summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
authorPatrikBuhr <patrik.buhr@est.tech>2023-04-17 13:00:15 +0200
committerPatrikBuhr <patrik.buhr@est.tech>2023-04-19 09:09:31 +0200
commit9f1d9499e4e1ca40fddffb195353148cc3271b9c (patch)
tree5eef78509d35740629a0d0c7ae814a58b6a3919e /docs
parentf07e4b397c60c21ae275a7c98471b64e60f14f04 (diff)
A1 PMS support for fine grained access control -A1 London
Documentation updates. Issue-ID: CCSDK-3889 Signed-off-by: PatrikBuhr <patrik.buhr@est.tech> Change-Id: Iaa73d0128a4c466ed2b3d1803af66368d3c37fa6
Diffstat (limited to 'docs')
-rwxr-xr-xdocs/architecture/architecture.rst16
-rw-r--r--docs/conf.py4
-rw-r--r--docs/guide/developer-guide.rst4
-rw-r--r--docs/media/ONAP-A1ControllerArchitecture.pngbin172679 -> 88893 bytes
-rw-r--r--docs/media/ONAP-A1ControllerArchitecture.pptxbin0 -> 32575 bytes
-rw-r--r--docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html407
-rw-r--r--docs/offeredapis/swagger/pms-api.json6
-rw-r--r--docs/offeredapis/swagger/pms-api.yaml64
-rw-r--r--docs/requirements-docs.txt1
-rw-r--r--docs/tox.ini14
10 files changed, 501 insertions, 15 deletions
diff --git a/docs/architecture/architecture.rst b/docs/architecture/architecture.rst
index a9facd53..edb9d346 100755
--- a/docs/architecture/architecture.rst
+++ b/docs/architecture/architecture.rst
@@ -11,9 +11,9 @@ Introduction
************
-The CCSDK ORAN components add support for handling "A1 Policies" as defined for the O-RAN A1 interface.
+The CCSDK ORAN components add support for handling "A1 Policies" as defined for the O-RAN A1-P interface.
-The O-RAN A1 interface is defined by the `O-RAN Alliance <https://www.o-ran.org>`_
+The O-RAN A1-P interface is defined by the `O-RAN Alliance <https://www.o-ran.org>`_
*******************
@@ -21,11 +21,21 @@ Architecture Review
*******************
This picture provides a overview of ONAP's A1 Controller architecture,
-integration with other ONAP components and API resource/operation provided.
+integration with other components and API resource/operation provided.
.. image:: ../media/ONAP-A1ControllerArchitecture.png
:width: 500pt
+The A1 Policy Management Service provides an API for accessing of A1 Policies. The PMS
+configures these in the traffical elements (NearRT-RICS). It also keeps a backup of these in case of restart of PMS.
+On regular basis, it will check that the configured A1 Policices are consistent with the actual ones in the NearRT-RICS (and take action if not).
+
+The access to the NearRT-RIC may be tunneled through an A1 adapter in the CCSDK/SDNC controller.
+
+The A1 PMS provides support for fine granied access control, which is implemented by delegating the granting of access of A1 Policies to an external
+authorization provider.
+
+More details can be found in :ref:`developer_guide`.
***************
Developer Guide
diff --git a/docs/conf.py b/docs/conf.py
index 6901c026..f53b9f4d 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -69,5 +69,7 @@ def setup(app):
app.add_css_file("css/ribbon.css")
linkcheck_ignore = [
- r'http://localhost:\d+/'
+ r'http://localhost:\d+/',
+ './a1-adapter-api.html', #Generated file that doesn't exist at link check.
+ './pms-api.html' #Generated file that doesn't exist at link check.
]
diff --git a/docs/guide/developer-guide.rst b/docs/guide/developer-guide.rst
index d3b1646f..ea726334 100644
--- a/docs/guide/developer-guide.rst
+++ b/docs/guide/developer-guide.rst
@@ -34,7 +34,7 @@ A1 Policy Management Service provides a REST API for management of policies. It
The Policy Management Service can be accessed over the REST API. See :ref:`pms_api` for more information about the API.
-The configured A1 policies are stored persistently to survive a service restart.
+The configured A1 policies are stored persistently to survive a service restart. This information can be stored in a persistent volume or in an S3 Object Store bucket.
