Versions Compared

Version Old Version 16 New Version Current
Changes made by

Deena Mukundan

Deena Mukundan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Phase-1

Overview

•OPA-PDP will be integrated as a new Policy Engine in the existing ONAP Policy Framework

...

Policy Type

Action

Description

onap.policies.native.opa

native

any client or ONAP component

Tosca template for the opa policy type is as below

Code Block
tosca_definitions_version: tosca_simple_yaml_1_1_0
policy_types:
  onap.policies.Native:
    derived_from: tosca.policies.Root
    description: a base policy type for all native PDP policies
    version: 1.0.0
    name: onap.policies.Native
  onap.policies.native.opa:
    derived_from: onap.policies.Native
    version: 1.0.0
    name: onap.policies.native.opa
    description: a policy type for native opa policies
    properties:
      policy:
        type: string
        type_version: 0.0.0
        description: The rego PolicySet or Policy
        required: true
        metadata:
          encoding: Base64

How OPA-PDP fits in ONAP Policy Framework

...

Code Block
{
  "messageName": "PDP_STATUS",
  "pdpType": "opa",
  "state": "PASSIVE",
  "healthy": "HEALTHY",
  "description": "Pdp Status Response Message For Pdp Update",
  "response": {
    "responseTo": "06f6d05f-6045-48d9-bcd8-40364fb695ae",
    "responseStatus": "SUCCESS",
    "responseMessage": "PDP Update was Successful"
  },
  "policies": null,
  "name": "opa-949018d3-cc9b-429b-96ae-46ca9c314e42",
  "requestId": "e6a0607f-5fc8-4d62-afca-3cb984d827a3",
  "pdpGroup": "defaultGroup",
  "pdpSubgroup": "opa",
  "timestampMs": "1731335550030",
  "deploymentInstanceInfo":""
}
Note

In Phase-1, OPA-PDP STATUS message will not include details on predefined policies (policy name and version). It will be assigned to “null”

...

  • Decision Requests are REST requests sent from ONAP components. Below is the format of Decision API request.

  • API endpoint :- policy/pdpx/v1/decision. Below is the snippet of Decision Request that will be received in Phase-1 .

    Code Block
    Decision Request 
 {
  	"OnapNameonapName": "CDS",
  "onapComponent":  "CDS",
	  "OnapComponentonapInstance": "CDS",
  	"OnapInstancecurrentDate":  "CDS2024-component11-instance22",
	  "PolicycurrentTime": "2024-11-22T11:34:56Z",
  "timeZone": "UTC",
  "role/allowtimeOffset",: 	"input":+05:30",
  "currentDateTime": "2024-11-22T12:08:00Z",
  "policyName": "action/allow",
 	 "input": {
	      "user": "alice",
	 
    "action":"read", 	      "object":"id123"delete",
	
     "type": "dogserver"
	  }
}

curl -u 'policyadmin:zb!XztG34' -H 'Content-Type: application/json' -H 'Accept: application/json' --header 'X-ONAP-RequestID:8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1' -d '{"onapName":"CDS","onapComponent":"CDS-component-instance","onapInstance":"CDS","requestId "currentDate": "2024-11-22", "currentTime": "8e6f784e2024-c9cb-42f6-bcc9-edb5d0af1ce1","policy":"role11-22T11:34:56Z", "timeZone": "UTC", "timeOffset": "UTC+05:30", "currentDateTime": "2024-11-22T12:08:00Z","policyName":"action/allow","input":{"user":"alice","action":"read","object":"id123delete","type":"catserver"}}' -X POST  http://0.0.0.0:8282/policy/pdpx/v1/decision

Decision Response will contain following parameters

Code Block
{
   "statusCode":"200",
   "statusMessage":"Successful",
   "decision":"PERMIT",

  "policynamepolicyName":"roleaction/allow",

  "errorMessagestatusMessage":"",
   "errorDetails":[""],OPA Allowed"
}

Currently OPA-PDP will respond with either PERMIT, DENY or INDETERMINATE values .

...

Code Block
Request 
curl -u 'policyadmin:zb!XztG34' -H 'Content-Type: application/json' -H 'Accept: application/json' -X GET
http://0.0.0.0:8282/policy/pdpx/v1/healthcheck

Response 
{
  "name": "opa-e007a5f3-28f0-4e0d-84ac-51951550f790",
  "url": "self",
  "healthy": true,
  "code": 200,
  "message": "alive"
}

Statistics :Currently we support only following counters and other counters will be set as 0.

  • totalErrorCount

  • permitDecisionsCount

  • denyDecisionsCount

  • totalPolicyTypesCount      

Code Block
Request
curl -u 'policyadmin:zb!XztG34' --header 'X-ONAP-RequestID:8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1' -X GET http://0.0.0.0:8282/policy/pdpx/v1/statistics
StatisticsReport
{ 
  "code":200,
  "denyDecisionsCount":10,
  "deployFailureCount":0,
  "deploySuccessCount":0,
  "indeterminantDecisionsCount":0,
  "permitDecisionsCount":18,
  "totalErrorCount":4,
  "totalPoliciesCount":0,
  "totalPolicyTypesCount":1,
  "undeployFailureCount":0,
  "undeploySuccessCount":0
  }

Health Check API Request/Response

Code Block
Reguest
curl -u 'policyadmin:zb!XztG34' --header 'X-ONAP-RequestID:8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1' -X GET http://0.0.0.0:8282/policy/pdpx/v1/healthcheck
HealthCheckReport
{  
   "code":200,
   "healthy":true,
   "message":"alive",
   "name":"opa-9f0248ea-807e-45f6-8e0f-935e570b75cc",
   "url":"self"
}