smart_app_launch_test_kit 0.4.3 → 0.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cbcdac5d671ebac20ff73778eddb755fb7a3774ef4ac3000260f6d6d6cb4d7f0
-  data.tar.gz: 1f34741969397758075cab6802652dd7f8895d137d3f9b819c28ea7662a64d27
+  metadata.gz: 1565daad4304e65881d1a3a373d29c8674d19d57bf46342a1cdc95db6c29b6f4
+  data.tar.gz: 4923648577e4d53631a8efa7ccae1f254957d490e579359415ca4f9d426ac5fe
 SHA512:
-  metadata.gz: 8b6bbae2d20d3039b3c2e701e66a85eb4dad83f4f6e8b7f044eac044f7de4582a03a9bbca2d2e38febcf41cf51216fcd0651c863fe90c890fbac2be284ff2bc2
-  data.tar.gz: cbeca0cdb3c88e163e5e41ab7d8015715d8d4fd1192d69865b0936a1ab98fe6328053f7060f1c4e6aa7d2ef78fb0f0b445ebb1751ee9c3e346b622fa3e8631f1
+  metadata.gz: c1266d06f6b1bd55a93e84b93cdd0de9d628ac5d5eb084dc38817e5639869a35ccb2f5173163f0966786937ef3821a5b1e317233af2be5e042afca840f4649c3
+  data.tar.gz: 5101dabbab6be10be047d9e378f43fc939d605f7adcb5277c07c738f2aabbf80e5b565cb1a1885ed35184ac5b5bdf2b9a4311396498bb02766ed925986ce2433

data/lib/smart_app_launch/ehr_launch_group_stu2_2.rb

@@ -0,0 +1,54 @@
+require_relative 'ehr_launch_group_stu2'
+require_relative 'token_response_body_test_stu2_2'
+
+module SMARTAppLaunch
+  class EHRLaunchGroupSTU22 < EHRLaunchGroupSTU2
+    id :smart_ehr_launch_stu2_2
+    description %(
+      # Background
+
+      The [EHR
+      Launch](http://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#launch-app-ehr-launch)
+      is one of two ways in which an app can be launched, the other being
+      Standalone launch. In an EHR launch, the app is launched from an
+      existing EHR session or portal by a redirect to the registered launch
+      URL. The EHR provides the app two parameters:
+
+      * `iss` - Which contains the FHIR server url
+      * `launch` - An identifier needed for authorization
+
+      # Test Methodology
+
+      Inferno will wait for the EHR server redirect upon execution. When the
+      redirect is received Inferno will check for the presence of the `iss`
+      and `launch` parameters. The security of the authorization endpoint is
+      then checked and authorization is attempted using the provided `launch`
+      identifier.
+
+      For more information on the #{title} see:
+
+      * [SMART EHR Launch Sequence](http://hl7.org/fhir/smart-app-launch/STU2.2/app-launch.html#launch-app-ehr-launch)
+    )
+
+    config(
+      inputs: {
+        use_pkce: {
+          default: 'true',
+          locked: true
+        },
+        pkce_code_challenge_method: {
+          default: 'S256',
+          locked: true
+        },
+        requested_scopes: {
+          default: 'launch openid fhirUser offline_access user/*.rs'
+        }
+      }
+    )
+
+    test from: :smart_token_response_body_stu2_2
+
+    token_response_body_index = children.find_index { |child| child.id.to_s.end_with? 'token_response_body' }
+    children[token_response_body_index] = children.pop
+  end
+end

data/lib/smart_app_launch/smart_access_brands_examples/r4_capability_statement.json

