# ============LICENSE_START=======================================================
# Copyright (C) 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
openapi: 3.0.3
info:
description: Allows NCMP to execute a policy defined by a third party implementation
before proceeding with a CM operation
title: Policy Executor
version: 1.0.0
servers:
- url: /
security:
- bearerAuth: []
tags:
- description: Execute all your policies
name: policy-executor
paths:
/policy-executor/api/v1/{action}:
post:
description: Fire a Policy action
operationId: executePolicyAction
parameters:
- description: Bearer token may be used to identify client as part of a policy
explode: false
in: header
name: Authorization
required: false
schema:
type: string
style: simple
- description: "The policy action. Currently supported options: 'execute'"
explode: false
in: path
name: action
required: true
schema:
example: execute
type: string
style: simple
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyExecutionRequest'
description: The action request body
required: true
responses:
"200":
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyExecutionResponse'
description: Successful policy execution
"400":
content:
application/json:
example:
status: 400
message: Bad Request
details: The provided request is not valid
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Bad request
"401":
content:
application/json:
example:
status: 401
message: Unauthorized request
details: This request is unauthorized
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Unauthorized request
"403":
content:
application/json:
example:
status: 403
message: Request Forbidden
details: This request is forbidden
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Request forbidden
"500":
content:
application/json:
example:
status: 500
message: Internal Server Error
details: Internal server error occurred
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Internal server error
tags:
- policy-executor
components:
parameters:
actionInPath:
description: "The policy action. Currently supported options: 'execute'"
explode: false
in: path
name: action
required: true
schema:
example: execute
type: string
style: simple
authorizationInHeader:
description: Bearer token may be used to identify client as part of a policy
explode: false
in: header
name: Authorization
required: false
schema:
type: string
style: simple
responses:
BadRequest:
content:
application/json:
example:
status: 400
message: Bad Request
details: The provided request is not valid
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Bad request
Unauthorized:
content:
application/json:
example:
status: 401
message: Unauthorized request
details: This request is unauthorized
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Unauthorized request
Forbidden:
content:
application/json:
example:
status: 403
message: Request Forbidden
details: This request is forbidden
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Request forbidden
InternalServerError:
content:
application/json:
example:
status: 500
message: Internal Server Error
details: Internal server error occurred
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Internal server error
NotImplemented:
content:
application/json:
example:
status: 501
message: Not Implemented
details: Method not implemented
schema:
$ref: '#/components/schemas/ErrorMessage'
description: Method not (yet) implemented
schemas:
ErrorMessage:
properties:
status:
type: string
message:
type: string
details:
type: string
title: Error
type: object
Request:
example:
schema: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0
data: "{}"
properties:
schema:
description: The schema for the data in this request. The schema name should
include the type of operation
example: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0
type: string
data:
description: The data related to the request. The format of the object is
determined by the schema
type: object
required:
- data
- schema
type: object
PolicyExecutionRequest:
example:
decisionType: allow
requests:
- schema: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0
data: "{}"
- schema: org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0
data: "{}"
properties:
decisionType:
description: "The type of decision. Currently supported options: 'allow'"
example: allow
type: string
requests:
items:
$ref: '#/components/schemas/Request'
type: array
required:
- decisionType
- requests
type: object
PolicyExecutionResponse:
example:
decision: deny
decisionId: 550e8400-e29b-41d4-a716-446655440000
message: Object locked due to recent change
properties:
decisionId:
description: Unique ID for the decision (for auditing purposes)
example: 550e8400-e29b-41d4-a716-446655440000
type: string
decision:
description: "The decision outcome. Currently supported values: 'allow','deny'"
example: deny
type: string
message:
description: Additional information regarding the decision outcome
example: Object locked due to recent change
type: string
required:
- decision
- decisionId
- message
type: object
securitySchemes:
bearerAuth:
description: "Bearer token (from client that called CPS-NCMP),used by policies\
\ to identify the client"
scheme: bearer
type: http