Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Policy subsystem of ONAP maintains, distributes, and operates on the set of rules that underlie ONAP’s control, orchestration, and management functions. Policy provides a centralized environment for the creation and management of easily-updatable conditional rules. It enables users to validate policies and rules, identify and resolve overlaps and conflicts, and derive additional policies where needed.  The following operations are support supported by the policy API:

  • Create policies on the PAP
  • Update policies on the PAP
  • Delete policies on the PAP or PDP
  • Push policies from the PAP to the PDP
  • List policies on the PDP
  • Get config data of policies on the PDP
  • Create Dictionary Items
  • Update Dictionary Items
  • Retrieve Dictionary Items
  • Import Micro Services Models
  • Retrieve Metrics for policy counts from PDP and PAP


POLICY ENGINE SERVICES

Image RemovedImage Added


POLICY ENGINE API SAMPLE JAVA CLIENT CODE

Code Block
languagejava
firstline1
titleGet Config Example
linenumberstrue
collapsetrue
/*-
 * ============LICENSE_START=======================================================
 * PolicyEngineClient
 * ================================================================================
 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END=========================================================
 */
 
package org.onap.policyEngine;
 
import java.util.Collection;
 
import org.onap.policy.api.ConfigRequestParameters;
import org.onap.policy.api.PolicyConfig;
import org.onap.policy.api.PolicyEngine;
 
public class GetConfigSample {
 
    public static void main(String[] args) throws Exception {
        PolicyEngine pe = new PolicyEngine("config.properties");
        ConfigRequestParameters configRequestParams = new ConfigRequestParameters();
        configRequestParams.setPolicyName(".*");
        Collection<PolicyConfig> configs = pe.getConfig(configRequestParams);
        for (PolicyConfig config: configs){
            System.out.println(config.getPolicyConfigMessage());
            System.out.println(config.getPolicyConfigStatus());
        }
    }
}

...

Code Block
languagetext
firstline1
titleSample JSON file - Config_FW_Sample.json
linenumberstrue
collapsetrue
{
      "serviceTypeId": "/v0/firewall/pan",
      "configName": "AFTTFwPolicy1Config",
      "deploymentOption": {
            "deployNow": false
      },
      "securityZoneId": "cloudsite:dev1a",
      "vendorServiceIdserviceGroups": "vipr", [{
            "vendorSpecificDataname": {"SSH",
            "idMapdescription": [{"Ssh service entry in service list",
             "astraIdtype": "cloudsite:dev1aSERVICE",
            "transportProtocol": "tcp",
            "vendorIdappProtocol": "deviceGroup:dev" null,
             }]"ports": "22"
      }],
      "serviceGroupsaddressGroups": [{
            "name": "SSHCiscoVCE",
            "description": "Ssh service entry in service listDestination CiscoCVE",
            "typemembers": "SERVICE",[{
              "transportProtocol": "tcp    "type": "SUBNET",
            "appProtocol": null,       "value": "12.63.31.61/12"
     "ports": "22"       }],
      "addressGroups": [}, {
            "name": "CiscoVCEHOHOServers",
            "description": "Destination CiscoCVESource HOHOServers for first testing",
            "members": [{
                  "type": "SUBNET",
                  "value": "12.6360.3132.6111/1223"
            }]
      }],
      "firewallRuleList": [{
            "nameposition": "HOHOServers1",
            "descriptionruleName": "Source HOHOServers for first testingFWRuleHOHOServerToCiscoVCE",
            "membersfromZones": [{
    "UntrustedZoneCiscoCVEName"],
             "typetoZones": ["SUBNETTrustedZoneHOHOName"],
   
              "valuenegateSource": "12.60.32.11/23"false,
            }]
"negateDestination": false,
     }],       "firewallRuleListsourceList": [{
      
     "position": "1",             "ruleNametype": "FWRuleHOHOServerToCiscoVCEREFERENCE",
            "fromZones": ["UntrustedZoneCiscoCVEName"],
            "toZones"name": ["TrustedZoneHOHONameHOHOServers"],
            "negateSource": false}],
            "negateDestination": false,
            "sourceList"destinationList": [{
                  "type": "REFERENCE",
                  "name": "HOHOServersCiscoVCE"
            }],
            "destinationList": [{
                  "type": "REFERENCE",
                  "name": "CiscoVCE"
            }],
            "sourceServices": [],
            "destServices": [{
                  "type": "REFERENCE",
                  "name": "SSH"
            }],
            "action": "accept",
            "description": "FW rule for HOHO source to CiscoVCE destination",
            "enabled": true,
            "log": true
      }]
}

...

