Guard policies are used to limit what operations shall be permitted. These policies are specified in the Policy GUI or restful API and either return "PERMIT" or "DENY" on request.
-There are 2 types of policies, guard policies and blacklist guard policies. The blacklist describes what is not allowed to be permitted and guard policies describe what is allowed to be permitted. Note: as of 1802 release, Policy PDP behaves as a PERMIT overrides fashion so if any policy permits, it will override any denies.
+There are 2 types of policies, guard policies and blacklist guard policies. The blacklist describes what is not allowed to be permitted and guard policies describe what is allowed to be permitted. The Policy PDP behaves in a PERMIT overrides fashion, that is, if any policy permits, it will override any denies.
+
+.. note:: *Limit Functionality*: The determination to deny a request because it has exceeded the limit is based on the number of entries in the **database**.
Creating Guard Policies
^^^^^^^^^^^^^^^^^^^^^^^
.. image:: PolicyGUI_GuardPolicy.png
-.. note:: The Onap Name must be empty for the policy to work. To accomplish this, instead of creating a new policy, **clone** the provided policy first and then **edit** it.
+In a Blacklist policy, the blacklist entries can be entered either manually or imported from an excel sheet. This import option can also be used to delete existing blacklist entries and to add new entries.
-.. warning:: The request does not get denied, even though the number of requests exceeds the limit.
+.. image:: PolicyGUI_BlacklistPolicy.png
API Method
----------
-Use PUT /createPolicy to create a policy.
-The request should be in the following form for regular guard policy:
+To create the policy, use the PUT /createPolicy API. This request uses Basic Access Authentication.
+
+The request should be in the following form for the regular guard policy:
.. code-block:: json
:caption: Regular Guard Policy Creation
}
}
+The request should be in the following form for the Min/Max guard policy:
+
+.. code-block:: json
+ :caption: Min/Max Guard Policy Creation
+ :linenos:
+
+ {
+ "policyClass": "Decision",
+ "policyName": "Test.TestingGUARDMinMaxtest",
+ "policyDescription": "Testing new Min/Max Guard Policy",
+ "onapName": "PDPD",
+ "ruleProvider": "GUARD_MIN_MAX",
+ "attributes": {
+ "MATCHING": {
+ "actor": "SO",
+ "recipe": "scaleOut",
+ "targets" : ".*",
+ "clname" : "test",
+ "min": "1",
+ "max": "5",
+ "guardActiveStart": "05:00:00-05:00",
+ "guardActiveEnd": "23:59:59-05:00"
+ }
+ }
+ }
+
The request should be in the following form for blacklist guard policy:
.. code-block:: json
"actor": "APPC",
"recipe": "Restart",
"target": "test13",
- "clname" : "piptest"
+ "clname" : "piptest",
+ "vfCount" : "4"
},
"onapName": "PDPD"
}
-A response containing a "PERMIT" or "DENY" in uppercase is returned as follows:
+A response containing a “PERMIT” or “DENY” in uppercase is returned as follows:
.. code-block:: json
:caption: Response
}
-
End of Document
+.. SSNote: Wiki page ref. https://wiki.onap.org/display/DW/Creating+and+Using+Guard+Policies
+
+
Code Review / policy / engine.git / blobdiff