davinci_pas_test_kit 0.12.1 → 0.13.0

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_approval_group.rb

@@ -8,10 +8,10 @@ module DaVinciPASTestKit
   module DaVinciPASV201
     class PASClientApprovalGroup < Inferno::TestGroup
       id :pas_client_v201_approval_group
-      title 'Demonstrate Approval Workflow'
+      title 'Approval Workflow'
       description %(
-        Demonstrate the ability of the client to initiate a prior authorization
-        request and respond appropriately to an 'approved' decision.
+        During these tests, the client will initiate a prior authorization
+        request and show it can respond appropriately to an 'approved' decision.
       )
       run_as_group
 
@@ -20,6 +20,7 @@ module DaVinciPASTestKit
       test from: :pas_client_v201_approval_submit_test
       test from: :pas_client_v201_request_bundle_validation_test,
            config: { options: { workflow_tag: APPROVAL_WORKFLOW_TAG } }
+
       test from: :pas_client_v201_response_bundle_validation_test,
            config: { options: { workflow_tag: APPROVAL_WORKFLOW_TAG } }
       test from: :pas_client_v201_response_attest,
@@ -31,7 +32,8 @@ module DaVinciPASTestKit
            ),
            config: { options: {
              workflow_tag: APPROVAL_WORKFLOW_TAG,
-             attest_message: "I attest that the client system displays the submitted claim as 'approved' meaning that the user can proceed with ordering or providing the requested service." # rubocop:disable Layout/LineLength
+             attest_message: "I attest that the client system displays the submitted claim as 'approved' meaning " \
+                             'that the user can proceed with ordering or providing the requested service.'
            } }
     end
   end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_auth_smart_group.rb

@@ -0,0 +1,32 @@
+require 'smart_app_launch_test_kit'
+require_relative 'pas_client_options'
+require_relative '../../tags'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientAuthSMARTGroup < Inferno::TestGroup
+      id :pas_client_v201_auth_smart
+      title 'Review Authentication Interactions'
+      description %(
+        During these tests, Inferno will verify that the client interacted with Inferno's
+        simulated SMART authorization server in a conformant manner when requesting access tokens
+        and that the client under test was able to use provided access tokens to make PAS
+        requests.
+
+        Before running these tests, execute the tests for at least one "PAS workflows" sub-group
+        so that the client will request an access token and use it on a PAS request.
+      )
+      run_as_group
+
+      # smart auth verification
+      test from: :smart_client_token_request_bsca_verification,
+           config: {
+             options: { endpoint_suite_id: :davinci_pas_client_suite_v201 }
+           }
+      test from: :smart_client_token_use_verification,
+           config: {
+             options: { access_request_tags: [SUBMIT_TAG, INQUIRE_TAG] }
+           }
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_auth_udap_group.rb

@@ -0,0 +1,31 @@
+require 'udap_security_test_kit'
+require_relative '../../client_suite'
+require_relative '../../tags'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientAuthUDAPGroup < Inferno::TestGroup
+      id :pas_client_v201_auth_udap
+      title 'Review UDAP Authentication Interactions'
+      description %(
+        During these tests, Inferno will verify that the client interacted with Inferno's
+        simulated UDAP authorization server in a conformant manner when requesting access tokens
+        and that the client under test was able to use provided access tokens to make PAS
+        requests.
+
+        Before running these tests, execute the tests for at least one "PAS workflows" sub-group
+        so that the client will request an access token and use it on a PAS request.
+      )
+      run_as_group
+
+      test from: :udap_client_token_request_cc_verification,
+           config: {
+             options: { endpoint_suite_id: :davinci_pas_client_suite_v201 }
+           }
+      test from: :udap_client_token_use_verification,
+           config: {
+             options: { access_request_tags: [SUBMIT_TAG, INQUIRE_TAG] }
+           }
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_denial_group.rb

