New Idea ONE: Context based filtering
We want to be able to include the context in the filtering process for different instances/purposes. Here's providing the subscriber as a sample.
Subscriber Poilcy sample for vCPE service:
{
"service": "subscriberPolicy",
"policyName": "OSDF_CASABLANCA.SubscriberPolicy_v1",
"description": "Subscriber Policy for vCPE",
"templateVersion": "OpenSource.version.1",
"version": "test1",
"priority": "1",
"riskType": "test",
"riskLevel": "3",
"guard": "False",
"content": {
"identity": "subscriber_vCPE",
"policyScope": ["vCPE", "subscriberPolicy"],
"properties": {
"subscriberName": ["subscriber_test_1", "subscriber_test_2"],
"subscriberRole": ["test user"],
"provStatus": ["CAPPED"]
},
{
"subscriberName": ["subscriber_prod_1", "subscriber_prod_2"],
"subscriberRole": ["prod user"],
"provStatus": ["PROV"]
},
"policyType": "subscriberPolicy",
"serviceName": "vCPE"
}
}
From the subscriber policy, we could find the mapping between the 'subscriberName' and 'subscriberRole'. And in the next step, we 'd like to fetch all the policies that refer to a specific subscriberRole.
Suppose that currently there're several affinity policies available in the xacml-pdp service.
Sample Affinity policies
Existing Affinity policy sample 1 for vCPE service:
{
"service": "affinityPolicy",
"policyName": "OSDF_CASABLANCA.Affinity_vCPE_1",
"description": "Zone policy for vCPE",
"templateVersion": "OpenSource.version.1",
"version": "test1",
"priority": "3",
"riskType": "test",
"riskLevel": "2",
"guard": "False",
"content": {
"identity": "affinity_vCPE",
"policyScope": ["vCPE", "US", "ip", "vG", "test user"],
"affinityProperty": {
"qualifier": "same",
"category": "complex"
},
"policyType": "zone",
"resources": ["vGMuxInfra", "vG"]
}
}
Existing Affinity policy sample 2 for vCPE service:
{
"service": "affinityPolicy",
"policyName": "OSDF_CASABLANCA.Affinity_vCPE_2",
"description": "Zone policy for vCPE",
"templateVersion": "OpenSource.version.1",
"version": "test1",
"priority": "3",
"riskType": "test",
"riskLevel": "2",
"guard": "False",
"content": {
"identity": "affinity_vCPE",
"policyScope": ["vCPE", "INTERNATIONAL", "ip", "vG", "prod user"],
"affinityProperty": {
"qualifier": "same",
"category": "complex"
},
"policyType": "zone",
"resources": ["vGMuxInfra", "vG"]
}
}
Current situation:
In order to fulfill our need, we need the FIRST call to policy to fetch subscriberPolicy for a particular service/scope.
We may do it like this way:
# The legacy way
{
"policyName": "OSDF_CASABLANCA.*",
"configAttributes": {"policyScope": "["vCPE", "subscriberPolicy"]"}
}
# Maybe the new decision like this:
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"policyType": "subscriberPolicy" }}
Now, say if subscriberName = "subscriber_test_1" which is an instance/request specific data and based on which the corresponding subscriberRole is evaluated. i.e "test user" in this case.
Then, we need a SECOND call to policy to fetch the affinityPolicy based on subscriberRole evaluated as above.
# The legacy way
{
"policyName": "OSDF_CASABLANCA.*",
"configAttributes": {"policyScope": "["vCPE", "US", "ip", "vG", "test user"]"}
}
# Maybe the new decision like this:
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["US", "ip"],
"resources": ["vG"],
"subscriberRole": ["test user"] #This is just an assumption here.
}}
Similarly, for subscriberName = "subscriber_prod_1" or "subscriber_prod_2", subscriberRole will be = "prod user", and the second call to policy would be like as:
# The legacy way
{
"policyName": "OSDF_CASABLANCA.*",
"configAttributes": {"policyScope": "["vCPE", "INTERNATIONAL", "ip", "vG", "prod user"]"}
}
# Maybe the new decision like this:
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["INTERNATIONAL", "ip"],
"resources": ["vG"],
"subscriberRole": ["prod user"] #This is just an assumption here.
}}
Question:
- is there any possible way out to push the decision making to policy engine, specifically on "which policies apply to a given instance", instead of the two-step fetch and filter process ? Which means the Policy engine would help us find out the first mapping relevant to the context and fetch the policies based on the attribute it bind to.
Example 1:
# The original input OOF gives:
POST /pdpx/v1/decision/
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["US"],
"resources": ["vG"],
"context": "subscriber_test_1", #This is just an assumption here.
"policyType": "subscriberPolicy" #This is just an assumption here.
}}
Policy will help us transfer to a request like this:
POST /pdpx/v1/decision/
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["US"],
"resources": ["vG"],
"subscriberRole": ["test user"] #This is just an assumption here.
}}
Example 2:
# The original input OOF gives:
POST /pdpx/v1/decision/
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["INTERNATIONAL"],
"resources": ["vG"],
"context": "subscriber_prod_1", #This is just an assumption here.
"policyType": "subscriberPolicy" #This is just an assumption here.
}}
Policy will help us transfer to a request like this:
POST /pdpx/v1/decision/
{
"ONAPName": "OOF",
"ONAPComponent": "OOF-component",
"ONAPInstance": "OOF-component-instance",
"action": "optimize",
"resource": {
"services": ["vCPE"],
"geography": ["INTERNATIONAL"],
"resources": ["vG"],
"subscriberRole": ["prod user"] #This is just an assumption here.
}}