OCNRF Configuration REST APIs

Service API Interfaces

This section lists the API interface details for each OCNRF services.

Table 6-1 Service API Interfaces

Resource Name	Resource URI	HTTP Method	Data Model for Request	Data Model for Response	Description
ocnrfConfigurations	{apiRoot}/nrf-configuration/v1/	GET	Not applicable	ocnrfConfigurations	Retrieve all of the OCNRF configurations in single GET request. This includes all Options and NFScreeningRules.
generalOptions	{apiRoot}/nrf-configuration/v1/generalOptions	GET	Not applicable	generalOptions	Retrieve OCNRF general options configuration.
generalOptions	{apiRoot}/nrf-configuration/v1/generalOptions	PUT	generalOptions	generalOptions	Updates OCNRF general options configuration.
nfScreeningOptions	{apiRoot}/nrf-configuration/v1/nfScreeningOptions	GET	Not applicable	nfScreeningOptions	Retrieve OCNRF NF Screening options configuration.
nfScreeningOptions	{apiRoot}/nrf-configuration/v1/nfScreeningOptions	PUT	nfScreeningOptions	nfScreeningOptions	Updates OCNRF NF Screening options configuration.
nfManagementOptions	{apiRoot}/nrf-configuration/v1/nfManagementOptions	GET	Not applicable	nfManagementOptions	Retrieve OCNRF NF Management options configuration.
nfManagementOptions	{apiRoot}/nrf-configuration/v1/nfManagementOptions	PUT	nfManagementOptions	nfManagementOptions	Updates OCNRF NF Management options configuration.
nfDiscoveryOptions	{apiRoot}/nrf-configuration/v1/nfDiscoveryOptions	GET	Not applicable	nfDiscoveryOptions	Retrieve OCNRF NF Discovery options configuration.
nfDiscoveryOptions	{apiRoot}/nrf-configuration/v1/nfDiscoveryOptions	PUT	nfDiscoveryOptions	nfDiscoveryOptions	Updates OCNRF NF Discovery options configuration.
nfAccessTokenOptions	{apiRoot}/nrf-configuration/v1/nfAccessTokenOptions	GET	Not applicable	nfAccessTokenOptions	Retrieve OCNRF NF AccessToken options configuration.
nfAccessTokenOptions	{apiRoot}/nrf-configuration/v1/nfAccessTokenOptions	PUT	nfAccessTokenOptions	nfAccessTokenOptions	Updates OCNRF NF AccessToken options configuration.
forwardingOptions	{apiRoot}/nrf-configuration/v1/forwardingOptions	GET	Not applicable	forwardingOptions	Retrieve OCNRF Forwarding options configuration.
forwardingOptions	{apiRoot}/nrf-configuration/v1/forwardingOptions	PUT	forwardingOptions	forwardingOptions	Updates OCNRF Forwarding options configuration.
slfOptions	{apiRoot}/nrf-configuration/v1/slfOptions	GET	Not applicable	slfOptions	Retrieve OCNRF SLF options configuration.
slfOptions	{apiRoot}/nrf-configuration/v1/slfOptions	PUT	slfOptions	slfOptions	Updates OCNRF SLF options configuration.
geoRedundancyOptions	{apiRoot}/nrf-configuration/v1/geoRedundancyOptions	GET	Not applicable	geoRedundancyOptions	Retrieve OCNRF Geo Redundancy options configuration.
geoRedundancyOptions	{apiRoot}/nrf-configuration/v1/geoRedundancyOptions	PUT	geoRedundancyOptions	geoRedundancyOptions	Updates OCNRF Geo Redundancy options configuration.
nfAuthenticationOptions	{apiRoot}/nrf-configuration/v1/nfAuthenticationOptions	GET	Not applicable	nfAuthenticationOptions	Retrieve OCNRF NF Authentication options configuration.
nfAuthenticationOptions	{apiRoot}/nrf-configuration/v1/nfAuthenticationOptions	PUT	nfAuthenticationOptions	nfAuthenticationOptions	Updates OCNRF NF Authentication options configuration.
logLevelOptions	{apiRoot}/nrf-configuration/v1/logLevelOptions	GET	Not applicable	logLevelOptions	Retrieve OCNRF Log Level options configuration.
logLevelOptions	{apiRoot}/nrf-configuration/v1/logLevelOptions	PUT	logLevelOptions	logLevelOptions	Updates OCNRF Log Level options configuration.
screening-rules	{apiRoot}/nrf-configuration/v1/screening-rules	GET	Not applicable	ScreeningRulesResult	Returns all the screening rules.
screening-rules	{apiRoot}/nrf-configuration/v1/screening-rules	GET	nfScreeningRulesListType or/and nfScreeningRulesListStatus	ScreeningRulesResult	Returns screening rules corresponding to the specified NF Screening Rule List Type. Query:- {apiRoot}/nrf-configuration/v1/screening-rules?nfScreeningRulesListStatus=<NfScreeningRulesListStatus> &nfScreeningRulesListType=<NfScreeningRulesListType>
screening-rules	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PUT	NfScreeningRules	NfScreeningRules	Replace the complete specified NF Screening Rule List Type.
screening-rules	{apiRoot}/nrf-configuration/v1/screening-rules/{nfScreeningRulesListType}	PATCH	PatchDocument	NfScreeningRules	Partially updates the specified NF Screening Rule List Type (except read only attributes).

Responses Supported by Service API Interfaces

Table 6-2 Response Body

Data Type	Presence	Cardinality	Response Codes	Description
ProblemDetails	C	1	500 Internal Server Error	Internal error occurred while processing the service API.
ProblemDetails	C	1	400 Bad Request	JSON body sent by client is not correct according to data model defined.
As per Data Model Defined	C	1	200 OK	Response body contains the store values currently with OCNRF.

Common Data types and Data Models

Common data types

Table 6-3 Common Data Types

DataType	Reference
NFType	3GPP TS 29.510
NFServiceVersion	3GPP TS 29.510
UriScheme	3GPP TS 29.510
Fqdn	3GPP TS 29.510
Ipv6Addr	3GPP TS 29.571
Ipv4Addr	3GPP TS 29.571
Ipv4AddressRange	3GPP TS 29.510
PlmnId	3GPP TS 29.571
Uri	3GPP TS 29.571
IpEndPoint	3GPP TS 29.510
NFType	3GPP TS 29.510
ProblemDetails	3GPP TS 29.571

Table 6-4 NfConfig

Attribute	DataType	Presence	Description
apiVersions	array (NFServiceVersion)	M	API Version of NF
scheme	UriScheme	M	URI schema supported by NF
fqdn	Fqdn	M	FQDN of NF
port	integer	O	Port of NF default value: 80 if scheme is HTTP, 443 if scheme is HTTPS
apiPrefix	string	O	ApiPrefix
priority	integer	M	Priority of NF
nfInstanceId	string	M	NF Instance Id of NF

Table 6-5 ErrorInfo

Attribute	DataType	Presence	Description
errorCondition	ErrorCondition	ReadOnly	Error Conditions
responseCode	integer	M	This response code is used when corresponding error condition occurs.
errorResponse	string	M	This response description is used when corresponding error condition occurs.
retryAfter	string	C	The attribute indicates the time interval after which the NF shall retry the request. retryAfter header by the OCNRF will be added only for responseCodes - 503, 413, 429, 3xx The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively. Range: 60s-1h Default Value: 5m
redirectUrl	string	C	The attribute indicates the NF to redirect its request to this uri. location header by the OCNRF will be added only responseCodes - 3xx. redirectUrl should be in URI format. It is mandatory to configure redirectUrl when responseCodes configured.