@@ -10,15 +10,19 @@ module DaVinciPASTestKit
     class PASClientDenialGroup < Inferno::TestGroup
       include UserInputResponse
       id :pas_client_v201_denial_group
-      title 'Demonstrate Denial Workflow'
+      title 'Denial Workflow'
       description %(
-        Demonstrate the ability of the client to initiate a prior authorization
-        request and respond appropriately to a 'denied' decision.
+        During these tests, the client will initiate a prior authorization
+        request and show it can respond appropriately to a 'denied' decision.
       )
       run_as_group
 
       input :denial_json_response, optional: true
 
+      input_order :denial_json_response,
+                  :client_id,
+                  :session_url_path
+
       test from: :pas_client_v201_denial_submit_test
       test from: :pas_client_v201_request_bundle_validation_test,
            config: { options: { workflow_tag: DENIAL_WORKFLOW_TAG } }
@@ -33,7 +37,9 @@ module DaVinciPASTestKit
            ),
            config: { options: {
              workflow_tag: DENIAL_WORKFLOW_TAG,
-             attest_message: "I attest that the client system displays the submitted claim as 'denied'."
+             attest_message: "I attest that the client system displays the submitted claim as 'denied', meaning " \
+                             'that the user cannot proceed with ordering or providing the requested service without ' \
+                             'making adjustments and submitting for further approval.'
            } }
     end
   end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_must_support_group.rb

@@ -0,0 +1,29 @@
+require_relative '../../generated/v2.0.1/pas_client_submit_must_support_use_case_group'
+require_relative '../../generated/v2.0.1/pas_client_inquiry_must_support_use_case_group'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientMustSupportGroup < Inferno::TestGroup
+      id :pas_client_v201_must_support
+      title 'Must Support Elements'
+      description %(
+        During these tests, the client will show that it supports all PAS-defined profiles and the must support
+        elements defined in them. This includes
+
+        - The ability to make prior authorization submission and inquiry requests that contain all
+          PAS-defined profiles and their must support elements.
+        - The ability to receive in responses to those requests all PAS-defined profiles and their
+          must support elements and continue the prior authorization workflow as appropriate (not currently
+          implemented in these tests).
+
+        Clients under test will be asked to make additional requests to Inferno demonstrating coverage
+        of all must support items in the requests. Note that Inferno will consider requests made during
+        the workflow group of tests, so only profiles and must support elements not demonstrated during
+        those tests need to be submitted as a part of these.
+      )
+
+      group from: :pas_client_v201_submit_must_support_use_case
+      group from: :pas_client_v201_inquiry_must_support_use_case
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_options.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'smart_app_launch_test_kit'
+require 'udap_security_test_kit'
+require_relative '../../tags'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    module PASClientOptions
+      module_function
+
+      SMART_BACKEND_SERVICES_CONFIDENTIAL_ASYMMETRIC =
+        SMARTAppLaunch::SMARTClientOptions::SMART_BACKEND_SERVICES_CONFIDENTIAL_ASYMMETRIC
+      UDAP_CLIENT_CREDENTIALS =
+        UDAPSecurityTestKit::UDAPClientOptions::UDAP_CLIENT_CREDENTIALS
+      OTHER_AUTH = OTHER_AUTH_TAG
+
+      def recursive_remove_input(runnable, input)
+        runnable.inputs.delete(input)
+        runnable.input_order.delete(input)
+        runnable.children.each { |child_runnable| recursive_remove_input(child_runnable, input) }
+      end
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_pended_group.rb

@@ -12,10 +12,10 @@ module DaVinciPASTestKit
     class PASClientPendedGroup < Inferno::TestGroup
       include UserInputResponse
       id :pas_client_v201_pended_group
-      title 'Demonstrate Pended Workflow'
+      title 'Pended Workflow'
       description %(
-        Demonstrate the ability of the client to initiate a prior authorization
-        request and respond appropriately to a 'pended' decision, including
+        During these tests, the client will initiate a prior authorization
+        request and show it can respond appropriately to a 'pended' decision, including
         waiting for a notification that an update has been made
         and making an inquiry request to retrieve the final result.
       )
@@ -24,6 +24,11 @@ module DaVinciPASTestKit
       input :pended_json_response, optional: true
       input :inquire_json_response, optional: true
 
+      input_order :pended_json_response,
+                  :inquire_json_response,
+                  :client_id,
+                  :session_url_path
+
       group do
         title 'Perform the pended workflow'
         description %(
@@ -55,7 +60,9 @@ module DaVinciPASTestKit
              ),
              config: { options: {
                workflow_tag: PENDED_WORKFLOW_TAG,
-               attest_message: "I attest that following the receipt of the 'pended' response to the submitted claim, the client system indicates to users that a final decision on request has not yet been made." # rubocop:disable Layout/LineLength
+               attest_message: "I attest that following the receipt of the 'pended' response to the submitted " \
+                               'claim, the client system indicates to users that a final decision on request ' \
+                               'has not yet been made.'
              } }
       end
 

