diff options
author | Chenfei Gao <cgao@research.att.com> | 2020-03-17 22:34:15 -0400 |
---|---|---|
committer | Chenfei Gao <cgao@research.att.com> | 2020-03-20 09:59:36 -0400 |
commit | 7984ada4d2ac68e7a008f8c4bfb632337e01c00d (patch) | |
tree | b28c88ce712e8a7abfa8fe0ff91879914f0ba4be /docs/xacml | |
parent | e78b9eff25270b8a83a232329db034fbb38eaa02 (diff) |
Updated documentation for Frankfurt changes to api and xacml-pdp
Issue-ID: POLICY-2412
Change-Id: I3a3d6ed436e307ef20b2a41c7512478cb9c09e2f
Signed-off-by: Chenfei Gao <cgao@research.att.com>
Diffstat (limited to 'docs/xacml')
-rw-r--r-- | docs/xacml/decision.native.json | 41 | ||||
-rw-r--r-- | docs/xacml/swagger.json | 862 | ||||
-rw-r--r-- | docs/xacml/xacml.rst | 28 |
3 files changed, 866 insertions, 65 deletions
diff --git a/docs/xacml/decision.native.json b/docs/xacml/decision.native.json new file mode 100644 index 00000000..5e593bc9 --- /dev/null +++ b/docs/xacml/decision.native.json @@ -0,0 +1,41 @@ +{ + "Request": { + "ReturnPolicyIdList": false, + "CombinedDecision": false, + "AccessSubject": [ + { + "Attribute": [ + { + "IncludeInResult": false, + "AttributeId": "subject-id", + "Value": "Julius Hibbert" + } + ] + } + ], + "Resource": [ + { + "Attribute": [ + { + "IncludeInResult": false, + "AttributeId": "resource-id", + "Value": "http://medico.com/record/patient/BartSimpson", + "DataType": "anyURI" + } + ] + } + ], + "Action": [ + { + "Attribute": [ + { + "IncludeInResult": false, + "AttributeId": "action-id", + "Value": "read" + } + ] + } + ], + "Environment": [] + } +}
\ No newline at end of file diff --git a/docs/xacml/swagger.json b/docs/xacml/swagger.json index 49011964..0bb133b9 100644 --- a/docs/xacml/swagger.json +++ b/docs/xacml/swagger.json @@ -7,31 +7,92 @@ "x-component" : "Policy Framework", "x-planned-retirement-date" : "tbd" }, - "host" : "Pamelas-MBP-2.client.research.att.com:6969", + "host" : "policy-xacml-pdp:6969", "basePath" : "/", "tags" : [ { + "name" : "HealthCheck" + }, { "name" : "Decision" }, { "name" : "Statistics" - }, { - "name" : "HealthCheck" } ], "schemes" : [ "http", "https" ], "paths" : { - "/policy/pdpx/v1/decision" : { + "/policy/pdpx/v1/healthcheck" : { + "get" : { + "tags" : [ "HealthCheck" ], + "summary" : "Perform a system healthcheck", + "description" : "Provides healthy status of the Policy Xacml PDP component", + "operationId" : "healthcheck", + "consumes" : [ "application/json", "application/yaml" ], + "produces" : [ "application/json", "application/yaml" ], + "parameters" : [ { + "name" : "X-ONAP-RequestID", + "in" : "header", + "description" : "RequestID for http transaction", + "required" : false, + "type" : "string", + "format" : "uuid" + } ], + "responses" : { + "200" : { + "description" : "successful operation", + "headers" : { + "X-MinorVersion" : { + "type" : "string", + "description" : "Used to request or communicate a MINOR version back from the client to the server, and from the server back to the client" + }, + "X-PatchVersion" : { + "type" : "string", + "description" : "Used only to communicate a PATCH version in a response for troubleshooting purposes only, and will not be provided by the client on request" + }, + "X-LatestVersion" : { + "type" : "string", + "description" : "Used only to communicate an API's latest version" + }, + "X-ONAP-RequestID" : { + "type" : "string", + "format" : "uuid", + "description" : "Used to track REST transactions for logging purpose" + } + }, + "schema" : { + "$ref" : "#/definitions/HealthCheckReport" + } + }, + "401" : { + "description" : "Authentication Error" + }, + "403" : { + "description" : "Authorization Error" + }, + "500" : { + "description" : "Internal Server Error" + } + }, + "security" : [ { + "basicAuth" : [ ] + } ], + "x-interface info" : { + "last-mod-release" : "Dublin", + "pdpx-version" : "1.0.0" + } + } + }, + "/policy/pdpx/v1/xacml" : { "post" : { "tags" : [ "Decision" ], "summary" : "Fetch the decision using specified decision parameters", "description" : "Returns the policy decision from Policy Xacml PDP", - "operationId" : "decision", - "consumes" : [ "application/json" ], - "produces" : [ "application/json" ], + "operationId" : "xacml", + "consumes" : [ "application/xacml+json", "application/xacml+xml" ], + "produces" : [ "application/xacml+json", "application/xacml+xml" ], "parameters" : [ { "in" : "body", "name" : "body", "required" : false, "schema" : { - "$ref" : "#/definitions/DecisionRequest" + "$ref" : "#/definitions/Request" } }, { "name" : "X-ONAP-RequestID", @@ -40,12 +101,6 @@ "required" : false, "type" : "string", "format" : "uuid" - }, { - "name" : "abbrev", - "in" : "query", - "description" : "Specifies whether the DCAE Monitoring decision results should be abbreviated", - "required" : false, - "type" : "boolean" } ], "responses" : { "200" : { @@ -70,7 +125,7 @@ } }, "schema" : { - "$ref" : "#/definitions/DecisionResponse" + "$ref" : "#/definitions/Response" } }, "400" : { @@ -93,7 +148,7 @@ "basicAuth" : [ ] } ], "x-interface info" : { - "last-mod-release" : "Dublin", + "last-mod-release" : "Frankfurt", "pdpx-version" : "1.0.0" } } @@ -104,8 +159,8 @@ "summary" : "Fetch current statistics", "description" : "Provides current statistics of the Policy Xacml PDP component", "operationId" : "statistics", - "consumes" : [ "application/json" ], - "produces" : [ "application/json" ], + "consumes" : [ "application/json", "application/yaml" ], + "produces" : [ "application/json", "application/yaml" ], "parameters" : [ { "name" : "X-ONAP-RequestID", "in" : "header", @@ -159,15 +214,22 @@ } } }, - "/policy/pdpx/v1/healthcheck" : { - "get" : { - "tags" : [ "HealthCheck" ], - "summary" : "Perform a system healthcheck", - "description" : "Provides healthy status of the Policy Xacml PDP component", - "operationId" : "healthcheck", - "consumes" : [ "application/json" ], - "produces" : [ "application/json" ], + "/policy/pdpx/v1/decision" : { + "post" : { + "tags" : [ "Decision" ], + "summary" : "Fetch the decision using specified decision parameters", + "description" : "Returns the policy decision from Policy Xacml PDP", + "operationId" : "decision", + "consumes" : [ "application/json", "application/yaml" ], + "produces" : [ "application/json", "application/yaml" ], "parameters" : [ { + "in" : "body", + "name" : "body", + "required" : false, + "schema" : { + "$ref" : "#/definitions/DecisionRequest" + } + }, { "name" : "X-ONAP-RequestID", "in" : "header", "description" : "RequestID for http transaction", @@ -198,7 +260,13 @@ } }, "schema" : { - "$ref" : "#/definitions/HealthCheckReport" + "$ref" : "#/definitions/DecisionResponse" + } + }, + "400" : { + "description" : "Bad Request", + "schema" : { + "$ref" : "#/definitions/ErrorResponse" } }, "401" : { @@ -228,28 +296,286 @@ } }, "definitions" : { - "DecisionResponse" : { + "HealthCheckReport" : { "type" : "object", "properties" : { - "status" : { + "name" : { "type" : "string" }, - "advice" : { - "type" : "object", - "additionalProperties" : { - "type" : "object" + "url" : { + "type" : "string" + }, + "healthy" : { + "type" : "boolean" + }, + "code" : { + "type" : "integer", + "format" : "int32" + }, + "message" : { + "type" : "string" + } + } + }, + "Advice" : { + "type" : "object", + "properties" : { + "attributeAssignments" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/AttributeAssignment" + } + }, + "id" : { + "$ref" : "#/definitions/Identifier" + } + } + }