@@ -0,0 +1,198 @@
+{
+  "resourceType": "CapabilityStatement",
+  "id": "examplehealth-r4",
+  "text": {
+    "status": "generated",
+    "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\">\n\t\t\t<p>The EHR Server supports the following transactions for the resource Person: read, vread, \n        update, history, search(name,gender), create and updates.</p>\n\t\t\t<p>The EHR System supports the following message: admin-notify::Person.</p>\n\t\t\t<p>The EHR Application has a \n        <a href=\"http://fhir.hl7.org/base/Profilebc054d23-75e1-4dc6-aca5-838b6b1ac81d/_history/b5fdd9fc-b021-4ea1-911a-721a60663796\">general document profile</a>.\n      </p>\n\t\t</div>"
+  },
+  "url": "urn:uuid:68D043B5-9ECF-4559-A57A-396E0D452311",
+  "version": "20130510",
+  "name": "ACME-EHR",
+  "title": "ACME EHR capability statement",
+  "status": "draft",
+  "experimental": true,
+  "date": "2012-01-04",
+  "publisher": "ACME Corporation",
+  "contact": [
+    {
+      "name": "System Administrator",
+      "telecom": [
+        {
+          "system": "email",
+          "value": "wile@acme.org"
+        }
+      ]
+    }
+  ],
+  "description": "This is the FHIR capability statement for the main EHR at ACME for the private interface - it does not describe the public interface",
+  "useContext": [
+    {
+      "code": {
+        "system": "http://terminology.hl7.org/CodeSystem/usage-context-type",
+        "code": "focus"
+      },
+      "valueCodeableConcept": {
+        "coding": [
+          {
+            "system": "http://terminology.hl7.org/CodeSystem/variant-state",
+            "code": "positive"
+          }
+        ]
+      }
+    }
+  ],
+  "jurisdiction": [
+    {
+      "coding": [
+        {
+          "system": "urn:iso:std:iso:3166",
+          "code": "US",
+          "display": "United States of America (the)"
+        }
+      ]
+    }
+  ],
+  "purpose": "Main EHR capability statement, published for contracting and operational support",
+  "copyright": "Copyright © Acme Healthcare and GoodCorp EHR Systems",
+  "kind": "instance",
+  "instantiates": [
+    "http://ihe.org/fhir/CapabilityStatement/pixm-client"
+  ],
+  "software": {
+    "name": "EHR",
+    "version": "0.00.020.2134",
+    "releaseDate": "2012-01-04"
+  },
+  "implementation": {
+    "description": "main EHR at ACME",
+    "url": "http://10.2.3.4/fhir"
+  },
+  "fhirVersion": "4.0.1",
+  "format": [
+    "xml",
+    "json"
+  ],
+  "patchFormat": [
+    "application/xml-patch+xml",
+    "application/json-patch+json"
+  ],
+  "implementationGuide": [
+    "http://hl7.org/fhir/us/lab"
+  ],
+  "rest": [
+    {
+      "mode": "server",
+      "documentation": "Main FHIR endpoint for acem health",
+      "security": {
+        "cors": true,
+        "service": [
+          {
+            "coding": [
+              {
+                "system": "http://terminology.hl7.org/CodeSystem/restful-security-service",
+                "code": "SMART-on-FHIR"
+              }
+            ]
+          }
+        ],
+        "description": "See Smart on FHIR documentation"
+      },
+      "resource": [
+        {
+          "type": "Patient",
+          "profile": "http://registry.fhir.org/r4/StructureDefinition/7896271d-57f6-4231-89dc-dcc91eab2416",
+          "supportedProfile": [
+            "http://registry.fhir.org/r4/StructureDefinition/00ab9e7a-06c7-4f77-9234-4154ca1e3347"
+          ],
+          "documentation": "This server does not let the clients create identities.",
+          "interaction": [
+            {
+              "code": "read"
+            },
+            {
+              "code": "vread",
+              "documentation": "Only supported for patient records since 12-Dec 2012"
+            },
+            {
+              "code": "update"
+            },
+            {
+              "code": "history-instance"
+            },
+            {
+              "code": "create"
+            },
+            {
+              "code": "history-type"
+            }
+          ],
+          "versioning": "versioned-update",
+          "readHistory": true,
+          "updateCreate": false,
+          "conditionalCreate": true,
+          "conditionalRead": "full-support",
+          "conditionalUpdate": false,
+          "conditionalDelete": "not-supported",
+          "searchInclude": [
+            "Organization"
+          ],
+          "searchRevInclude": [
+            "Person"
+          ],
+          "searchParam": [
+            {
+              "name": "identifier",
+              "definition": "http://hl7.org/fhir/SearchParameter/Patient-identifier",
+              "type": "token",
+              "documentation": "Only supports search by institution MRN"
+            },
+            {
+              "name": "general-practitioner",
+              "definition": "http://hl7.org/fhir/SearchParameter/Patient-general-practitioner",
+              "type": "reference"
+            }
+          ]
+        }
+      ],
+      "interaction": [
+        {
+          "code": "transaction"
+        },
+        {
+          "code": "history-system"
+        }
+      ],
+      "compartment": [
+        "http://hl7.org/fhir/CompartmentDefinition/patient"
+      ]
+    }
+  ],
+  "messaging": [
+    {
+      "endpoint": [
+        {
+          "protocol": {
+            "system": "http://terminology.hl7.org/CodeSystem/message-transport",
+            "code": "mllp"
+          },
+          "address": "mllp:10.1.1.10:9234"
+        }
+      ],
+      "reliableCache": 30,
+      "documentation": "ADT A08 equivalent for external system notifications",
+      "supportedMessage": [
+        {
+          "mode": "receiver",
+          "definition": "MessageDefinition/example"
+        }
+      ]
+    }
+  ],
+  "document": [
+    {
+      "mode": "consumer",
+      "documentation": "Basic rules for all documents in the EHR system",
+      "profile": "http://fhir.hl7.org/base/Profilebc054d23-75e1-4dc6-aca5-838b6b1ac81d/_history/b5fdd9fc-b021-4ea1-911a-721a60663796"
+    }
+  ]
+}

