Table of Contents |
---|
References
Jira | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
Assumptions
Assumption | Notes | Sign-off | |
---|---|---|---|
1 | Scope:
| This does not affect (bulk/batch) Read |
|
2 | Conflict Management Interface uses FDN | Conflict Management can support ANY format the Alternate ID can support (FDNs and/or URI-FDNs) |
|
3 | Request per second is per the existing numbers on NCMP |
|
Issues & Decisions
Issue | Notes | Decision | |
---|---|---|---|
1 | Uplift Ericsson source code (need permission) | CPS not allowed to lift // proprietary codes, we need to use pseudo code Gergely/team to support CPS with these codes | |
2 | Implement in REST or Service Layer ? | This is currently implemented as an in the Service laye r in // | |
3 | Publish public Conflict Interface as part of NCMP (Concerns new generic interface)? | NCMP shall own and document. | |
4 | Could we make this more generic to suit non-conflict-management use i.e. tbac... | Agreed to make it more generic to suit ALL the use cases | |
5 | Private properties are used to get FDN at the moment. | Will // provide us with registered Alternatid? Opensource does not support private property Peter Turcsanyi to revert TBC . // Confirmed they will implement all https://eteamproject.internal.ericsson.com/browse/IDUN-105467 |
|
6 | CPS-1992 - NCMP to Support New 3GPP sync single FDN request to support Conflict mgt | CPS-1992 - When delivered, this should also support conflict management | |
7 | Legacy and ongoing bulk/batch interface (dataJobs CPS-1964) are not in scope | Bulk/batch operation
| |
8 | Name for more generic interface | Suggestion: External Validation AP Kolawole Adebisi-Adeolokun to inform other stakeholders | New Interface name shall be PolicyExecution as agreed with stakeholders Kolawole Adebisi-Adeolokun kieran mccarthy Gergely Molnar |
9 | External Validation Request format | POST operation, all parameters in body, URL ? AP Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | |
10 | Enable/service name discovery | config parameter with service name/address. AP Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | |
11 | case sensitivity of parameters (payloadType, decision etc.) | e.g. accept 'allow', 'Allow', 'ALLOW' or only accept only on well defined case sensitive variation and anything else is a error scenario?! To be discussed during proposal; AP Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | |
12 | Delivery Artefact | The new OpenAPI Interface definition wil be published on CPS Public Documentation Page. and through ONAP Gerrit. |
Requirements
Functional: new generic 'PolicyExecution' REST interface
This interface will NOT be implemented by CPS team except a stub for testing purposes
Interface | Requirement | Additional Information | Signoff | |
---|---|---|---|---|
1 | PolicyExecution | Documentation | NCMP own and clearly document interface using OpenAPI and RTD | |
2 | PolicyExecution | Input Parameters:
| Payloadtype can only be 'CM_Write' for now Payloadtype can only be 'Allow' for now Exact Payload to be defined during study but should be well defined and cannot depend on Java interface (even if it is the same now) | |
3 | PolicyExecution | Output Parameters;
| This is a New Generic interface that can support 'conflict handling'. |
Functional: CPS Impacts
Interface | Requirement | Additional Information | Signoff | |
---|---|---|---|---|
1 | CPS-E-05 | Write operations are intercepted and validated using the new external service. | ||
2 | CPS-E-05 | When the External validation is negative NCMP REST Response should be '409 Conflict'. The HTTP status message should contain the message and decision id from the external validation service. | NCMP interface validation shall be done before the external validation (Conflict management) | |
3 | NCMP to provide metrics on external validation | AP on CPS to provide the metrics (Kolawole Adebisi-Adeolokun ) |
Error Handling
Scenario | Expected Behavior | Notes | Signoff | |
---|---|---|---|---|
1 | External validation service does not respond (in time) Or does not respond with 2xx (Http status code) | configurable default answer | This needs further investigation AP Gergely Molnar Possible proposal:
| |
2 | Unrecognized response from External Validation | (Low prio) No default behavior covered yet in //, If not reachable - default accept/reject with specific message |
Characteristics
Parameter | Expectation | Notes | Signoff | |
---|---|---|---|---|
1 | Performance impact? |
|
Out of Scope
- Batch (bulk) interface methods and Execute a data operation for group of cm handle ids
- Data jobs (write) operations
Suggested User Stories
- Agree, Define (and Publish) Open Source Interface for Policy Execution
- Feature toggle and addressing configuration parameters
- use logging instead of actual call to new intreface
- Dummy Stub implementation (to allow for integration testing)
- Use new interface in NCMP
- use Stub to allow/disallow predefined names/patterns
- Publish artefact as part of snapshot and release builds (TBC)
- Update official documentation (when feature completed from OpenSource point-of-view)
Solution Proposal
External Validation REST Interface
URI
TBC - Gergely Molnar /Brian ( To provide initial proposal)
Input Parameters
Name | Parent | Type | Example | Optional/Compulsory | Notes | |
---|---|---|---|---|---|---|
1 | Authorization: Bearer | header | String | Required | required for tracking/ (future) authentication and to identify the source of the request | |
2 | payloadType | body | String | CM_Write | Required | 'CM_Write' currently, the only support value |
