summaryrefslogtreecommitdiffstats
path: root/a1-policy-management/api
diff options
context:
space:
mode:
authorPatrikBuhr <patrik.buhr@est.tech>2023-04-05 14:40:07 +0200
committerPatrikBuhr <patrik.buhr@est.tech>2023-04-06 17:36:06 +0200
commitf07e4b397c60c21ae275a7c98471b64e60f14f04 (patch)
treeaad1e2ae65154a4e78875e9a1e41d72b301cda52 /a1-policy-management/api
parent44499d09ab2842ecad245ac73de523790a5d64eb (diff)
A1 PMS support for fine grained access control -A1 London
Issue-ID: CCSDK-3885 Signed-off-by: PatrikBuhr <patrik.buhr@est.tech> Change-Id: I2ee8f40389d1d53cbfd9433232e0f35f2644361b
Diffstat (limited to 'a1-policy-management/api')
-rw-r--r--a1-policy-management/api/pms-api.json77
-rw-r--r--a1-policy-management/api/pms-api.yaml64
-rw-r--r--a1-policy-management/api/pms-api/index.html407
3 files changed, 541 insertions, 7 deletions
diff --git a/a1-policy-management/api/pms-api.json b/a1-policy-management/api/pms-api.json
index 7574032c..9efa7b75 100644
--- a/a1-policy-management/api/pms-api.json
+++ b/a1-policy-management/api/pms-api.json
@@ -28,6 +28,15 @@
"type": "string"
}}
},
+ "authorization_result": {
+ "description": "Result of authorization",
+ "type": "object",
+ "required": ["result"],
+ "properties": {"result": {
+ "description": "If true, the access is granted",
+ "type": "boolean"
+ }}
+ },
"ric_info_v2": {
"description": "Information for a Near-RT RIC",
"type": "object",
@@ -148,6 +157,40 @@
"type": "object"
}}
},
+ "input": {
+ "description": "input",
+ "type": "object",
+ "required": [
+ "access_type",
+ "auth_token",
+ "policy_type_id"
+ ],
+ "properties": {
+ "access_type": {
+ "description": "Access type",
+ "type": "string",
+ "enum": [
+ "READ",
+ "WRITE",
+ "DELETE"
+ ]
+ },
+ "auth_token": {
+ "description": "Authorization token",
+ "type": "string"
+ },
+ "policy_type_id": {
+ "description": "Policy type identifier",
+ "type": "string"
+ }
+ }
+ },
+ "policy_authorization": {
+ "description": "Authorization request for A1 policy requests",
+ "type": "object",
+ "required": ["input"],
+ "properties": {"input": {"$ref": "#/components/schemas/input"}}
+ },
"policytype_id_list_v2": {
"description": "Information about policy types",
"type": "object",
@@ -298,6 +341,20 @@
],
"tags": ["A1 Policy Management"]
}},
+ "/example-authz-check": {"post": {
+ "summary": "Request for access authorization.",
+ "requestBody": {
+ "content": {"application/json": {"schema": {"$ref": "#/components/schemas/policy_authorization"}}},
+ "required": true
+ },
+ "description": "The authorization function decides if access is granted.",
+ "operationId": "performAccessControl",
+ "responses": {"200": {
+ "description": "OK",
+ "content": {"application/json": {"schema": {"$ref": "#/components/schemas/authorization_result"}}}
+ }},
+ "tags": ["Authorization API"]
+ }},
"/actuator/threaddump": {"get": {
"summary": "Actuator web endpoint 'threaddump'",
"operationId": "threaddump",
@@ -946,12 +1003,18 @@
"title": "A1 Policy Management Service",
"version": "1.1.0"
},
- "tags": [{
- "name": "Actuator",
- "description": "Monitor and interact",
- "externalDocs": {
- "description": "Spring Boot Actuator Web API Documentation",
- "url": "https://docs.spring.io/spring-boot/docs/current/actuator-api/html/"
+ "tags": [
+ {
+ "name": "Authorization API",
+ "description": "API used for authorization of information A1 policy access (this is provided by an authorization producer such as OPA).\nNote that this API is called by PMS, it is not provided.\n"
+ },
+ {
+ "name": "Actuator",
+ "description": "Monitor and interact",
+ "externalDocs": {
+ "description": "Spring Boot Actuator Web API Documentation",
+ "url": "https://docs.spring.io/spring-boot/docs/current/actuator-api/html/"
+ }
}
- }]
+ ]
} \ No newline at end of file
diff --git a/a1-policy-management/api/pms-api.yaml b/a1-policy-management/api/pms-api.yaml
index 0cd28d07..a905c40e 100644
--- a/a1-policy-management/api/pms-api.yaml
+++ b/a1-policy-management/api/pms-api.yaml
@@ -31,6 +31,10 @@ info:
servers:
- url: /
tags:
+- description: "API used for authorization of information A1 policy access (this is\
+ \ provided by an authorization producer such as OPA).\nNote that this API is called\
+ \ by PMS, it is not provided.\n"
+ name: Authorization API
- description: Monitor and interact
externalDocs:
description: Spring Boot Actuator Web API Documentation
@@ -93,6 +97,26 @@ paths:
summary: Query for A1 policy instances
tags:
- A1 Policy Management
+ /example-authz-check:
+ post:
+ description: The authorization function decides if access is granted.