, + "Attribute" : { + "type" : "object", + "properties" : { + "attributeId" : { + "$ref" : "#/definitions/Identifier" + }, + "values" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/AttributeValueObject" + } + }, + "category" : { + "$ref" : "#/definitions/Identifier" + }, + "issuer" : { + "type" : "string" + }, + "includeInResults" : { + "type" : "boolean" + } + } + }, + "AttributeAssignment" : { + "type" : "object", + "properties" : { + "attributeValue" : { + "$ref" : "#/definitions/AttributeValueObject" + }, + "attributeId" : { + "$ref" : "#/definitions/Identifier" + }, + "category" : { + "$ref" : "#/definitions/Identifier" + }, + "issuer" : { + "type" : "string" + }, + "dataTypeId" : { + "$ref" : "#/definitions/Identifier" + } + } + }, + "AttributeCategory" : { + "type" : "object", + "properties" : { + "category" : { + "$ref" : "#/definitions/Identifier" + }, + "attributes" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/Attribute" + } + } + } + }, + "AttributeValue" : { + "type" : "object", + "properties" : { + "xpathCategory" : { + "$ref" : "#/definitions/Identifier" + }, + "dataTypeId" : { + "$ref" : "#/definitions/Identifier" + }, + "value" : { + "type" : "object" + } + } + }, + "AttributeValueObject" : { + "type" : "object", + "properties" : { + "xpathCategory" : { + "$ref" : "#/definitions/Identifier" + }, + "dataTypeId" : { + "$ref" : "#/definitions/Identifier" + }, + "value" : { + "type" : "object" + } + } + }, + "IdReference" : { + "type" : "object", + "properties" : { + "version" : { + "$ref" : "#/definitions/Version" + }, + "id" : { + "$ref" : "#/definitions/Identifier" + } + } + }, + "Identifier" : { + "type" : "object", + "properties" : { + "uri" : { + "type" : "string", + "format" : "uri" + } + } + }, + "MissingAttributeDetail" : { + "type" : "object", + "properties" : { + "attributeId" : { + "$ref" : "#/definitions/Identifier" + }, + "category" : { + "$ref" : "#/definitions/Identifier" + }, + "issuer" : { + "type" : "string" + }, + "attributeValues" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/AttributeValueObject" + } + }, + "dataTypeId" : { + "$ref" : "#/definitions/Identifier" + } + } + }, + "Obligation" : { + "type" : "object", + "properties" : { + "attributeAssignments" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/AttributeAssignment" + } + }, + "id" : { + "$ref" : "#/definitions/Identifier" + } + } + }, + "Response" : { + "type" : "object", + "properties" : { + "results" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/Result" + } + } + } + }, + "Result" : { + "type" : "object", + "properties" : { + "status" : { + "$ref" : "#/definitions/Status" + }, + "decision" : { + "type" : "string", + "enum" : [ "PERMIT", "DENY", "INDETERMINATE", "INDETERMINATE_PERMIT", "INDETERMINATE_DENY", "INDETERMINATE_DENYPERMIT", "NOTAPPLICABLE" ] + }, + "associatedAdvice" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/Advice" } }, "obligations" : { - "type" : "object", - "additionalProperties" : { - "type" : "object" + "type" : "array", + "items" : { + "$ref" : "#/definitions/Obligation" } }, - "policies" : { - "type" : "object", - "additionalProperties" : { - "type" : "object" + "policyIdentifiers" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/IdReference" + } + }, + "policySetIdentifiers" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/IdReference" + } + }, + "attributes" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/AttributeCategory" + } + } + } + }, + "Status" : { + "type" : "object", + "properties" : { + "statusCode" : { + "$ref" : "#/definitions/StatusCode" + }, + "statusMessage" : { + "type" : "string" + }, + "statusDetail" : { + "$ref" : "#/definitions/StatusDetail" + }, + "ok" : { + "type" : "boolean" + } + } + }, + "StatusCode" : { + "type" : "object", + "properties" : { + "statusCodeValue" : { + "$ref" : "#/definitions/Identifier" + }, + "child" : { + "$ref" : "#/definitions/StatusCode" + } + } + }, + "StatusDetail" : { + "type" : "object", + "properties" : { + "missingAttributeDetails" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/MissingAttributeDetail" + } + } + } + }, + "Version" : { + "type" : "object", + "properties" : { + "version" : { + "type" : "string" + }, + "versionDigits" : { + "type" : "array", + "items" : { + "type" : "integer", + "format" : "int32" } } } @@ -259,7 +585,7 @@ "properties" : { "responseCode" : { "type" : "string", - "enum" : [ "OK", "CREATED", "ACCEPTED", "NO_CONTENT", "RESET_CONTENT", "PARTIAL_CONTENT", "MOVED_PERMANENTLY", "FOUND", "SEE_OTHER", "NOT_MODIFIED", "USE_PROXY", "TEMPORARY_REDIRECT", "BAD_REQUEST", "UNAUTHORIZED", "PAYMENT_REQUIRED", "FORBIDDEN", "NOT_FOUND", "METHOD_NOT_ALLOWED", "NOT_ACCEPTABLE", "PROXY_AUTHENTICATION_REQUIRED", "REQUEST_TIMEOUT", "CONFLICT", "GONE", "LENGTH_REQUIRED", "PRECONDITION_FAILED", "REQUEST_ENTITY_TOO_LARGE", "REQUEST_URI_TOO_LONG", "UNSUPPORTED_MEDIA_TYPE", "REQUESTED_RANGE_NOT_SATISFIABLE", "EXPECTATION_FAILED", "INTERNAL_SERVER_ERROR", "NOT_IMPLEMENTED", "BAD_GATEWAY", "SERVICE_UNAVAILABLE", "GATEWAY_TIMEOUT", "HTTP_VERSION_NOT_SUPPORTED" ] + "enum" : [ "OK", "CREATED", "ACCEPTED", "NO_CONTENT", "RESET_CONTENT", "PARTIAL_CONTENT", "MOVED_PERMANENTLY", "FOUND", "SEE_OTHER", "NOT_MODIFIED", "USE_PROXY", "TEMPORARY_REDIRECT", "BAD_REQUEST", "UNAUTHORIZED", "PAYMENT_REQUIRED", "FORBIDDEN", "NOT_FOUND", "METHOD_NOT_ALLOWED", "NOT_ACCEPTABLE", "PROXY_AUTHENTICATION_REQUIRED", "REQUEST_TIMEOUT", "CONFLICT", "GONE", "LENGTH_REQUIRED", "PRECONDITION_FAILED", "REQUEST_ENTITY_TOO_LARGE", "REQUEST_URI_TOO_LONG", "UNSUPPORTED_MEDIA_TYPE", "REQUESTED_RANGE_NOT_SATISFIABLE", "EXPECTATION_FAILED", "PRECONDITION_REQUIRED", "TOO_MANY_REQUESTS", "REQUEST_HEADER_FIELDS_TOO_LARGE", "INTERNAL_SERVER_ERROR", "NOT_IMPLEMENTED", "BAD_GATEWAY", "SERVICE_UNAVAILABLE", "GATEWAY_TIMEOUT", "HTTP_VERSION_NOT_SUPPORTED", "NETWORK_AUTHENTICATION_REQUIRED" ] }, "errorMessage" : { "type" : "string" @@ -278,32 +604,408 @@ } } }, - "DecisionRequest" : { + "DOMConfiguration" : { "type" : "object", "properties" : { - "onapName" : { + "parameterNames" : { + "$ref" : "#/definitions/DOMStringList" + } + } + }, + "DOMImplementation" : { + "type" : "object" + }, + "DOMStringList" : { + "type" : "object", + "properties" : { + "length" : { + "type" : "integer", + "format" : "int32" + } + } + }, + "Document" : { + "type" : "object", + "properties" : { + "documentElement" : { + "$ref" : "#/definitions/Element" + }, + "xmlVersion" : { "type" : "string" }, - "onapComponent" : { + "strictErrorChecking" : { + "type" : "boolean" + }, + "documentURI" : { "type" : "string" }, - "onapInstance" : { + "xmlStandalone" : { + "type" : "boolean" + }, + "implementation" : { + "$ref" : "#/definitions/DOMImplementation" + }, + "doctype" : { + "$ref" : "#/definitions/DocumentType" + }, + "inputEncoding" : { "type" : "string" }, - "requestId" : { + "xmlEncoding" : { "type" : "string" }, - "action" : { + "domConfig" : { + "$ref" : "#/definitions/DOMConfiguration" + }, + "localName" : { "type" : "string" }, - "resource" : { - "type" : "object", - "additionalProperties" : { - "type" : "object" + "prefix" : { + "type" : "string" + }, + "nodeValue" : { + "type" : "string" + }, + "ownerDocument" : { + "$ref" : "#/definitions/Document" + }, + "nodeName" : { + "type" : "string" + }, + "childNodes" : { + "$ref" : "#/definitions/NodeList" + }, + "nodeType" : { + "type" : "integer", + "format" : "int32" + }, + "namespaceURI" : { + "type" : "string" + }, + "lastChild" : { + "$ref" : "#/definitions/Node" + }, + "parentNode" : { + "$ref" : "#/definitions/Node" + }, + "firstChild" : { + "$ref" : "#/definitions/Node" + }, + "nextSibling" : { + "$ref" : "#/definitions/Node" + }, + "previousSibling" : { + "$ref" : "#/definitions/Node" + }, + "baseURI" : { + "type" : "string" + }, + "textContent" : { + "type" : "string" + }, + "attributes" : { + "$ref" : "#/definitions/NamedNodeMap" + } + } + }, + "DocumentType" : { + "type" : "object", + "properties" : { + "entities" : { + "$ref" : "#/definitions/NamedNodeMap" + }, + "publicId" : { + "type" : "string" + }, + "systemId" : { + "type" : "string" + }, + "notations" : { + "$ref" : "#/definitions/NamedNodeMap" + }, + "internalSubset" : { + "type" : "string" + }, + "name" : { + "type" : "string" + }, + "localName" : { + "type" : "string" + }, + "prefix" : { + "type" : "string" + }, + "nodeValue" : { + "type" : "string" + }, + "ownerDocument" : { + "$ref" : "#/definitions/Document" + }, + "nodeName" : { + "type" : "string" + }, + "childNodes" : { + "$ref" : "#/definitions/NodeList" + }, + "nodeType" : { + "type" : "integer", + "format" : "int32" + }, + "namespaceURI" : { + "type" : "string" + }, + "lastChild" : { + "$ref" : "#/definitions/Node" + }, + "parentNode" : { + "$ref" : "#/definitions/Node" + }, + "firstChild" : { + "$ref" : "#/definitions/Node" + }, + "nextSibling" : { + "$ref" : "#/definitions/Node" + }, + "previousSibling" : { + "$ref" : "#/definitions/Node" + }, + "baseURI" : { + "type" : "string" + }, + "textContent" : { + "type" : "string" + }, + "attributes" : { + "$ref" : "#/definitions/NamedNodeMap" + } + } + }, + "Element" : { + "type" : "object", + "properties" : { + "tagName" : { + "type" : "string" + }, + "schemaTypeInfo" : { + "$ref" : "#/definitions/TypeInfo" + }, + "localName" : { + "type" : "string" + }, + "prefix" : { + "type" : "string" + }, + "nodeValue" : { + "type" : "string" + }, + "ownerDocument" : { + "$ref" : "#/definitions/Document" + }, + "nodeName" : { + "type" : "string" + }, + "childNodes" : { + "$ref" : "#/definitions/NodeList" + }, + "nodeType" : { + "type" : "integer", + "format" : "int32" + }, + "namespaceURI" : { + "type" : "string" + }, + "lastChild" : { + "$ref" : "#/definitions/Node" + }, + "parentNode" : { + "$ref" : "#/definitions/Node" + }, + "firstChild" : { + "$ref" : "#/definitions/Node" + }, + "nextSibling" : { + "$ref" : "#/definitions/Node" + }, + "previousSibling" : { + "$ref" : "#/definitions/Node" + }, + "baseURI" : { + "type" : "string" + }, + "textContent" : { + "type" : "string" + }, + "attributes" : { + "$ref" : "#/definitions/NamedNodeMap" + } + } + }, + "NamedNodeMap" : { + "type" : "object", + "properties" : { + "length" : { + "type" : "integer", + "format" : "int32" + } + } + }, + "Node" : { + "type" : "object", + "properties" : { + "localName" : { + "type" : "string" + }, + "prefix" : { + "type" : "string" + }, + "nodeValue" : { + "type" : "string" + }, + "ownerDocument" : { + "$ref" : "#/definitions/Document" + }, + "nodeName" : { + "type" : "string" + }, + "childNodes" : { + "$ref" : "#/definitions/NodeList" + }, + "nodeType" : { + "type" : "integer", + "format" : "int32" + }, + "namespaceURI" : { + "type" : "string" + }, + "lastChild" : { + "$ref" : "#/definitions/Node" + }, + "parentNode" : { + "$ref" : "#/definitions/Node" + }, + "firstChild" : { + "$ref" : "#/definitions/Node" + }, + "nextSibling" : { + "$ref" : "#/definitions/Node" + }, + "previousSibling" : { + "$ref" : "#/definitions/Node" + }, + "baseURI" : { + "type" : "string" + }, + "textContent" : { + "type" : "string" + }, + "attributes" : { + "$ref" : "#/definitions/NamedNodeMap" + } + } + }, + "