Dependencies
------------
@@ -47,7 +47,7 @@ dependency management tool (see *pom.xml* file at root level) :
- `Springfox <https://github.com/springfox/springfox>`_ Automated JSON API documentation for APIs built with Spring
- `Lombok <https://github.com/rzwitserloot/lombok>`_ to generate code, such as getters and setters
- `Awaitility <https://github.com/awaitility/awaitility>`_ to test asynchronous functionality
-- `S3 <https://mvnrepository.com/artifact/software.amazon.awssdk/s3>`_ Access of Amazon S3 - Cloud Object Storage
+
To get a complete list of all dependencies, use command "mvn dependency:tree".
diff --git a/docs/media/ONAP-A1ControllerArchitecture.png b/docs/media/ONAP-A1ControllerArchitecture.png
index 0d549f51..3440cfc0 100644
--- a/docs/media/ONAP-A1ControllerArchitecture.png
+++ b/docs/media/ONAP-A1ControllerArchitecture.png
Binary files differ
diff --git a/docs/media/ONAP-A1ControllerArchitecture.pptx b/docs/media/ONAP-A1ControllerArchitecture.pptx
new file mode 100644
index 00000000..2178bd17
--- /dev/null
+++ b/docs/media/ONAP-A1ControllerArchitecture.pptx
Binary files differ
diff --git a/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html b/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html
index c8f97a81..8b29a313 100644
--- a/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html
+++ b/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html
@@ -846,6 +846,17 @@ ul.nav-tabs {
<script>
// Script section to load models into a JS Var
var defs = {}
+ defs["authorization_result"] = {
+ "required" : [ "result" ],
+ "type" : "object",
+ "properties" : {
+ "result" : {
+ "type" : "boolean",
+ "description" : "If true, the access is granted"
+ }
+ },
+ "description" : "Result of authorization"
+};
defs["error_information"] = {
"type" : "object",
"properties" : {
@@ -863,6 +874,26 @@ ul.nav-tabs {
},
"description" : "Problem as defined in https://tools.ietf.org/html/rfc7807"
};
+ defs["input"] = {
+ "required" : [ "access_type", "auth_token", "policy_type_id" ],
+ "type" : "object",
+ "properties" : {
+ "access_type" : {
+ "type" : "string",
+ "description" : "Access type",
+ "enum" : [ "READ", "WRITE", "DELETE" ]
+ },
+ "auth_token" : {
+ "type" : "string",
+ "description" : "Authorization token"
+ },
+ "policy_type_id" : {
+ "type" : "string",
+ "description" : "Policy type identifier"
+ }
+ },
+ "description" : "input"
+};
defs["Link"] = {
"type" : "object",
"properties" : {
@@ -874,6 +905,16 @@ ul.nav-tabs {
}
}
};
+ defs["policy_authorization"] = {
+ "required" : [ "input" ],
+ "type" : "object",
+ "properties" : {
+ "input" : {
+ "$ref" : "#/components/schemas/input"
+ }
+ },
+ "description" : "Authorization request for A1 policy requests"
+};
defs["policy_id_list_v2"] = {
"type" : "object",
"properties" : {
@@ -1185,6 +1226,10 @@ ul.nav-tabs {
<li data-group="Actuator" data-name="threaddump" class="">
<a href="#api-Actuator-threaddump">threaddump</a>
</li>
+ <li class="nav-header" data-group="AuthorizationAPI"><a href="#api-AuthorizationAPI">API Methods - AuthorizationAPI</a></li>
+ <li data-group="AuthorizationAPI" data-name="performAccessControl" class="">
+ <a href="#api-AuthorizationAPI-performAccessControl">performAccessControl</a>
+ </li>
<li class="nav-header" data-group="Callbacks"><a href="#api-Callbacks">API Methods - Callbacks</a></li>
<li data-group="Callbacks" data-name="serviceCallback" class="">
<a href="#api-Callbacks-serviceCallback">serviceCallback</a>
@@ -9221,6 +9266,368 @@ pub fn main() {
</div>
<hr>
</section>
+ <section id="api-AuthorizationAPI">
+ <h1>AuthorizationAPI</h1>
+ <div id="api-AuthorizationAPI-performAccessControl">
+ <article id="api-AuthorizationAPI-performAccessControl-0" data-group="User" data-name="performAccessControl" data-version="0">
+ <div class="pull-left">
+ <h1>performAccessControl</h1>