+ operationId: performAccessControl
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy_authorization'
+ required: true
+ responses:
+ "200":
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/authorization_result'
+ description: OK
+ summary: Request for access authorization.
+ tags:
+ - Authorization API
/actuator/threaddump:
get:
operationId: threaddump
@@ -957,6 +981,17 @@ components:
description: status text
type: string
type: object
+ authorization_result:
+ description: Result of authorization
+ example:
+ result: true
+ properties:
+ result:
+ description: "If true, the access is granted"
+ type: boolean
+ required:
+ - result
+ type: object
ric_info_v2:
description: Information for a Near-RT RIC
example:
@@ -1113,6 +1148,35 @@ components:
http://json-schema.org/draft-07/schema
type: object
type: object
+ input:
+ description: input
+ properties:
+ access_type:
+ description: Access type
+ enum:
+ - READ
+ - WRITE
+ - DELETE
+ type: string
+ auth_token:
+ description: Authorization token
+ type: string
+ policy_type_id:
+ description: Policy type identifier
+ type: string
+ required:
+ - access_type
+ - auth_token
+ - policy_type_id
+ type: object
+ policy_authorization:
+ description: Authorization request for A1 policy requests
+ properties:
+ input:
+ $ref: '#/components/schemas/input'
+ required:
+ - input
+ type: object
policytype_id_list_v2:
description: Information about policy types
example:
diff --git a/a1-policy-management/api/pms-api/index.html b/a1-policy-management/api/pms-api/index.html
index c8f97a81..8b29a313 100644
--- a/a1-policy-management/api/pms-api/index.html
+++ b/a1-policy-management/api/pms-api/index.html
@@ -846,6 +846,17 @@ ul.nav-tabs {
<script>
// Script section to load models into a JS Var
var defs = {}
+ defs["authorization_result"] = {
+ "required" : [ "result" ],
+ "type" : "object",
+ "properties" : {
+ "result" : {
+ "type" : "boolean",
+ "description" : "If true, the access is granted"
+ }
+ },
+ "description" : "Result of authorization"
+};
defs["error_information"] = {
"type" : "object",
"properties" : {
@@ -863,6 +874,26 @@ ul.nav-tabs {
},
"description" : "Problem as defined in https://tools.ietf.org/html/rfc7807"
};
+ defs["input"] = {
+ "required" : [ "access_type", "auth_token", "policy_type_id" ],
+ "type" : "object",
+ "properties" : {
+ "access_type" : {
+ "type" : "string",
+ "description" : "Access type",
+ "enum" : [ "READ", "WRITE", "DELETE" ]
+ },
+ "auth_token" : {
+ "type" : "string",
+ "description" : "Authorization token"
+ },
+ "policy_type_id" : {
+ "type" : "string",
+ "description" : "Policy type identifier"
+ }
+ },
+ "description" : "input"
+};
defs["Link"] = {
"type" : "object",
"properties" : {
@@ -874,6 +905,16 @@ ul.nav-tabs {
}
}
};
+ defs["policy_authorization"] = {
+ "required" : [ "input" ],
+ "type" : "object",
+ "properties" : {
+ "input" : {
+ "$ref" : "#/components/schemas/input"
+ }
+ },
+ "description" : "Authorization request for A1 policy requests"
+};
defs["policy_id_list_v2"] = {
"type" : "object",
"properties" : {
@@ -1185,6 +1226,10 @@ ul.nav-tabs {
<li data-group="Actuator" data-name="threaddump" class="">
<a href="#api-Actuator-threaddump">threaddump</a>
</li>
+ <li class="nav-header" data-group="AuthorizationAPI"><a href="#api-AuthorizationAPI">API Methods - AuthorizationAPI</a></li>
+ <li data-group="AuthorizationAPI" data-name="performAccessControl" class="">
+ <a href="#api-AuthorizationAPI-performAccessControl">performAccessControl</a>
+ </li>
<li class="nav-header" data-group="Callbacks"><a href="#api-Callbacks">API Methods - Callbacks</a></li>
<li data-group="Callbacks" data-name="serviceCallback" class="">
<a href="#api-Callbacks-serviceCallback">serviceCallback</a>
@@ -9221,6 +9266,368 @@ pub fn main() {
</div>
<hr>
</section>
+ <section id="api-AuthorizationAPI">
+ <h1>AuthorizationAPI</h1>
+ <div id="api-AuthorizationAPI-performAccessControl">