data/lib/smart_app_launch/smart_access_brands_group.rb

@@ -0,0 +1,59 @@
+require_relative 'smart_access_brands_validation_group'
+require_relative 'smart_access_brands_retrieval_group'
+
+module SMARTAppLaunch
+  class SMARTAccessBrandsGroup < Inferno::TestGroup
+    id :retrieve_and_validate_smart_access_brands
+    title 'Retrieve and Validate SMART Access Brands Bundle'
+    description %(
+      Verify that the Brand Bundle Publisher makes its User-access Brands publication publicly available
+      in the format defined by the [User Access Brand Bundle Profile](https://hl7.org/fhir/smart-app-launch/STU2.2/StructureDefinition-user-access-brands-bundle.html)
+      with valid Endpoint and Organization entries according to the
+      [User Access Endpoint Profile](https://hl7.org/fhir/smart-app-launch/STU2.2/StructureDefinition-user-access-endpoint.html)
+      and the [User Access Brand Profile](https://hl7.org/fhir/smart-app-launch/STU2.2/StructureDefinition-user-access-brand.html)
+      respectively. This test group will issue a HTTP GET request against the supplied URL to retrieve the publisher's
+      User-access Brands list and ensure the list is publicly accessible. It will then ensure that the returned
+      User-access Brands list publication is in the User Access Brand Bundle Profile format with valid User Access
+      Brands and User Access Endpoints.
+
+      For systems that provide the User Access Brands Bundle at a public endpoint, please run
+      this test with the User Access Brands Publication URL input populated and the User Access Brands Bundle
+      input left blank. While it is the expectation of the specification for the User Access Brands Bundle to be served
+      at a public-facing endpoint, testers can validate a User Access Brands Bundle not served at a public endpoint by
+      running these tests with the User Access Brands Bundle input populated and the User Access Brands Publication URL
+      input left blank. This will cause these group of retrieval group of tests to skip, rather than pass completely,
+      as being served at an stable location is considered a requirement of the spec.
+    )
+
+    input_instructions <<~INSTRUCTIONS
+      For systems that make their User Access Brand Bundle available at a public endpoint, please input
+      the User Access Brand Publication URL to retrieve the Bundle from there in order to perform validation, and leave
+      the User Access Brand Bundle input blank.
+
+      While it is the expectation of the specification for the User Access Brands Bundle to be publicly available,
+      for systems that do not have a User Access Brand Bundle served at a public endpoint, testers can validate by
+      providing the User Access Brand Bundle as an input and leaving the User Access Brand Publication URL input blank.
+    INSTRUCTIONS
+
+    run_as_group
+
+    input :user_access_brands_publication_url,
+          title: 'User Access Brands Publication URL',
+          description: %(The URL to the developer's public User Access Brands Publication. Insert your User Access
+          Brands publication URL if you host your Bundle at a public-facing endpoint and want Inferno to retrieve the
+          Bundle from there.),
+          optional: true
+
+    input :user_access_brands_bundle,
+          title: 'User Access Brands Bundle',
+          description: %(The developer's User Access Brands Publication in the JSON string format. If this input is
+          populated, Inferno will use the Bundle inserted here to do validation. Insert your User Access Brands
+          Bundle in the JSON format in this input to validate your list without Inferno needing to access the Bundle
+          via a public-facing endpoint.),
+          type: 'textarea',
+          optional: true
+
+    group from: :smart_access_brands_retrieval
+    group from: :smart_access_brands_validation
+  end
+end

