...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
import java.util.Set; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyToscaEntityKey; import org.onap.policy.models.tosca.authorative.concepts.ToscaServiceTemplate; public interface TargetHandling { public boolean checkTargets(final ToscaPolicyToscaEntityKey toscaPolicy, final ToscaServiceTemplate serviceTemplate); }, final Object executionContext); } |
When a PDP receives When a PDP receives an event, it determines which policy the event has triggered. It then always calls the
Specification of targets in TOSCA
TOSCA Example for PolicyType targets
checkTargets method on the TargetHandling interface. The The toscaPolicy parameter contains the name and version of the policy that has been triggered. The serviceTemplate parameter provides the policy types and policy definitions that are known to the PDP to the targetsCommon component. The executionContext parameter allows the PDP to pass any extra context it wishes the targetsCommon component and the XACML PDP to consider during the target check.
Once the checkTargets method is called, the algorithm described in the Execution Sequence section above is executed by the targetsCommon component.
Target REST API
The Target REST API is a specific REST API for targets, provided the XACML PDP. It executes a single target policy with each invocation, so it may be called multiple times by the targetsCommon component on a single checkTargets call. The Target REST API is similar in structure and design to the Policy Decision API.
Field | Required | XACML equivalent | Description |
---|---|---|---|
ONAPName | True | subject | The name of the ONAP project making the call |
ONAPComponent | True | subject | The name of the ONAP sub component making the call |
ONAPInstance | False | subject | An optional instance ID for that sub component |
targets | True | resource | The targets to check |
policy | True | resource | The policy to use for the target check |
context | False | resource | Extra context to be considered in the target check |
The XACML PDP executes the logic and rules of requested target policy on the given targets using the given context. and returns a boolean result of true or false.
<Pamela Dragosh please comment here>
Specification of targets in TOSCA
TOSCA Example for PolicyType targets
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
tosca_definitions_version: tosca_simple_yaml_1_1_0
policy_types: | ||||||||
Code Block | ||||||||
| ||||||||
tosca_definitions_version: tosca_simple_yaml_1_1_0 policy_types: onap.policies.controlloop.Operational: derived_from: tosca.policies.Root version: 1.0.0 name: onap.policies.controlloop.Operational description: Operational Policy Root Type. targets: [ActiveZones, TestZones] properties: targetPolicyName: onap.policies.targets.Zones targetPolicyVersion: 1.6.2 onap.policies.controlloop.operational.CommonOperational: derived_from: tosca.policies.Root version: 1.0.0 name: onap.policies.controlloop.operational.CommonOperational description: | Operational Policy Root Type. targets: Operational Policy for Control Loop execution. Originated in Frankfurt to support TOSCA Compliant [ActiveZones, TestZones] properties: targetPolicyName: onap.policies.targets.Zones Policy Types. This does NOT support the legacy Policy YAML policy type.targetPolicyVersion: 1.6.2 onap.policies.controlloop.operational.common.AcmeCommon: derived_from: onaptosca.policies.controlloop.operational.CommonRoot type_version: 1.0.0 version: 1.0.0 name: onap.policies.controlloop.operational.common.AcmeCommon description: Operational| policies for Acme PDP targets: [AcmeManagedControlLoops] properties:Operational Policy for Control Loop execution. Originated in Frankfurt to support TOSCA Compliant targetPolicyName:Policy onap.policies.targets.AcmeControlLoopsTypes. This does NOT support the legacy Policy YAML policy type. onap.policies.controlloop.operational.common.acme.VehicleManufacturingAcme: derived_from: onap.policies.controlloop.operational.Common type_version: 1.0.0 version: 1.0.0 name: onap.policies.controlloop.operational.common.Acme description: Operational policies for Acme PDP targets: [CarManufacturing, TruckManufacturingAcmeManagedControlLoops] properties: targetPolicyName: onap.policies.targets.controlloop.AcmeControlLoops onap.policies.controlloop.operational.common.acme.VehicleManufacturingPlantsVehicleManufacturing: derived_from: onap.policies.controlloop.operational.Common targetPolicyVersion type_version: 21.4.1 |
In the example above, there are four hierarchical levels in the PolicyType definition.
