CPS-2249: NCMP To support Conflict Handling (Policy Execution) using External Service
- 1 References
- 2 Assumptions
- 3 Issues & Decisions
- 4 Requirements
- 5 Out of Scope
- 6 Suggested User Stories
- 7 Solution Proposal
- 7.1 Policy Executor REST Interface
- 7.1.1 Alternative a. No Parameters in URL (all data in body)
- 7.1.2 Alternative b-2. Payload and decision Type in URL
- 7.1.3 Alternative b-2. Payload and decision Type in URL with variable names
- 7.1.4 Input Parameters
- 7.1.4.1 Create Schema (cps:org.onap.cps.ncmp.policy-executor:ncmp-create-schema:1.0.0)
- 7.1.4.2 Create Schema JSON
- 7.1.4.3 Update Schema (cps:org.onap.cps.ncmp.policy-executor:ncmp-update-schema:1.0.0)
- 7.1.4.4 Patch Schema (cps:org.onap.cps.ncmp.policy-executor:ncmp-patch-schema:1.0.0)
- 7.1.4.5 Delete Schema (cps:org.onap.cps.ncmp.policy-executor:ncmp-delete-schema:1.0.0)
- 7.1.4.6 Sample Request Body (create)
- 7.1.5 Output Parameters
- 7.2 How to use the Interface in NCMP
- 7.2.1 Pseudo Code
- 7.1 Policy Executor REST Interface
References
https://lf-onap.atlassian.net/browse/CPS-2249
Assumptions
Assumption | Notes | Sign-off | ||
|---|---|---|---|---|
| 1 | 1 | Scope:
| This does not affect (bulk/batch) Read | Jun 13, 2024 |
| 2 | 2 | Conflict Management Interface uses FDN | Conflict Management can support ANY format the Alternate ID can support (FDNs and/or URI-FDNs) | Jun 13, 2024 |
| 3 | 3 | Request per second is per the existing numbers on NCMP |
| Jun 20, 2024 |
Issues & Decisions
Issue | Notes | Decision | ||
|---|---|---|---|---|
| 1 | 1 | Uplift Ericsson source code (need permission) | CPS not allowed to lift // proprietary codes, we need to use pseudo code Gergely/team to support CPS with these codes | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 2 | 2 | Implement in REST or Service Layer ? | This is currently implemented as an in the Service layer in // | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 3 | 3 | Publish public | NCMP shall own and document. | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 4 | 4 | Could we make this more generic to suit non-conflict-management use i.e. tbac... | Agreed to make it more generic to suit ALL the use cases | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 5 | 5 | Private properties are used to get FDN at the moment. | Will // provide us with registered Alternatid? Opensource does not support private property @Peter Turcsanyi to revert TBC Jun 20, 2024 . // Confirmed they will implement all https://eteamproject.internal.ericsson.com/browse/IDUN-105467 | Jun 20, 2024 |
| 6 | 6 | CPS-1992 - NCMP to Support New 3GPP sync single FDN request to support Conflict mgt | CPS-1992 - When delivered, this should also support conflict management | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 7 | 7 | Legacy and ongoing bulk/batch interface (dataJobs CPS-1964) are not in scope | Bulk/batch operation
| Jun 20, 2024@Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 8 | 8 | Name for more generic interface | Suggestion: External Validation AP @Kolawole Adebisi-Adeolokun to inform other stakeholders | Jun 20, 2024 New Interface name shall be PolicyExecution as agreed with stakeholders @Kolawole Adebisi-Adeolokun @kieran mccarthy @Gergely Molnar |
| 9 | 9 | External Validation Request format | POST operation, all parameters in body, URL ? AP @Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | Jun 20, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 10 | 10 | Enable/service name discovery | config parameter with service name/address. AP @Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | Jun 20, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 11 | 11 | case sensitivity of parameters (payloadType, decision etc.) | following existing conventions in CPS/NCMP all parameter values are case sensitive and use lower snake e.g. cm_create, deny | Jun 20, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 12 | 12 | Delivery Artefact | The new OpenAPI Interface definition wil be published on CPS Public Documentation Page. and through ONAP Gerrit. | Jul 1, 2024 Brian Folan, @Toine Siebelink agreed to use same as DMI ie. just 'deliver' to Doc and Repo |
| 13 | 13 | Specify cmChangeRequest in more detail | Detailed Definition Suggestion{
"moType": [
{
"id": "<mo Type Id>",
"attributes": {
"<key>": "<value>",
"<key>": ["<value>", "<value>"]
...
