aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md30
1 files changed, 24 insertions, 6 deletions
diff --git a/README.md b/README.md
index 1254546..f9c7a2c 100644
--- a/README.md
+++ b/README.md
@@ -8,13 +8,13 @@ docker build -f ./build/Dockerfile -t opa-pdp:1.0.0 .
1. docker image ls | grep opa-pdp
2. inside test directory run - docker-compose down
-
+
3. docker-compose up -d
4. docker logs -f opa-pdp
## Generating models with openapi.yaml
-
+
1. oapi-codegen -package=oapicodegen -generate "models" openapi.yaml > models.go
## Creating new Policy
@@ -23,13 +23,13 @@ docker build -f ./build/Dockerfile -t opa-pdp:1.0.0 .
2. Inside this directory create a policy [i.e; rego file] named policy.rego. Version 1 i.e v1 is supported for rego files.
-3. For contents you can see example of policy.rego under test/policies/role/policy.rego.
+3. For contents you can see example of policy.rego under test/policies/role/policy.rego.
3. Inside test/policies/data create a new directory with the package name of policy.rego. For example test/policies/data/role
4. Create a file data.json under the newly created directory inside data. For example test/policies/data/data.json
-5. In policy.rego the package declaration organizes the policy rules. This allows
+5. In policy.rego the package declaration organizes the policy rules. This allows
6. The Rule allow evaluates to true/false based on the logic defined in policy.rego
@@ -39,10 +39,28 @@ docker build -f ./build/Dockerfile -t opa-pdp:1.0.0 .
9. To deploy a new policy opa-pdp need to be redpolyed i.e; docker-compose down and up need to be executed.
+## Deploying New Policy
+
+1. Create a tosca policy file that has policy.rego and data.json encoded contents.
+
+2. For example refer to test/policy_deployment.yaml.
+
+3. OPA emphasizes that each policy should have a unique policy-name/policy-id,
+
+ example:
+ Not Allowed --> when policy with name onap.org.cell is deployed and when onap.org.cell.consistency not allowed for deployment since it carries the same hierarchy.
+ Allowed --> Policy with name onap.org.cell is deployed and when onap.org.consistency is allowed for deployment since it does not have the same hierarchy.
+
+
+4. Policy and data key should start (prefixed) with policy-id. For ex refer totest/testresources/policy_deploy_single_policy.yaml.
+
+5. Create a deploy.json file to deploy through pap. Refer to file under test/testresources/deploy.json.
+
+
## Testing Decision Api
-send json
-{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22 12:08:00.123456+0000 ", "policyName":"role/allow","input":{"user":"alice","action":"write","object":"id123","type":"dog"}}
+send json
+{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22", "currentTime": "2024-11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "+05:30", "currentDateTime": "2024-11-22 12:08:00.123456+0000 ", "policyName":"role/allow","input":{"user":"alice","action":"write","object":"id123","type":"dog"}}
to opa-pdp as shown in curl commands below.
"policyName":"[packagename in rego file]/allow"