| Table of Contents |
|---|
References
| Jira | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Assumptions
| Assumption | Notes | Sign-off | |
|---|---|---|---|
| 1 | Scope:
| This does not affect (bulk/batch) Read |
|
| 2 | Conflict Management Interface uses FDN | Conflict Management can support ANY format the Alternate ID can support (FDNs and/or URI-FDNs) |
|
| 3 | Request per second is per the existing numbers on NCMP |
|
Issues & Decisions
| Issue | Notes | Decision | |
|---|---|---|---|
| 1 | Uplift Ericsson source code (need permission) | CPS not allowed to lift // proprietary codes, we need to use pseudo code Gergely/team to support CPS with these codes | |
| 2 | Implement in REST or Service Layer ? | This is currently implemented as an in the Service layer in // | |
| 3 | Publish public |
| NCMP |
| shall own and document. | |||
| 4 | Could we make this more generic to suit non-conflict-management use i.e. tbac... | Agreed to make it more generic to suit ALL the use cases | |
| 5 | Private properties are used to get FDN at the moment. | Will // provide us with registered Alternatid? Opensource does not support private property Peter Turcsanyi to revert TBC . // Confirmed they will implement all https://eteamproject.internal.ericsson.com/browse/IDUN-105467 |
|
| 6 | CPS-1992 - NCMP to Support New 3GPP sync single FDN request to support Conflict mgt | CPS-1992 - When delivered, this should also support conflict management | |
| 7 | Legacy and ongoing bulk/batch interface (dataJobs CPS-1964) are not in scope | Bulk/batch operation
| |
| 8 | Name for more generic interface | Suggestion: External Validation AP Kolawole Adebisi-Adeolokun to inform other stakeholders | New Interface name shall be PolicyExecution as agreed with stakeholders Kolawole Adebisi-Adeolokun kieran mccarthy Gergely Molnar |
| 9 | External Validation Request format | POST operation, all parameters in body, URL ? AP Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | |
| 10 | Enable/service name discovery | config parameter with service name/address. AP Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | |
| 11 | case sensitivity of parameters (payloadType, decision etc.) | e.g. accept 'allow', 'Allow', 'ALLOW' or only accept only on well defined case sensitive variation and anything else is a error scenario?! To be discussed during proposal; AP Toine Siebelink to create a page & collaborate with Gergely/Brian ( on initial proposal) | |
| 12 | Delivery Artefact | The new OpenAPI Interface definition wil be published on CPS Public Documentation Page. |
and through ONAP Gerrit. | Brian Folan, Toine Siebelink agreed to use same as DMI ie. just 'deliver' to Doc and Repo | |||||||||||
| 13 | Specify cmChangeRequest in more detail |
Toine Siebelink I am concerned this wil reduce the flexibility of this interface. Also, NCMP itself is NOT interested in eth actual change details so why enforce them in this interface... Csaba Kocsis 'id' and 'attributes' are a 3GPP conventions only | Zoltán Szabó Toine Siebelink Validation need on IMpl. side but for flexibility this is not required in CPS/NCMP so we agreed to pass it as 'an object' | |||||||||
| 14 | How to feed back result of CM change to Policy Execution/Executor? | Consider the following scenario (from Brian Folan). There is an active policy for time based lock against an attribute on a specific cmHandle. A change is made to the attribute, triggering the time-based lock for x minutes, but the CM change fails after letting it through to the DMI due to any reason and it's not actually rolled out to the network. The policy engine would apply the lock and no subsequent changes are allowed for the duration of the lock, however no changes were made to the network. Should we feed back the result of a CM change to the Policy Engine? | Brian Folan Toine Siebelink agreed this is out of scope for this epic but can be considered later. Interface propsosal is flexible enough to extend for something like this in the future | |||||||||
