Versions Compared

Old Version 3

changes.mady.by.user Deena Mukundan

Saved on

compared with

New Version 4

changes.mady.by.user Deena Mukundan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • OPA-PDP implements a kafka listener, Publisher to receiving and sending messages to PAP

    • Once OPA-PDP is up it will send “Registration”( PDP_STATUS) message to PAP

    • Some of the information included in the message are:

    • pdpType the type of the PDP opa .

    • pdpGroup to which the PDP should belong to opaGroup

    • state the initial state of the PDP which is PASSIVE.

    • healthy whether the PDP is “HEALTHY” or not.

    • name a name that is unique to the PDP instance for e.g. “opa-f849384c-dd78-4016-a7b5-1c660fb6ee0e”

    • Code Block
      Sample Registration Message 
{
  "messageName": "PDP_STATUS",
  "pdpType": "opa",
  "state": "PASSIVE",
  "healthy": "HEALTHY",
  "description": "Pdp Status Registration Message",
  "response": null,
  "policies": null,
  "name": "opa-949018d3-cc9b-429b-96ae-46ca9c314e42",
  "requestId": "9fed8880-d023-4004-b6bf-647efd10a7df",
  "pdpGroup": "opaGroup",
  "pdpSubgroup": null,
  "timestampMs": "1731335546889"
}

  • On receiving the registration message from a PDP, PAP checks and assigns it to a subgroup under the group. PAP sends PDP_UPDATE message. PAP also sends the pdpHeartbeatIntervalMs which is the time interval in which PDPs should send heartbeats to PAP. Currently (In first phase) OPA-PDP handles only the pdpHeartbeatIntervalMs and starts a timer for sending STATUS messages periodically. OPA-PDP sends PDP_STATUS response to PDP_UPDATE message.

Example PDP_STATUS response

Code Block
{
  "messageName": "PDP_STATUS",
  "pdpType": "opa",
  "state": "PASSIVE",
  "healthy": "HEALTHY",
  "description": "Pdp Status Response Message For Pdp Update",
  "response": {
    "responseTo": "06f6d05f-6045-48d9-bcd8-40364fb695ae",
    "responseStatus": "SUCCESS",
    "responseMessage": "PDP Update was Successful"
  },
  "policies": null,
  "name": "opa-949018d3-cc9b-429b-96ae-46ca9c314e42",
  "requestId": "e6a0607f-5fc8-4d62-afca-3cb984d827a3",
  "pdpGroup": "opaGroup",
  "pdpSubgroup": "opa",
  "timestampMs": "1731335550030"
}
Note

In Phase-1, OPA-PDP STATUS message will not include predefined policy name and version

  • PAP sends PDP_STATE_CHANGE message

...

In “ACTIVE” state OPA-PDP is in ready state to receive any decision requests

Example PDP_STATUS response for PDP_STATE_CHANGE

Code Block
{
  "messageName": "PDP_STATUS",
  "pdpType": "opa",
  "state": "ACTIVE",
  "healthy": "HEALTHY",
  "description": "Pdp Status Response Message to Pdp State Change",
  "response": {
    "responseTo": "3edbb47c-b015-4fd9-9572-26cde97cc23c",
    "responseStatus": "SUCCESS",
    "responseMessage": "PDP State Changed From PASSIVE TO Active"
  },
  "policies": null,
  "name": "opa-949018d3-cc9b-429b-96ae-46ca9c314e42",
  "requestId": "02b186a6-485d-4392-90fa-d4cac34be97a",
  "pdpGroup": "opaGroup",
  "pdpSubgroup": "opa",
  "timestampMs": "1731335550069"
}

  • Decision Requests are REST requests sent from ONAP components. Below is the format of Decision API request

  • Code Block
    Decision Request 
 {
	"OnapName":      "CDS",
	"OnapComponent": "CDS",
	"OnapInstance":  "CDS-component-instance",
	"RequestId":     "8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1",
	"Policy":        "role/allow",
	"input":         
	  {
	      "user":"alice",
	      "action":"read",
	      "object":"id123",
	      "type":"cat"}
	  }
}


curl -u 'policyadmin:zb!XztG34' -H 'Content-Type: application/json' -H 'Accept: application/json' -d '{"onapName":"CDS","onapComponent":"CDS-component-instance","onapInstance":"CDS","requestId":"8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1","policy":"role/allow","input":{"user":"alice","action":"read","object":"id123","type":"cat"}}' -X POST 
http://0.0.0.0:8282/policy/pdpx/v1/decision