diff options
author | PatrikBuhr <patrik.buhr@est.tech> | 2023-04-17 13:00:15 +0200 |
---|---|---|
committer | PatrikBuhr <patrik.buhr@est.tech> | 2023-04-19 09:09:31 +0200 |
commit | 9f1d9499e4e1ca40fddffb195353148cc3271b9c (patch) | |
tree | 5eef78509d35740629a0d0c7ae814a58b6a3919e /docs | |
parent | f07e4b397c60c21ae275a7c98471b64e60f14f04 (diff) |
A1 PMS support for fine grained access control -A1 London
Documentation updates.
Issue-ID: CCSDK-3889
Signed-off-by: PatrikBuhr <patrik.buhr@est.tech>
Change-Id: Iaa73d0128a4c466ed2b3d1803af66368d3c37fa6
Diffstat (limited to 'docs')
-rwxr-xr-x | docs/architecture/architecture.rst | 16 | ||||
-rw-r--r-- | docs/conf.py | 4 | ||||
-rw-r--r-- | docs/guide/developer-guide.rst | 4 | ||||
-rw-r--r-- | docs/media/ONAP-A1ControllerArchitecture.png | bin | 172679 -> 88893 bytes | |||
-rw-r--r-- | docs/media/ONAP-A1ControllerArchitecture.pptx | bin | 0 -> 32575 bytes | |||
-rw-r--r-- | docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html | 407 | ||||
-rw-r--r-- | docs/offeredapis/swagger/pms-api.json | 6 | ||||
-rw-r--r-- | docs/offeredapis/swagger/pms-api.yaml | 64 | ||||
-rw-r--r-- | docs/requirements-docs.txt | 1 | ||||
-rw-r--r-- | docs/tox.ini | 14 |
10 files changed, 501 insertions, 15 deletions
diff --git a/docs/architecture/architecture.rst b/docs/architecture/architecture.rst index a9facd53..edb9d346 100755 --- a/docs/architecture/architecture.rst +++ b/docs/architecture/architecture.rst @@ -11,9 +11,9 @@ Introduction ************ -The CCSDK ORAN components add support for handling "A1 Policies" as defined for the O-RAN A1 interface. +The CCSDK ORAN components add support for handling "A1 Policies" as defined for the O-RAN A1-P interface. -The O-RAN A1 interface is defined by the `O-RAN Alliance <https://www.o-ran.org>`_ +The O-RAN A1-P interface is defined by the `O-RAN Alliance <https://www.o-ran.org>`_ ******************* @@ -21,11 +21,21 @@ Architecture Review ******************* This picture provides a overview of ONAP's A1 Controller architecture, -integration with other ONAP components and API resource/operation provided. +integration with other components and API resource/operation provided. .. image:: ../media/ONAP-A1ControllerArchitecture.png :width: 500pt +The A1 Policy Management Service provides an API for accessing of A1 Policies. The PMS +configures these in the traffical elements (NearRT-RICS). It also keeps a backup of these in case of restart of PMS. +On regular basis, it will check that the configured A1 Policices are consistent with the actual ones in the NearRT-RICS (and take action if not). + +The access to the NearRT-RIC may be tunneled through an A1 adapter in the CCSDK/SDNC controller. + +The A1 PMS provides support for fine granied access control, which is implemented by delegating the granting of access of A1 Policies to an external +authorization provider. + +More details can be found in :ref:`developer_guide`. *************** Developer Guide diff --git a/docs/conf.py b/docs/conf.py index 6901c026..f53b9f4d 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -69,5 +69,7 @@ def setup(app): app.add_css_file("css/ribbon.css") linkcheck_ignore = [ - r'http://localhost:\d+/' + r'http://localhost:\d+/', + './a1-adapter-api.html', #Generated file that doesn't exist at link check. + './pms-api.html' #Generated file that doesn't exist at link check. ] diff --git a/docs/guide/developer-guide.rst b/docs/guide/developer-guide.rst index d3b1646f..ea726334 100644 --- a/docs/guide/developer-guide.rst +++ b/docs/guide/developer-guide.rst @@ -34,7 +34,7 @@ A1 Policy Management Service provides a REST API for management of policies. It The Policy Management Service can be accessed over the REST API. See :ref:`pms_api` for more information about the API. -The configured A1 policies are stored persistently to survive a service restart. +The configured A1 policies are stored persistently to survive a service restart. This information can be stored in a persistent volume or in an S3 Object