DESCRIPTION
The
...
- Get the configuration from the Policy Decision Point (PDP) by Policy Name (createConfigRequestUsingPOST)
- Get the configurations from the Policy Decision Point (PDP) createConfigRequestUsingPOST1)
- Create a Config Policy (createConfigRequestUsingPUT)
- Send an event to the Policy Engine (createEventParameterRequestUsingPOST)
- Create a Config Firewall Policy (createFirewallConfigRequestUsingPUT)
- Get a list of policy configurations from the PDP (createListConfigRequestUsingPOST)
- Create a Policy (createRequestUsingPUT)
- Delete a Policy (deletePolicyRequestUsingDELETE)
- Get a list of PAPS (listPAPsUsingGET)
- Get a list of PDPs (listPDPUsingGET)
- Push Policy to PDP Group (pushPolicyRequestUsingPUT)
- Update a Config Policy (updateConfigRequestUsingPUT)
- Update a Firewall Config Policy (updateFirewallConfigRequestUsingPUT)
- Update a Policy (updateRequestUsingPUT)
Download the full Policy API documentation for details, including code samples.Policy subsystem of ONAP maintains, distributes, and operates on the set of rules that underlie ONAP’s control, orchestration, and management functions. Policy provides a centralized environment for the creation and management of easily-updatable conditional rules. It enables users to validate policies and rules, identify and resolve overlaps and conflicts, and derive additional policies where needed. The following operations are support by the policy API:
- Create policies on the PAP
- Update policies on the PAP
- Delete policies on the PAP or PDP
- Push policies from the PAP to the PDP
- List policies on the PDP
- Get config data of policies on the PDP
- Create Dictionary Items
- Update Dictionary Items
- Retrieve Dictionary Items
- Import Micro Services Models
- Retrieve Metrics for policy counts from PDP and PAP
POLICY ENGINE SERVICES
Image Added
POLICY ENGINE API SAMPLE JAVA CLIENT CODE
Code Block |
---|
language | java |
---|
firstline | 1 |
---|
title | Get Config Example |
---|
linenumbers | true |
---|
collapse | true |
---|
|
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import java.util.Collection;
import org.onap.policy.api.ConfigRequestParameters;
import org.onap.policy.api.PolicyConfig;
import org.onap.policy.api.PolicyEngine;
public class GetConfigSample {
public static void main(String[] args) throws Exception {
PolicyEngine pe = new PolicyEngine("config.properties");
ConfigRequestParameters configRequestParams = new ConfigRequestParameters();
configRequestParams.setPolicyName(".*");
Collection<PolicyConfig> configs = pe.getConfig(configRequestParams);
for (PolicyConfig config: configs){
System.out.println(config.getPolicyConfigMessage());
System.out.println(config.getPolicyConfigStatus());
}
}
} |
Code Block |
---|
language | java |
---|
firstline | 1 |
---|
title | Create Config FIrewall Policy Example |
---|
linenumbers | true |
---|
collapse | true |
---|
|
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.UUID;
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
import org.onap.policy.api.PolicyChangeResponse;
import org.onap.policy.api.PolicyConfigType;
import org.onap.policy.api.PolicyEngine;
import org.onap.policy.api.PolicyParameters;
import org.onap.policy.api.PolicyType;
public class ConfigFirewallPolicyClient {
static Boolean isEdit = false;
public static void main(String[] args) {
try{
PolicyEngine policyEngine = new PolicyEngine("config.properties");
PolicyParameters policyParameters = new PolicyParameters();
// Set Policy Type
policyParameters.setPolicyConfigType(PolicyConfigType.Firewall); //required
policyParameters.setPolicyName("MikeAPItesting.testConfigFirewallPolicy1607_1"); //required
//policyParameters.setPolicyScope("MikeAPItesting");
//Directory will be created where the Policies are saved... this
displays a a subscope on the GUI
policyParameters.setRequestID(UUID.randomUUID());
// Set Safe Policy value for Risk Type