Table 6-6 ErrorCondition

ErrorCondition	Description
SLF_Missing_Mandatory_Parameters	SLF mandatory parameters are missing
SLF_Not_Reachable	SLF is not reachable from OCNRF
SLF_Subscriber_Not_Provisioned	Subscriber not provisioned in SLF
SLF_OAuthToken_Failure	SLF OauthToken Failure Occurred
NRF_Not_Reachable	NRF not reachable
NRF_Forwarding_Loop_Detection	Loop Detected
RequesterNf_Unauthorized	RequesterNfType is not authorized to receive access token for the targetNfType
Nf_Fqdn_Authentication_Failure	Consumer NF authentication using FQDN failed
Invalid_Key_Details	Configured Key ID details are invalid and cannot be used
Current_Key_Id_Not_Configured	Current Key ID is not configured

Table 6-7 ResponseHttpStatusCodes

Attribute	DataType	Description
pattern	string	Either pattern or codeList is present
codeList	array (integer)	Either pattern or codeList is present

Table 6-8 ScreeningRulesResult

Attribute name	DataType	Presence	Cardinality	Description
nfScreeningRulesList	array (NfScreeningRules)	M	0..N	It contains an array of NF Screening List. An empty array means there is no NF Screening list configured.

General Options

Configuration Example

API:- {apiRoot}/nrf-configuration/v1/generalOptions

Method: PUT

Content Type: application/json

Body:

{
    "nrfPlmnList": [{
        "mcc": "310",
        "mnc": "14"
    }],
    "ocnrfHost": "ocnrf-ingressgateway.ocnrf.svc.cluster.local",
    "ocnrfPort": 80,
    "enableF3": true,
    "enableF5": true,
    "maximumHopCount": 3,
    "defaultLoad": 5,
    "defaultPriority": 100,
    "defaultPriorityAssignment": false,
    "defaultLoadAssignment": false
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. Atleast one attribute must be included during PUT request.
nrfPlmnList, ocnrfHost and ocnrfPort are mandatory values to be configured before using OCNRF.

Table 6-9 GeneralOptions

Attribute Name	DataType	Constraints	Default Value	Description
nrfPlmnList	array (PlmnId)			This value will have at least one PLMN supported by OCNRF and this value shall be set before using OCNRF.
ocnrfHost	string	None	ocnrf-ingressgateway.ocnrf.svc.cluster.local	ocnrfHost needs to be OCNRF's External Routable FQDN (for example, ocnrf.oracle.com) OR External Routable IpAddress (for example, 10.75.212.60) OR for routing with in the same K8 cluster use full OCNRF Ingress Gateway's Service FQDN as below format: `<helm-releasename>- ingressgateway.<n amespace>.svc.<cluster-domainname>` Example: `ocnrfingressgateway.nrf-1.svc.cluster.local` where ocnrf: is the helm release name (deployment name that will be used during "helm install") nrf-1: is the namespace in which NRF will be deployed cluster.local: is the K8's dnsDomain name (dnsDomain can be found using `kubectl -n kube-system get configmap kubeadmconfig -o yaml \| grep -i dnsDomain`) This value is used in UriList of NfListRetrieval Service Operation response.
ocnrfPort	integer	None	80	OCNRF Host's Port
enableF3	boolean	true or false	true	OCNRF functions as per 29510 v15.3 specification, if this flag is set to true. If it is set to true, then OCNRF will compliant to 29510 v15.3. If it is set to false, OCNRF will compliant to 29510 v15.2.
enableF5	boolean	true or false	true	OCNRF functions as per 29510 v15.5 specification, if this flag is set to true. If it is set to false, OCNRF functions as per 29510 v15.2 or v15.3 specification (depends on enableF3 flag).
defaultLoad	integer	0 - 100	5	defaultLoad value is set in NF load attribute of NFProfile, if this attribute is set to true. This value is sent in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have load attribute.
defaultPriority	integer	0 - 65535	100	This attribute is default value of NF Priority and will be used if NFProfile does not have priority attribute set by NF.
defaultLoadAssignment	boolean	true or false	false	Value of default NF load will be set in NF Load attribute of NFProfile while sending in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have Load attribute.
defaultPriorityAssignment	boolean	true or false	false	Value of default NF Priority will be set in NF Priority attribute of NFProfile while sending in NFDiscover response and NFProfile sent in NFNotify operation, in case NFProfile does not have Priority attribute.
maximumHopCount	integer	1-5	3	Maximum number of Nodes (SLF/NRF's) that OCNRF can communicate, to service a request.

NF Screening Options

Configuration Example

API:- {apiRoot}/nrf-configuration/v1/nfScreeningOptions

Method: PUT

Content Type: application/json

Body:

{
   "featureStatus": "DISABLED",
   "responseCode": 403
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. At-least one attribute shall be included during PUT request.

Table 6-10 nfScreeningOptions

Attribute Name	DataType	Constraints	Default Value	Description
featureStatus	string	ENABLED DISABLED	DISABLED	This attribute indicates if NF Screening Feature is enabled or not globally
responseCode	integer		403	This attribute indicates HTTP status code which will be returned if incoming request does not qualify NF Screening rules

Attribute Name

DataType

Constraints

Default Value

Description

featureStatus

string

ENABLED

DISABLED

This attribute indicates if NF Screening Feature is enabled or not globally

responseCode

integer

403

This attribute indicates HTTP status code which will be returned if incoming request does not qualify NF Screening rules

NF Management Options

Configuration Example

API:- {apiRoot}/nrf-configuration/v1/nfManagementOptions

Method: PUT

Content Type: application/json

Body:

{
    "nfHeartBeatTimers": [{
            "nfType": "ALL_NF_TYPE",
            "minHbTimer": "30s",
            "maxHbTimer": "5m",
            "defaultHbTimer": "30s",
            "nfHeartBeatMissAllowed": 3
        },
        {
            "nfType": "AMF",
            "minHbTimer": "10s",
            "maxHbTimer": "120s",
            "defaultHbTimer": "20s",
            "nfHeartBeatMissAllowed": 1
        }
    ],
    "nfNotifyLoadThreshold": 5,
    "nrfSupportForProfileChangesInResponse": true,
    "defaultSubscriptionValidityTime": "24h",
    "nrfSupportForProfileChangesInNotification": false,
    "nfProfileSuspendDuration": "168h",
    "acceptAdditionalAttributes": false,
    "allowDuplicateSubscriptions": true
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. At-least one attribute shall be included during PUT request.