| 15 | Choose URL format | Gergely Molnar prefers alternative a (with an 'action'): | Zoltán Szabó Toine Siebelink agreed on Alt.a. a simple URL, all data in body | |||||||||
| 16 | Optional CmHandleId and ResourceIdentifier | Brian Folan: Cm Handl e ID wil mean nothing for Ericsson Impl but can be logged. Resource Identifier can be 'convention' but they don't depend on it if the target fdn contains the 'complete' fdn | Brian Folan, Zoltán Lajos Kis Toine Siebelink CM Handle Id and Resource Identifier are optional. CPS/NCMP will add them when provided in the incoming interface |
Requirements
Functional: new generic 'PolicyExecution' REST interface
This interface will NOT be implemented by CPS team except a stub for testing purposes
| Interface | Requirement | Additional Information | Signoff | |
|---|---|---|---|---|
| 1 | PolicyExecution | Documentation | NCMP own and clearly document interface using OpenAPI and RTD | |
| 2 | PolicyExecution | Input Parameters:
| Payloadtype can only be 'CM_Write' for now Payloadtype can only be 'Allow' for now Exact Payload to be defined during study but should be well defined and cannot depend on Java interface (even if it is the same now) | |
| 3 | PolicyExecution | Output Parameters;
| This is a New Generic interface that can support 'conflict handling'. |
Functional: CPS Impacts
| Interface | Requirement | Additional Information | Signoff | |
|---|---|---|---|---|
| 1 | CPS-E-05 | Write operations are intercepted and validated using the new external service. | ||
| 2 | CPS-E-05 | When the External validation is negative NCMP REST Response should be '409 Conflict'. The HTTP status message should contain the message and decision id from the external validation service. | NCMP interface validation shall be done before the external validation (Conflict management) | |
| 3 | NCMP to provide metrics on external validation | AP on CPS to provide the metrics (Kolawole Adebisi-Adeolokun ) |
Error Handling
| Scenario | Expected Behavior | Notes | Signoff | |
|---|---|---|---|---|
| 1 | External validation service does not respond (in time) Or does not respond with 2xx (Http status code) | configurable default answer | This needs further investigation AP Gergely Molnar Possible proposal:
| |
| 2 | Unrecognized response from External Validation | (Low prio) No default behavior covered yet in //, If not reachable - default accept/reject with specific message | ||
| 3 | CM Handle ID without Alternate Id (fdn) |
Characteristics
| Parameter | Expectation | Notes | Signoff | |
|---|---|---|---|---|
| 1 | Performance impact? |
|
Out of Scope
- Batch (bulk) interface methods and Execute a data operation for group of cm handle ids
- Data job interface
- Datajobs bulk write operations
Solution Proposal
External Validation REST Interface
URI
TBC - Gergely Molnar /Brian ( To provide initial proposal)
- jobs (write) operations
Suggested User Stories
- Agree, Define (and Publish) Open Source Interface for Policy Execution
- Feature toggle and addressing configuration parameters
- use logging instead of actual call to new intreface
- Dummy Stub implementation (to allow for integration testing)
- Use new interface in NCMP
- use Stub to allow/disallow predefined names/patterns
- Publish artefact as part of snapshot and release builds (TBC)
- Update official documentation (when feature completed from OpenSource point-of-view)
Solution Proposal
Policy Executor REST Interface
Alternative a. No Parameters in URL (all data in body)
URI: <server-address>/policy-executor/api/v1
Alternative b-2. Payload and decision Type in URL
remaining data in request body, no need for 'payload' object because the body = payload
URI: <server-address>/policy-executor/api/v1/<payload-type>/<decision-type>
e.g. myhost:1234//policy-executor/api/v1/CM_Write/Allow
Alternative b-2. Payload and decision Type in URL with variable names
remaining data in request body, no need for 'payload' object because the body = payload
URI: <server-address>/policy-executor/api/v1/payload/<payload-type>/decision/<decision-type>
e.g. myhost:1234//policy-executor/api/v1/payload/CM_Write/decision/Allow
Input Parameters
Could be in URL, See alt. b above
...