Store bucket. Dependencies ------------ @@ -47,7 +47,7 @@ dependency management tool (see *pom.xml* file at root level) : - `Springfox <https://github.com/springfox/springfox>`_ Automated JSON API documentation for APIs built with Spring - `Lombok <https://github.com/rzwitserloot/lombok>`_ to generate code, such as getters and setters - `Awaitility <https://github.com/awaitility/awaitility>`_ to test asynchronous functionality -- `S3 <https://mvnrepository.com/artifact/software.amazon.awssdk/s3>`_ Access of Amazon S3 - Cloud Object Storage + To get a complete list of all dependencies, use command "mvn dependency:tree". diff --git a/docs/media/ONAP-A1ControllerArchitecture.png b/docs/media/ONAP-A1ControllerArchitecture.png Binary files differindex 0d549f51..3440cfc0 100644 --- a/docs/media/ONAP-A1ControllerArchitecture.png +++ b/docs/media/ONAP-A1ControllerArchitecture.png diff --git a/docs/media/ONAP-A1ControllerArchitecture.pptx b/docs/media/ONAP-A1ControllerArchitecture.pptx Binary files differnew file mode 100644 index 00000000..2178bd17 --- /dev/null +++ b/docs/media/ONAP-A1ControllerArchitecture.pptx diff --git a/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html b/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html index c8f97a81..8b29a313 100644 --- a/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html +++ b/docs/offeredapis/openapitoolgen/offeredapis/pms-api/index.html @@ -846,6 +846,17 @@ ul.nav-tabs { <script> // Script section to load models into a JS Var var defs = {} + defs["authorization_result"] = { + "required" : [ "result" ], + "type" : "object", + "properties" : { + "result" : { + "type" : "boolean", + "description" : "If true, the access is granted" + } + }, + "description" : "Result of authorization" +}; defs["error_information"] = { "type" : "object", "properties" : { @@ -863,6 +874,26 @@ ul.nav-tabs { }, "description" : "Problem as defined in https://tools.ietf.org/html/rfc7807" }; + defs["input"] = { + "required" : [ "access_type", "auth_token", "policy_type_id" ], + "type" : "object", + "properties" : { + "access_type" : { + "type" : "string", + "description" : "Access type", + "enum" : [ "READ", "WRITE", "DELETE" ] + }, + "auth_token" : { + "type" : "string", + "description" : "Authorization token" + }, + "policy_type_id" : { + "type" : "string", + "description" : "Policy type identifier" + } + }, + "description" : "input" +}; defs["Link"] = { "type" : "object", "properties" : { @@ -874,6 +905,16 @@ ul.nav-tabs { } } }; + defs["policy_authorization"] = { + "required" : [ "input" ], + "type" : "object", + "properties" : { + "input" : { + "$ref" : "#/components/schemas/input" + } + }, + "description" : "Authorization request for A1 policy requests" +}; defs["policy_id_list_v2"] = { "type" : "object", "properties" : { @@ -1185,6 +1226,10 @@ ul.nav-tabs { <li data-group="Actuator" data-name="threaddump" class=""> <a href="#api-Actuator-threaddump">threaddump</a> </li> + <li class="nav-header" data-group="AuthorizationAPI"><a href="#api-AuthorizationAPI">API Methods - AuthorizationAPI</a></li> + <li data-group="AuthorizationAPI" data-name="performAccessControl" class=""> + <a href="#api-AuthorizationAPI-performAccessControl">performAccessControl</a> + </li> <li class="nav-header" data-group="Callbacks"><a href="#api-Callbacks">API Methods - Callbacks</a></li> <li data-group="Callbacks" data-name="serviceCallback" class=""> <a href="#api-Callbacks-serviceCallback">serviceCallback</a> @@ -9221,6 +9266,368 @@ pub fn main() { </div> <hr> </section> + <section id="api-AuthorizationAPI"> + <h1>AuthorizationAPI</h1> + <div id="api-AuthorizationAPI-performAccessControl"> + <article id="api-AuthorizationAPI-performAccessControl-0" data-group="User" data-name="performAccessControl" data-version="0"> + <div class="pull-left"> + <h1>performAccessControl</h1> + <p>Request for access authorization.</p> + </div> + <div class="pull-right"></div> + <div class="clearfix"></div> + <p></p> + <p class="marked">The authorization function decides if access is granted.