Table 6-11 nfManagementOptions

Attribute Name	DataType	Constraints	Default Values	Description
nfHeartbeatTimers	array (HeartbeatInfo)	See HeartbeatInfo table for details		This attribute is used to configure the heartbeat related information of the NF. It allows to configure the heartbeat information per NFType. By default, the nfHeartbeatTimer information for ALL_NF_TYPE is present.
nfNotifyLoadThreshold	integer	0 - 99	5	OCNRF generates the Notification trigger when difference between the 'load' value reported by NF in most recent heartbeat and the last reported ‘load’ is more than configured value of nfNotifyloadThreshold attribute.
nrfSupportForProfileChangesInResponse	boolean	true or false	true	OCNRF sends mandatory and modified attributes in the NFRegister and NFUpdate responses instead of complete profile, if this flag is enabled.
defaultSubscriptionValidityTime	string	10s - 720h	24h	If Validity time attribute is not received in SubscriptionData during NFStatusSubscribe, this default value will be used for calculation of validity time (current time + default duration). If Validity time attribute is received in SubscriptionData during NFStatusSubscribe, this is minimum value will be used for validation and limit purpose. It means if value provided is less than (current time + minimum possible range value), then minimum range value will be considered as validity time for subscription and similarly in case validity time is more than (current time + maximum possible range value), then maximum range value will be considered as validity time for subscription. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
nrfSupportForProfileChangesInNotification	boolean	true or false	false	OCNRF sends profileChanges attribute instead of NFProfile in Notification, if this flag is enabled.
nfProfileSuspendDuration	string	10s - 744h	168h	Indicates the duration for which the NF is suspended, before it is deleted from OCNRF database. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes and seconds respectively.
acceptAdditionalAttributes	boolean	true or false	false	OCNRF preserves additional attributes that are not defined by 3GPP in NFProfile/NFService based on this attribute value.
allowDuplicateSubscriptions	boolean	true or false	true	This attribute specifies if OCNRF should allow duplicate Subscriptions to be created or not. Note: In case duplicate subscriptions are not allowed and this flag is marked as false, there will be performance degradation around 50% during NFStatusSubscribe service operation.

HeartbeatInfo

Table 6-12 HeartbeatInfo

Attribute	DataType	Constraints	Description
nfType	string	NFType	All nftypes supported in 29.510 Rel 15.5. In addition to this, ALL_NF_TYPE and CUSTOM_NF_TYPE shall also be supported. ALL_NF_TYPE is the NF Type to be used to specify the default configuration that is to be used when nfType specific configuration is not present. Notes: By Default record will pre-loaded for ALL_NF_TYPE. See table "Table 6-13" for details ALL_NF_TYPE element can't be deleted CUSTOM_NF_TYPE is the NFType to be used to specify the configuration for custom NF types
minHbTimer	string	10s-24h	The minimum HeartbeatTimer allowed for the NF The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
maxHbTimer	string	10s-24h	The maximum HeartbeatTimer allowed for the NF. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
defaultHbTimer	string	minHbTimer and maxHbTimer attributes	This default heartBeatTimer value to be used when the network functions does not provide the heartBeatTimer value in NFProfile. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
nfHeartbeatMissAllowed	Integer	0-15	The allowed number of missed HeartBeat(s) after which the NFProfile is marked as suspended. If the value is set to 0, NF profiles for which even single heartbeat is missed will be marked as suspended.

Table 6-13 HeartbeatInfo Default Loaded Data

Attribute	Default Loaded Value
nfType	ALL_NF_TYPE
minHbTimer	30s
maxHbTimer	5m
defaultHbTimer	30s
nfHeartbeatMissAllowed	3

NF Discovery Options

Configuration Example

API:- {apiRoot}/nrf-configuration/v1/nfDiscoveryOptions

Method: PUT

Content Type: application/json

Body:

{
  "profilesCountInDiscoveryResponse": 3,
  "discoveryResultLoadThreshold": 0,
  "discoveryValidityPeriodCfg": [        {
            "nfType": "ALL_NF_TYPE",
            "validityPeriod": "1h"
        },
         {
            "nfType": "AMF",
            "validityPeriod": "3h"
         },
         {
            "nfType": "CUSTOM_NF_TYPE",
            "validityPeriod": "2h"
         }
    ]
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. At-least one attribute shall be included during PUT request.

Table 6-14 nfDiscoveryOptions

Attribute Name	DataType	Constraints	Default Values	Description
profilesCountInDiscoveryResponse	integer	0 - 20	3	This value restricts NF profile count in NFDiscover response. If value of this attribute is 0, it means this functionality is disabled, in that case all of the NF profiles after the discovery filtering will be returned in NFDiscover response. Note: If Limit attribute is present in SearchData URI, then this attribute is not used.
discoveryResultLoadThreshold	integer	0 - 100	0	This configuration is used to select out profiles from discovery response whose load is more than the configured value. NFDiscover response contains NF profiles with load attribute value less than or equal to this configured value. Value 0 indicates this feature is disabled.
discoveryValidityPeriodCfg	array (DiscoveryValidityPeriodCfg)	See DiscoveryValidityPeriodCfg table for details		This attribute mentions the validity period of a discovery request for a specific target-nf-type after which requester NF must perform discovery again to get the latest values. By default, the validityPeriod information for ALL_NF_TYPE is present.

Attribute Name

DataType

Constraints

Default Values

Description

profilesCountInDiscoveryResponse

integer

0 - 20

3

This value restricts NF profile count in NFDiscover response.

If value of this attribute is 0, it means this functionality is disabled, in that case all of the NF profiles after the discovery filtering will be returned in NFDiscover response.

Note: If Limit attribute is present in SearchData URI, then this attribute is not used.

discoveryResultLoadThreshold

integer

0 - 100

0

This configuration is used to select out profiles from discovery response whose load is more than the configured value. NFDiscover response contains NF profiles with load attribute value less than or equal to this configured value. Value 0 indicates this feature is disabled.

discoveryValidityPeriodCfg

array (DiscoveryValidityPeriodCfg)

See DiscoveryValidityPeriodCfg table for details

This attribute mentions the validity period of a discovery request for a specific target-nf-type after which requester NF must perform discovery again to get the latest values.

By default, the validityPeriod information for ALL_NF_TYPE is present.

Table 6-15 DiscoveryValidityPeriodCfg

Attribute	DataType	Constraints	Description
nfType	string	NFType	All nftypes supported in 29.510 Rel 16.3.0. In addition to this, ALL_NF_TYPE and CUSTOM_NF_TYPE shall also be supported. ALL_NF_TYPE is the NF Type to be used to specify the default configuration that is to be used when nfType specific configuration is not present. Notes: By Default record will pre-loaded for ALL_NF_TYPE. See table "NfTypeValidityPeriod Loaded Data" for details ALL_NF_TYPE element can't be deleted. CUSTOM_NF_TYPE is the NFType to be used to specify the configuration for custom NF types
validityPeriod	string	0s - 720h	This attribute mentions the validity period of a discovery request of a specific target-nf-type after which requester NF must perform discovery again to get the latest values. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.

Attribute

DataType

Constraints

Description

nfType

string

NFType

All nftypes supported in 29.510 Rel 16.3.0.

In addition to this, ALL_NF_TYPE and CUSTOM_NF_TYPE shall also be supported.

ALL_NF_TYPE is the NF Type to be used to specify the default configuration that is to be used when nfType specific configuration is not present.

Notes:

By Default record will pre-loaded for ALL_NF_TYPE. See table "NfTypeValidityPeriod Loaded Data" for details
ALL_NF_TYPE element can't be deleted.
CUSTOM_NF_TYPE is the NFType to be used to specify the configuration for custom NF types

validityPeriod

string

0s - 720h

This attribute mentions the validity period of a discovery request of a specific target-nf-type after which requester NF must perform discovery again to get the latest values. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.