+ <p>Request for access authorization.</p>
+ </div>
+ <div class="pull-right"></div>
+ <div class="clearfix"></div>
+ <p></p>
+ <p class="marked">The authorization function decides if access is granted.</p>
+ <p></p>
+ <br />
+ <pre class="prettyprint language-html prettyprinted" data-type="post"><code><span class="pln">/example-authz-check</span></code></pre>
+ <p>
+ <h3>Usage and SDK Samples</h3>
+ </p>
+ <ul class="nav nav-tabs nav-tabs-examples">
+ <li class="active"><a href="#examples-AuthorizationAPI-performAccessControl-0-curl">Curl</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-java">Java</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-android">Android</a></li>
+ <!--<li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-groovy">Groovy</a></li>-->
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-objc">Obj-C</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-javascript">JavaScript</a></li>
+ <!--<li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-angular">Angular</a></li>-->
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-csharp">C#</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-php">PHP</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-perl">Perl</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-python">Python</a></li>
+ <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-rust">Rust</a></li>
+ </ul>
+
+ <div class="tab-content">
+ <div class="tab-pane active" id="examples-AuthorizationAPI-performAccessControl-0-curl">
+ <pre class="prettyprint"><code class="language-bsh">curl -X POST \
+ -H "Accept: application/json" \
+ -H "Content-Type: application/json" \
+ "http://localhost/example-authz-check" \
+ -d ''
+</code></pre>
+ </div>
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-java">
+ <pre class="prettyprint"><code class="language-java">import org.openapitools.client.*;
+import org.openapitools.client.auth.*;
+import org.openapitools.client.model.*;
+import org.openapitools.client.api.AuthorizationAPIApi;
+
+import java.io.File;
+import java.util.*;
+
+public class AuthorizationAPIApiExample {
+ public static void main(String[] args) {
+
+ // Create an instance of the API class
+ AuthorizationAPIApi apiInstance = new AuthorizationAPIApi();
+ PolicyAuthorization policyAuthorization = ; // PolicyAuthorization |
+
+ try {
+ authorization_result result = apiInstance.performAccessControl(policyAuthorization);
+ System.out.println(result);
+ } catch (ApiException e) {
+ System.err.println("Exception when calling AuthorizationAPIApi#performAccessControl");
+ e.printStackTrace();
+ }
+ }
+}
+</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-android">
+ <pre class="prettyprint"><code class="language-java">import org.openapitools.client.api.AuthorizationAPIApi;
+
+public class AuthorizationAPIApiExample {
+ public static void main(String[] args) {
+ AuthorizationAPIApi apiInstance = new AuthorizationAPIApi();
+ PolicyAuthorization policyAuthorization = ; // PolicyAuthorization |
+
+ try {
+ authorization_result result = apiInstance.performAccessControl(policyAuthorization);
+ System.out.println(result);
+ } catch (ApiException e) {
+ System.err.println("Exception when calling AuthorizationAPIApi#performAccessControl");
+ e.printStackTrace();
+ }
+ }
+}</code></pre>
+ </div>
+ <!--
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-groovy">
+ <pre class="prettyprint language-json prettyprinted" data-type="json"><code>Coming Soon!</code></pre>
+ </div> -->
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-objc">
+ <pre class="prettyprint"><code class="language-cpp">
+
+// Create an instance of the API class
+AuthorizationAPIApi *apiInstance = [[AuthorizationAPIApi alloc] init];
+PolicyAuthorization *policyAuthorization = ; //
+
+// Request for access authorization.