3 | decisionType | body | String | Allow | Required | 'Allow' currently, the only supported value |
4 | payload | body | Object | Required | ||
5 | cmHandleId | payloead | String | F811AF64F5146DFC545EC60B73DE948E | Optional | Can be sent while cmHandle is used instead of alternateId |
6 | targetFdn | payload | String | MEContext=RadioNode-0001,ManagedElement=RadioNode-0001 | Required | FDN to 'CM-Handle' ?! |
7 | resourceIdentifer | payload | String | ericsson-enm-gnbdu:GNBDUFunction=1 | Required | Remainder of FDN ? |
8 | cmChangeRequest | payload | Object | Required | CM Change Request |
Output Parameters
Name | Parent | Type | Example | Optional/Compulsory | Notes | |
---|---|---|---|---|---|---|
1 | decisionId | body | String | Required | UUID | |
2 | decision | body | String | Deny | Required | currently only 'Allow' and 'Deny' are supported (case sensitive ?!) |
3 | message | body | String | Optional |
How to use the Interface in NCMP
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
IF property "CONFLICT_MANAGER_CLIENT_ENABLED" is set to "true" THEN DEFINE class NetworkCmProxyDataServiceInterceptor which EXTENDS NetworkCmProxyDataServiceImpl INJECT ConflictManagerApiClient conflictManagerApiClient CREATE defaultPermitOnError AS boolean // Define a method named writeResourceDataPassThroughRunningForCmHandle that overrides the method from the parent class METHOD writeResourceDataPassThroughRunningForCmHandle(cmHandleId, resourceIdentifier, operationType, requestData, dataType, authorization) targetFdn = CALL createTargetFdn(cmHandleId) evaluationRequest = CALL createEvaluationRequest(cmHandleId, resourceIdentifier, targetFdn, requestData) TRY evaluatedResponse = CALL conflictManagerApiClient.evaluateRequest(evaluationRequest) RETURN CALL processResponseFromConflictManager(evaluatedResponse, evaluationRequest, operationType, requestData, dataType, authorization) CATCH ResourceAccessException WITH e CALL log.error(CONVERT e TO String) RETURN CALL checkDefaultDecision(evaluationRequest, operationType, requestData, dataType, authorization) END TRY END METHOD METHOD createTargetFdn(String cmHandleId) ncmpServiceCmHandle = CALL getNcmpServiceCmHandle(cmHandleId) dmiProperties = CALL getDmiProperties ON ncmpServiceCmHandle CREATE targetFdn AS new StringJoiner IF dmiProperties contains key "targetDnPrefix" AND dmiProperties contains key "targetNode" THEN CALL add(dmiProperties.get(targetDnPrefix)) ON targetFdn CALL add(dmiProperties.get(targetNode)) ON targetFdn RETURN targetFdn ELSE THROW InvalidPropertyException WITH (CmHandle.class, cmHandleId, "missing targetDnPrefix or targetNode from cmHandleProperties") END IF END METHOD METHOD createEvaluationRequest(cmHandleId, resourceIdentifier, targetFdn, requestData) CREATE evaluationRequest AS new EvaluationRequest CALL evaluationRequest.cmHandleId(cmHandleId) CALL evaluationRequest.resourceIdentifier(resourceIdentifier) CALL evaluationRequest.targetFdn(targetFdn) CALL evaluationRequest.requestData(requestData) END METHOD METHOD checkDefaultDecision(evaluationRequest, operationType, requestData, dataType, authorization) IF defaultPermitOnError IS true THEN CALL log.info(""Failed to get response from Conflict Manager for fields: cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}, default decision is permit", evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), evaluationRequest.getTargetFdn(), requestData) RETURN super.writeResourceDataPassThroughRunningForCmHandle(evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), operationType, requestData, dataType, authorization) ELSE CALL log.info("Failed to get response from Conflict Manager for fields: cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}, default decision is deny", evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), evaluationRequest.getTargetFdn(), requestData) THROW DataInUseException WITH ("Change request denied by Conflict Manager for reason: failed to get response from Conflict Manager, default decision is deny.", "Check logs for details.") END METHOD METHOD processResponseFromConflictManager(evaluatedResponse, evaluationRequest, operationType, requestData, dataType, authorization) IF evaluatedResponse.getDecision() NOT NULL AND evaluatedResponse.getDecision() EQUALS ResponseDecisionEnum.PERMIT THEN RETURN super.writeResourceDataPassThroughRunningForCmHandle(evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), operationType, requestData, dataType, authorization) ELSE IF evaluatedResponse.getDecision() NOT NULL AND evaluatedResponse.getDecision() EQUALS ResponseDecisionEnum.DENY THEN CALL log.info("Change request denied by Conflict Manager for fields cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}", evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), evaluationRequest.getTargetFdn(), requestData) THROW DataInUseException WITH ("Change request denied by Conflict Manager for reason: " + evaluatedResponse.getReason(), "Check logs for details.") ELSE IF evaluatedResponse.getDecision() NOT NULL AND evaluatedResponse.getDecision() EQUALS ResponseDecisionEnum.PREEMPT THEN CALL log.info("Change request preempt by Conflict Manager for fields cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}", evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), evaluationRequest.getTargetFdn(), requestData) RETURN super.writeResourceDataPassThroughRunningForCmHandle(evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), operationType, requestData, dataType, authorization) ELSE RETURN CALL checkDefaultDecision(evaluationRequest, operationType, requestData, dataType, authorization) END METHOD |
...