Versions Compared

Version Old Version 2 New Version 3
Changes made by

Deena Mukundan

Deena Mukundan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For e.g. consider a sample rego file having following contents

Code Block
package cell.consistencycellconsistency
default allow = false

# Rule to check cell consistency
check_cell_consistency {
    input.cell != "445611193265040129"data.cellconsistency.allowedCellId
}
# Rule to allow if PCI is within range 1-3000
allow_if_pci_in_range {
    input.PCI >= 1data.cellconsistency.minPCI
    input.PCI <= 3000data.cellconsistency.maxPCI
}
# Main rule to determine the final decision
allow {
    check_cell_consistency
    allow_if_pci_in_range
}

data.json

Code Block
{   
  "allowedCellId" : 445611193265040129, 
  "minPCI": 1, 
  "maxPCI": 3000  
 }

In the tosca template the rego contents will be encoded and added in policy field

Code Block
tosca_definitions_version: tosca_simple_yaml_1_1_0
topology_template:
    policies:
        - native.

...

cellconsistency.

...

opa:
              type: onap.policies.native.opa
              type_version: 1.0.0
              properties:
                  policy:

...

cGFja2FnZSBjZWxsY29uc2lzdGVuY3kKZGVmYXVsdCBhbGxvdyA9IGZhbHNlCiMgUnVsZSB0byBjaGVjayBjZWxsIGNvbnNpc3RlbmN5CmNoZWNrX2NlbGxfY29uc2lzdGVuY3kgewogICAgaW5wdXQuY2VsbCAhPSBkYXRhLmNlbGxjb25zaXN0ZW5jeS5hbGxvd2VkQ2VsbElkCn0KIyBSdWxlIHRvIGFsbG93IGlmIFBDSSBpcyB3aXRoaW4gcmFuZ2UgMS0zMDAwCmFsbG93X2lmX3BjaV9pbl9yYW5nZSB7CiAgICBpbnB1dC5QQ0kgPj0gZGF0YS5jZWxsY29uc2lzdGVuY3kubWluUENJCiAgICBpbnB1dC5QQ0kgPD0gZGF0YS5jZWxsY29uc2lzdGVuY3kubWF4UENJCn0KIyBNYWluIHJ1bGUgdG8gZGV0ZXJtaW5lIHRoZSBmaW5hbCBkZWNpc2lvbgphbGxvdyB7CiAgICBjaGVja19jZWxsX2NvbnNpc3RlbmN5CiAgICBhbGxvd19pZl9wY2lfaW5fcmFuZ2UKfQo=
              name: native.

...

cellconsistency.opa
              version: 1.0.0
              metadata:
                  policy-id:

...

native.cellconsistency.

...

opa
                  policy-version: 1.0.0

OPA PDP after receiving the message on KAFKA will parse the message, extract policy, perform base64 decoding and deploys the policy to OPA. OPA PDP will send a PDP_STATUS message with the status of  policy deployment.

...