# ============LICENSE_START======================================================= # Copyright (C) 2024 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= openapi: 3.0.3 info: title: Operation permission API description: "Allows a client application to execute a permission request defined by a third party implementation before proceeding with an operation. As an example, a permission can be requested before performing any configuration management operation." version: 1.0.0-alpha.1+1 contact: name: CPS team url: https://lf-onap.atlassian.net/wiki/spaces/DW/pages/16442177/Configuration+Persistence+Service+Developer+s+Landing+Page email: cpsteam@est.tech license: name: Copyright (C) 2024 Nordix Foundation x-audience: external-partner x-api-id: c7fc2f5b-16bd-4bcb-8ac8-ea8d543fcc15 tags: - name: Operation permission description: "Initiate a permission request on an operation." servers: - url: http://{hostname}/operation-permission/v1 security: - bearerAuth: [] paths: /permissions: post: description: "Initiate permission request" operationId: initiatePermissionRequest parameters: - name: Content-Type description: This specifies the media type of the request sent by the client to the server in: header required: true schema: type: string default: application/json - name: Accept description: Indicates the response media type accepted by the client. in: header required: false schema: type: string default: application/json - description: Bearer token may be used to identify client as part of a policy explode: false in: header name: Authorization required: false schema: type: string style: simple requestBody: content: application/json: schema: $ref: '#/components/schemas/PermissionRequest' description: "The permission request body" required: true responses: '200': description: "OK" content: application/json: schema: $ref: '#/components/schemas/PermissionResponse' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' tags: - Operation permission components: securitySchemes: bearerAuth: type: http description: "Bearer token (from a client),used by policies to identify the client" scheme: bearer schemas: ErrorMessage: type: object title: Error properties: status: type: string title: type: string details: type: string Operation: example: operation: update entityHandleId: ABCD123450d7A822AB27B386829FD9E12 resourceIdentifier: ManagedElement=Kista/GNBDUFunction=1/UECC=1 targetIdentifier: MEContext=RadioNode-K6_0001,ManagedElement=RadioNode-K6_0001 changeRequest: Cell: - id: Cell-id attributes: administrativeState: UNLOCKED properties: operation: description: Currently supported operations are 'create', 'update', 'patch', 'delete'. For other possible operation types see the client documentation. example: update type: string entityHandleId: description: A unique identifier for the network element. example: ABCD123450d7A822AB27B386829FD9E12 type: string resourceIdentifier: description: Identifies the object in the node model. Currently supported separators are '/' and ','. For other possible format see the client documentation. example: ManagedElement=Kista/GNBDUFunction=1/UECC=1 type: string targetIdentifier: description: FDN of the target node. Currently supported separators are '/' and ','. For other possible format see the client documentation. example: MEContext=RadioNode-K6_0001/ManagedElement=RadioNode-K6_0001 type: string changeRequest: description: All the information that is required to identify which parameters and attributes of the network is changing. example: Cell: - id: Cell-id attributes: administrativeState: UNLOCKED type: object required: - operation - targetIdentifier type: object PermissionRequest: example: permissionId: 550e8400-e29b-41d4-a716-446655440000 changeRequestFormat: cm-legacy operations: - operation: update entityHandleId: ABCD123450d7A822AB27B386829FD9E12 resourceIdentifier: ManagedElement=Kista/GNBDUFunction=1/UECC=1 targetIdentifier: MEContext=RadioNode-K6_0001/ManagedElement=RadioNode-K6_0001 changeRequest: Cell: - id: Cell-id attributes: administrativeState: UNLOCKED - operation: delete entityHandleId: DCBA123450d7A822AB27B386829FD9E12 resourceIdentifier: ManagedElement=Kista/GNBDUFunction=1/UECC=1 targetIdentifier: MEContext=RadioNode-K6_0002/ManagedElement=RadioNode-K6_0002 properties: permissionId: description: Unique ID for the permission request (for auditing purposes) example: 550e8400-e29b-41d4-a716-446655440000 type: string changeRequestFormat: description: Format of the change request. Currently supported 'cm-legacy'. For other possible formats see the client documentation. example: cm-legacy type: string operations: items: $ref: '#/components/schemas/Operation' type: array required: - operations - changeRequestFormat type: object PermissionResponse: example: id: 550e8400-e29b-41d4-a716-446655440000 permissionResult: deny message: Object locked due to recent changes properties: id: description: Unique ID for the permission request (for auditing purposes) example: 550e8400-e29b-41d4-a716-446655440000 type: string permissionResult: description: "The decision outcome. Currently supported values: 'allow','deny'" example: deny type: string message: description: Additional information regarding the decision outcome example: Object locked due to recent change type: string required: - id - permissionResult - message type: object responses: BadRequest: description: "Bad Request" content: application/problem+json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: '400' title: "Bad Request" details: "The provided request is not valid" Unauthorized: description: "Unauthorized request" content: application/problem+json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: '401' title: "Unauthorized request" details: "This request is unauthorized" Forbidden: description: "Forbidden" content: application/problem+json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: '403' title: "Request Forbidden" details: "This request is forbidden" InternalServerError: description: "Internal Server Error" content: application/problem+json: schema: $ref: '#/components/schemas/ErrorMessage' example: status: '500' title: "Internal Server Error" details: "Internal server error occurred"