Instantiation Rules
POMBA audit reports are generated based on the rules that applied in the rules engine generating the violations. The following is an initial capture of rules
| Rule | Data Sources | Attributes | Description | Category | Severity | Story | Release |
---|
1 | Attribute Comparison | A&AI, SDN-C, Network Discovery | All | This rule compares all attributes by the same name from different Context Builders and returns a violation if the fields do no match. This includes the case where the name is present by the value is null in one of the cases. It does not produce a violation if one of the Context Builders is missing an attribute. Note in Casablanca, this will be implemented in a non-generic way, and made more generic as a future work item | Attribute Mismatch | MAJOR? | port-mirroring- | ERROR | Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-434 |
---|
|
| Casablanca |
2 | vnfc-type | - aai-instance
- tosca-csar (SDC)
|
| Validate that each VNFC instance in AAI conforms VNFC type defined in SDC model | ??VNFC Consistency | ERROR | port-mirroring- Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-571 |
---|
|
| Casablanca |
3 | vnfc-count | - aai-instance
- tosca-csar (SDC)
|
| Validate that for each VNFC node defined in SDC model there is at least one VNFC instance in AAI | ?? | WARNVNFC Consistency | WARN | Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-571 |
---|
|
| Casablanca |
4 | vf-module-type | - aai-instance
- tosca-csar (SDC)
|
| Validate that each VF module instance in AAI conforms VF Module defined in SDC service model | ??VF Consistency | CRITICAL | Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-571 |
---|
|
| Casablanca |
5 | nfc-naming-code | | nfc-naming-code | Validate that nfc-naming-code exists and is populated in AAI VNFC instance | ?? | CRITICAL | Expected Field Populated | CRITICAL | Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-571 |
---|
|
| Casablanca |
6 | data-dictionary-valid-value | | All (assuming we can tell if not defined in dictionary) | Validates for a particular field that its value aligns to what is in the data dictionary | Invalid Value | ERROR | Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-404 |
---|
|
|
|
7 | vserver-vfmodule | |
| If vfModule is present, I expect vserver/VMs to be present within this structure. |
|
| Coming soon to release near you | Future |
8 | dataQuality | * |
| When there is a problem with the data provided to the validation engine (data missing due to system issues, etc), this rule shall raise violations. Longer term the plan is to report this in a separate dataQuality field. Attributes only |
|
| Casablanca, not done as a rule Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-454 |
---|
|
| Future |
9 | nf-role | aai-instance | nf-role | Ensure nf-role was populated in VNF |
|
|
| Future |
10 | SDNC | - sdnc-instance
- network discover
- aai-instance
|
| Compare SDNC reported data against same fields in other data sources |
|
| Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-779 |
---|
|
| Dublin |
11 | data dictionary |
|
| Validate attributes of resources contain valid values, when present in data dictionary and data source |
|
| Jira Legacy |
---|
server | System Jira |
---|
serverId | 4733707d-2057-3a0f-ae5e-4fd8aff50176 |
---|
key | LOG-563 |
---|
|
|
|
Note that Attribute Comparison in particular needs to check against the following, but should check everything it can
- Network Discovered attributes
- Existing AA&I and SDNC Comparisons for
- vnf-type
- vnf-name
- nf-naming-code
- Newly supported A&AI and SDNC attributes that align with those that have been network discovered
VNFInstance.vf-module[x].List of vservers |
VNFInstance.vf-module[x].vserver[x].id |
VNFInstance.vf-module[x].vserver[x].name |
VNFInstance.vf-module[x].vserver[x].inMaint |
VNFInstance.vf-module[x].vserver[x].pserver.hostname |
VNFInstance.vf-module[x].vserver[x].image.image-name |
VNFInstance.vf-module[x].vserver[x].prov-status |
and
Deletion Rules
In the future, we will add additional rules to be able to audit that a service has been completely deleted. POMBA will likely require an input parameter on the audit initiation request to indicate whether someone wishes to run the instantiation rule set or the deletion rule sets.
Adding New Rules
The rules that POMBA runs are extensible and anyone can add new rules. Note this is in code currently, but can be done outside of the development cycle and manually applied if desired. Ideas for rules probably fall into two categories
- Validating design intent
- When designing ONAP features, you may wish to add rules to verify that the system is in the state you expect
- Automation of detecting errors found manually
- When using or testing the system, you may manually find a data integrity issue and wish to automate its detection in case it happens again