data/lib/smart_app_launch/smart_access_brands_retrieval_group.rb

@@ -0,0 +1,21 @@
+require_relative 'smart_access_brands_retrieve_bundle_test'
+
+module SMARTAppLaunch
+  class SMARTAccessBrandsRetrievalGroup < Inferno::TestGroup
+    id :smart_access_brands_retrieval
+    title 'Retrieve SMART Access Brands Bundle'
+    description %(
+      A publisher's User Access Brand Bundle must be publicly available.  This test
+      issues a HTTP GET request against the supplied URL and expects to receive
+      the User Access Brand Bundle at this location.
+    )
+    run_as_group
+
+    http_client do
+      url :user_access_brands_publication_url
+      headers Accept: 'application/json, application/fhir+json'
+    end
+
+    test from: :smart_access_brands_retrieve_bundle
+  end
+end

data/lib/smart_app_launch/smart_access_brands_retrieve_bundle_test.rb

@@ -0,0 +1,31 @@
+module SMARTAppLaunch
+  class SMARTAccessBrandsRetrievalTest < Inferno::Test
+    id :smart_access_brands_retrieve_bundle
+    title 'Server returns publicly accessible SMART Access Brands Bundle'
+    description %(
+        Verify that the publisher's User Access Brands Bundle can be publicly
+        accessed at the supplied URL location.
+      )
+
+    makes_request :bundle_request
+
+    input :user_access_brands_publication_url,
+          optional: true
+
+    run do
+      skip_if user_access_brands_publication_url.blank?, %(
+        No User Access Brands Publication endpoint URL inputted. It is an expectation of the specification for the
+        User Access Brands Bundle to be publicly available'
+      )
+
+      get(tags: ['smart_access_brands_bundle'])
+      assert_response_status(200)
+      assert(request.headers.any? { |header| header.name == 'access-control-allow-origin' }, %(
+        All GET requests must support Cross-Origin Resource Sharing (CORS) for all GET requests to the artifacts
+        described in this guide.))
+      unless request.headers.any? { |header| header.name == 'etag' }
+        add_message('warning', 'Brand Bundle HTTP responses should include an Etag header')
+      end
+    end
+  end
+end

