blob: 1d7048250ac65c2eceda977845a7b51786fef7ca [file] [log] [blame]
Saryu Shahb5ce8852017-11-02 00:56:03 +00001.. This work is licensed under a Creative Commons Attribution 4.0 International License.
2.. http://creativecommons.org/licenses/by/4.0
3
4*********************************
5Creating and Using Guard Policies
6*********************************
7
8.. contents::
9 :depth: 3
10
11Background
12^^^^^^^^^^
13
14Guard policies are used to limit what operations shall be permitted. These policies are specified in the Policy GUI or restful API and either return "PERMIT" or "DENY" on request.
15
16There are 2 types of policies, guard policies and blacklist guard policies. The blacklist describes what is not allowed to be permitted and guard policies describe what is allowed to be permitted. Note: as of 1802 release, Policy PDP behaves as a PERMIT overrides fashion so if any policy permits, it will override any denies.
17
18Creating Guard Policies
19^^^^^^^^^^^^^^^^^^^^^^^
20
21There are two options for creating guard policies: (1) through the GUI and (2) through the restful API.
22
23GUI Method
24----------
25
26The GUARD policy can be created from the POLICY GUI as shown below.
27
28.. note::
29 * The Onap Name must be empty for the policy to work. To do this, **clone** the policy provided and then edit.
30 * Even though the number of requests exceeds the limit, the request is not denied.
31
32.. image:: PolicyGUI_GuardPolicy.png
33
34|
35
36API Method
37----------
38
39PUT /createPolicy to create a policy
40
41The request should be in the following form for regular guard policy:
42
43.. code-block:: bash
44 :caption: Regular Guard Policy Creation
45 :linenos:
46
47 {
48 "policyClass": "Decision",
49 "policyName": "Test.TestingGUARDapitest",
50 "policyDescription": "Testing new YAML Guard Policy",
51 "onapName": "PDPD",
52 "ruleProvider": "GUARD_YAML",
53 "attributes": {
54 "MATCHING": {
55 "actor": "APPC",
56 "recipe": "restart",
57 "targets" : "test",
58 "clname" : "test",
59 "limit": "5",
60 "timeWindow": "15",
61 "timeUnits" : "minute",
62 "guardActiveStart": "05:00:00-05:00",
63 "guardActiveEnd": "23:59:59-05:00"
64 }
65 }
66 }
67
68The request should be in the following form for blacklist guard policy:
69
70.. code-block:: bash
71 :caption: Blacklist Guard Policy Creation
72 :linenos:
73
74 {
75 "policyClass": "Decision",
76 "policyName": "Test.TestingBLGUARD",
77 "policyDescription": "Testing New BL YAML Guard Policy",
78 "onapName": "MSO",
79 "ruleProvider": "GUARD_BL_YAML",
80 "attributes": {
81 "MATCHING": {
82 "actor": "APPC",
83 "recipe": "restart",
84 "clname": "test",
85 "guardActiveStart": "05:00:00-05:00",
86 "guardActiveEnd": "23:59:59-05:00",
87 "blackList": "target1,target2,target3"
88 }
89 }
90 }
91
92Using Guard Policies
93^^^^^^^^^^^^^^^^^^^^
94
95In order to use the guard policies just make an http request. For example:
96
97.. code-block:: bash
98
99 http
100 POST pdp:8081/pdp/api/getDecision
101 Authorization:<yourAuth> ClientAuth:<yourClientAuth>
102 Environment:<environment> Content-Type:application/json < guard_request.json
103
104| where:
105| <yourAuth> is the string generated from user:pass converted to base64 encoding.
106| <yourClientAuth> is generated the same way but from the client user and pass.
107| <environment> is the context of the request. For example: TEST
108
109The guard_request.json should be in the form of the following:
110
111.. code-block:: json
112 :caption: guard_request.json
113
114 {
115 "decisionAttributes": {
116 "actor": "APPC",
117 "recipe": "Restart",
118 "target": "test13",
119 "clname" : "piptest"
120 },
121 "onapName": "PDPD"
122 }
123
124A response should be received that contains a "PERMIT" or "DENY" in all caps, like the following:
125
126.. code-block:: json
127 :caption: Response
128
129 {
130 "decision": "PERMIT",
131 "details": "Decision Permit. OK!"
132 }
133
134
Saryu Shahb5ce8852017-11-02 00:56:03 +0000135
Saryu Shah4300d572017-11-02 13:13:59 +0000136End of Document
Saryu Shahb5ce8852017-11-02 00:56:03 +0000137