</p> + <p></p> + <br /> + <pre class="prettyprint language-html prettyprinted" data-type="post"><code><span class="pln">/example-authz-check</span></code></pre> + <p> + <h3>Usage and SDK Samples</h3> + </p> + <ul class="nav nav-tabs nav-tabs-examples"> + <li class="active"><a href="#examples-AuthorizationAPI-performAccessControl-0-curl">Curl</a></li> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-java">Java</a></li> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-android">Android</a></li> + <!--<li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-groovy">Groovy</a></li>--> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-objc">Obj-C</a></li> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-javascript">JavaScript</a></li> + <!--<li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-angular">Angular</a></li>--> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-csharp">C#</a></li> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-php">PHP</a></li> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-perl">Perl</a></li> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-python">Python</a></li> + <li class=""><a href="#examples-AuthorizationAPI-performAccessControl-0-rust">Rust</a></li> + </ul> + + <div class="tab-content"> + <div class="tab-pane active" id="examples-AuthorizationAPI-performAccessControl-0-curl"> + <pre class="prettyprint"><code class="language-bsh">curl -X POST \ + -H "Accept: application/json" \ + -H "Content-Type: application/json" \ + "http://localhost/example-authz-check" \ + -d '' +</code></pre> + </div> + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-java"> + <pre class="prettyprint"><code class="language-java">import org.openapitools.client.*; +import org.openapitools.client.auth.*; +import org.openapitools.client.model.*; +import org.openapitools.client.api.AuthorizationAPIApi; + +import java.io.File; +import java.util.*; + +public class AuthorizationAPIApiExample { + public static void main(String[] args) { + + // Create an instance of the API class + AuthorizationAPIApi apiInstance = new AuthorizationAPIApi(); + PolicyAuthorization policyAuthorization = ; // PolicyAuthorization | + + try { + authorization_result result = apiInstance.performAccessControl(policyAuthorization); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling AuthorizationAPIApi#performAccessControl"); + e.printStackTrace(); + } + } +} +</code></pre> + </div> + + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-android"> + <pre class="prettyprint"><code class="language-java">import org.openapitools.client.api.AuthorizationAPIApi; + +public class AuthorizationAPIApiExample { + public static void main(String[] args) { + AuthorizationAPIApi apiInstance = new AuthorizationAPIApi(); + PolicyAuthorization policyAuthorization = ; // PolicyAuthorization | + + try { + authorization_result result = apiInstance.performAccessControl(policyAuthorization); + System.out.println(result); + } catch (ApiException e) { + System.err.println("Exception when calling AuthorizationAPIApi#performAccessControl"); + e.printStackTrace(); + } + } +}</code></pre> + </div> + <!-- + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-groovy"> + <pre class="prettyprint language-json prettyprinted" data-type="json"><code>Coming Soon!</code></pre> + </div> --> + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-objc"> + <pre class="prettyprint"><code class="language-cpp"> + +// Create an instance of the API class +AuthorizationAPIApi *apiInstance = [[AuthorizationAPIApi alloc] init]; +PolicyAuthorization *policyAuthorization = ; // + +// Request for access authorization. +[apiInstance performAccessControlWith:policyAuthorization + completionHandler: ^(authorization_result output, NSError* error) { + if (output) { + NSLog(@"%@", output); + } + if (error) { + NSLog(@"Error: %@", error); + } +}]; +</code></pre> + </div> + + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-javascript"> + <pre class="prettyprint"><code class="language-js">var A1PolicyManagementService = require('a1_policy_management_service'); + +// Create an instance of the API class +var api = new A1PolicyManagementService.AuthorizationAPIApi() +var policyAuthorization = ; // {PolicyAuthorization} + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully. Returned data: ' + data); + } +}; +api.performAccessControl(policyAuthorization, callback); +</code></pre> + </div> + + <!