Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

New component capabilities for Frankfurt, i.e. the functional enhancements.

Frankfurt release targets the completion of the work started in Dublin to re-build the Policy Framework infrastructure. The new capabilities were to complete missing functionality that was previously in the legacy components, or was targeted to be part of the platform and was not able to be finished in Dublin:

Consolidation of Policy Health Check - China Ericsson Team

POLICY-2025 - Getting issue details... STATUS  - Per Integration team, one single health check requested that gives status for the whole of Policy Framework components.

  • New API implemented in PAP : /policy/pap/v1/pdps/healthcheck

Example API result:

{
    "pdps": {
        "xacml": [
            {
                "instanceId": "CN-00000994",
                "pdpState": "ACTIVE",
                "healthy": "HEALTHY"
            }
        ],
        "drools": [
            {
                "instanceId": "CN-00000994",
                "pdpState": "ACTIVE",
                "healthy": "HEALTHY"
            }
        ],
        "apex": [
            {
                "instanceId": "CN-00000994",
                "pdpState": "ACTIVE",
                "healthy": "HEALTHY"
            }
        ]
    },
    "healthy": true,
    "api": {
        "name": "Policy API",
        "url": "http://policy-api:6969/policy/api/v1/healthcheck",
        "healthy": true,
        "code": 200,
        "message": "alive"
    },
    "distribution": {
        "name": "Policy SSD",
        "url": "http://policy-distribution:6969/healthcheck",
        "healthy": true,
        "code": 200,
        "message": "alive"
    },
    "pap": {
        "name": "Policy PAP",
        "url": "http://policy-pap:6969/policy/pap/v1/healthcheck",
        "healthy": true,
        "code": 200,
        "message": "alive"
    }
}


PDP Statistics - China Ericsson Team

POLICY-2025 - Getting issue details... STATUS  - The same epic also covers the work for collecting various statistics of registered PDP engines and storing them in the Policy DB.

  • Policy models and related provider classes created for storing PDP Statistics in DB.
  • REST API created in PAP to fetch the PDP Statistics saved in Policy DB.
  • PdpStatus heartbeat messages from apex-pdp has been updated to include current statistics in every interval. Xacml-pdp & drools-pdp will be updated shortly.
  • PAP handlers has been updated to collect & store the statistics coming in heartbeat messages to Policy DB.

PDP Monitoring GUI - China Ericsson Team

POLICY-1751 - Getting issue details... STATUS  - This epic covers the work to create a GUI that polls the PDP statistics from PAP for monitoring PDP engines. This is currently work in progress.

A new UI is being developed to show

  • the list of PDP engines registered with PAP
  • the statistics of an individual PDP engine.
  • the cumulative statistics of a group of PDP engines.
  • the cumulative statistics of all PDP engines for a particular domain.

Integration of CDS As an Actor Former user (Deleted) Rashmi Pujar

POLICY-2087 - Getting issue details... STATUS  - Started in Dublin as dark code, finishing the support for this new actor to be fully available for Control Loop Operational Policies