data/lib/smart_app_launch/smart_access_brands_suite.rb

@@ -0,0 +1,77 @@
+require_relative 'smart_access_brands_group'
+
+module SMARTAppLaunch
+  class SMARTAccessBrandsSuite < Inferno::TestSuite
+    id 'smart_access_brands'
+    title 'SMART User-access Brands and Endpoints STU2.2'
+    short_title 'SMART User-access Brands'
+    version VERSION
+
+    description <<~DESCRIPTION
+      The SMART User-access Brands Test Suite verifies that Brand Bundle Publishers publish valid User-access
+      Brand Bundles according to the SMART App Launch IG
+      [User-access Brands and Endpoints](https://hl7.org/fhir/smart-app-launch/STU2.2/brands.html#user-access-brands-and-endpoints)
+      requirements.
+
+      The specification defines FHIR profiles for Endpoint, Organization, and Bundle resources that help users connect
+      their apps to health data providers. It outlines the process for data providers to publish FHIR Endpoint and
+      Organization resources, where each Organization includes essential branding information such as the organization's
+      name, logo, and user access details. Apps present branded Organizations to help users select the right data
+      providers.
+
+      This test suite is currently designed to fetch and validate a single User-Access Brand Bundle. It does not
+      currently evaluate the system's ability to allow Health Data Providers to manage all data elements marked
+      "Must-Support" in the "User Access Brand" and "User Access Endpoint" profiles.
+    DESCRIPTION
+
+    input_instructions <<~INSTRUCTIONS
+      For systems that make their User Access Brand Bundle available at a public endpoint, please input
+      the User Access Brand Publication URL to retrieve the Bundle from there in order to perform validation, and leave
+      the User Access Brand Bundle input blank.
+
+      Although it is expected that systems do have their Bundle publicly available, for systems that do not have a
+      User Access Brand Bundle served at a public endpoint, testers can validate by providing the User Access Brand
+      Bundle as an input and leaving the User Access Brand Publication URL input blank.
+    INSTRUCTIONS
+
+    VALIDATION_MESSAGE_FILTERS = [
+      /\A\S+: \S+: URL value '.*' does not resolve/,
+      %r{\A\S+: \S+: Bundled or contained reference not found within the bundle/resource} # Validator issue with Brand profile: https://chat.fhir.org/#narrow/stream/291844-FHIR-Validator/topic/SMART.20v2.2E2.20User.20Access.20Brands.3A.20Brand.20validation.20error.3F/near/466321024
+    ].freeze
+
+    fhir_resource_validator do
+      igs 'hl7.fhir.uv.smart-app-launch#2.2.0'
+
+      cli_context({
+                    # Allow example URLs because we give tester option to follow URLs anyhow
+                    # (configurable) and its nice to be able to have the examples in the IG pass
+                    allowExampleUrls: true
+                  })
+
+      message_filters = VALIDATION_MESSAGE_FILTERS
+
+      exclude_message do |message|
+        message_filters.any? { |filter| filter.match? message.message }
+      end
+    end
+
+    Dir.each_child(File.join(__dir__, '/smart_access_brands_examples/')) do |filename|
+      resource_example = File.read(File.join(__dir__, '/smart_access_brands_examples/', filename))
+      if filename.end_with?('.erb')
+        erb_template = ERB.new(resource_example)
+        resource_example = JSON.parse(erb_template.result).to_json
+        filename = filename.delete_suffix('.erb')
+        headers = { 'Content-Type' => 'application/json', 'Access-Control-Allow-Origin' => '*',
+                    'Etag' => SecureRandom.hex(32) }
+      else
+        filename = "#{filename.delete_suffix('.json')}/metadata"
+        headers = { 'Content-Type' => 'application/json' }
+      end
+      route_handler = proc { [200, headers, [resource_example]] }
+
+      route :get, File.join('/examples/', filename), route_handler
+    end
+
+    group from: :retrieve_and_validate_smart_access_brands
+  end
+end