+ <article id="api-AuthorizationAPI-performAccessControl-0" data-group="User" data-name="performAccessControl" data-version="0">
+ <div class="pull-left">
+ <h1>performAccessControl</h1>
+ <p>Request for access authorization.</p>
+ </div>
+ <div class="pull-right"></div>
+ <div class="clearfix"></div>
+ <p></p>
+ <p class="marked">The authorization function decides if access is granted.</p>
+ <p></p>
+ <br />
+ <pre class="prettyprint language-html prettyprinted" data-type="post"><code><span class="pln">/example-authz-check</span></code></pre>
+ <p>
+ <h3>Usage and SDK Samples</h3>
+ </p>
+ <ul class="nav nav-tabs nav-tabs-examples">
+ <li class="active"><a href="#examples-AuthorizationAPI-performAccessControl-0-curl">Curl</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-java">Java</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-android">Android</a></li>
+ <!--<li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-groovy">Groovy</a></li>-->
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-objc">Obj-C</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-javascript">JavaScript</a></li>
+ <!--<li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-angular">Angular</a></li>-->
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-csharp">C#</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-php">PHP</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-perl">Perl</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-python">Python</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-rust">Rust</a></li>
+ </ul>
+
+ <div class="tab-content">
+ <div class="tab-pane active" id="examples-AuthorizationAPI-performAccessControl-0-curl">
+ <pre class="prettyprint"><code class="language-bsh">curl -X POST \
+ -H "Accept: application/json" \
+ -H "Content-Type: application/json" \
+ "http://localhost/example-authz-check" \
+ -d ''
+</code></pre>
+ </div>
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-java">
+ <pre class="prettyprint"><code class="language-java">import org.openapitools.client.*;
+import org.openapitools.client.auth.*;
+import org.openapitools.client.model.*;
+import org.openapitools.client.api.AuthorizationAPIApi;
+
+import java.io.File;
+import java.util.*;
+
+public class AuthorizationAPIApiExample {
+ public static void main(String[] args) {
+
+ // Create an instance of the API class
+ AuthorizationAPIApi apiInstance = new AuthorizationAPIApi();
+ PolicyAuthorization policyAuthorization = ; // PolicyAuthorization |
+
+ try {
+ authorization_result result = apiInstance.performAccessControl(policyAuthorization);
+ System.out.println(result);
+ } catch (ApiException e) {
+ System.err.println("Exception when calling AuthorizationAPIApi#performAccessControl");
+ e.printStackTrace();
+ }
+ }
+}
+</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-android">
+ <pre class="prettyprint"><code class="language-java">import org.openapitools.client.api.AuthorizationAPIApi;
+
+public class AuthorizationAPIApiExample {
+ public static void main(String[] args) {
+ AuthorizationAPIApi apiInstance = new AuthorizationAPIApi();
+ PolicyAuthorization policyAuthorization = ; // PolicyAuthorization |
+
+ try {
+ authorization_result result = apiInstance.performAccessControl(policyAuthorization);
+ System.out.println(result);
+ } catch (ApiException e) {
+ System.err.println("Exception when calling AuthorizationAPIApi#performAccessControl");
+ e.printStackTrace();
+ }
+ }
+}</code></pre>
+ </div>
+ <!--
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-groovy">
+ <pre class="prettyprint language-json prettyprinted" data-type="json"><code>Coming Soon!</code></pre>
+ </div> -->
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-objc">
+ <pre class="prettyprint"><code class="language-cpp">
+
+// Create an instance of the API class
+AuthorizationAPIApi *apiInstance = [[AuthorizationAPIApi alloc] init];
+PolicyAuthorization *policyAuthorization = ; //
+
+// Request for access authorization.