NodeList" : { + "type" : "object", + "properties" : { + "length" : { + "type" : "integer", + "format" : "int32" + } + } + }, + "Request" : { + "type" : "object", + "properties" : { + "requestDefaults" : { + "$ref" : "#/definitions/RequestDefaults" + }, + "multiRequests" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/RequestReference" + } + }, + "status" : { + "$ref" : "#/definitions/Status" + }, + "requestAttributesIncludedInResult" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/AttributeCategory" + } + }, + "combinedDecision" : { + "type" : "boolean" + }, + "returnPolicyIdList" : { + "type" : "boolean" + }, + "requestAttributes" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/RequestAttributes" } } } }, + "RequestAttributes" : { + "type" : "object", + "properties" : { + "contentRoot" : { + "$ref" : "#/definitions/Node" + }, + "xmlId" : { + "type" : "string" + }, + "category" : { + "$ref" : "#/definitions/Identifier" + }, + "attributes" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/Attribute" + } + } + } + }, + "RequestAttributesReference" : { + "type" : "object", + "properties" : { + "referenceId" : { + "type" : "string" + } + } + }, + "RequestDefaults" : { + "type" : "object", + "properties" : { + "xpathVersion" : { + "type" : "string", + "format" : "uri" + } + } + }, + "RequestReference" : { + "type" : "object", + "properties" : { + "attributesReferences" : { + "type" : "array", + "items" : { + "$ref" : "#/definitions/RequestAttributesReference" + } + } + } + }, + "TypeInfo" : { + "type" : "object", + "properties" : { + "typeNamespace" : { + "type" : "string" + }, + "typeName" : { + "type" : "string" + } + } + }, "StatisticsReport" : { "type" : "object", "properties" : { @@ -341,24 +1043,64 @@ } } }, - "HealthCheckReport" : { + "DecisionResponse" : { "type" : "object", "properties" : { - "name" : { + "status" : { "type" : "string" }, - "url" : { + "message" : { "type" : "string" }, - "healthy" : { - "type" : "boolean" + "advice" : { + "type" : "object", + "additionalProperties" : { + "type" : "object" + } }, - "code" : { - "type" : "integer", - "format" : "int32" + "obligations" : { + "type" : "object", + "additionalProperties" : { + "type" : "object" + } }, - "message" : { + "policies" : { + "type" : "object", + "additionalProperties" : { + "type" : "object" + } + } + } + }, + "DecisionRequest" : { + "type" : "object", + "properties" : { + "onapName" : { + "type" : "string" + }, + "onapComponent" : { + "type" : "string" + }, + "onapInstance" : { "type" : "string" + }, + "requestId" : { + "type" : "string" + }, + "context" : { + "type" : "object", + "additionalProperties" : { + "type" : "object" + } + }, + "action" : { + "type" : "string" + }, + "resource" : { + "type" : "object", + "additionalProperties" : { + "type" : "object" + } } } } diff --git a/docs/xacml/xacml.rst b/docs/xacml/xacml.rst index 6d74ce6a..a034e8f9 100644 --- a/docs/xacml/xacml.rst +++ b/docs/xacml/xacml.rst @@ -13,7 +13,7 @@ The ONAP XACML Policy PDP Engine uses an `open source implementation <https://gi ONAP Supported Policy Types *************************** -In ONAP the following Policy Types are supported. Each Policy Type is implemented as an application that extends the **XacmlApplicationServiceProvider**. For details on each implementation, please refer to the `applications submodule of the onap/xacml-pdp project <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=tree;f=applications;h=047878fe14851d8a51998e065b8aca583ed8c994;hb=refs/heads/elalto>`__. +In ONAP the following Policy Types are supported. Each Policy Type is implemented as an application that extends the **XacmlApplicationServiceProvider**. For details on each implementation, please