--<div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-angular"> + <pre class="prettyprint language-json prettyprinted" data-type="json"><code>Coming Soon!</code></pre> + </div>--> + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-csharp"> + <pre class="prettyprint"><code class="language-cs">using System; +using System.Diagnostics; +using Org.OpenAPITools.Api; +using Org.OpenAPITools.Client; +using Org.OpenAPITools.Model; + +namespace Example +{ + public class performAccessControlExample + { + public void main() + { + + // Create an instance of the API class + var apiInstance = new AuthorizationAPIApi(); + var policyAuthorization = new PolicyAuthorization(); // PolicyAuthorization | + + try { + // Request for access authorization. + authorization_result result = apiInstance.performAccessControl(policyAuthorization); + Debug.WriteLine(result); + } catch (Exception e) { + Debug.Print("Exception when calling AuthorizationAPIApi.performAccessControl: " + e.Message ); + } + } + } +} +</code></pre> + </div> + + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-php"> + <pre class="prettyprint"><code class="language-php"><?php +require_once(__DIR__ . '/vendor/autoload.php'); + +// Create an instance of the API class +$api_instance = new OpenAPITools\Client\Api\AuthorizationAPIApi(); +$policyAuthorization = ; // PolicyAuthorization | + +try { + $result = $api_instance->performAccessControl($policyAuthorization); + print_r($result); +} catch (Exception $e) { + echo 'Exception when calling AuthorizationAPIApi->performAccessControl: ', $e->getMessage(), PHP_EOL; +} +?></code></pre> + </div> + + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-perl"> + <pre class="prettyprint"><code class="language-perl">use Data::Dumper; +use WWW::OPenAPIClient::Configuration; +use WWW::OPenAPIClient::AuthorizationAPIApi; + +# Create an instance of the API class +my $api_instance = WWW::OPenAPIClient::AuthorizationAPIApi->new(); +my $policyAuthorization = WWW::OPenAPIClient::Object::PolicyAuthorization->new(); # PolicyAuthorization | + +eval { + my $result = $api_instance->performAccessControl(policyAuthorization => $policyAuthorization); + print Dumper($result); +}; +if ($@) { + warn "Exception when calling AuthorizationAPIApi->performAccessControl: $@\n"; +}</code></pre> + </div> + + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-python"> + <pre class="prettyprint"><code class="language-python">from __future__ import print_statement +import time +import openapi_client +from openapi_client.rest import ApiException +from pprint import pprint + +# Create an instance of the API class +api_instance = openapi_client.AuthorizationAPIApi() +policyAuthorization = # PolicyAuthorization | + +try: + # Request for access authorization. + api_response = api_instance.perform_access_control(policyAuthorization) + pprint(api_response) +except ApiException as e: + print("Exception when calling AuthorizationAPIApi->performAccessControl: %s\n" % e)</code></pre> + </div> + + <div class="tab-pane" id="examples-AuthorizationAPI-performAccessControl-0-rust"> + <pre class="prettyprint"><code class="language-rust">extern crate AuthorizationAPIApi; + +pub fn main() { + let policyAuthorization = ; // PolicyAuthorization + + let mut context = AuthorizationAPIApi::Context::default(); + let result = client.performAccessControl(policyAuthorization, &context).wait(); + + println!("{:?