...
| Type of Policy | Supported | Description |
|---|---|---|
| Operational | Yes | |
| Native | Yes | |
| Guard | No | Guard policies may already be called by other policies, and a target policy is similar to a guard policy |
| Monitoring | No | Monitoring policies are parameter policies and are not fired by the Policy Framework |
| Optimization | No | Optimization policies are parameter policies and are not fired by the Policy Framework |
| Match | ? | ? |
| Naming | ? | ? |
Policy Execution
Execution Sequence
| Code Block | ||||
|---|---|---|---|---|
| ||||
@startuml
title Policy Framework Target Execution
autonumber
participant PolicyCaller
box "PolicyFramework" #LightBlue
participant AnyPDP
participant XACML_PDP
end box
PolicyCaller --> AnyPDP : policy trigger
loop from root to last descendant PolicyType
alt targets specified on PolicyType
AnyPDP --> XACML_PDP : Invoke target policy specified on PolicyType
alt targets policy rejects execution
AnyPDP --> PolicyCaller : execution rejected
end
end
end
loop from root to last descendant Policy
alt targets specified on Policy
AnyPDP --> XACML_PDP : Invoke target policy specified on Policy
alt targets policy rejects execution
AnyPDP --> PolicyCaller : execution rejected
end
end
end
AnyPDP --> AnyPDP : execute policy
activate AnyPDP
deactivate AnyPDP
AnyPDP --> PolicyCaller : policy result
@enduml |
...
- The Policy Framework loops over the root PolicyType to the last descendant PolicyType
- A check of the Policy Type specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 2).
- If the target policy for the Policy Type rejects the targets, execution of the policy proper is rejected (Step 3).
- If no targets are specified on the Policy Type or the target policy for the Policy Type accepts the target, execution continues
- The Policy Framework loops over the root Policy to the last descendant Policy
- A check of the Policy specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 4).
- If the target policy for the Policy rejects the targets, execution of the policy proper is rejected (Step 5).
- If no targets are specified on the Policy or the target policy for the Policy accepts the target, execution continues (Step 6)
Components and APIs
| draw.io Diagram | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The targetsCommon component is a common component in the Policy Framework that can be used by any PDP that wishes to support targets in policy types and policies. The targetsCommon component offers a Java API that PDPs can use to do target checking. The targetsCommon component determines which target policies should be executed by recursing through the policy and policy type hierarchies. It then invokes the XACML PDP for each target policy using the Target REST API.
TargetHandling API
This API provides a common mechanism for handling targets for all PDPs that want to use targets. It is provided as a Java interface by the targetsCommon component.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; import org.onap.policy.models.tosca.authorative.concepts.ToscaServiceTemplate; public interface TargetHandling { public boolean checkTargets(final ToscaPolicy toscaPolicy, final ToscaServiceTemplate serviceTemplate); } |
When a PDP receives an event, it determines which policy the event has triggered. It then always calls the
Specification of targets in TOSCA
...
At deployment, PolicyAdministration (the PAP) checks the policy being deployed to see if it uses targets. if so, the PAP reads the target policies from the policy database and deploys them to the XACML PDPs in the PDP group. It then deploys the policy that uses targets to the PDPs in the PDP group.
...