SimpleDateFormat dateformat3 = new SimpleDateFormat("dd/MM/yyyy");
Date date = dateformat3.parse("15/10/2016");
policyParameters.setTtlDate(date);
// Set Safe Policy value for Guard
policyParameters.setGuard(true);
// Set Safe Policy value for Risk Level
policyParameters.setRiskLevel("5");
// Set Safe Policy value for Risk Type
policyParameters.setRiskType("PROD");
File jsonFile = null;
String jsonRuleList = null;
Path file = Paths.get("C:\\policyAPI\\firewallRulesJSON\\Config_FW_Sample.json");
jsonFile = file.toFile();
//buildJSON(jsonFile, jsonRuleList);
policyParameters.setConfigBody(buildJSON(jsonFile, jsonRuleList).toString());
policyParameters.setConfigBodyType(PolicyType.JSON);
// API method to create Policy or update policy
PolicyChangeResponse response = null;
if (!isEdit) {
response = policyEngine.createPolicy(policyParameters);
} else {
response = policyEngine.updatePolicy(policyParameters);
}
if(response.getResponseCode()==200){
System.out.println(response.getResponseMessage());
System.out.println("Policy Created Successfully!");
}else{
System.out.println("Error! " + response.getResponseMessage());
}
} catch (Exception e) {
System.err.println(e.getMessage());
}
}
private static JsonObject buildJSON(File jsonInput, String jsonString) throws FileNotFoundException {
JsonObject json = null;
JsonReader jsonReader = null;
if (jsonString != null && jsonInput == null) {
StringReader in = null;
in = new StringReader(jsonString);
jsonReader = Json.createReader(in);
json = jsonReader.readObject();
in.close();
} else {
InputStream in = null;
in = new FileInputStream(jsonInput);
jsonReader = Json.createReader(in);
json = jsonReader.readObject();
try {
in.close();
} catch (IOException e) {
System.err.println("Exception Occured while closing input stream"+e);
}
}
jsonReader.close();
return json;
}
} |
Code Block |
---|
language | text |
---|
firstline | 1 |
---|
title | Sample JSON file - Config_FW_Sample.json |
---|
linenumbers | true |
---|
collapse | true |
---|
|
{
"serviceTypeId": "/v0/firewall/pan",
"configName": "AFTTFwPolicy1Config",
"deploymentOption": {
"deployNow": false
},
"securityZoneId": "cloudsite:dev1a",
"vendorServiceId": "vipr",
"vendorSpecificData": {
"idMap": [{
"astraId": "cloudsite:dev1a",
"vendorId": "deviceGroup:dev"
}]
},
"serviceGroups": [{
"name": "SSH",
"description": "Ssh service entry in service list",
"type": "SERVICE",
"transportProtocol": "tcp",
"appProtocol": null,
"ports": "22"
}],
"addressGroups": [{
"name": "CiscoVCE",
"description": "Destination CiscoCVE",
"members": [{
"type": "SUBNET",
"value": "12.63.31.61/12"
}]
}, {
"name": "HOHOServers",
"description": "Source HOHOServers for first testing",
"members": [{
"type": "SUBNET",
"value": "12.60.32.11/23"
}]
}],
"firewallRuleList": [{
"position": "1",
"ruleName": "FWRuleHOHOServerToCiscoVCE",
"fromZones": ["UntrustedZoneCiscoCVEName"],
"toZones": ["TrustedZoneHOHOName"],
"negateSource": false,
"negateDestination": false,
"sourceList": [{
"type": "REFERENCE",
"name": "HOHOServers"
}],
"destinationList": [{
"type": "REFERENCE",
"name": "CiscoVCE"
}],
"sourceServices": [],
"destServices": [{
"type": "REFERENCE",
"name": "SSH"
}],
"action": "accept",
"description": "FW rule for HOHO source to CiscoVCE destination",
"enabled": true,
"log": true
}]
} |
Code Block |
---|
language | java |
---|
firstline | 1 |
---|
title | Delete Policy Example |
---|
linenumbers | true |
---|
collapse | true |
---|
|
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import org.onap.policy.api.DeletePolicyCondition;
import org.onap.policy.api.DeletePolicyParameters;
import org.onap.policy.api.PolicyChangeResponse;
import org.onap.policy.api.PolicyEngine;
public class DeletePolicyClient {
public static void main(String[] args) {
try {
PolicyEngine policyEngine = new PolicyEngine("config.properties");
DeletePolicyParameters policyParameters = new DeletePolicyParameters();
//Parameter arguments
policyParameters.setPolicyName("MikeConsole.Config_testDeleteAPI6.1.xml");
