...
| Code Block |
|---|
Tosca Definition for OPA
tosca_definitions_version: tosca_simple_yaml_1_1_0
topology_template:
policies:
- native.cell.consistency.opa:
type: onap.policies.native.opa
type_version: 1.0.0
properties:
data:
cell.consistency: eyAgIAogICJhbGxvd2VkQ2VsbElkIiA6IDQ0NTYxMTE5MzI2NTA0MDEyOSwgCiAgIm1pblBDSSI6IDEsIAogICJtYXhQQ0kiOiAzMDAwICAKIH0=
policy:
cell.consistency: cGFja2FnZSBjZWxsLmNvbnNpc3RlbmN5CmRlZmF1bHQgYWxsb3cgPSBmYWxzZQoKIyBSdWxlIHRvIGNoZWNrIGNlbGwgY29uc2lzdGVuY3kKY2hlY2tfY2VsbF9jb25zaXN0ZW5jeSB7CsKgwqDCoCBpbnB1dC5jZWxsICE9IGRhdGEuY2VsbC5jb25zaXN0ZW5jeS5hbGxvd2VkQ2VsbElkCn0KIyBSdWxlIHRvIGFsbG93IGlmIFBDSSBpcyB3aXRoaW4gcmFuZ2UgMS0zMDAwCmFsbG93X2lmX3BjaV9pbl9yYW5nZSB7CsKgwqDCoCBpbnB1dC5QQ0kgPj0gZGF0YS5jZWxsY29uc2lzdGVuY3kubWluUENJCsKgwqDCoCBpbnB1dC5QQ0kgPD0gZGF0YS5jZWxsY29uc2lzdGVuY3kubWF4UENJCn0KIyBNYWluIHJ1bGUgdG8gZGV0ZXJtaW5lIHRoZSBmaW5hbCBkZWNpc2lvbgphbGxvdyB7CsKgwqDCoCBjaGVja19jZWxsX2NvbnNpc3RlbmN5CsKgwqDCoCBhbGxvd19pZl9wY2lfaW5fcmFuZ2UKfQ==
cell.conistency.topology : cGFja2FnZSBjZWxsLmNvbnNpc3RlbmN5LnRvcG9sb2d5CmltcG9ydCByZWdvLnYxCiAKIyBSdWxlIHRvIGNoZWNrIGNlbGwgY29uc2lzdGVuY3kKY2hlY2tfY2VsbF9jb25zaXN0ZW5jeSBpZiB7CiAgICBpbnB1dC5jZWxsICE9IGRhdGEuY2VsbGNvbnNpc3RlbmN5LmFsbG93ZWRDZWxsSWQKfQ==
name: native.cell.consistency.opa
version: 1.0.0
metadata:
policy-id: native.cell.consistency.opa
policy-version: 1.0.0 |
OPA PDP after receiving the message on KAFKA will parse the message, extract policy, perform base64 decoding and deploys the policy to OPA. OPA PDP will send a PDP_STATUS message with the status of policy deployment.
In the above case, OPA-PDP will create following directory structure and store policy and data files. The “.” mentioned in the policy will translate to subdirectories in OPA-PDP pod. This will also ensure each policy is referenced by the main rego file, this will avoid collision in case we have same library file used in multiple main rego files.
The “native” and “opa” keywords will be discarded when creating the directory structure.
Directory structure
| Code Block |
|---|
- /opt/policies
- cell/
- consistency/
- policy.rego // package cell.consistency will be stored here
- topology/
- policy.rego // package cell.consistency.topology will be stored here
- /opt/data
- cell/
- consistency/
- data.json // data will be stored here |
...
| Drawio | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
| Drawio | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...