+[apiInstance performAccessControlWith:policyAuthorization
+ completionHandler: ^(authorization_result output, NSError* error) {
+ if (output) {
+ NSLog(@"%@", output);
+ }
+ if (error) {
+ NSLog(@"Error: %@", error);
+ }
+}];
+</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-javascript">
+ <pre class="prettyprint"><code class="language-js">var A1PolicyManagementService = require('a1_policy_management_service');
+
+// Create an instance of the API class
+var api = new A1PolicyManagementService.AuthorizationAPIApi()
+var policyAuthorization = ; // {PolicyAuthorization}
+
+var callback = function(error, data, response) {
+ if (error) {
+ console.error(error);
+ } else {
+ console.log('API called successfully. Returned data: ' + data);
+ }
+};
+api.performAccessControl(policyAuthorization, callback);
+</code></pre>
+ </div>
+
+ <!--<div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-angular">
+ <pre class="prettyprint language-json prettyprinted" data-type="json"><code>Coming Soon!</code></pre>
+ </div>-->
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-csharp">
+ <pre class="prettyprint"><code class="language-cs">using System;
+using System.Diagnostics;
+using Org.OpenAPITools.Api;
+using Org.OpenAPITools.Client;
+using Org.OpenAPITools.Model;
+
+namespace Example
+{
+ public class performAccessControlExample
+ {
+ public void main()
+ {
+
+ // Create an instance of the API class
+ var apiInstance = new AuthorizationAPIApi();
+ var policyAuthorization = new PolicyAuthorization(); // PolicyAuthorization |
+
+ try {
+ // Request for access authorization.
+ authorization_result result = apiInstance.performAccessControl(policyAuthorization);
+ Debug.WriteLine(result);
+ } catch (Exception e) {
+ Debug.Print("Exception when calling AuthorizationAPIApi.performAccessControl: " + e.Message );
+ }
+ }
+ }
+}
+</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-php">
+ <pre class="prettyprint"><code class="language-php"><&#63;php
+require_once(__DIR__ . '/vendor/autoload.php');
+
+// Create an instance of the API class
+$api_instance = new OpenAPITools\Client\Api\AuthorizationAPIApi();
+$policyAuthorization = ; // PolicyAuthorization |
+
+try {
+ $result = $api_instance->performAccessControl($policyAuthorization);
+ print_r($result);
+} catch (Exception $e) {
+ echo 'Exception when calling AuthorizationAPIApi->performAccessControl: ', $e->getMessage(), PHP_EOL;
+}
+?></code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-perl">
+ <pre class="prettyprint"><code class="language-perl">use Data::Dumper;
+use WWW::OPenAPIClient::Configuration;
+use WWW::OPenAPIClient::AuthorizationAPIApi;
+
+# Create an instance of the API class
+my $api_instance = WWW::OPenAPIClient::AuthorizationAPIApi->new();
+my $policyAuthorization = WWW::OPenAPIClient::Object::PolicyAuthorization->new(); # PolicyAuthorization |
+
+eval {
+ my $result = $api_instance->performAccessControl(policyAuthorization => $policyAuthorization);
+ print Dumper($result);
+};
+if ($@) {
+ warn "Exception when calling AuthorizationAPIApi->performAccessControl: $@\n";
+}</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-python">
+ <pre class="prettyprint"><code class="language-python">from __future__ import print_statement
+import time
+import openapi_client
+from openapi_client.rest import ApiException
+from pprint import pprint
+
+# Create an instance of the API class
+api_instance = openapi_client.AuthorizationAPIApi()
+policyAuthorization = # PolicyAuthorization |
+
+try:
+ # Request for access authorization.