+[apiInstance performAccessControlWith:policyAuthorization
+ completionHandler: ^(authorization_result output, NSError* error) {
+ if (output) {
+ NSLog(@"%@", output);
+ }
+ if (error) {
+ NSLog(@"Error: %@", error);
+ }
+}];
+</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-javascript">
+ <pre class="prettyprint"><code class="language-js">var A1PolicyManagementService = require('a1_policy_management_service');
+
+// Create an instance of the API class
+var api = new A1PolicyManagementService.AuthorizationAPIApi()
+var policyAuthorization = ; // {PolicyAuthorization}
+
+var callback = function(error, data, response) {
+ if (error) {
+ console.error(error);
+ } else {
+ console.log('API called successfully. Returned data: ' + data);
+ }
+};
+api.performAccessControl(policyAuthorization, callback);
+</code></pre>
+ </div>
+
+ <!--<div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-angular">
+ <pre class="prettyprint language-json prettyprinted" data-type="json"><code>Coming Soon!</code></pre>
+ </div>-->
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-csharp">
+ <pre class="prettyprint"><code class="language-cs">using System;
+using System.Diagnostics;
+using Org.OpenAPITools.Api;
+using Org.OpenAPITools.Client;
+using Org.OpenAPITools.Model;
+
+namespace Example
+{
+ public class performAccessControlExample
+ {
+ public void main()
+ {
+
+ // Create an instance of the API class
+ var apiInstance = new AuthorizationAPIApi();
+ var policyAuthorization = new PolicyAuthorization(); // PolicyAuthorization |
+
+ try {
+ // Request for access authorization.
+ authorization_result result = apiInstance.performAccessControl(policyAuthorization);
+ Debug.WriteLine(result);
+ } catch (Exception e) {
+ Debug.Print("Exception when calling AuthorizationAPIApi.performAccessControl: " + e.Message );
+ }
+ }
+ }
+}
+</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-php">
+ <pre class="prettyprint"><code class="language-php"><&#63;php
+require_once(__DIR__ . '/vendor/autoload.php');
+
+// Create an instance of the API class
+$api_instance = new OpenAPITools\Client\Api\AuthorizationAPIApi();
+$policyAuthorization = ; // PolicyAuthorization |
+
+try {
+ $result = $api_instance->performAccessControl($policyAuthorization);
+ print_r($result);
+} catch (Exception $e) {
+ echo 'Exception when calling AuthorizationAPIApi->performAccessControl: ', $e->getMessage(), PHP_EOL;
+}
+?></code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-perl">
+ <pre class="prettyprint"><code class="language-perl">use Data::Dumper;
+use WWW::OPenAPIClient::Configuration;
+use WWW::OPenAPIClient::AuthorizationAPIApi;
+
+# Create an instance of the API class
+my $api_instance = WWW::OPenAPIClient::AuthorizationAPIApi->new();
+my $policyAuthorization = WWW::OPenAPIClient::Object::PolicyAuthorization->new(); # PolicyAuthorization |
+
+eval {
+ my $result = $api_instance->performAccessControl(policyAuthorization => $policyAuthorization);
+ print Dumper($result);
+};
+if ($@) {
+ warn "Exception when calling AuthorizationAPIApi->performAccessControl: $@\n";
+}</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-python">
+ <pre class="prettyprint"><code class="language-python">from __future__ import print_statement
+import time
+import openapi_client
+from openapi_client.rest import ApiException
+from pprint import pprint
+
+# Create an instance of the API class
+api_instance = openapi_client.AuthorizationAPIApi()
+policyAuthorization = # PolicyAuthorization |
+
+try:
+ # Request for access authorization.