Table 6-16 NfTypeValidityPeriod Loaded Data

Attribute	Default Loaded Value
nfType	ALL_NF_TYPE
validityPeriod	1h

NF Access Token Options

Configuration Example

API:- {apiRoot}/nrf-configuration/v1/nfAccessTokenOptions

Method: PUT

Content Type: application/json

Body:

{
   "oauthTokenExpiryTime": "1h",
   "authorizeRequesterNf": "ENABLED",
   "logicalOperatorForScope": "AND",
   "audienceType": "NF_INSTANCE_ID",
   "authFeatureConfig": {
      "featureStatus": "DISABLED",
      "authRulesConfig": [
            {
               "targetNfType":"PCF",
               "requesterNfType":"AMF",
               "serviceNames":[
                  "npcf-am-policy-control",
                  "npcf-eventexposure"   
               ]
            },
            {
               "targetNfType":"UDM",
               "requesterNfType":"AMF",
               "serviceNames":[
                  "*"
               ]
            }
         ],
      "errorResponses": [{
         "errorCondition": "RequesterNf_Unauthorized",
         "responseCode": 400,
         "errorResponse": "The Consumer NfType is not authorized to receive access token for the requested Nftype.",
         "retryAfter": "5m",
         "redirectUrl": ""
     }]
   },
   "tokenSigningDetails": {
        "currentKeyID": "a14ef8e1bc5c",
        "addkeyIDInAccessToken": true,
        "defaultK8SecretDetails": {
            "k8SecretName": "ocnrf",
            "k8SecretNameSpace": "ocnrf"
        },
        "keyDetailsList": [
            {
                "keyID": "a14ef8e1bc5c",
                "algorithm": "ES256",
                "privateKey": {
                    "k8SecretName": "ocnrf",
                    "k8SecretNameSpace": "ocnrf",
                    "fileName": "ec_private_key_pkcs8.pem"
                },
                "certificate": {
                    "k8SecretName": "ocnrf",
                    "k8SecretNameSpace": "ocnrf",
                    "fileName": "ecdsa_ocnrfapigatewayTestCA.cer"
                }
            }
        ]
    },
   "errorResponses": [
        {
            "errorCondition": "Invalid_Key_Details",
            "responseCode": 500,
            "errorResponse": "Configured Key ID details are invalid and cannot be used",
            "retryAfter": "5m",
            "redirectUrl": ""
        },
        {
            "errorCondition": "Current_Key_Id_Not_Configured",
            "responseCode": 500,
            "errorResponse": "Current Key ID is not configured",
            "retryAfter": "5m",
            "redirectUrl": ""
        }
    ]
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. At-least one attribute shall be included during PUT request.

Table 6-17 nfAccessTokenOptions

Attribute Name	DataType	Constraints	Default Values	Description
oauthTokenExpiryTime	string	1s - 168h	1h	Oauth token expiry time. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes and seconds respectively. Note: In case OCNRF signed certificate expiry duration is less than this attribute, then certificate expiry duration is used in Access Token Expiry Time.
authorizeRequesterNf	string	ENABLED, DISABLED	ENABLED	This attribute validates the requester NF is registered with OCNRF or not. OCNRF issue the access token only to the registered requester NFs. If NF is registered, then check if NFtype in Access Token Request is same as in NF profile registered with NRF and requesterPlmn received in the Access Token Request request is same as Registered Profile. If the value is Disabled, OCNRF will issue token to non-registered NFs as well.
audienceType	string	NF_INSTANCE_ID, NF_TYPE	NF_INSTANCE_ID	This value decides the AudienceType in AccessTokenClaim. OCNRF considers this value only if targetnfInstanceId is not received in AccessTokenRequest. NF_INSTANCE_ID - NF Instance Id(s) in audience IE of AccessTokenClaim NF_TYPE - NF Type in audience IE of AccessTokenClaim
logicalOperatorForScope	string	AND, OR	AND	This value will decide whether values in scope will have relationship AND or OR. If value is AND, while looking for producer network function profiles, token will be issued for profiles matching all the services-names present in scope. If value is OR, token will be issued for profiles matching any of the services-names present in scope.
authFeatureConfig	AuthFeatureConfig	See AuthFeatureConfig table for details		The attribute contains the parameters required to enable and configure NfAccessToken Authorization Feature
tokenSigningDetails	TokenSigningDetails	See TokenSigningDetails for details	null (None of token signing details are configured)	This attribute allows user to configure all of the details required to sign the token generated by OCNRF
errorResponses	array(ErrorInfo)	See table Preloaded Values for details		This attribute allows user to update details for different error conditions

Table 6-18 PreLoaded records for errorResponses

errorCondition	responseCode	errorResponse	retryAfter	redirectUrl
Invalid_Key_Details	500	Configured Key ID details are invalid and cannot be used	5m
Current_Key_Id_Not_Configured	500	Current Key ID is not configured	5m

AuthFeatureConfig

Table 6-19 AuthFeatureConfig

Attribute	Data Type	Constraints	Default Value	Description
featureStatus	string	ENABLED, DISABLED	DISABLED	Enables/Disables the NfAccessToken Authorization Feature.
authRulesConfig	array (AuthConfig)			The attribute defines a mapping across Requester NF Type, Target NF Type and the allowed Services. This attribute should be configured if the authFeatureStatus is set to 'ENABLED' Refer Note.
errorResponses	array (ErrorInfo)		See PreLoaded records for AuthFeatureConfig errorResponses below	This attribute defines the error responses which may be sent during NRF AccessToken Authorization failure scenarios. This attribute will allow to update the error response code and error response description. This attribute should be configured if the authFeatureStatus is set to 'ENABLED'. By default, the RequesterNF_Unauthorized condition shall be preloaded. Refer Note.

Attribute

Data Type

Constraints

Default Value

Description

featureStatus

string

ENABLED,

DISABLED

Enables/Disables the NfAccessToken Authorization Feature.

authRulesConfig

array (AuthConfig)

The attribute defines a mapping across Requester NF Type, Target NF Type and the allowed Services.

This attribute should be configured if the authFeatureStatus is set to 'ENABLED'

Refer Note.

errorResponses

array (ErrorInfo)

See PreLoaded records for AuthFeatureConfig errorResponses below

This attribute defines the error responses which may be sent during NRF AccessToken Authorization failure scenarios.

This attribute will allow to update the error response code and error response description.

This attribute should be configured if the authFeatureStatus is set to 'ENABLED'.

By default, the RequesterNF_Unauthorized condition shall be preloaded.

Refer Note.

Table 6-20 PreLoaded records for AuthFeatureConfig errorResponses

errorCondition	responseCode	errorResponse	retryAfter	redirectUrl
RequesterNf_Unauthorized	400	The RequesterNfType is not authorized to receive access token for the targetNfType.	5m

Note:

The attributes featureStatus, authRulesConfig and errorResponses can be configured in any order and independently. However, when the feature is enabled, it is expected that the authRulesConfig is already configured previously or present in the current request.

