# ============LICENSE_START======================================================= # Copyright (C) 2024 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= openapi: 3.0.3 info: title: Policy Executor description: "Allows NCMP to execute a policy defined by a third party implementation before proceeding with a CM operation" version: 1.0.0 servers: - url: /policy-executor/api tags: - name: policy-executor description: "Execute all your policies" paths: /v1/{action}: post: description: "Fire a Policy action" operationId: executePolicyAction parameters: - $ref: '#/components/parameters/authorizationInHeader' - $ref: '#/components/parameters/actionInPath' requestBody: required: true description: "The action request body" content: application/json: schema: $ref: '#/components/schemas/PolicyExecutionRequest' tags: - policy-executor responses: '200': description: "Successful policy execution" content: application/json: schema: $ref: '#/components/schemas/PolicyExecutionResponse' '400': $ref: '#/components/responses/BadRequest' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' components: securitySchemes: bearerAuth: type: http description: "Bearer token (from client that called CPS-NCMP),used by policies to identify the client" scheme: bearer schemas: ErrorMessage: type: object title: Error properties: status: type: string message: type: string details: type: string Payload: type: object properties: targetFdn: type: string description: "The complete FDN (Fully Distinguished Name) for the element to be changed" example: "/Subnetwork=Ireland/MeContext=Athlone/ManagedElement=Athlone/SomeFunction=1/Cell=12" cmHandleId: type: string description: "The CM handle ID (optional)" example: "F811AF64F5146DFC545EC60B73DE948E" resourceIdentifier: type: string description: "The resource identifier (optional)" example: "ManagedElement=Athlone/SomeFunction=1/Cell=12" cmChangeRequest: type: object description: "The content of the change to be made" example: '{"Cell":[{"id":"Cell-id","attributes":{"administrativeState":"UNLOCKED"}}]}' required: - targetFdn - cmChangeRequest PolicyExecutionRequest: type: object properties: payloadType: type: string description: "The type of payload. Currently supported options: 'cm_write'" example: "cm_write" decisionType: type: string description: "The type of decision. Currently supported options: 'permit'" example: "permit" payload: type: array items: $ref: '#/components/schemas/Payload' required: - payloadType - decisionType - payload PolicyExecutionResponse: type: object properties: decisionId: type: string description: "Unique ID for the decision (for auditing purposes)" example: "550e8400-e29b-41d4-a716-446655440000" decision: type: string description: "The decision outcome. Currently supported values: 'permit','deny'" example: "deny" message: type: string description: "Additional information regarding the decision outcome" example: "Object locked due to recent change" required: - decisionId - decision - message responses: NotFound: description: "The specified resource was not found" content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: 404 message: "Resource Not Found" details: "The requested resource is not found" Unauthorized: description: "Unauthorized request" content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: 401 message: "Unauthorized request" details: "This request is unauthorized" Forbidden: description: "Request forbidden" content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: 403 message: "Request Forbidden" details: "This request is forbidden" BadRequest: description: "Bad request" content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: 400 message: "Bad Request" details: "The provided request is not valid" InternalServerError: description: "Internal server error" content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: 500 message: "Internal Server Error" details: "Internal server error occurred" NotImplemented: description: "Method not (yet) implemented" content: application/json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: 501 message: "Not Implemented" details: "Method not implemented" parameters: actionInPath: name: action in: path description: "The policy action. Currently supported options: 'execute'" required: true schema: type: string example: "execute" authorizationInHeader: name: Authorization in: header description: "Bearer token may be used to identify client as part of a policy" schema: type: string security: - bearerAuth: []