New component capabilities for Frankfurt, i.e. the functional enhancements.
...
| Code Block |
|---|
|
controlLoop:
version: 2.0.0
controlLoopName: ControlLoop-vFirewall-7e4fbe9c-d612-4ec5-bbf8-605aeabdb677
trigger_policy: unique-policy-id-1-modifyConfig
timeout: 60
abatement: false
policies:
- id: unique-policy-id-1-modifyConfig
name: modifyconfig-cds-actor
description:
actor: CDS
recipe: modify-config
target:
resourceID: 7e4fbe9c-d612-4ec5-bbf8-605aeabdb677
type: VNF
payload:
artifact_name: vFW-CDS
artifact_version: 1.0.0
data: '{"active-streams":"7"}'
retry: 0
timeout: 30
success: final_success
failure: final_failure
failure_timeout: final_failure_timeout
failure_retries: final_failure_retries
failure_exception: final_failure_exception
failure_guard: final_failure_guard |
- REST equivalent of the gRPC request from Policy to CDS to execute a CBA:
| Code Block |
|---|
|
curl -X POST \
'http://{{ip}}:{{port}}/api/v1/execution-service/process' \
-H 'Authorization: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==' \
-H 'Content-Type: application/json' \
-H 'cache-control: no-cache' \
-d '{
"commonHeader":{
"subRequestId":"14384b21-8224-4055-bb9b-0469397db801",
"requestId":"d57709fb-bbec-491d-a2a6-8a25c8097ee8",
"originatorId":"POLICY"
},
"actionIdentifiers":{
"mode":"sync",
"blueprintName":"vFW-CDS",
"blueprintVersion":"1.0.0",
"actionName":"config-deploy"
},
"payload":{
"config-deploy-request":{
"resolution-key":"6128eb53-0eac-4c79-855c-ff56a7b81141",
"config-deploy-properties":{
"service-instance.service-instance-id":"40004db6-c51f-45b0-abab-ea4156bae422",
"generic-vnf.vnf-id":"8d09e3bd-ae1d-4765-b26e-4a45f568a092",
"data":{
"active-streams":"7"
}
}
}
}
}' |
...
When a policy has been pushed (or "unpushed") to all relevant PDPs, a notification is published to a the DMaaP topic., POLICY-NOTIFICATION, a sample of which is shown below:
| Code Block |
|---|
{
"deployed-policies": [
{
"policy-type": "onap.policies.monitoring.cdap.tca.hi.lo.app",
"policy-type-version": "1.0.0",
"policy-id": "onap.scaleout.tca",
"policy-version": "2.0.0",
"success-count": 3,
"failure-count": 0
}
],
"undeployed-policies": [
{
"policy-type": "onap.policies.firewall",
"policy-type-version": "1.0.0",
"policy-id": "onap.firewall.tca",
"policy-version": "6.0.0",
"success-count": 3,
"failure-count": 0
}
]
} |
...