Table 6-21 AuthConfig

Attribute	Datatype	Constraints	Description
targetNfType	string	NFType	The attribute defines the NF Type of the target NF.
requesterNfType	string	NFType	The attribute defines the NF Type of the requester NF that is authorized to access the target NF Type and its services.
serviceNames	array(string)	None	This attribute defines the NF services that is authorized to be accessed by the requester NF type. The value "" shall indicate that all the services are authorized to be accessed the requester NF Type. If "" is to be used, The services shall contain only a single entry in the list with this value.

Note:

All values of this structure are mandatory to be configured all together.

Table 6-22 TokenSigningDetails

Attribute	Datatype	Constraints	Description
currentKeyID	string	Mandatory attribute for Access Token Service to work. Once currentKeyID is configured, this value cannot be null. Newly added KeyID details can be used after values are validated by OCNRF. Newly added KeyID cannot be configured as currentKeyID in same request.	Key ID value corresponding to which token signing details used to sign the token.
addkeyIDInAccessToken	boolean	true, false. (default: false) Value for this attribute cannot be set to true if currentKeyID is not set.	Value of this attribute decides that KeyID value can be added in AccessToken Response or not. If value is true, then currentKeyID value will be added in AccessToken Response. If value is false, then value will not be added in AccessToken Response.
defaultK8SecretDetails	DefaultK8SecretDetails	See DefaultK8SecretDetails table for details. This value is mandatory in case secret namespace and secret name of any individual key details are not configured.	This attribute decides the default K8 secret details and these details value are used in case individual key details for secret name and secret namespace are not configured.
keyDetailsList	array(OauthKeyDetails)	See OauthKeyDetails table for details. In case any of key details need to be modified, then complete keyDetailList is used for updates. Change of specific keyId detail is not supported. Maximum 25 key details can be configured.	This attribute provides details of oauth key details which is used by OCNRF to sign the token. Added Keys status can be get using OCNRF configuration status REST APIs. Any key id details cannot be removed if it is getting used as currentKeyID.

Table 6-23 DefaultK8SecretDetails

Attribute	Datatype	Constraints	Description
k8SecretName	string	Mandatory if Default K8 secret Details are configured. Both k8SecretName and k8SecretNameSpace are configured together.	Default Kubernetes secret name
k8SecretNameSpace	string	Mandatory if Default K8 secret Details are configured. Both k8SecretName and k8SecretNameSpace are configured together.	Default Kubernetes secret namespace

Table 6-24 OauthKeyDetails

Attribute	Datatype	Constraints	Description
keyID	string	Mandatory attribute, keyID length shall not exceed 36 characters	Unique value in list of keys. Key Details are known by this value.
algorithm	string	Mandatory attribute, algorithm can be only ES256 and RS256	algorithm value will be used to sign the oauth token.
privateKey	OauthSecretFiles	Mandatory attribute, see OauthSecretFiles for details	OCNRF Private key details. Both k8SecretName and k8SecretNameSpace are configured together.
certificate	OauthSecretFiles	Mandatory attribute, see OauthSecretFiles for details	OCNRF Public certificate details. Both k8SecretName and k8SecretNameSpace are configured together.

Table 6-25 OauthSecretFiles

Attribute	Datatype	Constraints	Description
k8SecretName	string	Optional, but if this attribute is present then k8SecretNameSpace shall be present	Kubernetes secret name where key and certificate details are stored
k8SecretNameSpace	string	Optional, but if this attribute is present then k8SecretName shall be present	Kubernetes namespace for secret name
fileName	string	Mandatory attribute	Filename of Key/certificate

NRF-NRF Forwarding Options

Configuration Example

API:- {apiRoot}/nrf-configuration/v1/forwardingOptions

Method: PUT

Content Type: application/json

Body:

{
    "profileRetrievalStatus": "DISABLED",
    "subscriptionStatus": "DISABLED",
    "discoveryStatus": "DISABLED",
    "accessTokenStatus": "DISABLED",
    "nrfHostConfig": [{
        "nfInstanceId": "c56a4180-65aa-42ec-a945-5fd21dec0538",
        "apiVersions": [{
            "apiVersionInUri": "v1",
            "apiFullVersion": "15.5.0"
        }],
        "scheme": "http",
        "fqdn": "ocnrf-1-ingressgateway.ocnrf.svc.cluster.local",
        "priority": 100,
        "port": 80
    }],
    "nrfRerouteOnResponseHttpStatusCodes": {
        "pattern": "^[3,5][0-9]{2}$"
    },
    "errorResponses": [{
            "errorCondition": "NRF_Not_Reachable",
            "responseCode": 504,
            "errorResponse": "NRF not reachable",
            "retryAfter": "5m",
            "redirectUrl": ""
        },{
            "errorCondition": "NRF_Forwarding_Loop_Detection",
            "responseCode": 508,
            "errorResponse": "Loop Detected",
            "retryAfter": "5m",
            "redirectUrl": ""
    }]
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. At-least one attribute shall be included during PUT request.

Table 6-26 forwardingOptions

Attribute Name	DataType	Constraints	Default Values	Description
nrfHostConfig	array (NFConfig)			This is used to configure Primary and Secondary NRF Details which is used for forwarding various requests. It allows to configure details of NRF like apiVersion, scheme, FQDN, port, etc. The only supported value for apiVersionInUri is v1. Hence the apiVersions attribute must have at least one data record with apiVersionInUri attribute values set as v1. This configuration allows you to configure more than two NRF Details. NRF with highest priority is considered as Primary NRF for forwarding messages. NRF with second highest priority is considered as Secondary NRF for forwarding. To reset this attribute, please send empty array, for example:- "nrfHostConfig": [ ] If this attribute is already set then there is no need to provide the value again.
nrfRerouteOnResponseHttpStatusCodes	ResponseHttpStatusCodes	pattern or specific code list	"pattern": "^[3,5][0-9]{2}$"	This configuration is used to determine if the service operation message needs to forwarded to Secondary NRF. After getting response from primary NRF, if response status code from primary NRF matches with the configured response status code list, then NRF reroutes the request to the secondary NRF. Refer nrfHostConfig for details for Primary and Secondary NRF details.
profileRetrievalStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the forwarding of NFProfileRetrieval service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching profile, then OCNRF forwards the NfProfileRetrieval request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the NfProfileRetrieval request in any case. It will return a response to consumer NF without forwarding it.
subscriptionStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the forwarding of NFStatusSubscribe, NFStatusUnsubscribe service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching profile, then OCNRF forwards the NfStatusSubscribe/NfStatusUnSubscribe request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the NFStatusSubscribe/NFStatusUnSubscribe request in any case. It will return a response to consumer NF without forwarding it. Note: NFStatusSubscribe forwarding is supported only if Subscription Condition is NfInstanceIdCond in the NFStatusSubscribe request.
discoveryStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the forwarding of NFDiscover service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching profile, then OCNRF forwards the NFDiscover request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the NFDiscover request in any case. It will return a response to consumer NF without forwarding it.
accessTokenStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the forwarding of AccessToken service operation messages. If the flag is set to true and OCNRF is not able to complete the request due to unavailability of any matching Producer NF, then OCNRF forwards the AccessToken request to the configured NRF host(s) and relays the response received from forwarding NRF to the Consumer NF. If flag is false, OCNRF will not forward the AccessToken request in any case. It will return a response to consumer NF without forwarding it.
errorResponses	array (ErrorInfo)		See PreLoaded values below	This attribute defines the error responses which may be sent during NRF Forwarding scenarios. This attribute will allow to update the error response code and error response description for preloaded error conditions.

