Policy API

DESCRIPTION

The Policy subsystem of ONAP maintains, distributes, and operates on the set of rules that underlie ONAP’s control, orchestration, and management functions. Policy provides a centralized environment for the creation and management of easily-updatable conditional rules. It enables users to validate policies and rules, identify and resolve overlaps and conflicts, and derive additional policies where needed. The following operations are supported by the policy API:

Create policies on the PAP
Update policies on the PAP
Delete policies on the PAP or PDP
Push policies from the PAP to the PDP
List policies on the PDP
Get config data of policies on the PDP
Create Dictionary Items
Update Dictionary Items
Retrieve Dictionary Items
Import Micro Services Models
Retrieve Metrics for policy counts from PDP and PAP

POLICY ENGINE SERVICES

SAMPLE JAVA CLIENT CODE

Get Config Example

/*-
 * ============LICENSE_START=======================================================
 * PolicyEngineClient
 * ================================================================================
 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END=========================================================
 */
 
package org.onap.policyEngine;
 
import java.util.Collection;
 
import org.onap.policy.api.ConfigRequestParameters;
import org.onap.policy.api.PolicyConfig;
import org.onap.policy.api.PolicyEngine;
 
public class GetConfigSample {
 
    public static void main(String[] args) throws Exception {
        PolicyEngine pe = new PolicyEngine("config.properties");
        ConfigRequestParameters configRequestParams = new ConfigRequestParameters();
        configRequestParams.setPolicyName(".*");
        Collection<PolicyConfig> configs = pe.getConfig(configRequestParams);
        for (PolicyConfig config: configs){
            System.out.println(config.getPolicyConfigMessage());
            System.out.println(config.getPolicyConfigStatus());
        }
    }
}

Create Config FIrewall Policy Example

/*-
 * ============LICENSE_START=======================================================
 * PolicyEngineClient
 * ================================================================================
 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
 * ================================================================================
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * ============LICENSE_END=========================================================
 */
 
package org.onap.policyEngine;
 
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.UUID;
 
import javax.json.Json;
import javax.json.JsonObject;
import javax.json.JsonReader;
 
import org.onap.policy.api.PolicyChangeResponse;
import org.onap.policy.api.PolicyConfigType;
import org.onap.policy.api.PolicyEngine;
import org.onap.policy.api.PolicyParameters;
import org.onap.policy.api.PolicyType;
 
public class ConfigFirewallPolicyClient {
    static Boolean isEdit = false;
    public static void main(String[] args) {
        try{    
            PolicyEngine policyEngine = new PolicyEngine("config.properties");
            PolicyParameters policyParameters = new PolicyParameters();
            // Set Policy Type
            policyParameters.setPolicyConfigType(PolicyConfigType.Firewall); //required
            policyParameters.setPolicyName("MikeAPItesting.testConfigFirewallPolicy1607_1"); //required
            //policyParameters.setPolicyScope("MikeAPItesting");
 //Directory will be created where the Policies are saved... this 
displays a a subscope on the GUI
            policyParameters.setRequestID(UUID.randomUUID());
             
            // Set Safe Policy value for Risk Type
            SimpleDateFormat dateformat3 = new SimpleDateFormat("dd/MM/yyyy");
            Date date = dateformat3.parse("15/10/2016");
            policyParameters.setTtlDate(date);
            // Set Safe Policy value for Guard
            policyParameters.setGuard(true);
            // Set Safe Policy value for Risk Level
            policyParameters.setRiskLevel("5");
            // Set Safe Policy value for Risk Type
            policyParameters.setRiskType("PROD");
            File jsonFile = null;
            String jsonRuleList = null;
            Path file = Paths.get("C:\\policyAPI\\firewallRulesJSON\\Config_FW_Sample.json");
            jsonFile = file.toFile();
             
            //buildJSON(jsonFile, jsonRuleList);
            policyParameters.setConfigBody(buildJSON(jsonFile, jsonRuleList).toString());       
            policyParameters.setConfigBodyType(PolicyType.JSON);
            // API method to create Policy or update policy
            PolicyChangeResponse response = null;
            if (!isEdit) {
                response = policyEngine.createPolicy(policyParameters);
            } else {
                response = policyEngine.updatePolicy(policyParameters);
            }
             
            if(response.getResponseCode()==200){
                System.out.println(response.getResponseMessage());
                System.out.println("Policy Created Successfully!");
            }else{
                System.out.println("Error! " + response.getResponseMessage());
            }
        } catch (Exception e) {
            System.err.println(e.getMessage());
        }
         
}
     
    private static JsonObject buildJSON(File jsonInput, String jsonString) throws FileNotFoundException {
        JsonObject json = null;
        JsonReader jsonReader = null;
        if (jsonString != null && jsonInput == null) {
            StringReader in = null;
            in = new StringReader(jsonString);
            jsonReader = Json.createReader(in);
            json = jsonReader.readObject();
            in.close();
        } else {
            InputStream in = null;
            in = new FileInputStream(jsonInput); 
            jsonReader = Json.createReader(in);
            json = jsonReader.readObject();
            try {
                in.close();
            } catch (IOException e) {
                System.err.println("Exception Occured while closing input stream"+e);
            }
        }
        jsonReader.close();
        return json;
    }
 
}

Sample JSON file - Config_FW_Sample.json

{
      "serviceTypeId": "/v0/firewall/pan",
      "configName": "AFTTFwPolicy1Config",
      "deploymentOption": {
            "deployNow": false
      },
      "securityZoneId": "cloudsite:dev1a",
      "serviceGroups": [{
            "name": "SSH",
            "description": "Ssh service entry in service list",
            "type": "SERVICE",
            "transportProtocol": "tcp",
            "appProtocol": null,
            "ports": "22"
      }],
      "addressGroups": [{
            "name": "CiscoVCE",
            "description": "Destination CiscoCVE",
            "members": [{
                  "type": "SUBNET",
                  "value": "12.63.31.61/12"
            }]
      }, {
            "name": "HOHOServers",
            "description": "Source HOHOServers for first testing",
            "members": [{
                  "type": "SUBNET",
                  "value": "12.60.32.11/23"
            }]
      }],
      "firewallRuleList": [{
            "position": "1",
            "ruleName": "FWRuleHOHOServerToCiscoVCE",
            "fromZones": ["UntrustedZoneCiscoCVEName"],
            "toZones": ["TrustedZoneHOHOName"],
            "negateSource": false,
            "negateDestination": false,
            "sourceList": [{
                  "type": "REFERENCE",
                  "name": "HOHOServers"
            }],
            "destinationList": [{
                  "type": "REFERENCE",
                  "name": "CiscoVCE"
            }],
            "sourceServices": [],
            "destServices": [{
                  "type": "REFERENCE",
                  "name": "SSH"
            }],
            "action": "accept",
            "description": "FW rule for HOHO source to CiscoVCE destination",
            "enabled": true,
            "log": true
      }]
}

Delete Policy Example

Push Policy Example

Decision Policy Example

List Config Policy Example

JSON EXAMPLES

Create Microservice Policy

Update Microservice Policy

CURL EXAMPLES

Push Policy

Delete Policy

Get Config

ADDITIONAL EXAMPLES

Deleting a Policy from PAP

Deleting a Policy from PDP

POLICY ENGINE API DETAILS

Header parameters apply to each API.