| Name | Parent | Type | Example | Optional/Compulsory | Notes | |
|---|---|---|---|---|---|---|
| 1 | Authorization: Bearer | header? | String (encoded?) | Required | required for tracking/ (future) authentication and to identify the source of the request | |
| 2 | payloadType | body | String | CM_Write | Required | Could be in URL, See alt. b above 'CM_Write' currently, the only support value |
| 3 | DecisionTypedecisionType | body | String | Allow | Required | Could be in URL, See alt. b above 'Allow' currently, the only support value supported value |
| 4 | payload | body | Object Array | Required | No needed if payload and decision are in URL | |
| 5 | targetFdncmHandleId | payload | StringFDN to 'CM-Handle' ?! | F811AF64F5146DFC545EC60B73DE948E | Optional | Can be sent while cmHandle is used instead of alternateId NCMP will populate when available |
| 6 | resourceIdentifer | payload | String | ManagedElement=Kista/GNBDUFunction=1/UECC=1 | Optional | Remainder of FDN ? NCMP will populate when available |
| 7 | changeRequesttargetFdn | payload | String | /Subnetwork=22/MeContext=Kista/ManagedElement=Kista/GNBDUFunction=1/UECC=1 | Requiredthe change value | Complete FDN representing the cm handle and the resource identifier ie point to the target of the change to 'CM-Handle' ?! |
| 8 | cmChangeRequest | payload | Object | Required | CM Change Request |
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
{
"payloadType": "CM_Write",
"decisionType": "Allow",
"payload": [
{
"cmHandleId": "F811AF64F5146DFC545EC60B73DE948E",
"resourceIdentifier": "GNBDUFunction=1/UECC=1",
"targetFdn": "/Subnetwork=22/MeContext=Kista/ManagedElement=Kista/GNBDUFunction=1/UECC=1",
"cmChangeRequest": {
"Cell": [
{
"id": "Cell-id",
"attributes": {
"administrativeState": "UNLOCKED"
}
}
]
}
}
]
} |
Output Parameters
| Name | Parent | Type | Example | Optional/Compulsory | Notes | |
|---|---|---|---|---|---|---|
| 1 | decisionId | body | String | Required | UIDUUID | |
| 2 | decision | body | String | Deny | Required | currently only 'Allow' and 'Deny' are supported (case sensitive ?!) |
| 3 | message | body | String | Optional |
How to use the Interface in NCMP
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
IF property "CONFLICT_MANAGER_CLIENT_ENABLED" is set to "true" THEN
DEFINE class NetworkCmProxyDataServiceInterceptor which EXTENDS NetworkCmProxyDataServiceImpl
INJECT ConflictManagerApiClient conflictManagerApiClient
CREATE defaultPermitOnError AS boolean
// Define a method named writeResourceDataPassThroughRunningForCmHandle that overrides the method from the parent class
METHOD writeResourceDataPassThroughRunningForCmHandle(cmHandleId, resourceIdentifier, operationType, requestData, dataType, authorization)
targetFdn = CALL createTargetFdn(cmHandleId)
evaluationRequest = CALL createEvaluationRequest(cmHandleId, resourceIdentifier, targetFdn, requestData)
TRY
evaluatedResponse = CALL conflictManagerApiClient.evaluateRequest(evaluationRequest)
RETURN CALL processResponseFromConflictManager(evaluatedResponse, evaluationRequest, operationType, requestData, dataType, authorization)
CATCH ResourceAccessException WITH e
CALL log.error(CONVERT e TO String)
RETURN CALL checkDefaultDecision(evaluationRequest, operationType, requestData, dataType, authorization)
END TRY
END METHOD
METHOD createTargetFdn(String cmHandleId)
ncmpServiceCmHandle = CALL getNcmpServiceCmHandle(cmHandleId)
dmiProperties = CALL getDmiProperties ON ncmpServiceCmHandle
CREATE targetFdn AS new StringJoiner
