Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
{
  "messageName": "PDP_STATUS",
  "pdpType": "opa",
  "state": "PASSIVE",
  "healthy": "HEALTHY",
  "description": "Pdp Status Response Message For Pdp Update",
  "response": {
    "responseTo": "06f6d05f-6045-48d9-bcd8-40364fb695ae",
    "responseStatus": "SUCCESS",
    "responseMessage": "PDP Update was Successful"
  },
  "policies": null,
  "name": "opa-949018d3-cc9b-429b-96ae-46ca9c314e42",
  "requestId": "e6a0607f-5fc8-4d62-afca-3cb984d827a3",
  "pdpGroup": "defaultGroup",
  "pdpSubgroup": "opa",
  "timestampMs": "1731335550030",
  "deploymentInstanceInfo":""
}
Note

In Phase-1, OPA-PDP STATUS message will not include details on predefined policies (policy name and version). It will be assigned to “null”

...

Code Block
{
  "messageName": "PDP_STATUS",
  "pdpType": "opa",
  "state": "ACTIVE",
  "healthy": "HEALTHY",
  "description": "Pdp Status Response Message to Pdp State Change",
  "response": {
    "responseTo": "3edbb47c-b015-4fd9-9572-26cde97cc23c",
    "responseStatus": "SUCCESS",
    "responseMessage": "PDP State Changed From PASSIVE TO Active"
  },
  "policies": null,
  "name": "opa-949018d3-cc9b-429b-96ae-46ca9c314e42",
  "requestId": "02b186a6-485d-4392-90fa-d4cac34be97a",
  "pdpGroup": "defaultGroup",
  "pdpSubgroup": "opa",
  "timestampMs": "1731335550069"
}

Currently OPA policies are pre-loaded in the docker setup.

  • Decision Requests are REST requests sent from ONAP components. Below is the format of Decision API request.

  • API endpoint :- policy/pdpx/v1/decision. Below is the snippet of Decision Request that will be received in Phase-1 .

    Code Block
    Decision Request 
     {
      	"OnapNameonapName": "CDS",
      "onapComponent":  "CDS",
    	  "OnapComponentonapInstance": "CDS",
      	"OnapInstancecurrentDate":  "CDS2024-component11-instance22",
    	  "RequestIdcurrentTime": "2024-11-22T11:34:56Z",
      "timeZone": "8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1UTC",
    	"Policy":  "timeOffset": "+05:30",
      "currentDateTime": "2024-11-22T12:08:00Z",
      "policyName": "roleaction/allow",
      	"input":         
    	  {
    	      "user": "alice",
    	
         "action":"read",
    	      "objectdelete":"id123",
    	
         "type": "dogserver"
    	  }
    }
    
    curl -u 'policyadmin:zb!XztG34' -H 'Content-Type: application/json' -H 'Accept: application/json' --header 'X-ONAP-RequestID:8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1' -d '{"onapName":"CDS","onapComponent":"CDS-component-instance","onapInstance":"CDS", "currentDate": "2024-11-22", "requestIdcurrentTime": "8e6f784e2024-c9cb-42f6-bcc9-edb5d0af1ce1","policy":"role11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "UTC+05:30", "currentDateTime": "2024-11-22T12:08:00Z","policyName":"action/allow","input":{"user":"alice","action":"read","object":"id123delete","type":"catserver"}}' -X POST 
    http://0.0.0.0:8282/policy/pdpx/v1/decision

Decision Response will contain following parameters

Code Block
{
  "decision":"PERMIT",
  "statusCodepolicyName":"200action/allow",

  "statusMessage":"Successful",
OPA Allowed"
}

Currently OPA-PDP will respond with either PERMIT, DENY or INDETERMINATE values .

The policies and data json are currently mounted as files in docker volume for OPA-PDP.

OPA-PDP will also support health check request. The end point for health check is policy/pdpx/v1/healthcheck

Code Block
Request 
curl -u 'policyadmin:zb!XztG34' -H 'Content-Type: application/json' -H 'Accept: application/json' -X GET
http://0.0.0.0:8282/policy/pdpx/v1/healthcheck

Response 
{
  "name": "opa-e007a5f3-28f0-4e0d-84ac-51951550f790",
  "decisionurl":"PERMIT" "self",
  "healthy": true,
  "code": 200,
  "policynamemessage":"role/allow",
   "errorMessage":"",
   "errorDetails":[""],
   "requestId":" "alive"
}

Statistics :Currently we support only following counters and other counters will be set as 0.

  • totalErrorCount

  • permitDecisionsCount

  • denyDecisionsCount

  • totalPolicyTypesCount      

Code Block
Request
curl -u 'policyadmin:zb!XztG34' --header 'X-ONAP-RequestID:8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1' -X GET http://0.0.0.0:8282/policy/pdpx/v1/statistics
StatisticsReport
{ 
  "code":200,
  "denyDecisionsCount":10,
  "deployFailureCount":0,
  "deploySuccessCount":0,
  "indeterminantDecisionsCount":0,
  "permitDecisionsCount":18,
  "totalErrorCount":4,
  "totalPoliciesCount":0,
  "totalPolicyTypesCount":1,
  "undeployFailureCount":0,
  "undeploySuccessCount":0
  }

Health Check API Request/Response

Code Block
Reguest
curl -u 'policyadmin:zb!XztG34' --header 'X-ONAP-RequestID:8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1' -X GET http://0.0.0.0:8282/policy/pdpx/v1/healthcheck
HealthCheckReport
{  
   "code":200,
   "healthy":true,
   "message":"alive",
   "name":"opa-9f0248ea-807e-45f6-8e0f-935e570b75cc",
   "url":"self"
}