The current API for creating and subsequently retrieving decisions surrounding DCAE mS configuration policies has many problems and limitations. We are capturing these limitations here so that they can be addressed in Dublin for the new Policy Lifecycle API.
1 Casablanca TCA DCAE mS Policy Model Schema
tosca_definitions_version: tosca_simple_yaml_1_0_0 data_types: policy.data.metricsPerEventName: properties: controlLoopSchemaType: type: string description: Specifies Control Loop Schema Type for the event Name e.g. VNF, VM constraints: - valid_values: - VM - VNF eventName: type: string description: Event name to which thresholds need to be applied policyName: type: string description: TCA Policy Scope Name policyScope: type: string description: TCA Policy Scope policyVersion: type: string description: TCA Policy Scope Version thresholds: type: list description: Thresholds associated with eventName entry_schema: type: policy.data.thresholds policy.data.tca_policy: properties: domain: type: string description: Domain name to which TCA needs to be applied constraints: - equal: measurementsForVfScaling metricsPerEventName: type: list description: Contains eventName and threshold details that need to be applied to given eventName entry_schema: type: policy.data.metricsPerEventName policy.data.thresholds: properties: closedLoopControlName: type: string description: Closed Loop Control Name associated with the threshold closedLoopEventStatus: type: string description: Closed Loop Event Status of the threshold constraints: - valid_values: - ONSET - ABATED direction: type: string description: Direction of the threshold constraints: - valid_values: - LESS - LESS_OR_EQUAL - GREATER - GREATER_OR_EQUAL - EQUAL fieldPath: type: string description: Json field Path as per CEF message which needs to be analyzed for TCA severity: type: string description: Threshold Event Severity constraints: - valid_values: - CRITICAL - MAJOR - MINOR - WARNING - NORMAL thresholdValue: type: integer description: Threshold value for the field Path inside CEF message version: type: string description: Version number associated with the threshold node_types: policy.nodes.Root: derived_from: tosca.nodes.Root properties: policyDescription: required: false type: string policyName: required: true type: string policyScope: required: true type: string policyVersion: required: true type: string policy.nodes.tca: derived_from: policy.nodes.Root properties: tca_policy: type: map description: TCA Policy JSON entry_schema: type: policy.data.tca_policy
Let's say this file was saved as tca_policy_model_casablanca.yml
Based on the model schema, one would expect to be able to generate a TCA mS policy in YAML:
tosca_definitions_version: tosca_simple_yaml_1_0_0 imports: - tca_policy_model_casablanca.yml policies: - onap.vfirewall.tca_policy: type: policy.nodes.tca properties: domain: measurementsForVfScaling metricsPerEventName: - eventName: vFirewallBroadcastPackets controlLoopSchemaType: VNF policyScope: "DCAE" policyName: "DCAE.Config_tca-hi-lo" policyVersion: "v0.0.1" thresholds: - closedLoopControlName: "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a" closedLoopEventStatus: ONSET version: "1.0.2" fieldPath: "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta" thresholdValue: 300 direction: LESS_OR_EQUAL severity: MAJOR - closedLoopControlName: "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a" closedLoopEventStatus: ONSET version: "1.0.2" fieldPath: "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta" thresholdValue: 700 direction: GREATER_OR_EQUAL severity: CRITICAL
Actual Input expected by the API does not match the above YAML, but instead is JSON.
curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", "policyConfigType": "MicroService", "policyName": "com.MicroServicevFirewall", "onapName": "DCAE" }' 'https://pdp:8081/pdp/api/createPolicy'
{ "service": "tca_policy", "location": "SampleServiceLocation", "uuid": "test", "policyName": "MicroServicevFirewall", ## WHOA - THIS DOES NOT MATCH policyName in the top-level API call JSON payload "description": "MicroService vFirewall Policy", "configName": "SampleConfigName", ### ????? "templateVersion": "OpenSource.version.1", "version": "1.1.0", "priority": "1", "policyScope": "resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "riskType": "SampleRiskType", "riskLevel": "1", "guard": "False", "content": { "tca_policy": { "domain": "measurementsForVfScaling", "metricsPerEventName": [ { "eventName": "vFirewallBroadcastPackets", "controlLoopSchemaType": "VNF", "policyScope": "DCAE", "policyName": "DCAE.Config_tca-hi-lo", "policyVersion": "v0.0.1", "thresholds": [ { "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "fieldPath": "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta", "thresholdValue": 300, "direction": "LESS_OR_EQUAL", "severity": "MAJOR", "closedLoopEventStatus": "ONSET" }, { "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "fieldPath": "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta", "thresholdValue": 700, "direction": "GREATER_OR_EQUAL", "severity": "CRITICAL", "closedLoopEventStatus": "ONSET" } ] } ] } } }
The exact details on what DCAE Policy Handler has to do be able to retrieve the policy are way to numerous and are documented in this PDF:
DCAEGEN2 architecture of policy-handling by DCAE-controller
curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "pdpGroup": "default", "policyName": "com.MicroServicevFirewall", "policyType": "MicroService" }' 'https://pdp:8081/pdp/api/pushPolicy'
DCAE Policy Handler
https://pdp:8081/pdp/api/getConfig POST Content-Type: application/json {"configAttributes": {}, "unique": false, "ecompName": "DCAE", "configName": ".*", "policyName": ".*vFirewall*"} # # Returns # { "policyConfigMessage": "Config Retrieved! ", "policyConfigStatus": "CONFIG_RETRIEVED", "type": "JSON", "config": "{\"service\":\"tca_policy\",\"location\":\"SampleServiceLocation\",\"uuid\":\"test\",\"policyName\":\"MicroServicevFirewall\",\"description\":\"MicroService vFirewall Policy\",\"configName\":\"SampleConfigName\",\"templateVersion\":\"OpenSource.version.1\",\"version\":\"1.1.0\",\"priority\":\"1\",\"policyScope\":\"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"riskType\":\"SampleRiskType\",\"riskLevel\":\"1\",\"guard\":\"False\",\"content\":{\"policyVersion\":\"v0.0.1\",\"threshholds\":[{\"severity\":\"MAJOR\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":\"300\",\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"direction\":\"LESS_OR_EQUAL\"},{\"severity\":\"CRITICAL\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":\"700\",\"closedLoopEventStatus\":\"ONSET\",\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"direction\":\"GREATER_OR_EQUAL\"}],\"policyName\":\"DCAE.Config_tca-hi-lo\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"DCAE\",\"eventName\":\"vFirewallBroadcastPackets\"}}", "policyName": "com.Config_MS_CSIT_kf0zc9b9olvs2gm_vFirewall.1.xml", ### Where did this come from?? Why isn't this com.MicroServicevFirewall?? "policyType": "MicroService", "policyVersion": "1", "matchingConditions": { "ECOMPName": "DCAE", "ONAPName": "DCAE", "ConfigName": "SampleConfigName", "service": "tca_policy", "uuid": "test", "Location": "SampleServiceLocation" }, "responseAttributes": {}, "property": null } # # The contents of the config UNESCAPED and PRETTY PRINTED # # MISSING under content: # "tca_policy": { # "domain": "measurementsForVfScaling", # "metricsPerEventName": [ # # { "service": "tca_policy", "location": "SampleServiceLocation", "uuid": "test", "policyName": "MicroServicevFirewall", "description": "MicroService vFirewall Policy", "configName": "SampleConfigName", "templateVersion": "OpenSource.version.1", "version": "1.1.0", "priority": "1", "policyScope": "resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "riskType": "SampleRiskType", "riskLevel": "1", "guard": "False", "content": { "policyVersion": "v0.0.1", "threshholds": [ { "severity": "MAJOR", "fieldPath": "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta", "thresholdValue": "300", "closedLoopEventStatus": "ONSET", "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "direction": "LESS_OR_EQUAL" }, { "severity": "CRITICAL", "fieldPath": "$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta", "thresholdValue": "700", "closedLoopEventStatus": "ONSET", "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "direction": "GREATER_OR_EQUAL" } ], "policyName": "DCAE.Config_tca-hi-lo", "controlLoopSchemaType": "VNF", "policyScope": "DCAE", "eventName": "vFirewallBroadcastPackets" } }
Policy Lifecycle API (DRAFT Beta version for M2)
Dublin TCA DCAE mS Policy Model Schema