- Designed TOSCA-compliant solution to create/read/update/delete(CRUD), deploy/undeploy and store native PDP policies and their artifacts
- Designed native PDP policy types off which native policies executable in different PDP engines (i.e. Drools, XACML, APEX) can be created and deployed
- Build a validator for the API payload provided to create native PDP policies to avoid unnecessary inconsistency between policy artifacts in the nexus and TOSCA policies in the database
- Build Drools PDP (PDP-D) support for native Drools policy execution
- Build XACML PDP (PDP-X) support for native XACML policy enforcement
- Build APEX PDP (PDP-A) support for native APEX policy execution
- validator for the API payload provided to create native PDP policies to avoid unnecessary inconsistency between policy artifacts in the nexus and TOSCA policies in the database
- Build Drools PDP (PDP-D) support for native Drools policy execution
- Build XACML PDP (PDP-X) support for native XACML policy enforcement
- Build APEX PDP (PDP-A) support for native APEX policy execution
| Code Block |
|---|
| title | Native XACML policy type |
|---|
| linenumbers | true |
|---|
| collapse | true |
|---|
|
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.Native:
derived_from: tosca.policies.Root
description: a base policy type for all native PDP policies
version: 1.0.0
onap.policies.native.Xacml:
derived_from: onap.policies.Native
description: a policy type for native xacml policies
version: 1.0.0
properties:
policy:
type: String
required: true
description: The XML XACML 3.0 PolicySet or Policy
metadata:
encoding: URL |
| Code Block |
|---|
| title | Native Drools policy type |
|---|
| linenumbers | true |
|---|
| collapse | true |
|---|
|
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.Native:
derived_from: tosca.policies.Root
description: a base policy type for all native PDP policies
version: 1.0.0
onap.policies.native.Drools:
derived_from: onap.policies.Native
description: a policy type for native drools policies
version: 1.0.0
properties:
rule_artifact:
type: onap.datatypes.native.rule_artifact
required: true
description: the GAV information of the maven artifact
controller:
type: onap.datatypes.drools.controller.relation
required: true
description: the drools controller to which the current native policy is assigned
data_types:
onap.datatypes.native.rule_artifact:
derived_from: tosca.datatypes.Root
properties:
groupId:
type: string
required: true
description: the groupId of the maven artifact
artifactId:
type: string
required: true
description: the artifactId of the maven artifact
version:
type: string
required: true
description: the version of the maven artifact
onap.datatypes.drools.controller.relation:
derived_from: tosca.datatypes.Root
properties:
controllerPolicyName:
type: string
required: true
description: the name of drools controller policy
controllerPolicyVersion:
type: string
required: true
description: the version of drools controller policy |
| Code Block |
|---|
| title | Native APEX policy type |
|---|
| linenumbers | true |
|---|
| collapse | true |
|---|
|
tosca_definitions_version: tosca_simple_yaml_1_0_0,
policy_types:
onap.policies.Native:
derived_from: tosca.policies.Root
description: a base policy type for all native PDP policies
version: 1.0.0
onap.policies.native.Apex:
derived_from: onap.policies.Native
description: a policy type for native apex policies
version: 1.0.0
properties:
engine_service:
type: onap.datatypes.native.apex.EngineService
description: APEX Engine Service Parameters
inputs:
type: map
description: Inputs for handling events coming into the APEX engine
entry_schema:
type: onap.datatypes.native.apex.EventHandler
outputs:
type: map
description: Outputs for handling events going out of the APEX engine
entry_schema:
type: onap.datatypes.native.apex.EventHandler
environment:
type: list
description: Envioronmental parameters for the APEX engine
entry_schema:
type: onap.datatypes.native.apex.Environment
data_types:
onap.datatypes.native.apex.EngineService:
derived_from: tosca.datatypes.Root
properties:
name:
type: string
description: Specifies the engine name
required: false
default: "ApexEngineService"
version:
type: string
description: Specifies the engine version in double dotted format
required: false
default: "1.0.0"
id:
type: int
description: Specifies the engine id
required: true
instance_count:
type: int
description: Specifies the number of engine threads that should be run
required: true
deployment_port:
type: int
description: Specifies the port to connect to for engine administration
required: false
default: 1
policy_model_file_name:
type: string
description: The name of the file from which to read the APEX policy model
required: false
default: ""
policy_type_impl:
type: string
description: The policy type implementation from which to read the APEX policy model
required: false
default: ""
periodic_event_period:
type: string
description: The time interval in milliseconds for the periodic scanning event, 0 means don't scan
required: false
default: 0
engine:
type: onap.datatypes.native.apex.engineservice.Engine
description: The parameters for all engines in the APEX engine service
required: true
onap.datatypes.native.apex.EventHandler:
derived_from: tosca.datatypes.Root
properties:
name:
type: string
description: Specifies the event handler name, if not specified this is set to the key name
required: false
carrier_technology:
type: onap.datatypes.native.apex.CarrierTechnology
description: Specifies the carrier technology of the event handler (such as REST/Web Socket/Kafka)
required: true
event_protocol:
type: onap.datatypes.native.apex.EventProtocol
description: Specifies the event protocol of events for the event handler (such as Yaml/JSON/XML/POJO)
required: true
event_name:
type: string
description: Specifies the event name for events on this event handler, if not specified, the event name is read from or written to the event being received or sent
required: false
event_name_filter:
type: string
description: Specifies a filter as a regular expression, events that do not match the filter are dropped, the default is to let all events through
required: false
synchronous_mode:
type: bool
description: Specifies the event handler is syncronous (receive event and send response)
required: false
default: false
synchronous_peer:
type: string
description: The peer event handler (output for input or input for output) of this event handler in synchronous mode, this parameter is mandatory if the event handler is in synchronous mode
required: false
default: ""
synchronous_timeout:
type: int
description: The timeout in milliseconds for responses to be issued by APEX torequests, this parameter is mandatory if the event handler is in synchronous mode
required: false
default: ""
requestor_mode:
type: bool
description: Specifies the event handler is in requestor mode (send event and wait for response mode)
required: false
default: false
requestor_peer:
type: string
description: The peer event handler (output for input or input for output) of this event handler in requestor mode, this parameter is mandatory if the event handler is in requestor mode
required: false
default: ""
requestor_timeout:
type: int
description: The timeout in milliseconds for wait for responses to requests, this parameter is mandatory if the event handler is in requestor mode
required: false
default: ""
onap.datatypes.native.apex.CarrierTechnology:
derived_from: tosca.datatypes.Root
properties:
label:
type: string
description: The label (name) of the carrier technology (such as REST, Kafka, WebSocket)
required: true
plugin_parameter_class_name:
type: string
description: The class name of the class that overrides default handling of event input or output for this carrier technology, defaults to the supplied input or output class
required: false
onap.datatypes.native.apex.EventProtocol:
derived_from: tosca.datatypes.Root
properties:
label:
type: string
description: The label (name) of the event protocol (such as Yaml, JSON, XML, or POJO)
required: true
event_protocol_plugin_class:
type: string
description: The class name of the class that overrides default handling of the event protocol for this carrier technology, defaults to the supplied event protocol class
required: false
onap.datatypes.native.apex.Environmental:
derived_from: tosca.datatypes.Root
properties:
name:
type: string
description: The name of the environment variable
required: true
value:
type: string
description: The value of the environment variable
required: true
onap.datatypes.native.apex.engineservice.Engine:
derived_from: tosca.datatypes.Root
properties:
context:
type: onap.datatypes.native.apex.engineservice.engine.Context
description: The properties for handling context in APEX engines, defaults to using Java maps for context
required: false
executors:
type: map
description: The plugins for policy executors used in engines such as javascript, MVEL, Jython
required: true
entry_schema:
description: The plugin class path for this policy executor
type: string
onap.datatypes.native.apex.engineservice.engine.Context:
derived_from: tosca.datatypes.Root
properties:
distributor:
type: onap.datatypes.native.apex.Plugin
description: The plugin to be used for distributing context between APEX PDPs at runtime
required: false
schemas:
type: map
description: The plugins for context schemas available in APEX PDPs such as Java and Avro
required: false
entry_schema:
type: onap.datatypes.native.apex.Plugin
locking:
type: onap.datatypes.native.apex.plugin
description: The plugin to be used for locking context in and between APEX PDPs at runtime
required: false
persistence:
type: onap.datatypes.native.apex.Plugin
description: The plugin to be used for persisting context for APEX PDPs at runtime
required: false
onap.datatypes.native.apex.Plugin:
derived_from: tosca.datatypes.Root
properties:
name:
type: string
description: The name of the executor such as Javascript, Jython or MVEL
required: true
plugin_class_name:
type: string
description: The class path of the plugin class for this executor |
Optimization and Naming Policies - Better Use of the Decision API Pamela Dragosh
...
- Mapping of kubernetes deployment to PDP Subgroup
- Re-synch of PAP and PDP when the supported policy type changes
- Change the PAP Group Deploy/Undeploy API to only create/update PdpGroups
- Create new API to deploy/undeploy policies into PdpGroups
- Handle derivation in PDP supported types
RECORDING
Recording