Table 6-27 PreLoaded records for errorResponses

errorCondition	responseCode	errorResponse	retryAfter	redirectUrl
NRF_Not_Reachable	504	NRF not reachable	5m
NRF_Forwarding_Loop_Detection	508	Loop Detected	5m

SLF Options

Configuration Example

API:- {apiRoot}/nrf-configuration/v1/slfOptions

Method: PUT

Content Type: application/json

Body:

{
    "supportedNfTypeList": [],
        "preferredSubscriberIdType": "SUPI",
        "slfHostConfig": [{
            "nfInstanceId": "c56a4180-65aa-42ec-a945-5fd21dec0538",
            "apiVersions": [{
                "apiVersionInUri": "v1",
                "apiFullVersion": "15.5.0"
            }],
            "scheme": "http",
            "fqdn": "ocudrSlf-1-ingressgateway.ocnrf.svc.cluster.local",
            "priority": 100,
            "port": 80
        }],
        "rerouteOnResponseHttpStatusCodes": {
            "codeList": [134]
        },
        "featureStatus": "DISABLED",
        "useOAuthToken": false,
        "errorResponses": [{
            "errorCondition": "SLF_Missing_Mandatory_Parameters",
            "responseCode": 400,
            "errorResponse": "Mandatory parameter missing for SLF Lookup",
            "retryAfter": "5m",
            "redirectUrl": ""
        }, {
            "errorCondition": "SLF_Subscriber_Not_Provisioned",
            "responseCode": 200,
            "errorResponse": "Subscriber not provisioned in SLF",
            "retryAfter": "5m",
            "redirectUrl": ""
        }, {
            "errorCondition": "SLF_Not_Reachable",
            "responseCode": 504,
            "errorResponse": "SLF not reachable",
            "retryAfter": "5m",
            "redirectUrl": ""
        },
        {
            "errorCondition": "SLF_OAuthToken_Failure",
            "responseCode": 500,
            "errorResponse": "SLF OauthToken Failure Occurred",
            "retryAfter": "5m",
            "redirectUrl": ""
        }]
 }

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. At-least one attribute shall be included during PUT request.

Table 6-28 slfOptions

Attribute Name	DataType	Constraints	Default Values	Description
featureStatus	string	ENABLED, DISABLED	DISABLED	Enables/disables the SLF Feature. In case GroupId is already present in Search Query, even value of this attribute is ENABLED. OCNRF will use the Group Id received and will not communicate to SLF/UDR. If Subscriber Id is present in Search Query it will be ignored and will not be used to perform discovery search in OCNRF.
slfHostConfig	array (NFConfig)			This is used to configure Primary and Secondary SLF Details which is used for forwarding various requests. It allows to configure details of SLF like apiVersion, scheme, FQDN, port, etc. The only supported value for apiVersionInUri is v1. Hence the apiVersions attribute must have at least one data record with apiVersionInUri attribute values set as v1. This configuration allows you to configure more than 2 SLF Details. SLF with highest priority is considered as Primary SLF for forwarding messages. SLF with second highest priority is considered as Secondary SLF for forwarding. If supportedNfTypeList is set, then operator must set this attribute. This is because this value will be used to contact the network function hosting the SLF. To reset this attribute, please send empty array, for example:- "slfHostConfig": [ ] If this attribute is already set then there is no need to provide the value again.
supportedNfTypeList	array (NfType)			NF Type list for which SLF need to be supported. SLF look up will happen only for NF Types mentioned in this configuration. OCNRF supports the below NF Type(s) for performing SLF lookup: UDM UDR AUSF To reset this attribute, send empty array, for example: "supportedNfTypeList": [ ] If this value is set, then slfHostConfig shall also be set.
preferredSubscriberIdType	string	SUPI or GPSI	SUPI	This attribute will only be used, in case different type of subscriber identifiers (SUPI, GPSI) are present in NFDiscover service operation message, which subscriber identifier shall be used for the query to SLF
rerouteOnResponseHttpStatusCodes	ResponseHttpStatusCodes	pattern or codeList. See table ResponseHttpStatusCodes for details	"pattern": "^[3,5][0-9]{2}$"	This attribute will be used after getting response from primary SLF (SLF Config with highest priority), if response code from primary SLF is present/matches this configuration, then OCNRF will reroute the SLF query to secondary SLF (SLF Config with second highest priority).
useOAuthToken	boolean	true or false	false	This attribute is used while doing SLF query to UDR/SLF to query the Access Token Service of OCNRF to get Oauth access token details for UDR/SLF network function to which query will be done. If value of this attribute is true, SLF function of OCNRF access the Access Token Service. If value of this attribute is false, SLF function will not access the Access Token Service and will do SLF query without Oauth Access Token.
errorResponses	array (ErrorInfo)		See PreLoaded values below	This attribute defines the error responses which may be sent during SLF processing. This attribute will allow to update the error response code and error response description for preloaded error conditions.

Table 6-29 PreLoaded records for errorResponses

errorCondition	responseCode	errorResponse	retryAfter
SLF_Missing_Mandatory_Parameters	400	Mandatory parameter missing for SLF Lookup	5m
SLF_Not_Reachable	504	SLF not reachable	5m
SLF_Subscriber_Not_Provisioned	200	Subscriber not provisioned in SLF	5m
SLF_OAuthToken_Failure	500	SLF OauthToken Failure Occurred	5m

Geo Redundancy Options

Configuration Example

API: {apiRoot}/nrf-configuration/v1/geoRedundancyOptions

Method: PUT

Content Type: application/json

Body:

{
  "geoRedundancyFeatureStatus": "DISABLED",
  "replicationLatency": "5s",
  "monitorNrfServiceStatusInterval": "5s",
  "monitorDBReplicationStatusInterval": "5s"
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. Atleast one attribute shall be included during PUT request.

Table 6-30 geoRedundancyOptions

Attribute Name	Data Type	Constraints	Default Values	Description
featureStatus	string	ENABLED, DISABLED	DISABLED	Enables/Disables the geoRedundancy feature in OCNRF.
replicationLatency	string	1s - 10m	5s	This attribute defines the time taken for the data in the database to get replicated between GeoRedundant OCNRFs. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
monitorNrfServiceStatusInterval	string	1s - 10s	5s	This attribute defines the time interval for monitoring the aggregated Nf_Management service status (combined status of nfRegistration, nfSubscription and nrfAuditor service). The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.
monitorDBReplicationStatusInterval	string	1s - 10s	5s	This attribute defines the time interval for monitoring the DB replication status. The value is in pHqMrS format. Where p,q,r are integers and H,M,S or h,m,s denote hours, minutes & seconds respectively.

NF Authentication Options

Configuration Example

API: {apiRoot}/nrf-configuration/v1/nfAuthenticationOptions

Method: PUT

Content Type: application/json

Body:

{
    "nfRegistrationStatus": "DISABLED",
    "nfSubscriptionStatus": "DISABLED",
    "nfDiscoveryStatus": "DISABLED",
    "accessTokenStatus": "DISABLED",
    "nfProfileRetrievalStatus": "DISABLED",
    "nfListRetrievalStatus": "DISABLED",
    "checkIfNfIsRegistered": "DISABLED",
    "errorResponses": [{
    "errorCondition": "Nf_Fqdn_Authentication_Failure",
       "responseCode": 403,
       "errorResponse": "Failed to authenticate NF using FQDN",
       "retryAfter": "5m",
       "redirectUrl": ""
   }]
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. At least one attribute shall be included during PUT request.