}", result); +} +</code></pre> + </div> + </div> + + <h2>Scopes</h2> + <table> + + </table> + + <h2>Parameters</h2> + + + + <div class="methodsubtabletitle">Body parameters</div> + <table id="methodsubtable"> + <tr> + <th width="150px">Name</th> + <th>Description</th> + </tr> + <tr><td style="width:150px;">policyAuthorization <span style="color:red;">*</span></td> +<td> +<p class="marked"></p> +<script> +$(document).ready(function() { + var schemaWrapper = { + "content" : { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/policy_authorization" + } + } + }, + "required" : true +}; + + var schema = findNode('schema',schemaWrapper).schema; + if (!schema) { + schema = schemaWrapper.schema; + } + if (schema.$ref != null) { + schema = defsParser.$refs.get(schema.$ref); + } else { + schemaWrapper.definitions = Object.assign({}, defs); + $RefParser.dereference(schemaWrapper).catch(function(err) { + console.log(err); + }); + } + + var view = new JSONSchemaView(schema,2,{isBodyParam: true}); + var result = $('#d2e199_performAccessControl_policyAuthorization'); + result.empty(); + result.append(view.render()); +}); +</script> +<div id="d2e199_performAccessControl_policyAuthorization"></div> +</td> +</tr> + + </table> + + + + <h2>Responses</h2> + <h3 id="examples-AuthorizationAPI-performAccessControl-title-200"></h3> + <p id="examples-AuthorizationAPI-performAccessControl-description-200" class="marked"></p> + <script> + var responseAuthorizationAPI200_description = `OK`; + var responseAuthorizationAPI200_description_break = responseAuthorizationAPI200_description.indexOf('\n'); + if (responseAuthorizationAPI200_description_break == -1) { + $("#examples-AuthorizationAPI-performAccessControl-title-200").text("Status: 200 - " + responseAuthorizationAPI200_description); + } else { + $("#examples-AuthorizationAPI-performAccessControl-title-200").text("Status: 200 - " + responseAuthorizationAPI200_description.substring(0, responseAuthorizationAPI200_description_break)); + $("#examples-AuthorizationAPI-performAccessControl-description-200").html(responseAuthorizationAPI200_description.substring(responseAuthorizationAPI200_description_break)); + } + </script> + + + <ul id="responses-detail-AuthorizationAPI-performAccessControl-200" class="nav nav-tabs nav-tabs-examples" > + <li class="active"> + <a data-toggle="tab" href="#responses-AuthorizationAPI-performAccessControl-200-schema">Schema</a> + </li> + + + + + </ul> + + + <div class="tab-content" id="responses-AuthorizationAPI-performAccessControl-200-wrapper" style='margin-bottom: 10px;'> + <div class="tab-pane active" id="responses-AuthorizationAPI-performAccessControl-200-schema"> + <div id="responses-AuthorizationAPI-performAccessControl-schema-200" class="exampleStyle"> + <script> + $(document).ready(function() { + var schemaWrapper = { + "description" : "OK", + "content" : { + "application/json" : { + "schema" : { + "$ref" : "#/components/schemas/authorization_result" + } + } + } +}; + var schema = findNode('schema',schemaWrapper).schema; + if (!schema) { + schema = schemaWrapper.schema; + } + if (schema.$ref != null) { + schema = defsParser.$refs.get(schema.$ref); + } else if (schema.items != null && schema.items.$ref != null) { + schema.items = defsParser.$refs.get(schema.items.$ref); + } else { + schemaWrapper.definitions = Object.assign({}, defs); + $RefParser.dereference(schemaWrapper).catch(function(err) { + console.log(err); + }); + } + + var view = new JSONSchemaView(schema, 3); + $('#responses-AuthorizationAPI-performAccessControl-200-schema-data').val(JSON.stringify(schema)); + var result = $('#responses-AuthorizationAPI-performAccessControl-schema-200'); + result.empty(); + result.append(view.render()); + }); + </script> + </div> + <input id='responses-AuthorizationAPI-performAccessControl-200-schema-data' type='hidden' value=''></input> + </div> + </div> + </article> + </div> + <hr> + </section> <section id="api-Callbacks"> <h1>Callbacks</h1> <div id="api-Callbacks-serviceCallback"> diff --git a/docs/offeredapis/swagger/pms-api.json b/docs/offeredapis/swagger/pms-api.json index 9efa7b75..33fa5e18 100644 --- a/docs/offeredapis/swagger/pms-api.json +++ b/docs/offeredapis/swagger/pms-api.json @@ -936,7 +936,7 @@ "description": "OK", "content": {"application/json": {"schema": {"$ref": "#/components/schemas/void"}}} }}, - "tags": ["Callbacks"] + "tags": ["Service callbacks"] }}, "/a1-policy/v2/services/{service_id}": {"delete": { "summary": "Unregister a service", @@ -999,9 +999,9 @@ "name": "Copyright (C) 2020-2023 Nordix Foundation. Licensed under the Apache License.", "url": "http://www.apache.org/licenses/LICENSE-2.0" }, - "description": "<h2>General<\/h2><p>The O-RAN Non-RT RIC Policy Management Service provides a REST API for management of A1 policies. <br/>The main tasks of the service are:<\/p><ul><li>A1 Policy creation, modification and deletion.<\/li><li>Monitoring and maintaining consistency of the SMO view of A1 policies and the Near-RT RICs<\/li><li>Maintaining a view of supported Near-RT RIC policy types<\/li><li>Supervision of using services (R-APPs). When a service is unavailable, its policies are removed.<\/li><\/ul><h2>APIs provided by the service<\/h2><h3>A1 Policy Management<\/h3><p>This is an API for management of A1 Policies.<\/p><ul><li>A1 Policy retrieval, creation, modification and deletion.<\/li><li>Retrieval of supported A1 Policy types for a Near-RT RIC<\/li><li>Retrieval of status for existing A1 policies<\/li><\/ul><h3>Management of configuration<\/h3><p>API for updating and retrieval of the component configuration. Note that there other ways to maintain the configuration.<\/p><h3>Callbacks<\/h3><p>These are endpoints that are invoked by this service. The callbacks are registered in this service at service registration.<\/p><h3>NearRT-RIC Repository<\/h3><p>This is an API that provides support for looking up a NearRT-RIC. Each A1 policy is targeted for one Near-RT RIC.<\/p><h3>Health Check<\/h3><p>API used for supervision of the PMS component.<\/p><h3>Service Registry and Supervision<\/h3><p>API used for registering services that uses PMS. Each A1 policy is optionally owned by a service. PMS can supervise each registered service by a heart-beat supervision and will automatically remove policies for unavailable services. Note that a service does not need to be registered in order to create A1 Policies. This is a feature that is optional to use.<\/p><h3>Spring Boot Actuator<\/h3><p>Provides generic functions used to monitor and manage the Spring web application.<\/p>", + "description": "<h2>General<\/h2><p>The O-RAN Non-RT RIC Policy Management Service provides a REST API for management of A1 policies. <br/>The main tasks of the service are:<\/p><ul><li>A1 Policy creation, modification and deletion.<\/li><li>Monitoring and maintaining consistency of the SMO view of A1 policies and the Near-RT RICs<\/li><li>Maintaining a view of supported Near-RT RIC policy types<\/li><li>Supervision of using services (R-APPs). When a service is unavailable, its policies are removed.<\/li><\/ul><h2>APIs provided or defined by the service<\/h2><h3>A1 Policy Management<\/h3><p>This is an API for management of A1 Policies.<\/p><ul><li>A1 Policy retrieval, creation, modification and deletion.<\/li><li>Retrieval of supported A1 Policy types for a Near-RT RIC<\/li><li>Retrieval of status for existing A1 policies<\/li><\/ul><h3>Management of configuration<\/h3><p>API for updating and retrieval of the component configuration. Note that there other ways to maintain the configuration.<\/p><h3>Service callbacks<\/h3><p>These are endpoints that are invoked by this service. The callbacks are registered in this service at service registration.<\/p><h3>NearRT-RIC Repository<\/h3><p>This is an API that provides support for looking up a NearRT-RIC. Each A1 policy is targeted for one Near-RT RIC.<\/p><h3>Health Check<\/h3><p>API used for supervision of the PMS component.<\/p><h3>Service Registry and Supervision<\/h3><p>API used for registering services that uses PMS. Each A1 policy is optionally owned by a service. PMS can supervise each registered service by a heart-beat supervision and will automatically remove policies for unavailable services. Note that a service does not need to be registered in order to create A1 Policies. This is a feature that is optional to use.