}
}
]
}@Toine Siebelink I am concerned this wil reduce the flexibility of this interface. Also, NCMP itself is NOT interested in eth actual change details so why enforce them in this interface... @Csaba Kocsis 'id' and 'attributes' are a 3GPP conventions only | Jul 1, 2024 @Zoltán Szabó @Toine Siebelink Validation need on Impl. side but for flexibility this is not required in CPS/NCMP so we agreed to pass it as 'an object' |
| 14 | 14 | How to feed back result of CM change to Policy Execution/Executor? | Consider the following scenario (from Brian Folan). There is an active policy for time based lock against an attribute on a specific cmHandle. A change is made to the attribute, triggering the time-based lock for x minutes, but the CM change fails after letting it through to the DMI due to any reason and it's not actually rolled out to the network. The policy engine would apply the lock and no subsequent changes are allowed for the duration of the lock, however no changes were made to the network. Should we feed back the result of a CM change to the Policy Engine? | Jul 1, 2024 Brian Folan @Toine Siebelink agreed this is out of scope for this epic but can be considered later. Interface propsosal is flexible enough to extend for something like this in the future |
| 15 | 15 | Choose URL format | @Gergely Molnar prefers alternative a (with an 'action'): | Jul 1, 2024 @Zoltán Szabó @Toine Siebelink agreed on Alt.a. a simple URL, all data in body |
| 16 | 16 | Optional cmHandleId and resourceIdentifier | Brian Folan: Cm Handle ID wil mean nothing for Ericsson Impl but can be logged. Resource Identifier can be 'convention' but they don't depend on it if the target fdn contains the 'complete' fdn | Jul 1, 2024 Brian Folan, @ZoltanLajosKis @Toine Siebelink CM Handle Id and Resource Identifier are optional. CPS/NCMP will add them when provided in the incoming interface |
| 17 | 17 | request accepted content type | not defined (and wrong value copied in original proposal). Now suggested: application/json | Jul 9, 2024 @Gergely Molnar Agreed (per email) |
| 18 | 18 | definition 'enum' values | defined as strings in OpenAPI to allow for flexibility and allow impl updates without having to update (and release) the OpenAPI | Jul 9, 2024 @Gergely Molnar Agreed (per email) |
| 19 | 19 | enum value description examples | although not specified in the OPenAPI definition (as enums) The convention in CPS/NCMP so far is that all 'enum' values are in lower (snake) case (and treated case-sensitive) | Jul 9, 2024 @Gergely Molnar Agreed (per email) |
| 20 | 20 | authorization header compulsory | As per the proposal the OpenAPI now defined the 'Authorization' header as 'required'. This mean omission of this header will lead to a 400 Bad Request (and NOT 401 Unauthorized) as per Swagger/Spring generated Interface. See https://gerrit.onap.org/r/c/cps/+/138401/2/docs/api/swagger/policy-executor/openapi.yaml Lines #214-219 | Jul 9, 2024 @Gergely Molnar , @Toine Siebelink Agreed (per email) making the 'Authorization' header optional for more flexibility. |
| 21 | 21 | cm_write shoudl be split? | Now we use 'schema' and ncmp will use 4 different schemas , one for each operation:
| Jul 24, 2024 @Gergely Molnar, @Toine Siebelink Agreed during on site meeting in Budapest |
| 22 | 22 | where to publish schemas | At least in RTD but maybe somewhere else too? | Jul 24, 2024 @Gergely Molnar, @Toine Siebelink Agreed no need to publish anywhere else |
Requirements
Functional: new generic 'PolicyExecution' REST interface
This interface will NOT be implemented by CPS team except a stub for testing purposes
