Current API Limitations with Respect to DCAE mS Policies

Owned by Pamela Dragosh
Last updated: Feb 26, 2019 by Liam Fallon
18 min read

The current API for creating and subsequently retrieving decisions surrounding DCAE mS configuration policies has many problems and limitations. We are capturing these limitations here so that they can be addressed in Dublin for the new Policy Lifecycle API.

1 Casablanca TCA DCAE mS Policy Model Schema

Casablanca DCAE mS Policy Model (filename=tca_policy_model_casablanca.yml)
tosca_definitions_version: tosca_simple_yaml_1_0_0 data_types: policy.data.metricsPerEventName: properties: controlLoopSchemaType: type: string description: Specifies Control Loop Schema Type for the event Name e.g. VNF, VM constraints: - valid_values: - VM - VNF eventName: type: string description: Event name to which thresholds need to be applied policyName: type: string description: TCA Policy Scope Name policyScope: type: string description: TCA Policy Scope policyVersion: type: string description: TCA Policy Scope Version thresholds: type: list description: Thresholds associated with eventName entry_schema: type: policy.data.thresholds policy.data.tca_policy: properties: domain: type: string description: Domain name to which TCA needs to be applied constraints: - equal: measurementsForVfScaling metricsPerEventName: type: list description: Contains eventName and threshold details that need to be applied to given eventName entry_schema: type: policy.data.metricsPerEventName policy.data.thresholds: properties: closedLoopControlName: type: string description: Closed Loop Control Name associated with the threshold closedLoopEventStatus: type: string description: Closed Loop Event Status of the threshold constraints: - valid_values: - ONSET - ABATED direction: type: string description: Direction of the threshold constraints: - valid_values: - LESS - LESS_OR_EQUAL - GREATER - GREATER_OR_EQUAL - EQUAL fieldPath: type: string description: Json field Path as per CEF message which needs to be analyzed for TCA severity: type: string description: Threshold Event Severity constraints: - valid_values: - CRITICAL - MAJOR - MINOR - WARNING - NORMAL thresholdValue: type: integer description: Threshold value for the field Path inside CEF message version: type: string description: Version number associated with the threshold node_types: policy.nodes.Root: derived_from: tosca.nodes.Root properties: policyDescription: required: false type: string policyName: required: true type: string policyScope: required: true type: string policyVersion: required: true type: string policy.nodes.tca: derived_from: policy.nodes.Root properties: tca_policy: type: map description: TCA Policy JSON entry_schema: type: policy.data.tca_policy

Let's say this file was saved as tca_policy_model_casablanca.yml


Based on the model schema, one would expect to be able to generate a TCA mS policy in YAML:

Example Policy You Would Expect To Be Able to Create
tosca_definitions_version: tosca_simple_yaml_1_0_0 imports: - tca_policy_model_casablanca.yml policies: - onap.vfirewall.tca_policy: type: policy.nodes.tca properties: domain: measurementsForVfScaling metricsPerEventName: - eventName: vFirewallBroadcastPackets controlLoopSchemaType: VNF policyScope: "DCAE" policyName: "DCAE.Config_tca-hi-lo" policyVersion: "v0.0.1" thresholds: - closedLoopControlName: "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a" closedLoopEventStatus: ONSET version: "1.0.2" fieldPath: "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta" thresholdValue: 300 direction: LESS_OR_EQUAL severity: MAJOR - closedLoopControlName: "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a" closedLoopEventStatus: ONSET version: "1.0.2" fieldPath: "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta" thresholdValue: 700 direction: GREATER_OR_EQUAL severity: CRITICAL

Actual Input expected by the API does not match the above YAML, but instead is JSON.

Example API Call using CURL (CLAMP uses Java API)
curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", "policyConfigType": "MicroService", "policyName": "com.MicroServicevFirewall", "onapName": "DCAE" }' 'https://pdp:8081/pdp/api/createPolicy'



From the example API call, this is the configBody JSON contents UNStringified and Pretty Printed

The exact details on what DCAE Policy Handler has to do be able to retrieve the policy are way to numerous and are documented in this PDF:

DCAEGEN2 architecture of policy-handling by DCAE-controller



CLAMP Push API call



DCAE Policy Handler



Policy Lifecycle API (DRAFT Beta version for M2)

Dublin TCA DCAE mS Policy Model Schema

Dublin DCAE TCA Model Schema



Expected Policy to be Created by CLAMP


Equivalency Table: Casablanca and Dublin APIs

(Comments pasted from API page)

In an equivalency table, this would be the same as the legacy - createPolicy and updatePolicy.   Probably worth to mention for the benefit of other teams.   The result would support the JSON format, so clients should expect little or no change.

This URL for POST should create a resource that we need to identify

POST
https://{url}:{port}/api/v1/policytypes/{policy type id}/versions/{version}/policies/

One proposal is to use the closedLoopControlName field:

CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A

and the version in this case:

1.0.2.

The GET for this specific one would be then

GET
https://{url}:{port}/api/v1/policytypes/{policy type id}/versions/{version}/policies/CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A/versions/1.0.2

They can name the policies however they want. If they want to use Closed Loop Control Name go ahead. The problem with the TCA model is they shove all that detail inside the model and use arrays of Control Loops. But its up to them on how they want their model to look.