Table 6-31 nfAuthenticationOptions

Attribute Name	Data Type	Constraints	Default Values	Description
nfRegistrationStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the authentication of consumer NF for NFRegister, NFUpdate and NFDeregister service operations. If value of this attribute is ENABLED, then identity of consumer NF is validated. If value of this attribute is DISABLED, then validation is not performed for consumer NF.
nfSubscriptionStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the authentication of consumer NF for NFStatusSubscribe and NFStatusUnsubscribe service operations. If value of this attribute is ENABLED, then identity of consumer NF is validated and NRF allows the subscription only if the NF is registered with OCNRF. If value of this attribute is DISABLED, then validation is not performed for consumer NF.
nfDiscoveryStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the authentication of consumer NF for NFDiscover service operation. If value of this attribute is ENABLED, then identity of consumer NF is validated. If value of this attribute is DISABLED, then validation is not performed for consumer NF. In case NF identity is not present in discovery request messages then validation is performed as per checkIfNfIsRegistered attribute.
accessTokenStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the authentication of consumer NF for AccessToken service operation. If value of this attribute is ENABLED, then identity of consumer NF is validated. If value of this attribute is DISABLED, then validation is not performed for consumer NF.
nfProfileRetrievalStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the authentication of consumer NF for NF Profile Retrieval service operation. If value of this attribute is ENABLED, then identity of consumer NF is validated. If value of this attribute is DISABLED, then validation is not performed for consumer NF.
nfListRetrievalStatus	string	ENABLED, DISABLED	DISABLED	This attribute controls the authentication of consumer NF for NF List Retrieval service operation. If value of this attribute is ENABLED, then identity of consumer NF is validated. If value of this attribute is DISABLED, then validation is not performed for consumer NF.
errorResponses	array (ErrorInfo)		See PreLoaded values below	This attribute defines the error responses which may be sent for NF Authentication scenarios. This attribute will allow to update the response code, error response description, retryAfter and redirectUrl for preloaded error conditions.
checkIfNfIsRegistered	string	ENABLED, DISABLED	DISABLED	This attribute controls the mechanism if there is need to check if NF is registered or not with OCNRF. If value of this attribute is ENABLED, then validation is performed. If value of this attribute is DISABLED, then validation is not performed for consumer NF. discovery request does not contain requester-nf-instance-fqdn and value of nfDiscoveryAuthenticationStatus is ENABLED.

Table 6-32 PreLoaded records for errorResponses

errorCondition	responseCode	errorResponse	retryAfter	redirectUrl
Nf_Fqdn_Authentication_Failure	403	Failed to authenticate NF using FQDN	5m

Log Level Options

Configuration Example

API:{apiRoot}/nrf-configuration/v1/logLevelOptions

Method: PUT

Content Type: application/json

Body:

{
  "nfSubscriptionLogLevel": "WARN",
  "nfRegistrationLogLevel": "WARN",
  "nfDiscoveryLogLevel": "WARN",
  "nfAccessTokenLogLevel": "WARN",
  "nrfAuditorLogLevel": "WARN",
  "nrfConfigurationLogLevel": "WARN"
}

Configuration Attributes

Note:

If any attribute is not present in JSON request body while updating, existing value in database will be preserved and used. Atleast one attribute shall be included during PUT request.

Table 6-33 logLevelOptions

Attribute Name	Data Type	Constraints	Default Values	Description
nfSubscriptionLogLevel	string	OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE	WARN	Application Log Level for the NFSubscription Microservice
nfRegistrationLogLevel	string	OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE	WARN	Application Log Level for the NFRegistration Microservice
nfDiscoveryLogLevel	string	OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE	WARN	Application Log Level for the NFDiscovery Microservice
nfAccessTokenLogLevel	string	OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE	WARN	Application Log Level for the NFAccessToken Microservice
nrfAuditorLogLevel	string	OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE	WARN	Application Log Level for the NRFAuditor Microservice
nrfConfigurationLogLevel	string	OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE	WARN	Application Log Level for the NRFConfiguration Microservice

NF Screening Configuration

Configuration Example

Screening Rules List Update

NF screening rules update particular rule configuration (except read only attributes)

URI: http://host:port/nrf-configuration/v1/screening-rules/CALLBACK_URI

Method: PUT

Content Type: application/json

Body:

Request Body

{
    "nfScreeningType": "BLACKLIST",
    "nfScreeningRulesListStatus": "ENABLED",
    "globalScreeningRulesData": {
        "failureAction": "SEND_ERROR",
        "nfCallBackUriList": [
            {
                "ipv4AddressRange":{
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports":[10,20]
            },
            {
                "ipv6AddressRange":{
                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",
                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"
                }
            }
        ]
    },
    "amfScreeningRulesData": {
        "failureAction": "CONTINUE",
        "nfCallBackUriList": [
            {
                "fqdn": "ocnrf-d5g.oracle.com"
            },
            {
                "ipv4AddressRange":{
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports":[10,20]
            }
        ]
    }
}

Screening Rules List Get

NF screening rules get all rules

URI: http://host:port/nrf-configuration/v1/screening-rules/

Method: GET

Response Body:

{
    "nfScreeningRulesList": [
        {
            "nfScreeningRulesListType": "NF_FQDN",
            "nfScreeningType": "BLACKLIST",
            "nfScreeningRulesListStatus": "DISABLED"
        },
        {
            "nfScreeningRulesListType": "NF_IP_ENDPOINT",
            "nfScreeningType": "BLACKLIST",
            "nfScreeningRulesListStatus": "ENABLED",
            "amfScreeningRulesData": {
                "failureAction": "SEND_ERROR",
                "nfIpEndPointList": [
                    {
                        "ipv4Address": "198.21.87.192",
                        "ports": [
                            10,
                            20
                        ]
                    }
                ]
            }
        },
        {
            "nfScreeningRulesListType": "CALLBACK_URI",
            "nfScreeningType": "BLACKLIST",
            "nfScreeningRulesListStatus": "ENABLED",
            "globalScreeningRulesData": {
                "failureAction": "SEND_ERROR",
                "nfCallBackUriList": [
                    {
                        "fqdn": "ocnrf-d5g.oracle.com",
                        "ports": [
                            10,
                            20
                        ]
                    }
                ]
            }
        },
        {
            "nfScreeningRulesListType": "PLMN_ID",
            "nfScreeningType": "BLACKLIST",
            "nfScreeningRulesListStatus": "DISABLED"
        },
        {
            "nfScreeningRulesListType": "NF_TYPE_REGISTER",
            "nfScreeningType": "WHITELIST",
            "nfScreeningRulesListStatus": "ENABLED",
            "globalScreeningRulesData": {
                "failureAction": "SEND_ERROR",
                "nfTypeList": [
                    "AMF",
                    "SMF",
                    "PCF"
                ]
            }
        }
    ]
}

Screening Rules List Partial Update

NF screening rules get particular configured rule

URI: http://host:port/nrf-configuration/v1/screening-rules/CALLBACK_URI

Method: GET

Response Body:

