There will be two ways to initiate a POMBA Audit

  • Manually calling the REST API
  • Automatically by ensuring an end of transaction event is sent as part of SO flows (future)

Either way, results will available via the report (POMBA Reporting) or directly via DMaap Event (POMBA DMaaP)

Manual Audits

A manual audit can be triggered by calling the POMBA REST API with the following parameters as JSON in the body of a POST request to data-router/v1/orchestration-event-service/orchestration-event

  • serviceInstanceList
    • Model-version-id
    • Model-invariant-id
    • Service-instance-id


Currently manual Rest API triggering requires sending client certificate along with https request to satisfy 2 way SSL handshake protocol.

client-cert-onap.p12

Https is the only supported option at this point with the above certs.  http is not available for audit initiation.


If the request is well-formed and valid, a response of 200 (OK) will be returned and the audit will return in the background

See also POMBA Audit Initiation Swagger


To set up POMBA Network Discovery to talk to Openstack, please see Network Discovery Context Builder

Automatic Audits

The ultimate goal is to have SO send an end of transaction event once is has completed it workflow. POMBA would listen for these events, and trigger an audit as appropriate. This event and the work to listen for it is not confirmed in Casablanca.


The following JIRA was raised to track the work required in SO to enable automatic audits

  • SO-1095 - Getting issue details... STATUS



  • No labels

11 Comments

  1. Brian Freeman

    Can you provide example json and the full uri for an OOM installation.

    Its not clear how the results are returned and the format of the results.

     I would like to add this as a ROBOT step as part of heat bridge.

    1. Sharon Chisholm

      Brian

      I plan to formally define the Swagger for this API to make how to call it a bit clearer. Not sure about the OOM installation part of your question, but I can ask the team to see if that changes the answer.  Note the results of the Audit don't come back to the REST request, but are sent later via DMaaP.  You could consume that message.  We also take that message and store it and make it accessible via Kabana, but if you want to trigger action off a simple pass/fail, DMaaP might be the best option.

  2. Brian Freeman

    ONAP doesn't currently support DMaaP/DataRouter so I assume you mean DMaaP/MessageRouter - what topic are the results returned on ?

  3. Geora Barsky

    Brian Freeman

    This is the URI to initiate audit process: /data-router/v1/orchestration-event-service/orchestration-event

    The json input will be in this format:

    {  "serviceInstanceList": [  

         {   "serviceInstanceId": "c6456519-6acf-4adb-997c-3c363dd4caaf",  

             "modelVersionId": "d3d6cf83-d03a-43cc-99ff-206d40bb9a72",   

             "modelInvariantId": "0c5a20de-87ad-442c-9190-f38ab0a6bb7f"

       } ]

    }


    As Sharon mentioned the POST request sent to the above URI will result only in "201" http response code, which means that the audit initiation event has been posted. The results of the audit will be available either via Kibana UI or via consuming the event from the relevant DMaaP topic


    1. Geora Barsky

      Yes, the result will be published into Message Router , the topic is POMBA-AUDIT-RESULT

  4. Brian Freeman

    Thanks  this is very helpful

  5. Brian Freeman

    I tried to post to pomba-data-router and got back either a that combination of host and port requires TLS or no response

    http://{{pomba_dr_port}}/data-router/v1/orchestration-event-service/orchestration-event (resposne says requires TLS)

    https://{{pomba_dr_port}}/data-router/v1/orchestration-event-service/orchestration-event  (no response and I think I accepted the cert) 

    NodePort 30249


    Has it changed ?

  6. Brian Freeman

    curl -vv --insecure -H "Content-Type:application/json" \
    -H "Accept-type:application/json" \
    -H "X-ONAP-RequestID:bdftest001" \
    -H "X-FromAppId:VID" \
    -X POST \
    -d '{ "serviceInstanceList": [ { "serviceInstanceId": "13eec017-759a-4808-bc29-ff9f45ded0bd", "modelVersionId": "78eaeb93-9107-48e4-8241-be418af451a1", "modelInvariantId": "ccbd8951-8deb-4c0a-b44a-737347c405a6" } ] }' \
    https://pomba-data-router.onap:9502/data-router/v1/orchestration-event-service/orchestration-event

    returned bad certificate from robot to pomba-data-router

    1. Geora Barsky

      Hi Brian,

      pomba data-outer is implemented to support 2-way SSL handshake, which means that client call should attach client certificate to pass the authentication.

      in ONAP it is client-cert-onap.p12 . I have generated CURL required pem files based on that p12 certificate

      they are attached client-cert-onap.crt.pemclient-cert-onap.key.pem


      Could you give a try running the same curl request as above and appending  "  --cert client-cert-onap.crt.pem --key client-cert-onap.key.pem " 

  7. Brian Freeman

    To run test:

    1. get service_instance_id and customer_id from VID GUI
    2. query AAI for the customer_id 
      1. https://{{aai_port}}/aai/v13/business/customers/customer/DemoCust_5f57df69-ad41-4ec9-be81-12841e93b1ad/service-subscriptions?depth=all
    3. copy two uuid for your service_instance_id

      1. "service-instance-id": "6e723ec3-aa87-4221-aaa8-634a09ab21ae",
        "service-instance-name": "Service_Ete_Name5f57df69-ad41-4ec9-be81-12841e93b1ad",
        "environment-context": "General_Revenue-Bearing",
        "workload-context": "Production",
        "model-invariant-id": "00252ded-cd7c-4c4c-bad9-5a9b3af3d570",
        "model-version-id": "26bb54fd-2813-433f-9d93-cdf807fa7e44",

    4. change variable name for modelInvariantid and modelversionid

      1. POST https://{{pomba_dr_port}}/data-router/v1/orchestration-event-service/orchestration-event

      2. { "serviceInstanceList": [
        { "serviceInstanceId": "6e723ec3-aa87-4221-aaa8-634a09ab21ae",
        "modelVersionId": "00252ded-cd7c-4c4c-bad9-5a9b3af3d57",
        "modelInvariantId": "26bb54fd-2813-433f-9d93-cdf807fa7e44"
        } ]
        }

    Should consider an option to only provide the service-instance-id since we are deriving other from that key.

  8. Shashikanth VH

     GET request operation time = 60159 ms for link = http://pomba-sdcctxbuilder:9530/sdccontextbuilder/service/context?serviceInstanceId=ac8cea58-c0b6-4d22-b5d6-7ba3e882ea39&modelVersionId=93e0c77d-0f4a-4e8b-b22e-d2f509e64597&modelInvariantId=cf1e530e-fe53-4eb7-8df9-2b43bd302229|
    request at url = http://pomba-sdcctxbuilder:9530/sdccontextbuilder/service/context?serviceInstanceId=ac8cea58-c0b6-4d22-b5d6-7ba3e882ea39&modelVersionId=93e0c77d-0f4a-4e8b-b22e-d2f509e64597&modelInvariantId=cf1e530e-fe53-4eb7-8df9-2b43bd302229 resulted in http response: 500 Internal Server Error|
    ERROR org.onap.pomba.contextaggregator.rest.RestRequest Failed to retrieve model data for sdc, reason: Error during GET operation to AAI with message = java.net.SocketTimeoutException: connect timed out

    I am getting failure from sdcContextBuilder, how to resolve this issue ?