tosca_definitions_version: tosca_simple_yaml_1_0_0 policy_types: onap.policies.Monitoring: derived_from: tosca.policies.Root description: a base policy type for all policies that govern monitoring provision onap.policy.monitoring.cdap.tca.hi.lo.app: derived_from: onap.policies.Monitoring properties: tca_policy: type: map description: TCA Policy JSON default: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"Mfvs_eNodeB_RANKPI","controlLoopSchemaType":"VNF","policyScope":"resource=vFirewall;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":4000,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":20000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ABATED","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":0,"direction":"EQUAL","severity":"CRITICAL"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VNF","policyScope":"resource=vLoadBalancer;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":500,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":5000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"}]}]}' entry_schema: type: onap.datatypes.monitoring.tca_policy data_types: onap.datatypes.monitoring.metricsPerEventName: derived_from: tosca.datatypes.Root properties: controlLoopSchemaType: type: string description: Specifies Control Loop Schema Type for the event Name e.g. VNF, VM constraints: - valid_values: - VM - VNF eventName: type: string description: Event name to which thresholds need to be applied policyName: type: string description: TCA Policy Scope Name policyScope: type: string description: TCA Policy Scope policyVersion: type: string description: TCA Policy Scope Version thresholds: type: list description: Thresholds associated with eventName entry_schema: type: onap.datatypes.monitoring.thresholds onap.datatypes.monitoring.tca_policy: derived_from: tosca.datatypes.Root properties: domain: type: string description: Domain name to which TCA needs to be applied default: measurementsForVfScaling constraints: - equal: measurementsForVfScaling metricsPerEventName: type: list description: Contains eventName and threshold details that need to be applied to given eventName entry_schema: type: onap.datatypes.monitoring.metricsPerEventName onap.datatypes.monitoring.thresholds: derived_from: tosca.datatypes.Root properties: closedLoopControlName: type: string description: Closed Loop Control Name associated with the threshold closedLoopEventStatus: type: string description: Closed Loop Event Status of the threshold constraints: - valid_values: - ONSET - ABATED direction: type: string description: Direction of the threshold constraints: - valid_values: - LESS - LESS_OR_EQUAL - GREATER - GREATER_OR_EQUAL fieldPath: type: string description: Json field Path as per CEF message which needs to be analyzed for TCA severity: type: string description: Threshold Event Severity constraints: - valid_values: - CRITICAL - MAJOR - MINOR - WARNING - NORMAL thresholdValue: type: integer description: Threshold value for the field Path inside CEF message version: type: string description: Version number associated with the threshold
tosca_definitions_version: tosca_simple_yaml_1_0_0 imports: - tca_policy_model_dublin.yml policies: - onap.vfirewall.tca: type: onap.policy.monitoring.cdap.tca.hi.lo.app properties: domain: measurementsForVfScaling metricsPerEventName: - eventName: vLoadBalancer controlLoopSchemaType: VNF policyScope: "resource=vLoadBalancer;type=configuration" policyName: "onap.vfirewall.tca" # Do we need a name? The unique node name should be enough? policyVersion: "v0.0.1" # This field should be removed as Policy Create/Update API will return the version thresholds: - closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A" closedLoopEventStatus: ONSET version: "1.0.2" fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated" thresholdValue: 500 direction: LESS_OR_EQUAL severity: MAJOR - closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B" closedLoopEventStatus: ONSET version: "1.0.2" fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated" thresholdValue: 5000 direction: GREATER_OR_EQUAL severity: CRITICAL
Equivalency Table: Casablanca and Dublin APIs
(Comments pasted from API page)
In an equivalency table, this would be the same as the legacy - createPolicy and updatePolicy. Probably worth to mention for the benefit of other teams. The result would support the JSON format, so clients should expect little or no change.
This URL for POST should create a resource that we need to identify
POST
https://{url}:{port}/api/v1/policytypes/{policy type id}/versions/{version}/policies/
One proposal is to use the closedLoopControlName field:
CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A
and the version in this case:
1.0.2.
The GET for this specific one would be then
GET
https://{url}:{port}/api/v1/policytypes/{policy type id}/versions/{version}/policies/CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A/versions/1.0.2
They can name the policies however they want. If they want to use Closed Loop Control Name go ahead. The problem with the TCA model is they shove all that detail inside the model and use arrays of Control Loops. But its up to them on how they want their model to look.
1 Comment
Vijay Venkatesh Kumar
Alex Shatov Christopher Rath Gervais-Martial Ngueko
@Pamela Dragosh - For Dublin, could you confirm once the new API are rolled out by Policy, will there any usecase that will require DCAE/Policy Handler to support current/old API's also in parallel? If parallel support is required - per Alex this adds complexity in DCAE/Policy Handler. If CLAMP is switching to use new lifecycle API's then will DCAE/PH have need to support existing api's?