+ api_response = api_instance.perform_access_control(policyAuthorization)
+ pprint(api_response)
+except ApiException as e:
+ print("Exception when calling AuthorizationAPIApi->performAccessControl: %s\n" % e)</code></pre>
+ </div>
+
+ <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-rust">
+ <pre class="prettyprint"><code class="language-rust">extern crate AuthorizationAPIApi;
+
+pub fn main() {
+ let policyAuthorization = ; // PolicyAuthorization
+
+ let mut context = AuthorizationAPIApi::Context::default();
+ let result = client.performAccessControl(policyAuthorization, &context).wait();
+
+ println!("{:?}", result);
+}
+</code></pre>
+ </div>
+ </div>
+
+ <h2>Scopes</h2>
+ <table>
+
+ </table>
+
+ <h2>Parameters</h2>
+
+
+
+ <div class="methodsubtabletitle">Body parameters</div>
+ <table id="methodsubtable">
+ <tr>
+ <th width="150px">Name</th>
+ <th>Description</th>
+ </tr>
+ <tr><td style="width:150px;">policyAuthorization <span style="color:red;">*</span></td>
+<td>
+<p class="marked"></p>
+<script>
+$(document).ready(function() {
+ var schemaWrapper = {
+ "content" : {
+ "application/json" : {
+ "schema" : {
+ "$ref" : "#/components/schemas/policy_authorization"
+ }
+ }
+ },
+ "required" : true
+};
+
+ var schema = findNode('schema',schemaWrapper).schema;
+ if (!schema) {
+ schema = schemaWrapper.schema;
+ }
+ if (schema.$ref != null) {
+ schema = defsParser.$refs.get(schema.$ref);
+ } else {
+ schemaWrapper.definitions = Object.assign({}, defs);
+ $RefParser.dereference(schemaWrapper).catch(function(err) {
+ console.log(err);
+ });
+ }
+
+ var view = new JSONSchemaView(schema,2,{isBodyParam: true});
+ var result = $('#d2e199_performAccessControl_policyAuthorization');
+ result.empty();
+ result.append(view.render());
+});
+</script>
+<div id="d2e199_performAccessControl_policyAuthorization"></div>
+</td>
+</tr>
+
+ </table>
+
+
+
+ <h2>Responses</h2>
+ <h3 id="examples-AuthorizationAPI-performAccessControl-title-200"></h3>
+ <p id="examples-AuthorizationAPI-performAccessControl-description-200" class="marked"></p>
+ <script>
+ var responseAuthorizationAPI200_description = `OK`;
+ var responseAuthorizationAPI200_description_break = responseAuthorizationAPI200_description.indexOf('\n');
+ if (responseAuthorizationAPI200_description_break == -1) {
+ $("#examples-AuthorizationAPI-performAccessControl-title-200").text("Status: 200 - " + responseAuthorizationAPI200_description);
+ } else {
+ $("#examples-AuthorizationAPI-performAccessControl-title-200").text("Status: 200 - " + responseAuthorizationAPI200_description.substring(0, responseAuthorizationAPI200_description_break));
+ $("#examples-AuthorizationAPI-performAccessControl-description-200").html(responseAuthorizationAPI200_description.substring(responseAuthorizationAPI200_description_break));
+ }
+ </script>
+
+
+ <ul id="responses-detail-AuthorizationAPI-performAccessControl-200" class="nav nav-tabs nav-tabs-examples" >
+ <li class="active">
+ <a data-toggle="tab" href="#responses-AuthorizationAPI-performAccessControl-200-schema">Schema</a>
+ </li>
+
+
+
+
+ </ul>
+
+
+ <div class="tab-content" id="responses-AuthorizationAPI-performAccessControl-200-wrapper" style='margin-bottom: 10px;'>
+ <div class="tab-pane active" id="responses-AuthorizationAPI-performAccessControl-200-schema">
+ <div id="responses-AuthorizationAPI-performAccessControl-schema-200" class="exampleStyle">
+ <script>
+ $(document).ready(function() {
+ var schemaWrapper = {
+ "description" : "OK",
+ "content" : {
+ "application/json" : {
+ "schema" : {
+ "$ref" : "#/components/schemas/authorization_result"
+ }
+ }
+ }
+};
+ var schema = findNode('schema',schemaWrapper).schema;
+ if (!schema) {
+ schema = schemaWrapper.schema;
+ }
+ if (schema.$ref != null) {
+ schema = defsParser.$refs.get(schema.$ref);
+ } else if (schema.items != null && schema.items.$ref != null) {
+ schema.items = defsParser.$refs.get(schema.items.$ref);
+ } else {
+ schemaWrapper.definitions = Object.assign({}, defs);
+ $RefParser.dereference(schemaWrapper).catch(function(err) {
+ console.log(err);
+ });
+ }
+
+ var view = new JSONSchemaView(schema, 3);
+ $('#responses-AuthorizationAPI-performAccessControl-200-schema-data').val(JSON.stringify(schema));
