New Idea ONE: Context based filtering
We want to be able to include the context in the filtering process for different instances/purposes. Here's providing the subscriber as a sample.
Subscriber Poilcy sample for vCPE service: { "service": "subscriberPolicy", "policyName": "OSDF_CASABLANCA.SubscriberPolicy_v1", "description": "Subscriber Policy for vCPE", "templateVersion": "OpenSource.version.1", "version": "test1", "priority": "1", "riskType": "test", "riskLevel": "3", "guard": "False", "content": { "identity": "subscriber_vCPE", "policyScope": ["vCPE", "subscriberPolicy"], "properties": { "subscriberName": ["subscriber_test_1", "subscriber_test_2"], "subscriberRole": ["test user"], "provStatus": ["CAPPED"] }, { "subscriberName": ["subscriber_prod_1", "subscriber_prod_2"], "subscriberRole": ["prod user"], "provStatus": ["PROV"] }, "policyType": "subscriberPolicy", "serviceName": "vCPE" } }
From the subscriber policy, we could find the mapping between the 'subscriberName' and 'subscriberRole'. And in the next step, we 'd like to fetch all the policies that refer to a specific subscriberRole.
Suppose that currently there're several affinity policies available in the xacml-pdp service.
Sample Affinity policies
Existing Affinity policy sample 1 for vCPE service:
{
"service": "affinityPolicy",
"policyName": "OSDF_CASABLANCA.Affinity_vCPE_1",
"description": "Zone policy for vCPE",
"templateVersion": "OpenSource.version.1",
"version": "test1",
"priority": "3",
"riskType": "test",
"riskLevel": "2",
"guard": "False",
"content": {
"identity": "affinity_vCPE",
"policyScope": ["vCPE", "US", "ip", "vG", "test user"],
"affinityProperty": {
"qualifier": "same",
"category": "complex"
},
"policyType": "zone",
"resources": ["vGMuxInfra", "vG"]
}
}
Existing Affinity policy sample 2 for vCPE service:
{
"service": "affinityPolicy",
"policyName": "OSDF_CASABLANCA.Affinity_vCPE_2",
"description": "Zone policy for vCPE",
"templateVersion": "OpenSource.version.1",
"version": "test1",
"priority": "3",
"riskType": "test",
"riskLevel": "2",
"guard": "False",
"content": {
"identity": "affinity_vCPE",
"policyScope": ["vCPE", "INTERNATIONAL", "ip", "vG", "prod user"],
"affinityProperty": {
"qualifier": "same",
"category": "complex"
},
"policyType": "zone",
"resources": ["vGMuxInfra", "vG"]
}
}
Current situation:
In order to fulfill our need, we need first call to policy to fetch subscriberPolicy for a particular service/scope.
We may do it like this way:
# The legacy way { "policyName": "OSDF_CASABLANCA.*", "configAttributes": {"policyScope": "["vCPE", "subscriberPolicy"]"} } # Maybe the new decision like this: { "ONAPName": "OOF", "ONAPComponent": "OOF-component", "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { "services": ["vCPE"], "context": "subscriber_test_1", #This is just an assumption here. "policyType": "subscriberPolicy" }}
Now, say if subscriberName = "subscriber_test_1" which is an instance/request specific data and based on which the corresponding subscriberRole is evaluated. i.e "test user" in this case.
Then, we need a second call to policy to fetch the affinityPolicy based on subscriberRole evaluated as above.
# The legacy way { "policyName": "OSDF_CASABLANCA.*", "configAttributes": {"policyScope": "["vCPE", "US", "ip", "vG", "test user"]"} } # Maybe the new decision like this: { "ONAPName": "OOF", "ONAPComponent": "OOF-component", "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { "services": ["vCPE"], "geography": ["US", "ip"], "resources": ["vG"], "subscriberRole": ["test user"] #This is just an assumption here. }}
Similarly, for subscriberName = "subscriber_prod_1" or "subscriber_prod_2", subscriberRole will be = "prod user", and the second call to policy would be like as:
# The legacy way { "policyName": "OSDF_CASABLANCA.*", "configAttributes": {"policyScope": "["vCPE", "INTERNATIONAL", "ip", "vG", "prod user"]"} } # Maybe the new decision like this: { "ONAPName": "OOF", "ONAPComponent": "OOF-component", "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { "services": ["vCPE"], "geography": ["INTERNATIONAL", "ip"], "resources": ["vG"], "subscriberRole": ["prod user"] #This is just an assumption here. }}
Question:
- is there way possible way out to push the decision making to policy engine, specifically on "which policies apply to a given instance", instead of the two-step fetch and filter process ? Which means the Policy engine would help us find out the first mapping relevant to the context and fetch the policies based on the attribute it bind to.
Example 1:
# The original input OOF gives:
POST /pdpx/v1/decision/ { "ONAPName": "OOF", "ONAPComponent": "OOF-component", "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { "services": ["vCPE"], "geography": ["US"], "resources": ["vG"], "context": "subscriber_test_1", #This is just an assumption here. "policyType": ""subscriberPolicy" #This is just an assumption here. }}
Policy will help use transfer to a request like this:
POST /pdpx/v1/decision/ { "ONAPName": "OOF", "ONAPComponent": "OOF-component", "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { "services": ["vCPE"], "geography": ["US"], "resources": ["vG"], "subscriberRole": ["test user"] #This is just an assumption here. }}
Example 2:
# The original input OOF gives:
POST /pdpx/v1/decision/ { "ONAPName": "OOF", "ONAPComponent": "OOF-component", "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { "services": ["vCPE"], "geography": ["INTERNATIONAL"], "resources": ["vG"], "context": "subscriber_prod_1", #This is just an assumption here. "policyType": ""subscriberPolicy" #This is just an assumption here. }}
Policy will help use transfer to a request like this:
POST /pdpx/v1/decision/ { "ONAPName": "OOF", "ONAPComponent": "OOF-component", "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { "services": ["vCPE"], "geography": ["INTERNATIONAL"], "resources": ["vG"], "subscriberRole": ["prod user"] #This is just an assumption here. }}