refer to the `applications submodule of the onap/xacml-pdp project <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=tree;f=applications;h=047878fe14851d8a51998e065b8aca583ed8c994;hb=refs/heads/master>`__. By cloning the policy/xacml-pdp repository, one can run the JUnit tests to get a better understanding on how applications are built using translators and the XACML Policies that are generated for each Policy Type. Each application supports one or more Policy Types and an associated "action" used by the Decision API when making these calls. @@ -27,7 +27,7 @@ These Policy Types are used by Control Loop DCAE microservice components to supp "onap.policies.monitoring.cdap.tca.hi.lo.app", "configure", "TCA DCAE microservice component" "onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server", "configure", "REST Collector" -The translator used to translate these TOSCA Policy Types is the `StdCombinedPolicyResultsTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdCombinedPolicyResultsTranslator.java;h=2d7386d99f97ccee828b665a46b46531495cdfcd;hb=refs/heads/elalto>`__. +The translator used to translate these TOSCA Policy Types is the `StdCombinedPolicyResultsTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdCombinedPolicyResultsTranslator.java;h=2d7386d99f97ccee828b665a46b46531495cdfcd;hb=refs/heads/master>`__. This is an example Decision API payload made to retrieve a decision for a Monitoring Policy Type. @@ -45,7 +45,7 @@ These Policy Types are used by Control Loop Drools Engine to support guarding of "onap.policies.controlloop.guard.Blacklist", "guard", "Blacklists a regexp of VNF IDs" "onap.policies.controlloop.guard.MinMax", "guard", "For scaling, enforces a min/max number of VNFS" -The translator used to translate these legacy Policy Types is the `LegacyGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java;h=2917aab26dfbcf805dd00fead66ef68439561a11;hb=refs/heads/elalto>`__ which implements a more fine grained approach to translating the properties into a XACML policy. +The translator used to translate these legacy Policy Types is the `LegacyGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java;h=2917aab26dfbcf805dd00fead66ef68439561a11;hb=refs/heads/master>`__ which implements a more fine grained approach to translating the properties into a XACML policy. This is an example Decision API payload made to retrieve a decision for a Guard Policy Type. @@ -62,7 +62,7 @@ These Policy Types are similar to the guard Policy Types and are called by the C "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", "guard", "Gives priority to one control loop vs another" -The translator used to translate the coordination Policy Types is the `CoordinationGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationGuardTranslator.java;h=41c1428e3da4cc5b6c1bb091d0c16a6618a036ae;hb=refs/heads/elalto>`__ which uses a XACML Policy Template in its implementation. For example, when a new policy is loaded the translator copies the template to a new policy and replaces the CONTROL_LOOP_ONE and CONTROL_LOOP_TWO values with the specified control loops. See the `XAMCL Coordination Template for more details <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/resources/coordination/function/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.xml;h=bea05f264be5e422eb2da448d40057f736b7555c;hb=refs/heads/elalto>`__. +The translator used to translate the coordination Policy Types is the `CoordinationGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationGuardTranslator.java;h=41c1428e3da4cc5b6c1bb091d0c16a6618a036ae;hb=refs/heads/master>`__ which uses a XACML Policy Template in its implementation. For example, when a new policy is loaded the