policyParameters.setPolicyComponent("PDP");
policyParameters.setPdpGroup("default");
policyParameters.setDeleteCondition(DeletePolicyCondition.ALL);
policyParameters.setRequestID(null);
// API method to Push Policy to PDP
PolicyChangeResponse response = null;
response = policyEngine.deletePolicy(policyParameters);
if(response.getResponseCode()==200){
System.out.println(response.getResponseMessage());
System.out.println("Policy Deleted Successfully!");
}else{
System.out.println("Error! " + response.getResponseMessage());
}
} catch (Exception e) {
System.err.println(e.getMessage());
}
}
} |
Code Block |
---|
language | java |
---|
firstline | 1 |
---|
title | Push Policy Example |
---|
linenumbers | true |
---|
collapse | true |
---|
|
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import org.onap.policy.api.PolicyChangeResponse;
import org.onap.policy.api.PolicyEngine;
import org.onap.policy.api.PushPolicyParameters;
public class PushPoliciesToPDP {
public static void main(String[] args) {
try {
PolicyEngine policyEngine = new PolicyEngine("config.properties");
PushPolicyParameters policyParameters = new PushPolicyParameters();
//Parameter arguments
policyParameters.setPolicyName("Mike.testCase1");
policyParameters.setPolicyType("Base");
//policyParameters.setPolicyScope("MikeAPItesting");
policyParameters.setPdpGroup("default");
policyParameters.setRequestID(null);
// API method to Push Policy to PDP
PolicyChangeResponse response = null;
response = policyEngine.pushPolicy(policyParameters);
if(response.getResponseCode()==204){
System.out.println(response.getResponseMessage());
System.out.println("Policy Pushed Successfully!");
}else{
System.out.println("Error! " + response.getResponseMessage());
}
} catch (Exception e) {
System.err.println(e.getMessage());
}
}
} |
Code Block |
---|
language | java |
---|
firstline | 1 |
---|
title | Decision Policy Example |
---|
linenumbers | true |
---|
collapse | true |
---|
|
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.onap.policy.api.AttributeType;
import org.onap.policy.api.PolicyChangeResponse;
import org.onap.policy.api.PolicyClass;
import org.onap.policy.api.PolicyEngine;
import org.onap.policy.api.PolicyParameters;
public class DecisionPolicyClient {
static Boolean isEdit = true;
public static void main(String[] args) {
try {
PolicyEngine policyEngine = new PolicyEngine("config.properties");
PolicyParameters policyParameters = new PolicyParameters();
// Set Policy Type
policyParameters.setPolicyClass(PolicyClass.Decision); //required
policyParameters.setPolicyName("MikeAPItests.testDecisionAPI"); //required
policyParameters.setOnapName("java"); //required
policyParameters.setPolicyDescription("This is a sample Decision policy UPDATE example with Settings"); //optional
//policyParameters.setPolicyScope("MikeAPItests");
//Directory will be created where the Policies are saved... this
displays a a subscope on the GUI
//Set the Component Attributes... These are Optional
Map<String, String> configAttributes = new HashMap<>();
configAttributes.put("Template", "UpdateTemplate");
configAttributes.put("controller", "default");
configAttributes.put("SamPoll", "30");
configAttributes.put("value", "abcd");
Map<AttributeType, Map<String,String>> attributes = new HashMap<>();
attributes.put(AttributeType.MATCHING, configAttributes);
//Set the settings... These are Optional
Map<String, String> settingsMap = new HashMap<>();
settingsMap.put("server", "5");
attributes.put(AttributeType.SETTINGS, settingsMap);
policyParameters.setAttributes(attributes);
List<String> dynamicRuleAlgorithmLabels = new LinkedList<>();
List<String> dynamicRuleAlgorithmFunctions = new LinkedList<>();
List<String> dynamicRuleAlgorithmField1 = new LinkedList<>();
List<String> dynamicRuleAlgorithmField2 = new LinkedList<>();
//Example of a complex Rule algorithm using the settings in the Field1
/* label field1 function field2