data/lib/smart_app_launch/smart_access_brands_validate_brands_test.rb

@@ -0,0 +1,104 @@
+module SMARTAppLaunch
+  class SMARTAccessBrandsValidateBrands < Inferno::Test
+    id :smart_access_brands_valid_brands
+    title 'Service Base URL List contains valid Brand resources'
+    description %(
+      Verify that Bundle of User Access Brands and Endpoints contains Brands that are valid
+      Organization resources according to the [User Access Brand Profile](https://hl7.org/fhir/smart-app-launch/STU2.2/StructureDefinition-user-access-brand.html).
+
+      Along with validating the Organization resources, this test also ensures:
+        - Each endpoint referenced in the Organization portal extension also appear in Organization.endpoint
+        - Any endpoints referenced by the Organization must appear in the Bundle
+
+      This test does not currently validate availability or format of Brand or Portal logos.
+    )
+
+    input :user_access_brands_bundle,
+          optional: true
+
+    def find_referenced_endpoint(bundle_resource, endpoint_id_ref)
+      bundle_resource
+        .entry
+        .map(&:resource)
+        .select { |resource| resource.resourceType == 'Endpoint' }
+        .map(&:id)
+        .select { |endpoint_id| endpoint_id_ref.include? endpoint_id }
+    end
+
+    def find_extension(extension_array, extension_name)
+      extension_array.find do |extension|
+        extension.url.ends_with?(extension_name)
+      end
+    end
+
+    def find_all_extensions(extension_array, extension_name)
+      extension_array.select do |extension|
+        extension.url == extension_name
+      end
+    end
+
+    def check_portal_endpoints(portal_endpoints, organization_endpoints)
+      portal_endpoints.each do |portal_endpoint|
+        portal_endpoint_found = organization_endpoints.any? do |endpoint_reference|
+          portal_endpoint.valueReference.reference == endpoint_reference
+        end
+        assert(portal_endpoint_found, %(
+          Portal endpoints must also appear at Organization.endpoint. The portal endpoint with reference
+          #{portal_endpoint.valueReference.reference} was not found at Organization.endpoint.))
+      end
+    end
+
+    def skip_message
+      %(
+        No User Access Brands request was made in the previous test, and no User Access Brands Bundle was provided as
+        input instead. Either provide a User Access Brands Publication URL to retrieve the Bundle via a HTTP GET
+        request, or provide the Bundle as an input.
+      )
+    end
+
+    run do
+      bundle_response = if user_access_brands_bundle.blank?
+                          load_tagged_requests('smart_access_brands_bundle')
+                          skip skip_message if requests.length != 1
+                          requests.first.response_body
+                        else
+                          user_access_brands_bundle
+                        end
+
+      skip_if bundle_response.blank?, 'No SMART Access Brands Bundle contained in the response'
+
+      assert_valid_json(bundle_response)
+      bundle_resource = FHIR.from_contents(bundle_response)
+
+      skip_if bundle_resource.entry.empty?, 'The given Bundle does not contain any resources'
+      assert_valid_bundle_entries(bundle: bundle_resource,
+                                  resource_types: {
+                                    Organization: 'http://hl7.org/fhir/smart-app-launch/StructureDefinition/user-access-brand'
+                                  })
+
+      organization_resources = bundle_resource
+        .entry
+        .map(&:resource)
+        .select { |resource| resource.resourceType == 'Organization' }
+
+      organization_resources.each do |organization|
+        endpoint_references = organization.endpoint.map(&:reference)
+
+        if organization.extension.present?
+          portal_extension = find_extension(organization.extension, '/organization-portal')
+          if portal_extension.present?
+            portal_endpoints = find_all_extensions(portal_extension.extension, 'portalEndpoint')
+            check_portal_endpoints(portal_endpoints, endpoint_references)
+          end
+        end
+
+        endpoint_references.each do |endpoint_id_ref|
+          organization_referenced_endpts = find_referenced_endpoint(bundle_resource, endpoint_id_ref)
+          assert !organization_referenced_endpts.empty?,
+                 "Organization with id: #{organization.id} references an Endpoint that is not contained in this
+                   bundle."
+        end
+      end
+    end
+  end
+end

data/lib/smart_app_launch/smart_access_brands_validate_bundle_test.rb

@@ -0,0 +1,45 @@
+module SMARTAppLaunch
+  class SMARTAccessBrandsValidateBundle < Inferno::Test
+    id :smart_access_brands_valid_bundle
+    title 'Server returns valid Bundle resource according to the User Access Brands Bundle Profile'
+    description %(
+        Verify that the returned Bundle is a valid User Access Brands Bundle according to the
+        [User Access Brand Bundle Profile](https://hl7.org/fhir/smart-app-launch/STU2.2/StructureDefinition-user-access-brands-bundle.html).
+
+        This test also ensures the Bundle is the 'collection' type and that it is not empty.
+      )
+
+    input :user_access_brands_bundle,
+          optional: true
+
+    def skip_message
+      %(
+        No User Access Brands request was made in the previous test, and no User Access Brands Bundle was provided as
+        input instead. Either provide a User Access Brands Publication URL to retrieve the Bundle via a HTTP GET
+        request, or provide the Bundle as an input.
+      )
+    end
+
+    run do
+      bundle_response = if user_access_brands_bundle.blank?
+                          load_tagged_requests('smart_access_brands_bundle')
+                          skip skip_message if requests.length != 1
+                          requests.first.response_body
+                        else
+                          user_access_brands_bundle
+                        end
+
+      skip_if bundle_response.blank?, 'No SMART Access Brands Bundle contained in the response'
+
+      assert_valid_json(bundle_response)
+      bundle_resource = FHIR.from_contents(bundle_response)
+      assert_resource_type(:bundle, resource: bundle_resource)
+      assert_valid_resource(resource: bundle_resource, profile_url: 'http://hl7.org/fhir/smart-app-launch/StructureDefinition/user-access-brands-bundle')
+
+      assert(bundle_resource.type == 'collection', 'The SMART Access Brands Bundle must be type `collection`')
+      assert(bundle_resource.timestamp.present?,
+             'Bundle.timestamp must be populated to advertise the timestamp of the last change to the contents')
+      assert !bundle_resource.entry.empty?, 'The given Bundle does not contain any brands or endpoints.'
+    end
+  end
+end