Services href verification assuming protocol matches self.protocol

[alabou]

https://github.com/AMWA-TV/nmos-testing/blob/7532329785f71a99066aa2a3e41d5dc62fd087ad/nmostesting/suites/IS0401Test.py#L1253

The test assumes that the protocol of a given service would match self.protocol which seems to be wrong. As illustrated by nodeapi-self-get-200.json the endpoints may be http or https while services are declared as https only.

The objective of the test seems to verify that for http and https services the href start with either "http://" or "https://". It seems that there should be no relation to self.protocol in this test.

[garethsb]

That warning is intentional, primarily to ensure that Nodes that are being tested with HTTPS for their Node API don't offer insecure APIs. If other cases are causing false positives, e.g. vendor specific HTTPS services when the Node API is insecure, the test case could be tightened up.

[alabou]

The later case is ours where the NMOS node operate in HTTP (default config) and the service is offered HTTPS only. AFAIK our SQA team runs the NMOS tests in "warning as a failure" mode so we would appreciate tightening to have the warnings only when services are less secure than the Node (if it makes sense for everyone).