  • CDS is added as an actor in Policy to take actions
  • Integration is done by implementing a gRPC call to CDS
  • Validation is done against vFirewall use case
  • Sample Operational Policy YAML for vFirewall usecase:
controlLoop:
  version: 2.0.0
  controlLoopName: ControlLoop-vFirewall-7e4fbe9c-d612-4ec5-bbf8-605aeabdb677
  trigger_policy: unique-policy-id-1-modifyConfig
  timeout: 60
  abatement: false
policies:
  - id: unique-policy-id-1-modifyConfig
    name: modifyconfig-cds-actor
    description:
    actor: CDS
    recipe: modify-config
    target:
      resourceID: 7e4fbe9c-d612-4ec5-bbf8-605aeabdb677
      type: VNF
    payload:
      artifact_name: vFW-CDS
      artifact_version: 1.0.0
      data: '{"active-streams":"7"}'
    retry: 0
    timeout: 30
    success: final_success
    failure: final_failure
    failure_timeout: final_failure_timeout
    failure_retries: final_failure_retries
    failure_exception: final_failure_exception
    failure_guard: final_failure_guard
  • REST equivalent of the gRPC request from Policy to CDS to execute a CBA:
curl -X POST \
  'http://{{ip}}:{{port}}/api/v1/execution-service/process' \
  -H 'Authorization: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==' \
  -H 'Content-Type: application/json' \
  -H 'cache-control: no-cache' \
  -d '{
    "commonHeader":{
        "subRequestId":"14384b21-8224-4055-bb9b-0469397db801",
        "requestId":"d57709fb-bbec-491d-a2a6-8a25c8097ee8",
        "originatorId":"POLICY"
    },
    "actionIdentifiers":{
        "mode":"sync",
        "blueprintName":"vFW-CDS",
        "blueprintVersion":"1.0.0",
        "actionName":"config-deploy"
    },
    "payload":{
        "config-deploy-request":{
            "resolution-key":"6128eb53-0eac-4c79-855c-ff56a7b81141",
            "config-deploy-properties":{
                "service-instance.service-instance-id":"40004db6-c51f-45b0-abab-ea4156bae422",
                "generic-vnf.vnf-id":"8d09e3bd-ae1d-4765-b26e-4a45f568a092",
                "data":{
                    "active-streams":"7"
                }
            }
        }
    }
}'

Policy Update Notifications James Hahn

POLICY-1840 - Getting issue details... STATUS  - When policies are deployed/undeployed (eg new version or removal), then some ONAP components need more immediate notification. Notably, DCAE microservices need to respond quickly to policy changes. James Hahn

When a policy has been pushed (or "unpushed") to all relevant PDPs, a notification is published to the DMaaP topic, POLICY-NOTIFICATION, a sample of which is shown below:

{
    "deployed-policies": [
        {
            "policy-type": "onap.policies.monitoring.cdap.tca.hi.lo.app",
            "policy-type-version": "1.0.0",
            "policy-id": "onap.scaleout.tca",
            "policy-version": "2.0.0",
            "success-count": 3,
            "failure-count": 0
        }
    ],
    "undeployed-policies": [
        {
            "policy-type": "onap.policies.firewall",
            "policy-type-version": "1.0.0",
            "policy-id": "onap.firewall.tca",
            "policy-version": "6.0.0",
            "success-count": 3,
            "failure-count": 0
        }
    ]
}


Policy Validation Liam Fallon

POLICY-2027 - Getting issue details... STATUS  - Enhances the validation of TOSCA Policy Types and provides tools to Policy Designers. Liam Fallon

Better support for TOSCA Data Types, Policy Types and Policies. Currently (Dublin/El Alto), policies are validated by PDPs at load time, and the Policy Framework checks that the policy type of a policy is valid and exists when it is stored over the API

In Frankfurt, we will:

  • Validate that the parent policy types, and referenced data types in policy types and data types exist
  • Return fully dereferenced policy types and data types on get requests
  • Vaidate consistent create and update on policy types and data types
  • Validate references to policy tpyes and data types prior to deletion of policy types and data types
  • Validate versions of policy types and policies
  • Validation of policies against their policy types on create and update of policies (Stretch)

See R6 Data Type, Policy Type, and Policy Referencing and Versioning for more information.

Support for Native Policies  Chenfei Gao Ram Krishna Verma Pamela Dragosh

POLICY-1845 - Getting issue details... STATUS  - Some support for this in the legacy components, this work greatly enhances the ability to load PDP native policies that either execute alone or in conjunction with TOSCA Policy Types. Adds in Apex Native Policy Types in addition to XACML, Drools.