Code Block
languagejava
firstline1
titleList Config Policy Example
linenumberstrue
collapsetrue
/*-
 * ============LICENSE_START=======================================================
 * PolicyEngineClient
 * ================================================================================
 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END=========================================================
 */
 
package org.onap.policyEngine;
 
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
 
import org.onap.policy.api.ConfigRequestParameters;
import org.onap.policy.api.PolicyConfigException;
import org.onap.policy.api.PolicyEngine;
import org.onap.policy.api.PolicyEngineException;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
 
public class ListConfigPoliciesClient {
     
    private static final Logger LOGGER  = FlexLogger.getLogger(ListConfigPoliciesClient.class);
     
    public static void main(String[] args) {
        PolicyEngine policyEngine;
 
        // List Config Policies Example 
        try {
            policyEngine = new PolicyEngine("config.properties");
            ConfigRequestParameters parameters = new ConfigRequestParameters();
             
            parameters.setPolicyName(".*");
            parameters.setOnapName(".*");
            parameters.setConfigName(".*");
             
            Map<String, String> configAttributes = new HashMap<>();
            configAttributes.put("java", "java");
            configAttributes.put("peach", "Tar");
            configAttributes.put("true", "false");
            configAttributes.put("small", "testPass");
            parameters.setConfigAttributes(configAttributes);
             
            parameters.setRequestID(UUID.randomUUID());
             
            Collection<String> response = policyEngine.listConfig(parameters);
            if(response!=null && !response.contains("PE300")){
                for(String configList : response){
                    System.out.println(configList.toString()+"\n");
                }
            }else{
                System.out.println("Error! " +response);
            }
 
        } catch (PolicyConfigException e) {
            LOGGER.error("Exception Occured"+e);
        } catch (PolicyEngineException e) {
            LOGGER.error("Exception Occured"+e);
        }
    }
     
}


CURL JSON EXAMPLES

Code Block
languagetext
titlePush Create Microservice Policy
collapsetrue
echo "pushPolicy API: createPolicy  
OPERATION: PUT
REQUEST BODY:
com.vLoadBalancer"{
echo "pushPolicy : PUT : com.vLoadBalancer"
curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
  "pdpGroup": "default",
  "policyName": "com.vLoadBalancer",
  "policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/pushPolicy'
Code Block
languagetext
titleDelete Policy
collapsetrue
echo "deletePolicy : DELETE : com.vFirewall"
curl -v --silent -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
  "pdpGroup": "default",
  "policyComponent": "PDP",
  "policyName": "com.vFirewall",
  "policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/deletePolicy'    "configBody": "{
			\"service\":\"ControllerServiceSampleSdnlServiceInstance\",
			\"location\":\"Edge\",
			\"uuid\":\"TestUUID\",
			\"policyName\":\"testRestCreateMicroServicesNewParams\",
			\"description\":\"testing Create\",
			\"configName\":\"TestName\",
			\"templateVersion\":\"1604\",
			\"priority\":\"4\",
			\"version\":\"0.1.0-SNAPSHOT\",
			\"policyScope\":\"resource=F5,service=vSCP,type=configuration,closedLoopControlName=vSCP_F5_Firewall_d925ed73-8231-4d02-9545-db4e101f88f8\",
			\"content\":{
					\"taskOrchestratedConfiguration\":\"test\",
					\"taskCustomConfiguration\":\"set\",
					\"configuration\":\"test\",
					\"cdapUrl\":\"testurl\",
					\"taskName\":\"test\",
					\"taskNameTEST\":\"TEST\",
					\"users\":\"[tuser]\",
					\"adminUsers\":\"[lji]\",
					\"taskConfigFilePath\":\"test\",
					\"managerPortNumber\":\"999\",
					\"taskType\":\"test\",
					\"taskCommandFilePath\":\"tset\",
					\"contailIp\":\"test\",
					\"consoleUsers\":\"[odu-e2e]\",
					\"taskStatusFilePath\":\"test\"
			}
	}",
    "policyConfigType": "MicroService",
    "policyName": "MikeAPITesting.testRestCreateMicroServicesNewParams",
    "ecompName": "SDNC"
}