translator copies the template to a new policy and replaces the CONTROL_LOOP_ONE and CONTROL_LOOP_TWO values with the specified control loops. See the `XAMCL Coordination Template for more details <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/resources/coordination/function/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.xml;h=bea05f264be5e422eb2da448d40057f736b7555c;hb=refs/heads/master>`__. The same Decision API payload example for guard applies to this Policy Type. @@ -84,13 +84,31 @@ These Policy Types are designed to be used by the OOF Project support placement "onap.policies.optimization.Vim_fit", "optimize" "onap.policies.optimization.VnfPolicy", "optimize" -The translator used to translate the optimization Policy Types is the `StdMatchableTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdMatchableTranslator.java;h=dd44af7aa4ab2ef70b216f8a3a6a02c6f1fddf56;hb=refs/heads/elalto>`__. +The translator used to translate the optimization Policy Types is the `StdMatchableTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdMatchableTranslator.java;h=dd44af7aa4ab2ef70b216f8a3a6a02c6f1fddf56;hb=refs/heads/master>`__. This is an example Decision API payload made to retrieve a decision for an Optimization Policy Type. .. literalinclude:: decision.affinity.json :language: JSON +Native XACML Policy Type +======================= +This Policy type is used by any client or ONAP component who has the need of native XACML evaluation. A native XACML policy or policy set encoded in XML can be created off this policy type and loaded into the XACML PDP engine by invoking the PAP policy deployment API. Native XACML requests encoded in either JSON or XML can be sent to the XACML PDP engine for evaluation by invoking the native decision API. Native XACML responses will be returned upon evaluating the requests against the matching XACML policies. Those native XACML policies, policy sets, requests and responses all follow the `OASIS XACML 3.0 Standard <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml>`__. + +.. csv-table:: + :header: "Policy Type", "Action", "Description" + + "onap.policies.native.Xacml", "native", "any client or ONAP component" + +The translator used to translate the aforementioned TOSCA Policy Type is the `NativePdpApplicationTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/native/src/main/java/org/onap/policy/xacml/pdp/application/nativ/NativePdpApplicationTranslator.java;h=5ce25facdbcab5e862c57bc67d7e2b7617eeb075;hb=HEAD>`__. + +According to the XACML 3.0 specification, two content-types are supported and used to present the native requests/responses. They are formally defined as "application/xacml+json" and "application/xacml+xml". + +This is an example Native Decision API payload made to retrieve a decision for whether Julius Hibbert can read http://medico.com/record/patient/BartSimpson. + +.. literalinclude:: decision.native.json + :language: JSON + Supporting Custom Policy Types ****************************** In order to support your own custom Policy Type that the XACML PDP Engine can support, one needs to build a Java service application that extends the **XacmlApplicationServiceProvider** interface and implement a **ToscaTranslator** application. Your application should register itself as a Java service application and expose it in the classpath used to be loaded into the ONAP XACML PDP Engine. Ensure you define and create the TOSCA Policy Type according to these :ref:`Policy Design and Development <design-label>`. You should be able to load your custom Policy Type using the :ref:`Policy Lifecycle API <api-label>`. Once successful, you should be able to start creating policies from your custom Policy Type. |