| # ============LICENSE_START======================================================= |
| # Copyright (C) 2024 Nordix Foundation |
| # ================================================================================ |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| # ============LICENSE_END========================================================= |
| |
| openapi: 3.0.3 |
| info: |
| title: Policy Executor |
| description: "Allows NCMP to execute a policy defined by a third party implementation before proceeding with a CM operation" |
| version: 1.0.0 |
| servers: |
| - url: /policy-executor/api |
| tags: |
| - name: policy-executor |
| description: "Execute all your policies" |
| paths: |
| /v1/{action}: |
| post: |
| description: "Fire a Policy action" |
| operationId: executePolicyAction |
| parameters: |
| - $ref: '#/components/parameters/authorizationInHeader' |
| - $ref: '#/components/parameters/actionInPath' |
| requestBody: |
| required: true |
| description: "The action request body" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/PolicyExecutionRequest' |
| tags: |
| - policy-executor |
| responses: |
| '200': |
| description: "Successful policy execution" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/PolicyExecutionResponse' |
| '400': |
| $ref: '#/components/responses/BadRequest' |
| '401': |
| $ref: '#/components/responses/Unauthorized' |
| '403': |
| $ref: '#/components/responses/Forbidden' |
| '409': |
| $ref: '#/components/responses/Conflict' |
| '500': |
| $ref: '#/components/responses/InternalServerError' |
| |
| components: |
| securitySchemes: |
| bearerAuth: |
| type: http |
| description: "Bearer token (from client that called CPS-NCMP),used by policies to identify the client" |
| scheme: bearer |
| schemas: |
| ErrorMessage: |
| type: object |
| title: Error |
| properties: |
| status: |
| type: string |
| message: |
| type: string |
| details: |
| type: string |
| |
| Request: |
| type: object |
| properties: |
| schema: |
| type: string |
| description: "The schema for the data in this request. The schema name should include the type of operation" |
| example: "org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0" |
| data: |
| type: object |
| description: "The data related to the request. The format of the object is determined by the schema" |
| required: |
| - schema |
| - data |
| |
| PolicyExecutionRequest: |
| type: object |
| properties: |
| decisionType: |
| type: string |
| description: "The type of decision. Currently supported options: 'allow'" |
| example: "allow" |
| requests: |
| type: array |
| items: |
| $ref: '#/components/schemas/Request' |
| required: |
| - decisionType |
| - requests |
| |
| PolicyExecutionResponse: |
| type: object |
| properties: |
| decisionId: |
| type: string |
| description: "Unique ID for the decision (for auditing purposes)" |
| example: "550e8400-e29b-41d4-a716-446655440000" |
| decision: |
| type: string |
| description: "The decision outcome. Currently supported values: 'allow','deny'" |
| example: "deny" |
| message: |
| type: string |
| description: "Additional information regarding the decision outcome" |
| example: "Object locked due to recent change" |
| required: |
| - decisionId |
| - decision |
| - message |
| |
| responses: |
| BadRequest: |
| description: "Bad request" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/ErrorMessage' |
| example: |
| status: 400 |
| message: "Bad Request" |
| details: "The provided request is not valid" |
| Unauthorized: |
| description: "Unauthorized request" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/ErrorMessage' |
| example: |
| status: 401 |
| message: "Unauthorized request" |
| details: "This request is unauthorized" |
| Forbidden: |
| description: "Request forbidden" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/ErrorMessage' |
| example: |
| status: 403 |
| message: "Request Forbidden" |
| details: "This request is forbidden" |
| Conflict: |
| description: "Conflict" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/ErrorMessage' |
| example: |
| status: 409 |
| message: "Conflict" |
| details: "The provided request violates a policy rule" |
| |
| InternalServerError: |
| description: "Internal server error" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/ErrorMessage' |
| example: |
| status: 500 |
| message: "Internal Server Error" |
| details: "Internal server error occurred" |
| |
| NotImplemented: |
| description: "Method not (yet) implemented" |
| content: |
| application/json: |
| schema: |
| $ref: '#/components/schemas/ErrorMessage' |
| example: |
| status: 501 |
| message: "Not Implemented" |
| details: "Method not implemented" |
| |
| parameters: |
| actionInPath: |
| name: action |
| in: path |
| description: "The policy action. Currently supported options: 'execute'" |
| required: true |
| schema: |
| type: string |
| example: "execute" |
| authorizationInHeader: |
| name: Authorization |
| in: header |
| description: "Bearer token may be used to identify client as part of a policy" |
| schema: |
| type: string |
| |
| security: |
| - bearerAuth: [] |