Versions Compared

Version Old Version 6 New Version Current
Changes made by

Deena Mukundan

Deena Mukundan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: draw.io diagram "Untitled Diagram-1734262495141.drawio" edited

Support Dynamic Policy Updation

User shall be able to deploy policy via PAP at run time. As currently we are supporting only Native policy for OPA, the design proposal is to encode rego file content in base 64 format and provide in the policy field.

...

Code Block
Tosca Definition for OPA

tosca_definitions_version: tosca_simple_yaml_1_1_0
topology_template:
    policies:
        - native.cell.consistency.opa:
              type: onap.policies.native.opa
              type_version: 1.0.0
              properties:
                  data: 
                     cell.consistency: eyAgIAogICJhbGxvd2VkQ2VsbElkIiA6IDQ0NTYxMTE5MzI2NTA0MDEyOSwgCiAgIm1pblBDSSI6IDEsIAogICJtYXhQQ0kiOiAzMDAwICAKIH0=                       
                               
                  policy: 
                    cell.consistency: cGFja2FnZSBjZWxsLmNvbnNpc3RlbmN5CmRlZmF1bHQgYWxsb3cgPSBmYWxzZQoKIyBSdWxlIHRvIGNoZWNrIGNlbGwgY29uc2lzdGVuY3kKY2hlY2tfY2VsbF9jb25zaXN0ZW5jeSB7CsKgwqDCoCBpbnB1dC5jZWxsICE9IGRhdGEuY2VsbC5jb25zaXN0ZW5jeS5hbGxvd2VkQ2VsbElkCn0KIyBSdWxlIHRvIGFsbG93IGlmIFBDSSBpcyB3aXRoaW4gcmFuZ2UgMS0zMDAwCmFsbG93X2lmX3BjaV9pbl9yYW5nZSB7CsKgwqDCoCBpbnB1dC5QQ0kgPj0gZGF0YS5jZWxsY29uc2lzdGVuY3kubWluUENJCsKgwqDCoCBpbnB1dC5QQ0kgPD0gZGF0YS5jZWxsY29uc2lzdGVuY3kubWF4UENJCn0KIyBNYWluIHJ1bGUgdG8gZGV0ZXJtaW5lIHRoZSBmaW5hbCBkZWNpc2lvbgphbGxvdyB7CsKgwqDCoCBjaGVja19jZWxsX2NvbnNpc3RlbmN5CsKgwqDCoCBhbGxvd19pZl9wY2lfaW5fcmFuZ2UKfQ==      
                    cell.conistency.topology : cGFja2FnZSBjZWxsLmNvbnNpc3RlbmN5LnRvcG9sb2d5CmltcG9ydCByZWdvLnYxCiAKIyBSdWxlIHRvIGNoZWNrIGNlbGwgY29uc2lzdGVuY3kKY2hlY2tfY2VsbF9jb25zaXN0ZW5jeSBpZiB7CiAgICBpbnB1dC5jZWxsICE9IGRhdGEuY2VsbGNvbnNpc3RlbmN5LmFsbG93ZWRDZWxsSWQKfQ==   
              name: native.cell.consistency.opa
              version: 1.0.0
              metadata:
                  policy-id: native.cell.consistency.opa
                  policy-version: 1.0.0

OPA PDP after receiving the message on KAFKA will parse the message, extract policy, perform base64 decoding and deploys the policy to OPA. OPA PDP will send a PDP_STATUS message with the status of  policy deployment.

...

Drawio
mVer2
zoom1
simple0
inComment0
custContentId82215397
pageId81264688
lbox1
diagramDisplayNameUntitled Diagram-1734262495141.drawio
contentVer23
revision23
baseUrlhttps://lf-onap.atlassian.net/wiki
diagramNameUntitled Diagram-1734262495141.drawio
pCenter0
width694.5
links
tbstyle
height391.5

...

Drawio
mVer2
zoom1
simple0
inComment0
custContentId82084473
pageId81264688
lbox1
diagramDisplayNameUntitled Diagram-1734262495141.drawio
contentVer23
revision23
baseUrlhttps://lf-onap.atlassian.net/wiki
diagramName1734271988361-Untitled Diagram-1734262495141.drawio
pCenter0
width724.5
links
tbstyle
height453.5

...

Code Block
tosca_definitions_version: tosca_simple_yaml_1_1_0
policy_types:
  onap.policies.Native:
    derived_from: tosca.policies.Root
    description: a base policy type for all native PDP policies
    version: 1.0.0
    name: onap.policies.Native
  onap.policies.native.opa:
    derived_from: onap.policies.Native
    version: 1.0.0
    name: onap.policies.native.opa
    description: a policy type for native opa policies
    properties:
      data:
        type: map
        type_version: 0.0.0
        description: The data for Policy
        required: false
        metadata:
          encoding: Base64
      policy:
        type: map
        type_version: 0.0.0
        description: The rego PolicySet or Policy
        required: true
        metadata:
          encoding: Base64

Design Discussion