestNode"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 25b: Repeat steps 17 : TH sends the TestEventTrigger command to
the General Diagnostics cluster with the EnableKey set to 0 and the
EventTrigger set to 0. (requires manage privilege)"
cluster: "General Diagnostics"
command: "TestEventTrigger"
arguments:
values:
- name: "EnableKey"
value: "0"
- name: "EventTrigger"
value: 0
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 26: TH reads the VendorID attribute from the Basic Information
cluster (requires view privilege)"
cluster: "Basic Information"
command: "readAttribute"
attribute: "VendorID"
response:
error: UNSUPPORTED_ACCESS
- label:
"Step 27: TH writes the ACL attribute with a list of
AccessControlEntryStruct entries containing a single element,
restoring full access to the node. Struct : a)Fabric Index: 1
b)Privilege field: Administer (5) c)AuthMode field: CASE (2)
d)Subjects field: [N1] e)Targets field: null"
command: "writeAttribute"
attribute: "ACL"
arguments:
value: [
{
FabricIndex: 1,
Privilege: 5, # administer
AuthMode: 2, # case
Subjects: [commissionerNodeId],
Targets: null,
},
]