New Idea ONE: Context based filtering
We want to be able to include the context in the filtering process for different instances/purposes. Here's providing the subscriber as a sample.
Code Block |
---|
title | Sample subscriber policy for vCPE service |
---|
|
Subscriber Poilcy sample for vCPE service: |
...
...
"service": "subscriberPolicy", |
...
"policyName": "OSDF_CASABLANCA.SubscriberPolicy_v1", |
...
"description": "Subscriber Policy for vCPE", |
...
"templateVersion": "OpenSource.version.1", |
...
...
...
...
...
...
...
"identity": "subscriber_vCPE", |
...
"policyScope": ["vCPE", "subscriberPolicy"], |
...
...
"subscriberName": ["subscriber_test_1", "subscriber_test_2"], |
...
"subscriberRole": ["test user"], |
...
...
...
...
"subscriberName": ["subscriber_prod_1", "subscriber_prod_2"], |
...
"subscriberRole": ["prod user"], |
...
...
...
"policyType": "subscriberPolicy", |
...
...
From the subscriber policy, we could find the mapping between the 'subscriberName' and 'subscriberRole'. And in the next step, we 'd like to fetch all the policies that refer to a specific subscriberRole.
Suppose that currently there're several affinity policies available in the xacml-pdp service.
Section |
---|
Sample Affinity policies Column |
---|
| Existing Affinity policy sample 1 for vCPE service: { "service": "affinityPolicy", "policyName": "OSDF_CASABLANCA.Affinity_vCPE_1", "description": "Zone policy for vCPE", "templateVersion": "OpenSource.version.1", "version": "test1", "priority": "3", "riskType": "test", "riskLevel": "2", "guard": "False", "content": { "identity": "affinity_vCPE", "policyScope": ["vCPE", "US", "ip", "vG", "test user"], "affinityProperty": { "qualifier": "same", "category": "complex" }, "policyType": "zone", "resources": ["vGMuxInfra", "vG"] } } |
Column |
---|
| Existing Affinity policy sample 2 for vCPE service:
{ "service": "affinityPolicy", "policyName": "OSDF_CASABLANCA.Affinity_vCPE_2", "description": "Zone policy for vCPE", "templateVersion": "OpenSource.version.1", "version": "test1", "priority": "3", "riskType": "test", "riskLevel": "2", "guard": "False", "content": { "identity": "affinity_vCPE", "policyScope": ["vCPE", "INTERNATIONAL", "ip", "vG", "prod user"], "affinityProperty": { "qualifier": "same", "category": "complex" }, "policyType": "zone", "resources": ["vGMuxInfra", "vG"] } } |
|
Current situation:
First In order to fulfill our need, we need the FIRST call to policy to fetch subscriberPolicy for a particular service/scope.
We may do it like this way:{
Code Block |
---|
# The legacy way
{
"policyName": "OSDF_CASABLANCA.*", |
...
"configAttributes": {"policyScope": "["vCPE", "subscriberPolicy"]"}
}
# Maybe the new decision like this:
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"policyType": "subscriberPolicy" } |
...
Now, say if subscriberName = "subscriber_test_1" which is an instance/request specific data and based on which the corresponding subscriberRole is evaluated. i.e "test user" in this case.
Then, we need a second SECOND call to policy to fetch the affinityPolicy based on subscriberRole evaluated as above.{
Code Block |
---|
# The legacy way
{
"policyName": "OSDF_CASABLANCA.*", |
...
"configAttributes": {"policyScope": "["vCPE", "US", "ip", "vG", "test user"]"}
}
# Maybe the new decision like this:
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["US", "ip"],
"resources": ["vG"],
"subscriberRole" |
...
: ["test user"] #This is just an assumption here.
}} |
Similarly, for subscriberName = "subscriber_prod_1" or "subscriber_prod_2", subscriberRole will be = "prod user", and the second call to policy would be like as:
...
# The legacy way
{
"policyName": "OSDF_CASABLANCA.*", |
...
"configAttributes": {"policyScope": "["vCPE", "INTERNATIONAL", "ip", "vG", "prod user"]"} |
...
}
# Maybe the new decision like this:
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["INTERNATIONAL", "ip"],
"resources": ["vG"],
"subscriberRole": ["prod user"] #This is just an assumption here.
}} |
Question:
- is there any possible way out to push the decision making to policy engine, specifically on "which policies apply to a given instance", instead of the two-step fetch and filter process
e.g.POST ? Which means the Policy engine would help us find out the first mapping relevant to the context and fetch the policies based on the attribute it bind to.
Section |
---|
Example 1: Column |
---|
| # The original input OOF gives: Code Block |
---|
POST /pdpx/v1/decision/ |
|
|
...
...
...
"ONAPComponent": "OOF-component", |
|
|
...
"ONAPInstance": "OOF-component-instance", |
|
|
...
...
...
...
"geography": ["US"],
"resources": ["vG"],
"context": "subscriber_test_1", #This is just an assumption here.
"policyType": "subscriberPolicy" #This is just an assumption here.
}} |
|
Column |
---|
| Policy will help us transfer to a request like this: Code Block |
---|
POST /pdpx/v1/decision/
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["US"] |
|
|
...
,
"resources": ["vG"],
"subscriberRole": ["test user"] |
|
|
...
#This is just an assumption here.
}} |
|
|
Section |
---|
Example 2: Column |
---|
| # The original input OOF gives: Code Block |
---|
POST /pdpx/v1/decision/ |
|
|
...
...
...
"ONAPComponent": "OOF-component", |
|
|
...
"ONAPInstance": "OOF-component-instance", |
|
|
...
...
...
...
"geography": ["INTERNATIONAL"],
"resources": ["vG"],
"context": "subscriber_prod_1", #This is just an assumption here.
"policyType": "subscriberPolicy" #This is just an assumption here.
}} |
|
Column |
---|
| Policy will help us transfer to a request like this: Code Block |
---|
POST /pdpx/v1/decision/
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["INTERNATIONAL"] |
|
|
...
,
"resources": ["vG"],
"subscriberRole": ["prod user"] |
|
|
...
#This is just an assumption here.
}} |
|
|