  • Designed TOSCA-compliant solution to create/read/update/delete(CRUD), deploy/undeploy and store native PDP policies and their artifacts
  • Designed native PDP policy types off which native policies executable in different PDP engines (i.e. Drools, XACML, APEX) can be created and deployed
  • Build a validator for the API payload provided to create native PDP policies to avoid unnecessary inconsistency between policy artifacts in the nexus and TOSCA policies in the database
  • Build Drools PDP (PDP-D) support for native Drools policy execution
  • Build XACML PDP (PDP-X) support for native XACML policy enforcement
  • Build APEX PDP (PDP-A) support for native APEX policy execution

Optimization and Naming Policies - Better Use of the Decision API Pamela Dragosh 

POLICY-2067 - Getting issue details... STATUS  - In working with the OOF team, we are moving some of the decision making that the legacy engine could not support into the new xacml PDP engine which supports a Decision API. Previously, OOF had to make 2 separate API calls. The addition of "matchable" attributes in the Optimization and Naming policies allow the XACML PDP to dynamically translate TOSCA policies to XACML for more fine-grained policy Decisions.

The OOF optimize uses a "best matches" algorithm on top of the XACML engine fine-grained decision in order to further refine the decision to return only the "best matching" policy given the attributes in the Decision API call.

Base Optimization Policies - including "matchable"
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
   onap.policies.Optimization:
      derived_from: tosca.policies.Root
      version: 1.0.0
      description: The base policy type for all policies that govern optimization
      properties:
         scope:
            description: Scope for the policy - could be for a specific release.
            type: list
            metadata:
               matchable: true
            required: true
            entry_schema:
               type: string
         geography:
            description: One or more geographic regions
            type: list
            metadata:
               matchable: true
            required: true
            entry_schema:
               type: string
               constraints:
               -  valid_values:
                  - US
                  - International
         identity:
            description: Used internally for identification
            type: string
            required: true

The OOF optimization Decision includes the ability to ask the decision to take in "context" when returning policy decisions. Eliminates one less call the OOF project had to make to the Policy Decision API to retrieve policies during runtime.

Example Decision API call Payload
{
  "ONAPName": "OOF",
  "ONAPComponent": "OOF-component",
  "ONAPInstance": "OOF-component-instance",
  "context" : {
      "subscriberName": []
  },
  "action": "optimize",
  "resource": {
      "scope": [],
      "services": [],
      "resources": [],
      "geography": []
  }
}


TOSCA Compliant Operational and Guard Policies Pamela Dragosh 

POLICY-2118 - Getting issue details... STATUS  - Finishing the work started in Dublin to fully move ALL the Control Loop Policy Types into TOSCA compliance with CLAMP team. Previously our operational and guard policies used a YAML format defined a few years ago. In this effort we are translating it to be fully compliant with TOSCA and cleaning up some of the syntax.

Operational Policy Type
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
    onap.policies.controlloop.operational.Common:
        derived_from: tosca.policies.Root
        version: 1.0.0
        description: Operational Policy for Control Loop execution
        properties:
            id:
                type: String
                description: The unique control loop id.
                required: true
            timeout:
                type: Integer
                description: |
                    Overall timeout for executing all the operations. This timeout should equal or exceed the total
                    timeout for each operation listed.
                required: true
            abatement:
                type: Boolean
                description: Whether an abatement event message will be expected for the control loop from DCAE.
                required: true
                default: false
            trigger:
                type: String
                description: Initial operation to execute upon receiving an Onset event message for the Control Loop.
                required: true
            operations:
                type: List
                description: List of operations to be performed when Control Loop is triggered.
                required: true
                entry_schema:
                    type: onap.datatype.controlloop.Operation

    onap.policies.controlloop.operational.common.Apex:
        derived_from: onap.policies.controlloop.operational.Common
        type_version: 1.0.0
        version: 1.0.0
        description: Operational policies for Apex PDP
        properties:

    onap.policies.controlloop.operational.common.Drools:
        derived_from: onap.policies.controlloop.operational.Common
        type_version: 1.0.0
        version: 1.0.0
        description: Operational policies for Drools PDP
        properties:
            controllerName:
                type: String
                description: Drools controller properties
                required: false

data_types:
    # TBD if this is needed
    onap.datatype.controlloop.operation.Failure:
        derived_from: tosca.datatypes.Root
        description: Captures information of an operational failure performed for control loop
        properties:
            messages:
                type: String
                description: error message
                required: true
            category:
                type: String
                description: |
                    The category the error occurred in. Whether this is a general error from the actor, or the operation
                    timed out, retries were exhausted in trying to execute the operation, a guard policy prevented the
                    operation from occuring, or an exception in the system caused the failure.
                constraints:
                - valid_values: [error, timeout, retries, guard, exception]

