Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Question: do we need to return native policy contents, i.e. DRL or XACML XML when GET call is invoked? If not, what if end user wants to view native policy rules???

2.

...

3 Native Apex Policy Support

2.

...

3.1 Policy Type for Native Apex Policy

Below is the policy type defined to support native apex policies.

...

.

...

Code Block
languageyml
themeEclipse
titleExample TOSCA policy for native apex policy typePolicy Type for Native Apex Policy
linenumberstrue
collapsetrue
tosca_definitions_version: tosca_simple_yaml_1_0_0,
policy_types:
    onap.policies.Native:
        derived_from: tosca.policies.Root
        description: a base policy type for all native PDP policies
        version: 1.0.0
    onap.policies.native.Apex:
        derived_from: onap.policies.Native
        description: a policy type for native apex policies
        version: 1.0.0
        properties:
            engine_service:
                type: onap.datatypes.native.apex.EngineService
                description: APEX Engine Service Parameters
            inputs:
                type: map
                description: Inputs for handling events coming into the APEX engine
                entry_schema:
                    type: onap.datatypes.native.apex.EventHandler
            outputs:
                type: map
                description: Outputs for handling events going out of the APEX engine
                entry_schema:
                    type: onap.datatypes.native.apex.EventHandler
            environment:
                type: list
                description: Envioronmental parameters for the APEX engine
                entry_schema:
                    type: onap.datatypes.native.apex.Environment

