# ============LICENSE_START======================================================= # Copyright (C) 2024 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= openapi: 3.0.3 info: description: Allows NCMP to execute a policy defined by a third party implementation before proceeding with a CM operation title: Policy Executor version: 1.0.0 servers: - url: / security: - bearerAuth: [] tags: - description: Execute all your policies name: policy-executor paths: /policy-executor/api/v1/{action}: post: description: Fire a Policy action operationId: executePolicyAction parameters: - description: Bearer token may be used to identify client as part of a policy explode: false in: header name: Authorization required: false schema: type: string style: simple - description: "The policy action. Currently supported options: 'execute'" explode: false in: path name: action required: true schema: example: execute type: string style: simple requestBody: content: application/json: schema: $ref: '#/components/schemas/PolicyExecutionRequest' description: The action request body required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/PolicyExecutionResponse' description: Successful policy execution "400": content: application/json: example: status: 400 message: Bad Request details: The provided request is not valid schema: $ref: '#/components/schemas/ErrorMessage' description: Bad request "401": content: application/json: example: status: 401 message: Unauthorized request details: This request is unauthorized schema: $ref: '#/components/schemas/ErrorMessage' description: Unauthorized request "403": content: application/json: example: status: 403 message: Request Forbidden details: This request is forbidden schema: $ref: '#/components/schemas/ErrorMessage' description: Request forbidden "500": content: application/json: example: status: 500 message: Internal Server Error details: Internal server error occurred schema: $ref: '#/components/schemas/ErrorMessage' description: Internal server error tags: - policy-executor components: parameters: actionInPath: description: "The policy action. Currently supported options: 'execute'" explode: false in: path name: action required: true schema: example: execute type: string style: simple authorizationInHeader: description: Bearer token may be used to identify client as part of a policy explode: false in: header name: Authorization required: false schema: type: string style: simple responses: BadRequest: content: application/json: example: status: 400 message: Bad Request details: The provided request is not valid schema: $ref: '#/components/schemas/ErrorMessage' description: Bad request Unauthorized: content: application/json: example: status: 401 message: Unauthorized request details: This request is unauthorized schema: $ref: '#/components/schemas/ErrorMessage' description: Unauthorized request Forbidden: content: application/json: example: status: 403 message: Request Forbidden details: This request is forbidden schema: $ref: '#/components/schemas/ErrorMessage' description: Request forbidden InternalServerError: content: application/json: example: status: 500 message: Internal Server Error details: Internal server error occurred schema: $ref: '#/components/schemas/ErrorMessage' description: Internal server error NotImplemented: content: application/json: example: status: 501 message: Not Implemented details: Method not implemented schema: $ref: '#/components/schemas/ErrorMessage' description: Method not (yet) implemented schemas: ErrorMessage: properties: status: type: string message: type: string details: type: string title: Error type: object Request: example: schema: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0 data: "{}" properties: schema: description: The schema for the data in this request. The schema name should include the type of operation example: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0 type: string data: description: The data related to the request. The format of the object is determined by the schema type: object required: - data - schema type: object PolicyExecutionRequest: example: decisionType: allow requests: - schema: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0 data: "{}" - schema: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0 data: "{}" properties: decisionType: description: "The type of decision. Currently supported options: 'allow'" example: allow type: string requests: items: $ref: '#/components/schemas/Request' type: array required: - decisionType - requests type: object PolicyExecutionResponse: example: decision: deny decisionId: 550e8400-e29b-41d4-a716-446655440000 message: Object locked due to recent change properties: decisionId: description: Unique ID for the decision (for auditing purposes) example: 550e8400-e29b-41d4-a716-446655440000 type: string decision: description: "The decision outcome. Currently supported values: 'allow','deny'" example: deny type: string message: description: Additional information regarding the decision outcome example: Object locked due to recent change type: string required: - decision - decisionId - message type: object securitySchemes: bearerAuth: description: "Bearer token (from client that called CPS-NCMP),used by policies\ \ to identify the client" scheme: bearer type: http