<\/p><h3>Authorization API<\/h3><p>API used for access control of A1 Policy access. If configured, an external authorization provider is requested to grant access to the A1 Policy type.<\/p><h3>Spring Boot Actuator<\/h3><p>Provides generic functions used to monitor and manage the Spring web application.<\/p>", "title": "A1 Policy Management Service", - "version": "1.1.0" + "version": "1.2.0" }, "tags": [ { diff --git a/docs/offeredapis/swagger/pms-api.yaml b/docs/offeredapis/swagger/pms-api.yaml index 0cd28d07..a905c40e 100644 --- a/docs/offeredapis/swagger/pms-api.yaml +++ b/docs/offeredapis/swagger/pms-api.yaml @@ -31,6 +31,10 @@ info: servers: - url: / tags: +- description: "API used for authorization of information A1 policy access (this is\ + \ provided by an authorization producer such as OPA).\nNote that this API is called\ + \ by PMS, it is not provided.\n" + name: Authorization API - description: Monitor and interact externalDocs: description: Spring Boot Actuator Web API Documentation @@ -93,6 +97,26 @@ paths: summary: Query for A1 policy instances tags: - A1 Policy Management + /example-authz-check: + post: + description: The authorization function decides if access is granted. + operationId: performAccessControl + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/policy_authorization' + required: true + responses: + "200": + content: + application/json: + schema: + $ref: '#/components/schemas/authorization_result' + description: OK + summary: Request for access authorization. + tags: + - Authorization API /actuator/threaddump: get: operationId: threaddump @@ -957,6 +981,17 @@ components: description: status text type: string type: object + authorization_result: + description: Result of authorization + example: + result: true + properties: + result: + description: "If true, the access is granted" + type: boolean + required: + - result + type: object ric_info_v2: description: Information for a Near-RT RIC example: @@ -1113,6 +1148,35 @@ components: http://json-schema.org/draft-07/schema type: object type: object + input: + description: input + properties: + access_type: + description: Access type + enum: + - READ + - WRITE + - DELETE + type: string + auth_token: + description: Authorization token + type: string + policy_type_id: + description: Policy type identifier + type: string + required: + - access_type + - auth_token + - policy_type_id + type: object + policy_authorization: + description: Authorization request for A1 policy requests + properties: + input: + $ref: '#/components/schemas/input' + required: + - input + type: object policytype_id_list_v2: description: Information about policy types example: diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt index 2c805dc5..3ba864af 100644 --- a/docs/requirements-docs.txt +++ b/docs/requirements-docs.txt @@ -7,3 +7,4 @@ sphinxcontrib-spelling sphinxcontrib-plantuml sphinxcontrib-redoc sphinx-tabs + diff --git a/docs/tox.ini b/docs/tox.ini index 0b0d4e61..00ec327c 100644 --- a/docs/tox.ini +++ b/docs/tox.ini @@ -1,6 +1,8 @@ [tox] minversion = 1.6 -envlist = docs, +envlist = + docs, + docs-linkcheck, skipsdist = true [testenv:docs] @@ -12,17 +14,17 @@ deps = commands = sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html echo "Generated docs available in {toxinidir}/_build/html" -whitelist_externals = +allowlist_externals = echo git sh [testenv:docs-linkcheck] basepython = python3.8 -#deps = -r{toxinidir}/requirements-docs.txt -commands = echo "Link Checking not enforced" -#commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck -whitelist_externals = echo +deps = -r{toxinidir}/requirements-docs.txt +#commands = echo "Link Checking not enforced" +commands = sphinx-build -b linkcheck -d {envtmpdir}/doctrees ./ {toxinidir}/_build/linkcheck +allowlist_externals = echo [testenv:docs-spellcheck] basepython = python3.8 |