IF dmiProperties contains key "targetDnPrefix" AND dmiProperties contains key "targetNode" THEN
CALL add(dmiProperties.get(targetDnPrefix)) ON targetFdn
CALL add(dmiProperties.get(targetNode)) ON targetFdn
RETURN targetFdn
ELSE
THROW InvalidPropertyException WITH (CmHandle.class, cmHandleId, "missing targetDnPrefix or targetNode from cmHandleProperties")
END IF
END METHOD
METHOD createEvaluationRequest(cmHandleId, resourceIdentifier, targetFdn, requestData)
CREATE evaluationRequest AS new EvaluationRequest
CALL evaluationRequest.cmHandleId(cmHandleId)
CALL evaluationRequest.resourceIdentifier(resourceIdentifier)
CALL evaluationRequest.targetFdn(targetFdn)
CALL evaluationRequest.requestData(requestData)
END METHOD
METHOD checkDefaultDecision(evaluationRequest, operationType, requestData, dataType, authorization)
IF defaultPermitOnError IS true THEN
CALL log.info(""Failed to get response from Conflict Manager for fields: cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}, default decision is permit",
evaluationRequest.getCmHandleId(),
evaluationRequest.getResourceIdentifier(),
evaluationRequest.getTargetFdn(),
requestData)
RETURN super.writeResourceDataPassThroughRunningForCmHandle(evaluationRequest.getCmHandleId(),
evaluationRequest.getResourceIdentifier(), operationType, requestData, dataType, authorization)
ELSE
CALL log.info("Failed to get response from Conflict Manager for fields: cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}, default decision is deny",
evaluationRequest.getCmHandleId(),
evaluationRequest.getResourceIdentifier(),
evaluationRequest.getTargetFdn(),
requestData)
THROW DataInUseException WITH ("Change request denied by Conflict Manager for reason: failed to get response from Conflict Manager, default decision is deny.",
"Check logs for details.")
END METHOD
METHOD processResponseFromConflictManager(evaluatedResponse, evaluationRequest, operationType, requestData, dataType, authorization)
IF evaluatedResponse.getDecision() NOT NULL AND evaluatedResponse.getDecision() EQUALS ResponseDecisionEnum.PERMIT THEN
RETURN super.writeResourceDataPassThroughRunningForCmHandle(evaluationRequest.getCmHandleId(),
evaluationRequest.getResourceIdentifier(), operationType, requestData, dataType, authorization)
ELSE IF evaluatedResponse.getDecision() NOT NULL AND evaluatedResponse.getDecision() EQUALS ResponseDecisionEnum.DENY THEN
CALL log.info("Change request denied by Conflict Manager for fields cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}",
evaluationRequest.getCmHandleId(),
evaluationRequest.getResourceIdentifier(),
evaluationRequest.getTargetFdn(),
requestData)
THROW DataInUseException WITH ("Change request denied by Conflict Manager for reason: " + evaluatedResponse.getReason(), "Check logs for details.")
ELSE IF evaluatedResponse.getDecision() NOT NULL AND evaluatedResponse.getDecision() EQUALS ResponseDecisionEnum.PREEMPT THEN
CALL log.info("Change request preempt by Conflict Manager for fields cmHandleId: {}, resourceIdentifier: {}, targetFDN: {}, requestData: {}",
evaluationRequest.getCmHandleId(),
evaluationRequest.getResourceIdentifier(),
evaluationRequest.getTargetFdn(),
requestData)
RETURN super.writeResourceDataPassThroughRunningForCmHandle(evaluationRequest.getCmHandleId(), evaluationRequest.getResourceIdentifier(), operationType, requestData, dataType, authorization)
ELSE
RETURN CALL checkDefaultDecision(evaluationRequest, operationType, requestData, dataType, authorization)
END METHOD |