# ============LICENSE_START=======================================================
# Copyright (C) 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
openapi: 3.0.3
info:
title: Policy Executor
description: "Allows NCMP to execute a policy defined by a third party implementation before proceeding with a CM operation"
version: 1.0.0
servers:
- url: /policy-executor/api
tags:
- name: policy-executor
description: "Execute all your policies"
paths:
/v1/{action}:
post:
description: "Fire a Policy action"
operationId: executePolicyAction
parameters:
- $ref: '#/components/parameters/authorizationInHeader'
- $ref: '#/components/parameters/actionInPath'
requestBody:
required: true
description: "The action request body"
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyExecutionRequest'
tags:
- policy-executor
responses:
'200':
description: "Successful policy execution"
content:
application/json:
schema:
$ref: '#/components/schemas/PolicyExecutionResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'500':
$ref: '#/components/responses/InternalServerError'
components:
securitySchemes:
bearerAuth:
type: http
description: "Bearer token (from client that called CPS-NCMP),used by policies to identify the client"
scheme: bearer
schemas:
ErrorMessage:
type: object
title: Error
properties:
status:
type: string
message:
type: string
details:
type: string
Request:
type: object
properties:
schema:
type: string
description: "The schema for the data in this request. The schema name should include the type of operation"
example: "org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0"
data:
type: object
description: "The data related to the request. The format of the object is determined by the schema"
required:
- schema
- data
PolicyExecutionRequest:
type: object
properties:
decisionType:
type: string
description: "The type of decision. Currently supported options: 'allow'"
example: "allow"
requests:
type: array
items:
$ref: '#/components/schemas/Request'
required:
- decisionType
- requests
PolicyExecutionResponse:
type: object
properties:
decisionId:
type: string
description: "Unique ID for the decision (for auditing purposes)"
example: "550e8400-e29b-41d4-a716-446655440000"
decision:
type: string
description: "The decision outcome. Currently supported values: 'allow','deny'"
example: "deny"
message:
type: string
description: "Additional information regarding the decision outcome"
example: "Object locked due to recent change"
required:
- decisionId
- decision
- message
responses:
BadRequest:
description: "Bad request"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 400
message: "Bad Request"
details: "The provided request is not valid"
Unauthorized:
description: "Unauthorized request"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 401
message: "Unauthorized request"
details: "This request is unauthorized"
Forbidden:
description: "Request forbidden"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 403
message: "Request Forbidden"
details: "This request is forbidden"
InternalServerError:
description: "Internal server error"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 500
message: "Internal Server Error"
details: "Internal server error occurred"
NotImplemented:
description: "Method not (yet) implemented"
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorMessage'
example:
status: 501
message: "Not Implemented"
details: "Method not implemented"
parameters:
actionInPath:
name: action
in: path
description: "The policy action. Currently supported options: 'execute'"
required: true
schema:
type: string
example: "execute"
authorizationInHeader:
name: Authorization
in: header
description: "Bearer token may be used to identify client as part of a policy"
schema:
type: string
security:
- bearerAuth: []