Interface | Requirement | Additional Information | Signoff | ||
|---|---|---|---|---|---|
| 1 | 1 | PolicyExecution | Documentation | NCMP own and clearly document interface using OpenAPI and RTD | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 2 | 2 | PolicyExecution | Input Parameters:
| Payloadtype can only be 'CM_Write' for now Payloadtype can only be 'Allow' for now Exact Payload to be defined during study but should be well defined and cannot depend on Java interface (even if it is the same now) | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 3 | 3 | PolicyExecution | Output Parameters;
| This is a New Generic interface that can support 'conflict handling'. | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
Functional: CPS Impacts Policy Executor
Interface | Requirement | Additional Information | Signoff | ||
|---|---|---|---|---|---|
| 1 | 1 | CPS-E-05 | Write operations are intercepted and validated using the new external service.
|
| Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 2 | 2 | CPS-E-05 | When the External validation is negative NCMP REST Response should be '409 Conflict'. The HTTP status message should contain the message and decision id from the external validation service. | NCMP interface validation shall be done before the external validation (Conflict management) | Jun 13, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 3 | 3 | CPS-E-05 | NCMP to provide metrics on external validation | AP on CPS to provide the metrics (@Kolawole Adebisi-Adeolokun ) | Jun 20, 2024 @Kolawole Adebisi-Adeolokun @Gergely Molnar |
Error Handling
Scenario | Expected Behavior | Notes | Signoff | ||
|---|---|---|---|---|---|
| 1 | External validation service does not respond (in time) Or does not respond with 2xx (Http status code) | configurable default answer
| This needs further investigation AP @Gergely Molnar Possible proposal:
|
| |
| 2 | 2 | Unrecognized response from External Validation | (Low prio) No default behavior covered yet in //, If not reachable - default accept/reject with specific message
|
| Jun 20, 2024@Kolawole Adebisi-Adeolokun @Gergely Molnar |
| 3 | CM Handle ID without Alternate Id (fdn) |
|
|
|
Characteristics
Parameter | Expectation | Notes | Signoff | |
|---|---|---|---|---|
| 1 | Performance impact? |
|
|
|
Out of Scope
Batch (bulk) interface methods and Execute a data operation for group of cm handle ids
Data jobs (write) operations
Suggested User Stories
Description | Jira |
|---|---|
Agree, Define (and Publish) Open Source Interface for Policy Execution | |
Feature toggle and addressing configuration parameters | |
Dummy Stub implementation (to allow for integration testing) | |
Use new interface in NCMP | |
Handle non-responding policy executor (using watchdog?) TBC |
|
Metrics |
|
Update official documentation (when feature completed from OpenSource point-of-view) |
|
Solution Proposal
Policy Executor REST Interface
Alternative a. No Parameters in URL (all data in body)
URI: <server-address>/policy-executor/api/v1
Alternative b-2. Payload and decision Type in URL
remaining data in request body, no need for 'payload' object because the body = payload
URI: <server-address>/policy-executor/api/v1/<payload-type>/<decision-type>
e.g. myhost:1234//policy-executor/api/v1/CM_Write/Allow
Alternative b-2. Payload and decision Type in URL with variable names
remaining data in request body, no need for 'payload' object because the body = payload
URI: <server-address>/policy-executor/api/v1/payload/<payload-type>/decision/<decision-type>
e.g. myhost:1234//policy-executor/api/v1/payload/CM_Write/decision/Allow
Input Parameters
Name | Parent | Type | Example Value |
|---|