* *****************************************************
* A1 S_server integer-equal 90
* A2 cap string-contains ca
* A3 cobal integer-equal 90
* A4 A2 and A3
* A5 Config integer-greater-than 45
* A6 A4 ` or A5
* A7 A1 and A6
*/
dynamicRuleAlgorithmLabels = Arrays.asList("A1","A2","A3","A4","A5","A6","A7");
dynamicRuleAlgorithmField1 = Arrays.asList("S_server","cap","cobal","A2","Config","A4","A1");
dynamicRuleAlgorithmFunctions = Arrays.asList("integer-equal","string-contains","integer-equal","and","integer-greater-than","or","and");
dynamicRuleAlgorithmField2 = Arrays.asList("90","ca","90","A3","45","A5","A6");
policyParameters.setDynamicRuleAlgorithmLabels(dynamicRuleAlgorithmLabels);
policyParameters.setDynamicRuleAlgorithmField1(dynamicRuleAlgorithmField1);
policyParameters.setDynamicRuleAlgorithmFunctions(dynamicRuleAlgorithmFunctions);
policyParameters.setDynamicRuleAlgorithmField2(dynamicRuleAlgorithmField2);
policyParameters.setRequestID(UUID.randomUUID());
// API method to create Policy or update policy
PolicyChangeResponse response = null;
if (!isEdit) {
response = policyEngine.createPolicy(policyParameters);
} else {
response = policyEngine.updatePolicy(policyParameters);
}
if(response.getResponseCode()==200){
System.out.println(response.getResponseMessage());
System.out.println("Policy Created Successfully!");
}else{
System.out.println("Error! " + response.getResponseMessage());
}
} catch (Exception e) {
System.err.println(e.getMessage());
}
}
} |
Code Block |
---|
language | java |
---|
firstline | 1 |
---|
title | List Config Policy Example |
---|
linenumbers | true |
---|
collapse | true |
---|
|
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.onap.policy.api.ConfigRequestParameters;
import org.onap.policy.api.PolicyConfigException;
import org.onap.policy.api.PolicyEngine;
import org.onap.policy.api.PolicyEngineException;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
public class ListConfigPoliciesClient {
private static final Logger LOGGER = FlexLogger.getLogger(ListConfigPoliciesClient.class);
public static void main(String[] args) {
PolicyEngine policyEngine;
// List Config Policies Example
try {
policyEngine = new PolicyEngine("config.properties");
ConfigRequestParameters parameters = new ConfigRequestParameters();
parameters.setPolicyName(".*");
parameters.setOnapName(".*");
parameters.setConfigName(".*");
Map<String, String> configAttributes = new HashMap<>();
configAttributes.put("java", "java");
configAttributes.put("peach", "Tar");
configAttributes.put("true", "false");
configAttributes.put("small", "testPass");
parameters.setConfigAttributes(configAttributes);
parameters.setRequestID(UUID.randomUUID());
Collection<String> response = policyEngine.listConfig(parameters);
if(response!=null && !response.contains("PE300")){
for(String configList : response){
System.out.println(configList.toString()+"\n");
}
}else{
System.out.println("Error! " +response);
}
} catch (PolicyConfigException e) {
LOGGER.error("Exception Occured"+e);
} catch (PolicyEngineException e) {
LOGGER.error("Exception Occured"+e);
}
}
} |
CURL EXAMPLES
Code Block |
---|
language | text |
---|
title | Push Policy |
---|
collapse | true |
---|
|
echo "pushPolicy : PUT : com.vLoadBalancer"
echo "pushPolicy : PUT : com.vLoadBalancer"
curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
"pdpGroup": "default",
"policyName": "com.vLoadBalancer",
"policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/pushPolicy' |
Code Block |
---|
language | text |
---|
title | Delete Policy |
---|
collapse | true |
---|
|
echo "deletePolicy : DELETE : com.vFirewall"
curl -v --silent -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
"pdpGroup": "default",
"policyComponent": "PDP",
"policyName": "com.vFirewall",
"policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/deletePolicy' |
POLICY ENGINE API DETAILS
Header parameters apply to each API.
Image Added
Image Added