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_registration_group.rb

@@ -0,0 +1,63 @@
+require 'udap_security_test_kit'
+require 'smart_app_launch_test_kit'
+require_relative '../../client_suite'
+require_relative 'pas_client_options'
+require_relative 'client_registration/configuration_smart_display_test'
+require_relative 'client_registration/configuration_udap_display_test'
+require_relative 'client_registration/configuration_other_display_test'
+require_relative 'client_registration/other_auth_attest_test'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientRegistrationGroup < Inferno::TestGroup
+      id :pas_client_v201_registration
+      title 'Client Registration'
+      description %(
+        Register the client under test with Inferno's simulated PAS Server,
+        including configuration of the system under test to make requests against
+        Inferno's simulated PAS endpoints and enable authentication and authorization of PAS requests.
+      )
+      run_as_group
+
+      # smart registration tests
+      test from: :smart_client_registration_bsca_verification,
+           required_suite_options: {
+             client_type: PASClientOptions::SMART_BACKEND_SERVICES_CONFIDENTIAL_ASYMMETRIC
+           }
+      test from: :pas_client_v201_reg_config_smart_display,
+           required_suite_options: {
+             client_type: PASClientOptions::SMART_BACKEND_SERVICES_CONFIDENTIAL_ASYMMETRIC
+           }
+
+      # udap registration tests
+      test from: :udap_client_registration_interaction,
+           required_suite_options: {
+             client_type: PASClientOptions::UDAP_CLIENT_CREDENTIALS
+           },
+           config: {
+             options: { endpoint_suite_id: :davinci_pas_client_suite_v201 }
+           }
+      test from: :udap_client_registration_cc_verification,
+           required_suite_options: {
+             client_type: PASClientOptions::UDAP_CLIENT_CREDENTIALS
+           },
+           config: {
+             options: { endpoint_suite_id: :davinci_pas_client_suite_v201 }
+           }
+      test from: :pas_client_v201_reg_config_udap_display,
+           required_suite_options: {
+             client_type: PASClientOptions::UDAP_CLIENT_CREDENTIALS
+           }
+
+      # other registration tests
+      test from: :pas_client_v201_reg_other_auth_attest,
+           required_suite_options: {
+             client_type: PASClientOptions::OTHER_AUTH
+           }
+      test from: :pas_client_v201_reg_config_other_display,
+           required_suite_options: {
+             client_type: PASClientOptions::OTHER_AUTH
+           }
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_subscription_setup_group.rb

@@ -0,0 +1,23 @@
+require 'subscriptions_test_kit'
+require_relative 'client_tests/pas_client_subscription_create_test'
+require_relative 'client_tests/pas_client_subscription_pas_conformance_test'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientSubscriptionSetupGroup < Inferno::TestGroup
+      id :pas_client_v201_subscription_setup
+      title 'Subscription Setup'
+      description %(
+        These tests verify that the client can create a Subscription instance
+        that will tell the Payer how to notify the client when pended claims
+        are updated.
+      )
+      run_as_group
+
+      test from: :pas_client_v201_subscription_create_test
+      test from: :subscriptions_r4_client_subscription_verification
+      test from: :pas_client_v201_subscription_pas_conformance_test
+      test from: :subscriptions_r4_client_handshake_notification_verification
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_client_workflows_group.rb

@@ -0,0 +1,21 @@
+require_relative 'pas_client_approval_group'
+require_relative 'pas_client_denial_group'
+require_relative 'pas_client_pended_group'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASClientWorkflowsGroup < Inferno::TestGroup
+      id :pas_client_v201_workflows
+      title 'PAS Workflows'
+      description %(
+        The workflow tests verify that the client can participate in complete end-to-end prior
+        authorization interactions, initiating requests and reacting appropriately to the
+        responses returned.
+      )
+
+      group from: :pas_client_v201_approval_group
+      group from: :pas_client_v201_denial_group
+      group from: :pas_client_v201_pended_group
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_server_subscription_input_conformance.rb

