...
The Policy subsystem of ONAP maintains, distributes, and operates on the set of rules that underlie ONAP’s control, orchestration, and management functions. Policy provides a centralized environment for the creation and management of easily-updatable conditional rules. It enables users to validate policies and rules, identify and resolve overlaps and conflicts, and derive additional policies where needed. The following operations are support supported by the policy API:
- Create policies on the PAP
- Update policies on the PAP
- Delete policies on the PAP or PDP
- Push policies from the PAP to the PDP
- List policies on the PDP
- Get config data of policies on the PDP
- Create Dictionary Items
- Update Dictionary Items
- Retrieve Dictionary Items
- Import Micro Services Models
- Retrieve Metrics for policy counts from PDP and PAP
POLICY ENGINE SERVICES
POLICY ENGINE API SAMPLE JAVA CLIENT CODE
| Code Block | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import java.util.Collection;
import org.onap.policy.api.ConfigRequestParameters;
import org.onap.policy.api.PolicyConfig;
import org.onap.policy.api.PolicyEngine;
public class GetConfigSample {
public static void main(String[] args) throws Exception {
PolicyEngine pe = new PolicyEngine("config.properties");
ConfigRequestParameters configRequestParams = new ConfigRequestParameters();
configRequestParams.setPolicyName(".*");
Collection<PolicyConfig> configs = pe.getConfig(configRequestParams);
for (PolicyConfig config: configs){
System.out.println(config.getPolicyConfigMessage());
System.out.println(config.getPolicyConfigStatus());
}
}
} |
...
| Code Block | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
{
"serviceTypeId": "/v0/firewall/pan",
"configName": "AFTTFwPolicy1Config",
"deploymentOption": {
"deployNow": false
},
"securityZoneId": "cloudsite:dev1a",
"vendorServiceIdserviceGroups": "vipr", [{
"vendorSpecificDataname": {"SSH",
"idMapdescription": [{"Ssh service entry in service list",
"astraIdtype": "cloudsite:dev1aSERVICE",
"transportProtocol": "tcp",
"vendorIdappProtocol": "deviceGroup:dev" null,
}]"ports": "22"
}],
"serviceGroupsaddressGroups": [{
"name": "SSHCiscoVCE",
"description": "Ssh service entry in service listDestination CiscoCVE",
"typemembers": "SERVICE",[{
"transportProtocol": "tcp "type": "SUBNET",
"appProtocol": null, "value": "12.63.31.61/12"
"ports": "22" }],
"addressGroups": [}, {
"name": "CiscoVCEHOHOServers",
"description": "Destination CiscoCVESource HOHOServers for first testing",
"members": [{
"type": "SUBNET",
"value": "12.6360.3132.6111/1223"
}]
}],
"firewallRuleList": [{
"nameposition": "HOHOServers1",
"descriptionruleName": "Source HOHOServers for first testingFWRuleHOHOServerToCiscoVCE",
"membersfromZones": [{
"UntrustedZoneCiscoCVEName"],
"typetoZones": ["SUBNETTrustedZoneHOHOName"],
"valuenegateSource": "12.60.32.11/23"false,
}]
"negateDestination": false,
}], "firewallRuleListsourceList": [{
"position": "1", "ruleNametype": "FWRuleHOHOServerToCiscoVCEREFERENCE",
"fromZones": ["UntrustedZoneCiscoCVEName"],
"toZones"name": ["TrustedZoneHOHONameHOHOServers"],
"negateSource": false}],
"negateDestination": false,
"sourceList"destinationList": [{
"type": "REFERENCE",
"name": "HOHOServersCiscoVCE"
}],
"destinationList": [{
"type": "REFERENCE",
"name": "CiscoVCE"
}],
"sourceServices": [],
"destServices": [{
"type": "REFERENCE",
"name": "SSH"
}],
"action": "accept",
"description": "FW rule for HOHO source to CiscoVCE destination",
"enabled": true,
"log": true
}]
} |
...
