Estimated changes in Policy specification in R5
Background
Policy Framework has experienced a re-arch of the whole framework, thus enforcing changes in OOF-OSDF to map with these changes and deal with the new policies correspondingly. In this page, we will show the difference between the legacy one and the new one and introduce the changes that need to happen in OSDF.
Comparison between the legacy API and the new API
Difference in URL
In the past releases, we request the legacy API(PDP service) to fetch existing policies and filter for the specific policy we want. However now, we changed to the new API to request xacml-pdp service for policy retrieving and filtering.
Curl command for legacy API
#Curl command we used to use
curl -X POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "ClientAuth: cHl0aG9uOnRlc3Q=" \
-H "Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==" \
-H "Environment: TEST" \
-d '{"policyName": "OSDF_CASABLANCA.*", "configAttributes": {"policyScope": "us"}}' https://pdp:8081/pdp/api/getConfig
Curl command use for new API
curl -x POST \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
--user 'healthcheck:zb!XztG34' \
-d '{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"policyScope": ["vCPE", "US", "INTERNATIONAL", "ip", "vGMuxInfra", "vG"],
"policyType": "zone" }}' https://xacml-pdp:6969/policy/pdpx/v1/decision
Difference in functionality
There are also changes in the format of policies which brings further changes to how we process them in OSDF. Here first provides two sample policies:
Affinity policy with legacy format
{
"service": "affinityPolicy",
"policyName": "OSDF_DUBLIN.Affinity_vCPE_1",
"description": "Zone policy for vCPE",
"templateVersion": "OpenSource.version.1",
"version": "test1",
"priority": "3",
"riskType": "test",
"riskLevel": "2",
"guard": "False",
"content": {
"identity": "affinity_vCPE",
"policyScope": ["vCPE", "US", "INTERNATIONAL", "ip", "vGMuxInfra", "vG"],
"affinityProperty": {
"qualifier": "same",
"category": "complex"
},
"policyType": "zone",
"resources": ["vGMuxInfra", "vG"]
}
}
Affinity Policy with new format
Several changes needed for OSDF
Also, according to the payload we showed in last sector, we could find that there's a few changes in the ways of filtering.
In the past, OSDF first uses the 'policy_scope' to filter the policies, which is the prefix of the policy name, for example 'OSDF_DUBLIN'. Now, no such filter is provided.
Policy filtering through 'PolicyScope'( the 'secondary_scope' in our code) used to support OR filtering, but now it just support AND filtering.
There's no filter for 'policyType' in the previous API. But now, it is a mandatory filter that we need to enter.
There's difference in the format of policies, hence we need to change the process of parsing these policies.