@@ -0,0 +1,35 @@
+require_relative '../../pas_subscription_verification'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASServerSubscriptionInputConformance < Inferno::Test
+      include PASSubscriptionVerification
+      id :pas_server_subscription_input_conformance
+      title '[USER INPUT VERIFICATION] Verify Subscription PAS conformance'
+      description %(
+        This test accepts a Subscription resource as an input and verifies that it is conformant to PAS requirements on
+        the Subscriptions, including:
+        - The payload content type must be `id-only`
+        - The use of the [PAS-defined Subscription
+          Topic](https://hl7.org/fhir/us/davinci-pas/STU2/SubscriptionTopic-PASSubscriptionTopic.html), and
+        - Inclusion of filter criteria for the client's organization.
+      )
+      input :subscription_resource
+
+      run do
+        omit_if subscription_resource.blank?, 'Did not input a Subscription resource of this type.'
+        verify_pas_subscription(subscription_resource)
+
+        subscription = JSON.parse(subscription_resource)
+        payload_ext = subscription.dig('channel', '_payload', 'extension')
+        content_ext = payload_ext&.find do |ext|
+          ext['url'] == 'http://hl7.org/fhir/uv/subscriptions-backport/StructureDefinition/backport-payload-content'
+        end
+
+        payload_content = content_ext&.dig('valueCode')
+        assert payload_content == 'id-only',
+               "PAS Subscription payload content type is #{payload_content}, but must be id-only"
+      end
+    end
+  end
+end

data/lib/davinci_pas_test_kit/custom_groups/v2.0.1/pas_server_subscription_setup.rb

@@ -0,0 +1,43 @@
+require 'subscriptions_test_kit'
+require_relative 'pas_server_subscription_input_conformance'
+
+module DaVinciPASTestKit
+  module DaVinciPASV201
+    class PASServerSubscriptionSetup < Inferno::TestGroup
+      id :pas_server_subscription_setup
+      title 'Subscription Setup'
+      description %(
+          The Subscription Setup tests verify that the server supports creation of a rest-hook Subscription. The
+          Subscription instance created in these tests will be used for a notification in the pended workflow tests
+          later.
+        )
+      config inputs: { url: { name: :server_endpoint } }
+      input_order :server_endpoint, :smart_credentials, :access_token, :subscription_resource
+      verifies_requirements 'hl7.fhir.us.davinci-pas_2.0.1@141'
+      run_as_group
+
+      test from: :subscriptions_r4_server_subscription_conformance do
+        input :subscription_resource,
+              title: 'Pended Prior Authorization Subscription',
+              description: %(
+                     A Subscription resource in JSON format that Inferno will send to the server under test so that it
+                     can demonstrate its ability to notify Inferno when pended prior authorization requests have been
+                     updated. The instance must be conformant to the R4/B Topic-Based Subscription profile. Inferno may
+                     modify the Subscription before submission, e.g., to point to Inferno's notification endpoint.
+                   )
+      end
+      test from: :pas_server_subscription_input_conformance
+      test from: :subscriptions_r4_server_notification_delivery,
+           title: 'Send Subscription and Receive Handshake Notification from Server',
+           description: %(
+               This test sends a request to create the Subscription resource to the Subscriptions Backport FHIR Server.
+               If successful, it then waits for a handshake
+               [notification](https://hl7.org/fhir/uv/subscriptions-backport/STU1.1/notifications.html#notifications).
+               Other types of notifications, including heartbeat and event notifications, will be accepted by Inferno
+               but ignored by this test group.
+             )
+      test from: :subscriptions_r4_server_creation_response_conformance
+      test from: :subscriptions_r4_server_handshake_conformance
+    end
+  end
+end

data/lib/davinci_pas_test_kit/descriptions.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module DaVinciPASTestKit
+  INPUT_CLIENT_ID_LOCKED =
+    'The client\'s registered Client Id for use in obtaining access tokens. ' \
+    'Run the **1** Client Registration group to configure this input.'
+  INPUT_SESSION_URL_PATH_LOCKED =
+    'The additional path used to create session-specific endpoints. Run the ' \
+    '**1** Client Registration group to configure this input.'
+end