+ var result = $('#responses-AuthorizationAPI-performAccessControl-schema-200');
+ result.empty();
+ result.append(view.render());
+ });
+ </script>
+ </div>
+ <input id='responses-AuthorizationAPI-performAccessControl-200-schema-data' type='hidden' value=''></input>
+ </div>
+ </div>
+ </article>
+ </div>
+ <hr>
+ </section>
<section id="api-Callbacks">
<h1>Callbacks</h1>
<div id="api-Callbacks-serviceCallback">
diff --git a/docs/offeredapis/swagger/pms-api.json b/docs/offeredapis/swagger/pms-api.json
index 9efa7b75..33fa5e18 100644
--- a/docs/offeredapis/swagger/pms-api.json
+++ b/docs/offeredapis/swagger/pms-api.json
@@ -936,7 +936,7 @@
"description": "OK",
"content": {"application/json": {"schema": {"$ref": "#/components/schemas/void"}}}
}},
- "tags": ["Callbacks"]
+ "tags": ["Service callbacks"]
}},
"/a1-policy/v2/services/{service_id}": {"delete": {
"summary": "Unregister a service",
@@ -999,9 +999,9 @@
"name": "Copyright (C) 2020-2023 Nordix Foundation. Licensed under the Apache License.",
"url": "http://www.apache.org/licenses/LICENSE-2.0"
},
- "description": "<h2>General<\/h2><p>The O-RAN Non-RT RIC Policy Management Service provides a REST API for management of A1 policies. <br/>The main tasks of the service are:<\/p><ul><li>A1 Policy creation, modification and deletion.<\/li><li>Monitoring and maintaining consistency of the SMO view of A1 policies and the Near-RT RICs<\/li><li>Maintaining a view of supported Near-RT RIC policy types<\/li><li>Supervision of using services (R-APPs). When a service is unavailable, its policies are removed.<\/li><\/ul><h2>APIs provided by the service<\/h2><h3>A1 Policy Management<\/h3><p>This is an API for management of A1 Policies.<\/p><ul><li>A1 Policy retrieval, creation, modification and deletion.<\/li><li>Retrieval of supported A1 Policy types for a Near-RT RIC<\/li><li>Retrieval of status for existing A1 policies<\/li><\/ul><h3>Management of configuration<\/h3><p>API for updating and retrieval of the component configuration. Note that there other ways to maintain the configuration.<\/p><h3>Callbacks<\/h3><p>These are endpoints that are invoked by this service. The callbacks are registered in this service at service registration.<\/p><h3>NearRT-RIC Repository<\/h3><p>This is an API that provides support for looking up a NearRT-RIC. Each A1 policy is targeted for one Near-RT RIC.<\/p><h3>Health Check<\/h3><p>API used for supervision of the PMS component.<\/p><h3>Service Registry and Supervision<\/h3><p>API used for registering services that uses PMS. Each A1 policy is optionally owned by a service. PMS can supervise each registered service by a heart-beat supervision and will automatically remove policies for unavailable services. Note that a service does not need to be registered in order to create A1 Policies. This is a feature that is optional to use.<\/p><h3>Spring Boot Actuator<\/h3><p>Provides generic functions used to monitor and manage the Spring web application.<\/p>",
+ "description": "<h2>General<\/h2><p>The O-RAN Non-RT RIC Policy Management Service provides a REST API for management of A1 policies. <br/>The main tasks of the service are:<\/p><ul><li>A1 Policy creation, modification and deletion.<\/li><li>Monitoring and maintaining consistency of the SMO view of A1 policies and the Near-RT RICs<\/li><li>Maintaining a view of supported Near-RT RIC policy types<\/li><li>Supervision of using services (R-APPs). When a service is unavailable, its policies are removed.<\/li><\/ul><h2>APIs provided or defined by the service<\/h2><h3>A1 Policy Management<\/h3><p>This is an API for management of A1 Policies.<\/p><ul><li>A1 Policy retrieval, creation, modification and deletion.<\/li><li>Retrieval of supported A1 Policy types for a Near-RT RIC<\/li><li>Retrieval of status for existing A1 policies<\/li><\/ul><h3>Management of configuration<\/h3><p>API for updating and retrieval of the component configuration. Note that there other ways to maintain the configuration.<\/p><h3>Service callbacks<\/h3><p>These are endpoints that are invoked by this service. The callbacks are registered in this service at service registration.<\/p><h3>NearRT-RIC Repository<\/h3><p>This is an API that provides support for looking up a NearRT-RIC. Each A1 policy is targeted for one Near-RT RIC.