| Code Block | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
/*-
* ============LICENSE_START=======================================================
* PolicyEngineClient
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.policyEngine;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import org.onap.policy.api.ConfigRequestParameters;
import org.onap.policy.api.PolicyConfigException;
import org.onap.policy.api.PolicyEngine;
import org.onap.policy.api.PolicyEngineException;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
public class ListConfigPoliciesClient {
private static final Logger LOGGER = FlexLogger.getLogger(ListConfigPoliciesClient.class);
public static void main(String[] args) {
PolicyEngine policyEngine;
// List Config Policies Example
try {
policyEngine = new PolicyEngine("config.properties");
ConfigRequestParameters parameters = new ConfigRequestParameters();
parameters.setPolicyName(".*");
parameters.setOnapName(".*");
parameters.setConfigName(".*");
Map<String, String> configAttributes = new HashMap<>();
configAttributes.put("java", "java");
configAttributes.put("peach", "Tar");
configAttributes.put("true", "false");
configAttributes.put("small", "testPass");
parameters.setConfigAttributes(configAttributes);
parameters.setRequestID(UUID.randomUUID());
Collection<String> response = policyEngine.listConfig(parameters);
if(response!=null && !response.contains("PE300")){
for(String configList : response){
System.out.println(configList.toString()+"\n");
}
}else{
System.out.println("Error! " +response);
}
} catch (PolicyConfigException e) {
LOGGER.error("Exception Occured"+e);
} catch (PolicyEngineException e) {
LOGGER.error("Exception Occured"+e);
}
}
} |
CURL JSON EXAMPLES
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
echo "pushPolicy API: createPolicy OPERATION: PUT REQUEST BODY: com.vLoadBalancer"{ echo "pushPolicy : PUT : com.vLoadBalancer" curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{ "pdpGroup": "default", "configBody": "{ \"service\":\"ControllerServiceSampleSdnlServiceInstance\", \"location\":\"Edge\", \"uuid\":\"TestUUID\", \"policyName\":\"testRestCreateMicroServicesNewParams\", \"description\":\"testing Create\", \"configName\":\"TestName\", \"templateVersion\":\"1604\", \"priority\":\"4\", \"version\":\"0.1.0-SNAPSHOT\", \"policyScope\":\"resource=F5,service=vSCP,type=configuration,closedLoopControlName=vSCP_F5_Firewall_d925ed73-8231-4d02-9545-db4e101f88f8\", \"content\":{ \"taskOrchestratedConfiguration\":\"test\", \"taskCustomConfiguration\":\"set\", \"configuration\":\"test\", \"cdapUrl\":\"testurl\", \"taskName\":\"test\", \"taskNameTEST\":\"TEST\", \"users\":\"[tuser]\", \"adminUsers\":\"[lji]\", \"taskConfigFilePath\":\"test\", \"managerPortNumber\":\"999\", \"taskType\":\"test\", \"taskCommandFilePath\":\"tset\", \"contailIp\":\"test\", \"consoleUsers\":\"[odu-e2e]\", \"taskStatusFilePath\":\"test\" } }", "policyConfigType": "MicroService", "policyName": "MikeAPITesting.testRestCreateMicroServicesNewParams", "ecompName": "SDNC" } |
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
API: updatePolicy
OPERATION: PUT
REQUEST BODY:
{
"configBody": "{
\"service\":\"ControllerServiceSampleSdnlServiceInstance\",
\"location\":\"Edge\",
\"uuid\":\"TestUUID\",
\"policyName\":\"testRestCreateMicroServicesNewParams\",
\"description\":\"testing Update\",
\"configName\":\"TestName\",
\"templateVersion\":\"1604\",
\"priority\":\"4\",
\"version\":\"0.1.0-SNAPSHOT\",
\"policyScope\":\"resource=F5,service=vSCP,type=configuration,closedLoopControlName=vSCP_F5_Firewall_d925ed73-8231-4d02-9545-db4e101f88f8\",
\"content\":{
\"taskOrchestratedConfiguration\":\"test\",
\"taskCustomConfiguration\":\"set\",
\"configuration\":\"test\",
\"cdapUrl\":\"testurl\",
\"taskName\":\"test\",
\"taskNameTEST\":\"TEST\",
\"users\":\"[tuser]\",
\"adminUsers\":\"[lji]\",
\"taskConfigFilePath\":\"test\",
\"managerPortNumber\":\"999\",
\"taskType\":\"test\",
\"taskCommandFilePath\":\"tset\",
\"contailIp\":\"test\",
\"consoleUsers\":\"[odu-e2e]\",
\"taskStatusFilePath\":\"test\"
}
}",
"policyConfigType": "MicroService",
"policyName": "MikeAPITesting.testRestUpdateMicroServicesNewParams",
"ecompName": "SDNC"
} |
CURL EXAMPLES
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
echo "pushPolicy : PUT : com.vLoadBalancer"
echo "pushPolicy : PUT : com.vLoadBalancer"
curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
"pdpGroup": "default",
"policyName": "com.vLoadBalancer",
"policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/pushPolicy' |
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
echo "deletePolicy : DELETE : com.vFirewall"
curl -v --silent -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{
"pdpGroup": "default",
"policyComponent": "PDP",
"policyName": "com.vFirewall",
"policyType": "MicroService"
}' 'http://pdp:8081/pdp/api/deletePolicy' |
| Code Block | ||||
|---|---|---|---|---|
| ||||
echo "Get all Config Policy example"
curl -i -v -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'ClientAuth: XYZ' -H 'Authorization: Basic XYZ -H 'Environment: TEST' -X POST -d '{
"policyName": ".*"
}' http://${PDP_IP}:8081/pdp/api/getConfig |
ADDITIONAL EXAMPLES
| Code Block | ||||
|---|---|---|---|---|
| ||||
// Deleting from PAP will remove the policy from the PolicyEntity & PolicyVersion tables (UI-Editor tab).
// This means that the policy is no longer be available in Policy System.
// PayLoad:
{ "policyName": "com.testpolicy", //scope.policyName
"policyType": "Base", //policy type
"policyComponent": "PAP", //component name
"deleteCondition": "ALL" //versions (ALL or CURRENT)
} |
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
// Deleting from PDP will delete the policy from the PDP Group. The policy is still available in Policy System. // When the policy is needed again, the policy should be pushed to the PDP. // PayLoad: { "policyName": "com.vLoadBalancertestpolicy", "policyType": "MicroService" }' 'http://pdp:8081/pdp/api/pushPolicy' | ||||||
| Code Block | ||||||
| ||||||
echo "deletePolicy : DELETE : com.vFirewall" curl -v --silent -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: XYZ' --header 'Authorization: Basic XYZ' --header 'Environment: TEST' -d '{ "pdpGroup": "default",//scope.policyName "policyType": "Base", //policy type "policyComponent": "PDP", //component name "policyNamepdpGroup": "com.vFirewall",Default" "policyType": "MicroService" }' 'http://pdp:8081/pdp/api/deletePolicy'//group name } |
POLICY ENGINE API DETAILS
Header parameters apply to each API.
...
