1 files changed, 128 insertions, 0 deletions
diff --git a/docs/development/actors/guard/guard.rst b/docs/development/actors/guard/guard.rst
new file mode 100644
index 00000000..2c7f2611
--- /dev/null
+++ b/docs/development/actors/guard/guard.rst
@@ -0,0 +1,128 @@
+.. This work is licensed under a
+.. Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+
+###########
+GUARD Actor
+###########
+
+.. contents::
+    :depth: 3
+
+Overview of GUARD Actor
+#######################
+
+Within ONAP Policy Framework, a GUARD is typically an implicit check performed at the
+start of each operation and is performed by making a REST call to the XACML-PDP.
+Previously, the request was built, and the REST call made, by the application.  However,
+Guard checks have now been implemented using the new Actor framework.
+
+Currently, there is a single operation, *Decision*, which is implemented by the java
+class, *GuardOperation*.  This class is derived from *HttpOperation*.
+
+
+Request
+#######
+
+A number of the request fields are populated from values specified in the
+actor/operation's configuration parameters (e.g., "onapName").  Additional fields
+are specified below.
+
+Request ID
+**********
+
+The "requestId" field is set to a UUID.
+
+
+Resource
+********
+
+The "resource" field is populated with a *Map* containing a single item, "guard".  The
+value of the item is set to the contents of the *payload* specified within the
+*ControlLoopOperationParams*.
+
+
+Examples
+########
+
+Suppose the *ControlLoopOperationParams* were populated as follows:
+
+.. code-block:: bash
+
+        {
+            "actor": "GUARD",
+            "operation": "Decision",
+            "payload": {
+              "actor": "SO",
+              "operation": "VF Module Create",
+              "target": "OzVServer",
+              "requestId": "c7c6a4aa-bb61-4a15-b831-ba1472dd4a65",
+              "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
+              "vfCount": 2
+            }
+        }
+
+An example of a request constructed by the actor using the above parameters, sent to the
+GUARD REST server:
+
+.. code-block:: bash
+
+        {
+          "ONAPName": "Policy",
+          "ONAPComponent": "Drools PDP",
+          "ONAPInstance": "Usecases",
+          "requestId": "90ee99d2-f2d8-4d90-b162-605203c30180",
+          "action": "guard",
+          "resource": {
+            "guard": {
+              "actor": "SO",
+              "operation": "VF Module Create",
+              "target": "OzVServer",
+              "requestId": "c7c6a4aa-bb61-4a15-b831-ba1472dd4a65",
+              "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
+              "vfCount": 2
+            }
+          }
+        }
+
+
+An example response received from the GUARD REST service:
+
+.. code-block:: bash
+
+        {
+            "status": "Permit",
+            "advice": {},
+            "obligations": {},
+            "policies": {}
+        }
+
+
+Configuration of the GUARD Actor
+################################
+
+The following table specifies the fields that should be provided to configure the GUARD
+actor.
+
+=============================== =====================    ==================================================================
+Field name                         type                             Description
+=============================== =====================    ==================================================================
+clientName                        string                  Name of the HTTP client to use to send the request to the
+                                                          GUARD REST server.
+timeoutSec                        integer (optional)      Maximum time, in seconds, to wait for a response to be received
+                                                          from the REST server.  Defaults to 90s.
+path                              string                  URI appended to the URL.  This field only applies to individual
+                                                          operations; it does not apply at the actor level.  Note: the
+                                                          *path* should not include a leading or trailing slash.
+onapName                          string                  ONAP Name (e.g., "Policy")
+onapComponent                     string                  ONAP Component (e.g., "Drools PDP")
+onapInstance                      string                  ONAP Instance (e.g., "Usecases")
+action                            string (optional)       Used to populate the "action" request field.
+                                                          Defaults to "guard".
+disabled                          boolean (optional)      **True**, to disable guard checks, **false** otherwise.
+                                                          Defaults to *false*.
+=============================== =====================    ==================================================================
+
+The individual operations are configured using these same field names. However, all
+of them, except the path, are optional, as they inherit their values from the
+corresponding actor-level fields.