Code Block
languagetext
titleUpdate Microservice Policy
collapsetrue
API: updatePolicy  
OPERATION: PUT
REQUEST BODY:
{
    "configBody": "{
			\"service\":\"ControllerServiceSampleSdnlServiceInstance\",
			\"location\":\"Edge\",
			\"uuid\":\"TestUUID\",
			\"policyName\":\"testRestCreateMicroServicesNewParams\",
			\"description\":\"testing Update\",
			\"configName\":\"TestName\",
			\"templateVersion\":\"1604\",
			\"priority\":\"4\",
			\"version\":\"0.1.0-SNAPSHOT\",
			\"policyScope\":\"resource=F5,service=vSCP,type=configuration,closedLoopControlName=vSCP_F5_Firewall_d925ed73-8231-4d02-9545-db4e101f88f8\",
			\"content\":{
					\"taskOrchestratedConfiguration\":\"test\",
					\"taskCustomConfiguration\":\"set\",
					\"configuration\":\"test\",
					\"cdapUrl\":\"testurl\",
					\"taskName\":\"test\",
					\"taskNameTEST\":\"TEST\",
					\"users\":\"[tuser]\",
					\"adminUsers\":\"[lji]\",
					\"taskConfigFilePath\":\"test\",
					\"managerPortNumber\":\"999\",
					\"taskType\":\"test\",
					\"taskCommandFilePath\":\"tset\",
					\"contailIp\":\"test\",
					\"consoleUsers\":\"[odu-e2e]\",
					\"taskStatusFilePath\":\"test\"
			}
	}",
    "policyConfigType": "MicroService",
    "policyName": "MikeAPITesting.testRestUpdateMicroServicesNewParams",
    "ecompName": "SDNC"
}


CURL  EXAMPLES

Code Block
languagetext
titlePush Policy
collapsetrue
echo "pushPolicy : PUT : com.vLoadBalancer"
echo "pushPolicy : PUT : com.vLoadBalancer"
curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
  "pdpGroup": "default",
  "policyName": "com.vLoadBalancer",
  "policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/pushPolicy'
Code Block
languagetext
titleDelete Policy
collapsetrue
echo "deletePolicy : DELETE : com.vFirewall"
curl -v --silent -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
  "pdpGroup": "default",
  "policyComponent": "PDP",
  "policyName": "com.vFirewall",
  "policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/deletePolicy'
Code Block
titleGet Config
collapsetrue
echo "Get all Config Policy example"
curl -i -v -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'ClientAuth: XYZ' -H 'Authorization: Basic XYZ -H 'Environment: TEST' -X POST -d '{
"policyName": ".*"
}' http://${PDP_IP}:8081/pdp/api/getConfig


ADDITIONAL  EXAMPLES

Code Block
titleDeleting a Policy from PAP
collapsetrue
// Deleting from PAP will remove the policy from the PolicyEntity & PolicyVersion tables (UI-Editor tab).
// This means that the policy is no longer be available in Policy System.

// PayLoad:
{    "policyName": "com.testpolicy",    //scope.policyName    
     "policyType": "Base",              //policy type    
     "policyComponent": "PAP",          //component name    
     "deleteCondition": "ALL"           //versions (ALL or CURRENT) 
} 
Code Block
titleDeleting a Policy from PDP
collapsetrue
// Deleting from PDP will delete the policy from the PDP Group.  The policy is still available in Policy System.  
// When the policy is needed again, the policy should be pushed to the PDP.

// PayLoad:
{    "policyName": "com.testpolicy",   //scope.policyName    
     "policyType": "Base",             //policy type    
     "policyComponent": "PDP",         //component name    
     "pdpGroup": "Default"             //group name 
} 



POLICY ENGINE API DETAILS

Header parameters apply to each API.

image2017-8-11_13-18-38.pngImage RemovedImage Added

image2017-8-11_16-39-57.pngImage RemovedImage Added