<\/p><h3>Health Check<\/h3><p>API used for supervision of the PMS component.<\/p><h3>Service Registry and Supervision<\/h3><p>API used for registering services that uses PMS. Each A1 policy is optionally owned by a service. PMS can supervise each registered service by a heart-beat supervision and will automatically remove policies for unavailable services. Note that a service does not need to be registered in order to create A1 Policies. This is a feature that is optional to use.<\/p><h3>Authorization API<\/h3><p>API used for access control of A1 Policy access. If configured, an external authorization provider is requested to grant access to the A1 Policy type.<\/p><h3>Spring Boot Actuator<\/h3><p>Provides generic functions used to monitor and manage the Spring web application.<\/p>",
"title": "A1 Policy Management Service",
- "version": "1.1.0"
+ "version": "1.2.0"
},
"tags": [
{
diff --git a/docs/offeredapis/swagger/pms-api.yaml b/docs/offeredapis/swagger/pms-api.yaml
index 0cd28d07..a905c40e 100644
--- a/docs/offeredapis/swagger/pms-api.yaml
+++ b/docs/offeredapis/swagger/pms-api.yaml
@@ -31,6 +31,10 @@ info:
servers:
- url: /
tags:
+- description: "API used for authorization of information A1 policy access (this is\
+ \ provided by an authorization producer such as OPA).\nNote that this API is called\
+ \ by PMS, it is not provided.\n"
+ name: Authorization API
- description: Monitor and interact
externalDocs:
description: Spring Boot Actuator Web API Documentation
@@ -93,6 +97,26 @@ paths:
summary: Query for A1 policy instances
tags:
- A1 Policy Management
+ /example-authz-check:
+ post:
+ description: The authorization function decides if access is granted.
+ operationId: performAccessControl
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/policy_authorization'
+ required: true
+ responses:
+ "200":
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/authorization_result'
+ description: OK
+ summary: Request for access authorization.
+ tags:
+ - Authorization API
/actuator/threaddump:
get:
operationId: threaddump
@@ -957,6 +981,17 @@ components:
description: status text
type: string
type: object
+ authorization_result:
+ description: Result of authorization
+ example:
+ result: true
+ properties:
+ result:
+ description: "If true, the access is granted"
+ type: boolean
+ required:
+ - result
+ type: object
ric_info_v2:
description: Information for a Near-RT RIC
example:
@@ -1113,6 +1148,35 @@ components:
http://json-schema.org/draft-07/schema
type: object
type: object
+ input:
+ description: input
+ properties:
+ access_type:
+ description: Access type
+ enum:
+ - READ
+ - WRITE
+ - DELETE
+ type: string
+ auth_token:
+ description: Authorization token
+ type: string
+ policy_type_id:
+ description: Policy type identifier
+ type: string
+ required:
+ - access_type
+ - auth_token
+ - policy_type_id
+ type: object
+ policy_authorization:
+ description: Authorization request for A1 policy requests
+ properties:
+ input:
+ $ref: '#/components/schemas/input'
+ required:
+ - input
+ type: object
policytype_id_list_v2:
description: Information about policy types
example:
diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt
index 2c805dc5..3ba864af 100644
--- a/docs/requirements-docs.txt
+++ b/docs/requirements-docs.txt
@@ -7,3 +7,4 @@ sphinxcontrib-spelling
sphinxcontrib-plantuml
sphinxcontrib-redoc
sphinx-tabs
+
diff --git a/docs/tox.ini b/docs/tox.ini
index 0b0d4e61..00ec327c 100644
--- a/docs/tox.ini
+++ b/docs/tox.ini
@@ -1,6 +1,8 @@
[tox]
minversion = 1.6
-envlist = docs,
+envlist =
+ docs,
+ docs-linkcheck,
skipsdist = true
[testenv:docs]
@@ -12,17 +14,17 @@ deps =
commands =
sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html
echo "Generated docs available in {toxinidir}/_build/html"
-whitelist_externals =
+allowlist_externals =
echo
git
sh
[testenv:docs-linkcheck]
basepython = python3.8
-#deps = -r{toxinidir}/requirements-docs.txt
-commands = echo "Link Checking not enforced"
-#commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
-whitelist_externals = echo
+deps = -r{toxinidir}/requirements-docs.txt
+#commands = echo "Link Checking not enforced"
+commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck
+allowlist_externals = echo
[testenv:docs-spellcheck]
basepython = python3.8