{
    "nfScreeningRulesListType": "CALLBACK_URI",
    "nfScreeningType": "BLACKLIST",
    "nfScreeningRulesListStatus": "ENABLED",
    "globalScreeningRulesData": {
        "failureAction": "SEND_ERROR",
        "nfCallBackUriList": [
            {
                "ipv4AddressRange": {
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports": [
                    10,
                    20
                ]
            },
            {
                "ipv6AddressRange": {
                    "start": "1001:cdba:0000:0000:0000:0000:3257:9652",
                    "end": "3001:cdba:0000:0000:0000:0000:3257:9652"
                }
            }
        ]
    },
    "amfScreeningRulesData": {
        "failureAction": "SEND_ERROR",
        "nfCallBackUriList": [
            {
                "fqdn": "ocnrf-d5g.oracle.com"
            },
            {
                "ipv4AddressRange": {
                    "start": "155.90.171.123",
                    "end": "233.123.19.165"
                },
                "ports": [
                    10,
                    20
                ]
            }
        ]
    }
}

NF screening rules partial rule update

URI: http://host:port/nrf-configuration/v1/screening-rules/CALLBACK_URI

Method: PATCH

Content-Type: application/json-patch+json

Request Body:

[
    {"op":"remove","path":"/globalScreeningRulesData/nfCallBackUriList/2/ports/0"},
    {"op":"replace","path":"/globalScreeningRulesData/failureAction","value": "CONTINUE"},
    {"op":"add","path":"/nrfScreeningRulesData","value": {"failureAction": "SEND_ERROR","nfCallBackUriList": 
	  [{"ipv4AddressRange":{"start" : "189.163.192.10","end": "190.178.127.10"}}]}}
 ]

Configuration Attributes

Table 6-34 nfScreeningRules

Attribute name	Data type	Presence	Description
nfScreeningRulesListType	NfScreeningRulesListType	C	ReadOnly. It is returned while retrieving the rule.
nfScreeningType	NfScreeningType	M	Screening type of complete screening list. Blacklist or whitelist. All the rules can be either blacklist or whitelist.
nfScreeningRulesListStatus	NfScreeningRulesListStatus	M	Enables or disables complete screening list.
globalScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if global screening rules need to be configured.
customNfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for custom NF need to be configured.
nrfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for NRF need to be configured.
udmScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for UDM need to be configured.
amfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for AMF need to be configured.
smfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for custom SMF need to be configured.
ausfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for AUSF need to be configured.
nefScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for NEF need to be configured.
pcfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for PCF need to be configured.
nssfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for NSSF need to be configured.
udrScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for UDR need to be configured.
lmfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for IMF need to be configured.
gmlcScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for GMLC need to be configured.
fiveG_EirScreeningRules	NfScreeningRulesData	O	This attribute will be present if screening rules for EIR need to be configured.
seppScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for SEPP need to be configured.
upfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for UPF need to be configured.
n3iwfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for IWF need to be configured.
afScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for AF need to be configured.
udsfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for UDSF need to be configured.
bsfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for BSF need to be configured.
chfScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for CHF need to be configured.
nwdafScreeningRulesData	NfScreeningRulesData	O	This attribute will be present if screening rules for NWDAF need to be configured.

Table 6-35 NfScreeningRulesData

Attribute name	Data type	Presence	Description
failureAction	FailureAction	M	Indicates what action needs to be taken during failure
nfFqdn	NfFqdn	C	This attribute may be present if screeningListType is NF_FQDN
nfCallBackUriList	array(NfCallBackUri)	C	This attribute may be present if screeningListType is CALLBACK_URI
nfIpEndPointList	array(NfIpEndPoint)	C	This attribute shall be present if screeningListType is NF_IP_ENDPOINT
plmnList	array(PlmnId)	C	This attribute shall be present if screeningListType is PLMN_ID
nfTypeList	array(string)	C	This attribute shall be present if screeningListType is NF_TYPE_REGISTER

Table 6-36 NfScreeningRulesListType

Enumeration value	Description
"NF_FQDN"	Screening List type for NF FQDN
"NF_IP_ENDPOINT"	Screening list type for IP Endpoint
"CALLBACK_URI"	Screening list type for callback URIs in NF Service and nfStatusNotificationUri in SubscriptionData
"PLMN_ID"	Screening list type for PLMN ID
"NF_TYPE_REGISTER"	Screening list type for allowed NF Types to register

Table 6-37 NfScreeningType

Enumeration value	Description
"BLACKLIST"	When a screening list is configured to operate as a blacklist, the request is allowed to access the service only if the corresponding attribute value is not present in the blacklist.
"WHITELIST"	When a screening list is configured to operate as a whitelist, the request is allowed to access the service only if the corresponding attribute value is present in the whitelist.

Table 6-38 NfScreeningRulesListStatus

Enumeration value	Description
"ENABLED"	Screening List feature is enabled to apply the rules
"DISABLED"	Screening List feature is disabled

Table 6-39 FailureAction

Enumeration value	Description
"CONTINUE"	Continue Processing
"SEND_ERROR"	Send response with configured HTTP status code

Table 6-40 NfFqdn

Attribute Name	Data Type	Presence	Description
fqdn	array(FQDN)	C	Exact FQDN to be matched. This is conditional, at least one attribute is present.
pattern	array(string)	C	Regular Expression for FQDN. This is conditional, at least one attribute is present.

Table 6-41 NfIpEndPoint

Attribute Name	Data Type	Presence	Description
ipv4Address	Ipv4Addr	C	IPv4 address to be matched. See NOTE below
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses. See NOTE below
ipv6Address	Ipv6Addr	C	IPv6 address to be matched. See NOTE below
ipv6AddressRange	Ipv6AddressRange	C	Range of IPv6 addresses. See NOTE below
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation

Note:

This is conditional, only one attribute must be present (Either of the ipv4Address, ipv4AddressRange, ipv6Address, ipv6AddressRange).

Table 6-42 NfCallBackUri

Attribute Name	Data Type	Presence	Description
fqdn	FQDN	C	Exact Fqdn to be matched. See NOTE below
pattern	string	C	Regular Expression for FQDN, Ipv4Address, Ipv6Address. See NOTE below
ipv4Address	Ipv4Addr	C	IPv4 address to be matched. See NOTE below
ipv4AddressRange	Ipv4AddressRange	C	Range of IPv4 addresses. See NOTE below
ipv6Address	Ipv6Addr	C	IPv6 address to be matched. See NOTE below
ipv6AddressRange	Ipv6AddressRange	C	Range of IPv6 addresses. See NOTE below
port	array(integer)	O	If this attribute is not configured then it will not be considered for validation
portRange	array(PortRange)	O	If this attribute is not configured then it will not be considered for validation

Note:

This is conditional, only one attribute must be present (either of the fqdn, pattern, ipv4Address, ipv4AddressRange, ipv6Address, ipv6AddressRange).

Table 6-43 PortRange

Attribute Name	Data Type	Presence	Description
start	integer	M	First value identifying the start of port range
end	integer	M	Last value identifying the end of port range

Table 6-44 PortRange

Attribute Name	Data Type	Presence	Description
start	Ipv6Addr	M	First value identifying the start of an IPv6 Address range
end	Ipv6Addr	M	Last value identifying the end of an IPv6 Address range