Versions Compared

Version Old Version 37 New Version 38
Changes made by

Pamela Dragosh

Chenfei Gao

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
titleExample native XACML policy
linenumberstrue
collapsetrue
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
PolicyIdpolicy-id="urn:oasis:names:tc:xacml:2.0:example:IIA009:policy" 
RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os       
access_control-xacml-2.0-policy-schema-os.xsd">
    <Description>
        Example Policy for Illustration.
    </Description>
    <Target/>
    <Rule Effect="Permit" RuleId="urn:oasis:names:tc:xacml:2.0:example:IIA009:rule">
        <Description>
            Julius Hibbert can read or write Bart Simpson's medical record.
        </Description>
        <Target>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Julius Hibbert</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
                    </Match>
                </AllOf>
            </AnyOf>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">http://medico.com/record/patient/BartSimpson</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#anyURI" MustBePresent="true"/>
                    </Match>
                </AllOf>
            </AnyOf>
            <AnyOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
                    </Match>
                </AllOf>
                <AllOf>
                    <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
                        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
                        <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
                    </Match>
                </AllOf>
            </AnyOf>
        </Target>
        <Condition>
            <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
                <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">riddle me this</AttributeValue>
                <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:example:some-attribute" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
            </Apply>
        </Condition>
    </Rule>
</Policy>

...

HTTP MethodEndpointContent-TypeDescriptionExample
POST/nativesapplication/vnd.onap.drools.mvn+xml

Creates a native drools policy.

Returns the id, version and created drl contents.

Note: policyId policy-id is the same as <artifactId> specified in the payload; version is the same as <version> specified in the payload; <groupId> specified in the payload could be a fixed one for all native drools policies, e.g. org.onap.policy.native.

200

Code Block
{
  "policyIdpolicy-id": "example-policy",
  "policy-version": "1.0.0", 
  "pdpTypeContent-Type": "drools"
}


PUT/natives/{policyIdpolicy-id}application/vnd.onap.drools+text

Updates a native drools policy.

Return the id, version and updated drl contents.

Note: version is an auto-increased version off the original one. For example. the original version is "1.0.0". After this PUT call, the version returned could be "1.0.1".

200

Code Block
{
  "policyIdpolicy-id": "example-policy",
  "policy-version": "1.0.1", 
  "pdpTypeContent-Type": "drools"
}


POST/PUT/natives/{policyIdpolicy-id}application/xacml+xml; version=3.0

Create a native xacml policy


200

Code Block
{
  "policyIdpolicy-id": "example-policy",
  "policy-version": "1.0.1", 
  "pdpTypeContent-Type": "xacml"
}


POST/PUT/natives/{policyIdpolicy-id}application/vnd.onap.apex+jsonCreate a native apex policy

200

Code Block
{
  "policyIdpolicy-id": "example-policy",
  "policy-version": "1.0.1", 
  "pdpTypeContent-Type": "apex"
}


GET/natives

application/json

application/yaml

Returns a list of ID/Version of native policies

200

Code Block
{
  "policies": [
    { "policyIdpolicy-id": "id-1",
      "policy-version": "1.0.0",
      "pdpTypeContent-Type": "drools"
    },
    {
      "policyIdpolicy-id": "id-2",
      "policy-version": "1.1.0",
      "pdpTypeContent-Type": "xacml"
    },
    {
      "policyIdpolicy-id": "id-3",
      "policy-version": "1.2.0",
      "pdpTypeContent-Type": "apex"
    }
  ]
}


GET/natives/{policyIdpolicy-id}

application/json

application/yaml

Get a list of versions

200

Code Block
{
  "policies": [
    { "policyIdpolicy-id": "id-1",
      "policy-version": "1.0.0",
      "pdpTypeContent-Type": "drools"
    },
    {
      "policyIdpolicy-id": "id-1",
      "policy-version": "1.0.1",
      "pdpTypeContent-Type": "drools"
    },
    {
      "policyIdpolicy-id": "id-1",
      "policy-version": "1.0.2",
      "pdpTypeContent-Type": "drools"
    }
  ]
}


GET/natives/{policyIdpolicy-id}/versions/{policyVersion}

application/vnd.onap.drools+text

application/xacml+xml; version=3.0

application/vnd.onap.apex+json



Get a particular version

200

Code Block
policy text in DRL/XACML-XML/APEX-JSON


GET/natives/{policyIdpolicy-id}/versions/latest

application/json

application/yaml

Get the latest version

200

Code Block
{
  "policyIdpolicy-id": "example-policy",
  "policy-version": "1.0.1", 
  "pdpTypeContent-Type": "drools"
}


(optional) GET/natives/{policyIdpolicy-id}/versions/deployed

application/json

application/yaml

Get the deployed version(s) in each PDP group

200

Code Block
{
  ("pdpGroup1","1.0.0"): [
    {
      "policyIdpolicy-id": "example-policy",
      "policy-version": "1.0.0",
      "pdpTypeContent-Type": "drools"
    },
    {
      "policyIdpolicy-id": "example-policy",
      "policy-version": "1.1.0",
      "pdpTypeContent-Type": "drools"
    }
  ]
}


DELETE/natives/{policyIdpolicy-id}/versions/{policyVersion}

application/vnd.onap.drools+text

application/xacml+xml; version=3.0

application/vnd.onap.apex+json

Delete a particular version

200

Code Block
policy text in DRL/XACML-XML/APEX-JSON


...

No change is envisioned on current deploy/undeploy API. Still, only policyId policy-id and version are needed to tell PAP to deploy/undeploy a native policy.

...