+ api_response = api_instance.perform_access_control(policyAuthorization)
+ pprint(api_response)
+except ApiException as e:
+ print("Exception when calling AuthorizationAPIApi->performAccessControl: %s\n" % e)</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-rust">
+ <pre class="prettyprint"><code class="language-rust">extern crate AuthorizationAPIApi;
+
+pub fn main() {
+ let policyAuthorization = ; // PolicyAuthorization
+
+ let mut context = AuthorizationAPIApi::Context::default();
+ let result = client.performAccessControl(policyAuthorization, &context).wait();
+
+ println!("{:?}", result);
+}
+</code></pre>
+ </div>
+ </div>
+
+ <h2>Scopes</h2>
+ <table>
+
+ </table>
+
+ <h2>Parameters</h2>
+
+
+
+ <div class="methodsubtabletitle">Body parameters</div>
+ <table id="methodsubtable">
+ <tr>
+ <th width="150px">Name</th>
+ <th>Description</th>
+ </tr>
+ <tr><td style="width:150px;">policyAuthorization <span style="color:red;">*</span></td>
+<td>
+<p class="marked"></p>
+<script>
+$(document).ready(function() {
+ var schemaWrapper = {
+ "content" : {
+ "application/json" : {
+ "schema" : {
+ "$ref" : "#/components/schemas/policy_authorization"
+ }
+ }
+ },
+ "required" : true
+};
+
+ var schema = findNode('schema',schemaWrapper).schema;
+ if (!schema) {
+ schema = schemaWrapper.schema;
+ }
+ if (schema.$ref != null) {
+ schema = defsParser.$refs.get(schema.$ref);
+ } else {
+ schemaWrapper.definitions = Object.assign({}, defs);
+ $RefParser.dereference(schemaWrapper).catch(function(err) {
+ console.log(err);
+ });
+ }
+
+ var view = new JSONSchemaView(schema,2,{isBodyParam: true});
+ var result = $('#d2e199_performAccessControl_policyAuthorization');
+ result.empty();
+ result.append(view.render());
+});
+</script>
+<div id="d2e199_performAccessControl_policyAuthorization"></div>
+</td>
+</tr>
+
+ </table>
+
+
+
+ <h2>Responses</h2>
+ <h3 id="examples-AuthorizationAPI-performAccessControl-title-200"></h3>
+ <p id="examples-AuthorizationAPI-performAccessControl-description-200" class="marked"></p>
+ <script>
+ var responseAuthorizationAPI200_description = `OK`;
+ var responseAuthorizationAPI200_description_break = responseAuthorizationAPI200_description.indexOf('\n');
+ if (responseAuthorizationAPI200_description_break == -1) {
+ $("#examples-AuthorizationAPI-performAccessControl-title-200").text("Status: 200 - " + responseAuthorizationAPI200_description);
+ } else {
+ $("#examples-AuthorizationAPI-performAccessControl-title-200").text("Status: 200 - " + responseAuthorizationAPI200_description.substring(0, responseAuthorizationAPI200_description_break));
+ $("#examples-AuthorizationAPI-performAccessControl-description-200").html(responseAuthorizationAPI200_description.substring(responseAuthorizationAPI200_description_break));
+ }
+ </script>
+
+
+ <ul id="responses-detail-AuthorizationAPI-performAccessControl-200" class="nav nav-tabs nav-tabs-examples" >
+ <li class="active">
+ <a data-toggle="tab" href="#responses-AuthorizationAPI-performAccessControl-200-schema">Schema</a>
+ </li>
+
+
+
+
+ </ul>
+
+
+ <div class="tab-content" id="responses-AuthorizationAPI-performAccessControl-200-wrapper" style='margin-bottom: 10px;'>
+ <div class="tab-pane active" id="responses-AuthorizationAPI-performAccessControl-200-schema">
+ <div id="responses-AuthorizationAPI-performAccessControl-schema-200" class="exampleStyle">
+ <script>
+ $(document).ready(function() {
+ var schemaWrapper = {
+ "description" : "OK",
+ "content" : {
+ "application/json" : {
+ "schema" : {
+ "$ref" : "#/components/schemas/authorization_result"
+ }
+ }
+ }
+};
+ var schema = findNode('schema',schemaWrapper).schema;
+ if (!schema) {
+ schema = schemaWrapper.schema;
+ }
+ if (schema.$ref != null) {
+ schema = defsParser.$refs.get(schema.$ref);
+ } else if (schema.items != null && schema.items.$ref != null) {
+ schema.items = defsParser.$refs.get(schema.items.$ref);
+ } else {
+ schemaWrapper.definitions = Object.assign({}, defs);
+ $RefParser.dereference(schemaWrapper).catch(function(err) {
+ console.log(err);
+ });
+ }
+
+ var view = new JSONSchemaView(schema, 3);
+ $('#responses-AuthorizationAPI-performAccessControl-200-schema-data').val(JSON.stringify(schema));
+ var result = $('#responses-AuthorizationAPI-performAccessControl-schema-200');
+ result.empty();
+ result.append(view.render());
+ });
+ </script>
+ </div>
+ <input id='responses-AuthorizationAPI-performAccessControl-200-schema-data' type='hidden' value=''></input>
+ </div>
+ </div>
+ </article>
+ </div>
+ <hr>
+ </section>
<section id="api-Callbacks">
<h1>Callbacks</h1>
<div id="api-Callbacks-serviceCallback">