OPA Decision Output
- Deena Mukundan
Analytics
OPA supports sending structured response to OPA request. As we are supporting OPA in the native form. In the Phase-1, OPA-PDP used to translate the OPA-SDK decision response to DENY, PERMIT and INDETERMINATE. In order to support OPA in the native form, it was decided to remove the above mentioned decision response and forward the output from OPA-SDK directly in the Decision Response based on the “policy filter” provided in the Decision request. If the policy filter is provided in the decision request, OPA-PDP will provide filtered response. 'policyFilter” is a list of filter values, we can specify multiple filters for which output is required. In case user wants to see the output only, then package name should be mentioned in the “policyName” field.
Below is an example of the policy rego file
package abac
import rego.v1
default allow := false
allow if {
viewable_sensor_data
action_is_read
}
action_is_read if "read" in input.actions
viewable_sensor_data contains view_data if {
some sensor_data in data.abac.sensor_data
sensor_data.timestamp >= input.time_period.from
sensor_data.timestamp < input.time_period.to
view_data := {datatype: sensor_data[datatype] | datatype in input.datatypes}
}
Below is the example of request where output is required instead of decision.
Decision Request
{
"onapName": "CDS",
"onapComponent": "CDS",
"onapInstance": "CDS",
"currentDate": "2024-11-22",
"currentTime": "2024-11-22T11:34:56Z",
"timeZone": "UTC",
"timeOffset": "+05:30",
"currentDateTime": "2024-11-22T12:08:00Z",
"policyName": "abac",
"policyFilter" : ["viewable_sensor_data"]
"input": {
"actions": ["write"],
"datatypes": ["location","temperature","precipitation","windspeed"],
"time_period": {"from": "2024-02-27","to": "2024-02-29"}
}
}
curl -u 'policyadmin:zb!XztG34' -H 'Content-Type: application/json' -H 'Accept: application/json' --header 'X-ONAP-RequestID:8e6f784e-c9cb-42f6-bcc9-edb5d0af1ce1' -d '{"onapName":"CDS","onapComponent":"CDS","onapInstance":"CDS","currentDate": "2024-11-22","policyName":"abac", "policyFilter": ["viewable_sensor_data"], "input":{"actions": ["write"],"datatypes": ["location","temperature","precipitation","windspeed"],"time_period": {"from": "2024-02-27","to": "2024-02-29"}}}' -X POST http://policy-opa-pdp:8282/policy/pdpx/v1/decision
Decision Response
{
"output": {
"viewable_sensor_data": [
{
"location": "Galle",
"precipitation": "500 mm",
"temperature": "35 C",
"windspeed": "7.2 m/s"
},
{
"location": "Jaffna",
"precipitation": "300 mm",
"temperature": "-5 C",
"windspeed": "3.8 m/s"
},
{
"location": "Nuwara Eliya",
"precipitation": "600 mm",
"temperature": "25 C",
"windspeed": "4.0 m/s"
},
{
"location": "Trincomalee",
"precipitation": "1000 mm",
"temperature": "20 C",
"windspeed": "5.0 m/s"
}
]
},
"policyName": "abac",
}