    onap.datatype.controlloop.Target:
        derived_from: tosca.datatypes.Root
        description: Definition for a entity in A&AI to perform a control loop operation on
        properties:
            targetType:
                type: String
                description: Category for the target type
                required: true
                constraints:
                - valid_values: [VNF, VM, VFMODULE, PNF]
            entityIds:
                type: Map
                description: |
                    Map of values that identify the resource. If none are provided, it is assumed that the
                    entity that generated the ONSET event will be the target.
                required: false

    onap.datatype.controlloop.Actor:
        derived_from: tosca.datatypes.Root
        description: An actor/operation/target definition
        properties:
            actor:
                type: String
                description: The actor performing the operation.
                required: true
            operation:
                type: String
                description: The operation the actor is performing.
                required: true
            target:
                type: String
                description: The resource the operation should be performed on.
                required: true
                metadata:
                    clamp_possible_values: <string:see clamp project for syntax>
            payload:
                type: Map
                description: Name/value pairs of payload information passed by Policy to the actor
                required: false
                entry_schema:
                    type: String

    onap.datatype.controlloop.Operation:
        derived_from: tosca.datatypes.Root
        description: An operation supported by an actor
        properties:
            id:
                type: String
                description: Unique identifier for the operation
                required: true
            description:
                type: String
                description: A user-friendly description of the intent for the operation
                required: false
            operation:
                type: onap.datatype.controlloop.Actor
                description: The definition of the operation to be performed.
                required: true
                metadata:
                    clamp_possible_values: <string:see clamp project for syntax>
            timeout:
                type: Integer
                description: The amount of time for the actor to perform the operation.
                required: true
            retries:
                type: Integer
                description: The number of retries the actor should attempt to perform the operation.
                required: true
                default: 0
            success:
                type: String
                description: Points to the operation to invoke on success. A value of "final_success" indicates and end to the operation.
                required: false
                default: final_success
            failure:
                type: String
                description: Points to the operation to invoke on Actor operation failure.
                required: false
                default: final_failure
            failure_timeout:
                type: String
                description: Points to the operation to invoke when the time out for the operation occurs.
                required: false
                default: final_failure_timeout
            failure_retries:
                type: String
                description: Points to the operation to invoke when the current operation has exceeded its max retries.
                required: false
                default: final_failure_retries
            failure_exception:
                type: String
                description: Points to the operation to invoke when the current operation causes an exception.
                required: false
                default: final_failure_exception
            failure_guard:
                type: String
                description: Points to the operation to invoke when the current operation is blocked due to guard policy enforcement.
                required: false
                default: final_failure_guard     

Much discussion for this was done in the Control Loop sub committee meetings. As captured here: Control Loop Policy Type Design Proposal#1: Simple upgrade of legacy policy types to TOSCA

Policy API Enhancements Chenfei Gao

POLICY-2028 - Getting issue details... STATUS  - Finished work such as added "application/yaml" as Content-Type.

  • Added the support of "application/yaml" as Content-Type in policy lifecycle API
  • Created a new simplified API for creating multiple policies in one shot
  • Made policy types preloading configurable in the helm charts
  • Added new version validation for POST API payload to constrain clients to carefully specify a reasonable version for policy or policy type
  • Preload default policies for ONAP components


PAP ↔ PDP Communication Ram Krishna Verma James Hahn

POLICY-2026 - Getting issue details... STATUS  - Clarified PAP ↔ communication of Policy Types, Health Status, PDP Group Details, Passive vs Active modes. Ram Krishna Verma

  • Mapping of kubernetes deployment to PDP Subgroup
  • Re-synch of PAP and PDP when the supported policy type changes
  • Change the PAP Group Deploy/Undeploy API to only create/update PdpGroups
  • Create new API to deploy/undeploy policies into PdpGroups
  • Handle derivation in PDP supported types


  • No labels