data_types:
    onap.datatypes.native.apex.EngineService:
        derived_from: tosca.datatypes.Root
        properties:
            name:
                type: string
                description: Specifies the engine name
                required: false
                default: "ApexEngineService"
            version:
                type: string
                description: Specifies the engine version in double dotted format
                required: false
                default: "1.0.0"
            id:
                type: int
                description: Specifies the engine id
                required: true
            instance_count:
                type: int
                description: Specifies the number of engine threads that should be run
                required: true
            deployment_port:
                type: int
                description: Specifies the port to connect to for engine administration
                required: false
                default: 1
            policy_model_file_name:
                type: string
                description: The name of the file from which to read the APEX policy model
                required: false
                default: ""
            policy_type_impl:
                type: string
                description: The policy type implementation from which to read the APEX policy model
                required: false
                default: ""
            periodic_event_period:
                type: string
                description: The time interval in milliseconds for the periodic scanning event, 0 means don't scan
                required: false
                default: 0
            engine:
                type: onap.datatypes.native.apex.engineservice.Engine
                description: The parameters for all engines in the APEX engine service
                required: true
    onap.datatypes.native.apex.EventHandler:
        derived_from: tosca.datatypes.Root
        properties:
            name:
                type: string
                description: Specifies the event handler name, if not specified this is set to the key name
                required: false
            carrier_technology:
                type: onap.datatypes.native.apex.CarrierTechnology
                description: Specifies the carrier technology of the event handler (such as REST/Web Socket/Kafka)
                required: true
            event_protocol:
                type: onap.datatypes.native.apex.EventProtocol
                description: Specifies the event protocol of events for the event handler (such as Yaml/JSON/XML/POJO)
                required: true
            event_name:
                type: string
                description: Specifies the event name for events on this event handler, if not specified, the event name is read from or written to the event being received or sent
                required: false
            event_name_filter:
                type: string
                description: Specifies a filter as a regular expression, events that do not match the filter are dropped, the default is to let all events through
                required: false
            synchronous_mode:
                type: bool
                description: Specifies the event handler is syncronous (receive event and send response)
                required: false
                default: false
            synchronous_peer:
                type: string
                description: The peer event handler (output for input or input for output) of this event handler in synchronous mode, this parameter is mandatory if the event handler is in synchronous mode
                required: false
                default: ""
            synchronous_timeout:
                type: int
                description: The timeout in milliseconds for responses to be issued by APEX torequests, this parameter is mandatory if the event handler is in synchronous mode
                required: false
                default: ""
            requestor_mode:
                type: bool
                description: Specifies the event handler is in requestor mode (send event and wait for response mode)
                required: false
                default: false
            requestor_peer:
                type: string
                description: The peer event handler (output for input or input for output) of this event handler in requestor mode, this parameter is mandatory if the event handler is in requestor mode
                required: false
                default: ""
            requestor_timeout:
                type: int
                description: The timeout in milliseconds for wait for responses to requests, this parameter is mandatory if the event handler is in requestor mode
                required: false
                default: ""
    onap.datatypes.native.apex.CarrierTechnology:
        derived_from: tosca.datatypes.Root
        properties:
            label:
                type: string
                description: The label (name) of the carrier technology (such as REST, Kafka, WebSocket)
                required: true
            plugin_parameter_class_name:
                type: string
                description: The class name of the class that overrides default handling of event input or output for this carrier technology, defaults to the supplied input or output class
                required: false
    onap.datatypes.native.apex.EventProtocol:
        derived_from: tosca.datatypes.Root
        properties:
            label:
                type: string
                description: The label (name) of the event protocol (such as Yaml, JSON, XML, or POJO)
                required: true
            event_protocol_plugin_class:
                type: string
                description: The class name of the class that overrides default handling of the event protocol for this carrier technology, defaults to the supplied event protocol class
                required: false
    onap.datatypes.native.apex.Environmental:
        derived_from: tosca.datatypes.Root
        properties:
            name:
                type: string
                description: The name of the environment variable
                required: true
            value:
                type: string
                description: The value of the environment variable
                required: true
    onap.datatypes.native.apex.engineservice.Engine:
        derived_from: tosca.datatypes.Root
        properties:
            context:
                type: onap.datatypes.native.apex.engineservice.engine.Context
                description: The properties for handling context in APEX engines, defaults to using Java maps for context
                required: false
            executors:
                type: map
                description: The plugins for policy executors used in engines such as javascript, MVEL, Jython
                required: true
                entry_schema:
                    description: The plugin class path for this policy executor
                    type: string
    onap.datatypes.native.apex.engineservice.engine.Context:
        derived_from: tosca.datatypes.Root
        properties:
            distributor:
                type: onap.datatypes.native.apex.Plugin
                description: The plugin to be used for distributing context between APEX PDPs at runtime
                required: false
            schemas:
                type: map
                description: The plugins for context schemas available in APEX PDPs such as Java and Avro
                required: false
                entry_schema:
                    type: onap.datatypes.native.apex.Plugin
            locking:
                type: onap.datatypes.native.apex.plugin
                description: The plugin to be used for locking context in and between APEX PDPs at runtime
                required: false
            persistence:
                type: onap.datatypes.native.apex.Plugin
                description: The plugin to be used for persisting context for APEX PDPs at runtime
                required: false
    onap.datatypes.native.apex.Plugin:
        derived_from: tosca.datatypes.Root
        properties:
            name:
                type: string
                description: The name of the executor such as Javascript, Jython or MVEL
                required: true
            plugin_class_name:
                type: string
                description: The class path of the plugin class for this executor

...

This scenario is the most complicated one. For new use case, XACML policy author might need to use both existing types of XACML policies, e.g. guard, together with newly composed native XACML XML policies, e.g. custom access control rules. Perhaps we need to build another new XACML application for this combination. More details need to be figured out, e.g. do we need a new TOSCA policy type for this combination? how to combine the low level XACML XML policies together? what is the combining algorithm we should use?  etc. etc.

4.3 Apex PDP

Apex PDP will need to be able to ingest custom Apex JSON policies. TBC with that team - may already be well-supportedalready supports the native policies created using the policy type defined in section 2.3.1 above.

NOTE: The native policy type is already loaded in policy framework during installation, hence a user can directly deploy native policies in respective pdp engines without a need to create policy type first.

5. Sequence flows for native policy design, deployment and enforcement

...