...
| Table of Contents |
|---|
Overview
Policy Sync utility is a python based utility that interfaces with the ONAP Policy interface. It is designed to keep a local listing of policies in sync with an environment's policy distribution point (PDP). It functions well as a Kubernetes sidecar container which can pull down the latest policies for consumption by an application container.
The sync utility works with both the new policy interface introduced in Dublin and the legacy interface.
Interface with Policy
The policy interface was redesigned as of the Dublin ONAP release. The policy sync utility can work with both the newer version as well as the older v0 API. By default, it will attempt to speak the newer version of the API.
...
We will provide the sync utility as a dockerized container that can be run alongside a microservice container as part of a kubernetes POD.
Configuration
Configuration is currently done via either via env variables or by flag. Flags take
...
precendence over env variables, env variables take precedence over default
General configuration
General configuration that is used regardless of which PDP API you are using.
| ENV Variable | Flag | Description | Default |
|---|---|---|---|
| POLICY_SYNC_PDP_URL | --pdp-url | PDP URL to query | None (must be set in env or flag) |
| POLICY_SYNC_FILTER | --filters | yaml list of regex of policies to match | [] |
| POLICY_SYNC_ID | --ids | yaml list of ids of policies to match | [] |
| POLICY_SYNC_DURATION | --duration | duration in seconds for periodic checks | 2600 |
| POLICY_SYNC_OUTFILE | --outfile | File to output policies to | ./policies.json |
| POLICY_SYNC_PDP_USER | --pdp-user | Set user if you need basic auth for PDP | None |
| POLICY_SYNC_PDP_PASS | --pdp-password | Set pass if you need basic auth for PDP | None |
| POLICY_SYNC_HTTP_METRICS | --http-metrics | Whether to expose prometheus metrics | True |
| POLICY_SYNC_HTTP_BIND | --http-bind | host:port for exporting prometheus metrics | localhost:8000 |
| POLICY_SYNC_LOGGING_CONFIG | --logging-config | Path to a python formatted logging file | None (logs will write to stderr) |
| POLICY_SYNC_V0_ENABLE | --use-v0 | Set to true to enable usage of legacy v0 API | False |
V1 Specific Configuration (Used as of the Dublin release)
Configurable variables used for the V1 API used in the ONAP Dublin Release.
Note: Policy filters are not currently supported in the current policy release but will be eventually.
| ENV Variable | Flag | Description | Default |
|---|---|---|---|
| POLICY_SYNC_V1_DECISION_ENDPOINT | --v1-decision-endpoint | Endpoint to query for PDP decisions | policy/pdpx/v1/decision |
| POLICY_SYNC_V1_DMAAP_URL | --v1-dmaap-topic | Dmaap url with topic for notifications | None |
| POLICY_SYNC_V1_DMAAP_USER | --v1-dmaap-user | User to use for DMaaP notifications | None |
| POLICY_SYNC_V1_DMAAP_PASS | --v1-dmaap-pass | Password to use for DMaaP notifications | None |
V0 Specific Configuration (Legacy Policy API)
Configurable variables used for the legacy V0 API Prior to the ONAP release. Only valid when --use-v0 is set to True
| ENV Variable | Flag | Description | Default |
|---|---|---|---|
| POLICY_SYNC_V0_NOTIFIY_ENDPOINT | --v0-notifiy-endpoint | websock endpoint for pdp notifications | pdp/notifications |
| POLICY_SYNC_V0_DECISION_ENDPOINT | --v0-decision-endpoint | rest endpoint for pdp decisions | pdp/api |
Communication with the main application
...