# ============LICENSE_START=======================================================
# Copyright (C) 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
openapi: 3.0.3
info:
title: Policy Executor
description: "Allows NCMP to execute a policy defined by a third party implementation before proceeding with a CM operation"
version: 1.0.0
servers:
- url: /policy-executor/api
tags:
- name: policy-executor
description: "Execute all your policies"
paths:
/v1/{action}:
post:
description: "Fire a Policy action"
operationId: executePolicyAction
parameters:
- $ref: '#/components/parameters/authorizationInHeader'
- $ref: '#/components/parameters/actionInPath'
requestBody:
required: true
description: "The action request body"
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyExecutionRequest'
tags:
- policy-executor
responses:
'200':
description: "Successful policy execution"
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyExecutionResponse'
'400':
$ref: '#/components/responses/BadRequest'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
components:
securitySchemes:
bearerAuth:
type: http
description: "Bearer token (from client that called CPS-NCMP),used by policies to identify the client"
scheme: bearer
schemas:
ErrorMessage:
type: object
title: Error
properties:
status:
type: string
message:
type: string
details:
type: string
Payload:
type: object
properties:
targetFdn:
type: string
description: "The complete FDN (Fully Distinguished Name) for the element to be changed"
example: "/Subnetwork=Ireland/MeContext=Athlone/ManagedElement=Athlone/SomeFunction=1/Cell=12"
cmHandleId:
type: string
description: "The CM handle ID (optional)"
example: "F811AF64F5146DFC545EC60B73DE948E"
resourceIdentifier:
type: string
description: "The resource identifier (optional)"
example: "ManagedElement=Athlone/SomeFunction=1/Cell=12"
cmChangeRequest:
type: object
description: "The content of the change to be made"
example: '{"Cell":[{"id":"Cell-id","attributes":{"administrativeState":"UNLOCKED"}}]}'
required:
- targetFdn
- cmChangeRequest
PolicyExecutionRequest:
type: object
properties:
payloadType:
type: string
description: "The type of payload. Currently supported options: 'cm_write'"
example: "cm_write"
decisionType:
type: string
description: "The type of decision. Currently supported options: 'permit'"
example: "permit"
payload:
type: array
items:
$ref: '#/components/schemas/Payload'
required:
- payloadType
- decisionType
- payload
PolicyExecutionResponse:
type: object
properties:
decisionId:
type: string
description: "Unique ID for the decision (for auditing purposes)"
example: "550e8400-e29b-41d4-a716-446655440000"
decision:
type: string
description: "The decision outcome. Currently supported values: 'permit','deny'"
example: "deny"
message:
type: string
description: "Additional information regarding the decision outcome"
example: "Object locked due to recent change"
required:
- decisionId
- decision
- message
responses:
NotFound:
description: "The specified resource was not found"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 404
message: "Resource Not Found"
details: "The requested resource is not found"
Unauthorized:
description: "Unauthorized request"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 401
message: "Unauthorized request"
details: "This request is unauthorized"
Forbidden:
description: "Request forbidden"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 403
message: "Request Forbidden"
details: "This request is forbidden"
BadRequest:
description: "Bad request"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 400
message: "Bad Request"
details: "The provided request is not valid"
InternalServerError:
description: "Internal server error"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 500
message: "Internal Server Error"
details: "Internal server error occurred"
NotImplemented:
description: "Method not (yet) implemented"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 501
message: "Not Implemented"
details: "Method not implemented"
parameters:
actionInPath:
name: action
in: path
description: "The policy action. Currently supported options: 'execute'"
required: true
schema:
type: string
example: "execute"
authorizationInHeader:
name: Authorization
in: header
description: "Bearer token may be used to identify client as part of a policy"
schema:
type: string
security:
- bearerAuth: []