0.0 version: 1.0.0 name: onap.policies.controlloop.operational.common.Acme description: Operational policies for Acme PDP targets: [CarManufacturing, TruckManufacturing] properties: targetPolicyName: onap.policies.targets.controlloop.common.acme.VehicleManufacturingPlants targetPolicyVersion: 2.4.1 |
In the example above, there are four hierarchical levels in the PolicyType definition.
- onap.policies.controlloop.Operational: This policy type has targets of ActiveZones and TestZones Operational: This policy type has targets of ActiveZones and TestZones, and those targets are governed by the target policy onap.policies.targets.Zones version 1.6.2
onap.policies.controlloop.operational.Common: No targets are specified on this policy type so this specific policy type will apply to all targets that have passed the target governance of its parent policy type.
onap.policies.controlloop.operational.common.Acme: This policy type has a target of AcmeManagedControlLoops and that target is governed by the latest version of the target policy onap.policies.targets.AcmeControlLoops
- onap.policies.controlloop.operational.common.acme.VehicleManufacturing: This policy type has targets of CarManufacturing and TruckManufacturing, and those targets are governed by the target policy policy onap.policies.targets.controlloop.common.acme.VehicleManufacturingPlants version 2.4.1
TOSCA Example for Policy targets
...
language | yml |
---|---|
title | Targets in Policy |
linenumbers | true |
collapse | true |
...
- Zones version 1.6.2
onap.policies.controlloop.operational.Common: No targets are specified on this policy type so this specific policy type will apply to all targets that have passed the target governance of its parent policy type.
onap.policies.controlloop.operational.common.Acme: This policy type has a target of AcmeManagedControlLoops and that target is governed by the latest version of the target policy onap.policies.targets.AcmeControlLoops
onap.policies.controlloop.operational.common.acme.VehicleManufacturing: This policy type has targets of CarManufacturing and TruckManufacturing, and those targets are governed by the target policy onap.policies.targets.controlloop.common.acme.VehicleManufacturingPlants version 2.4.1
TOSCA Example for Policy targets
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
tosca_definitions_version: tosca_simple_yaml_1_1_0 topology_template: policies: - operational.vehiclemanufacturing.electric-vehicle: type_version: 1.0.0 version: 1.0.0 name: operational.vehiclemanufacturing.electric-vehicle targets: [Wayne_Line4, Wayne_Line5, Dagenham_Line2, Koln_line5] properties:type: onap.policies.controlloop.operational.common.acme.VehicleManufacturing type_version: 1.0.0 targetPolicyName: onap.policies.targets.enableEVBatteryTesting targetPolicyVersion: 2.1.2 |
The example above, the policy operational.vehiclemanufacturing.electric-vehicle has targets Wayne_Line4, Wayne_Line5, Dagenham_Line2 and Koln_line5, and those targets are governed by the target policy onap.policies.targets.enableEVBatteryTesting version 2.1.2.
Deployment
...
version: 1.0.0
name: operational.vehiclemanufacturing.electric-vehicle
targets: [Wayne_Line4, Wayne_Line5, Dagenham_Line2, Koln_line5]
properties:
targetPolicyName: onap.policies.targets.enableEVBatteryTesting
targetPolicyVersion: 2.1.2
|
The example above, the policy operational.vehiclemanufacturing.electric-vehicle has targets Wayne_Line4, Wayne_Line5, Dagenham_Line2 and Koln_line5, and those targets are governed by the target policy onap.policies.targets.enableEVBatteryTesting version 2.1.2.
Deployment
draw.io Diagram | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The diagram above shows how policies that use targets are deployed. When targets are specified, an XACML PDP is deployed with the PDP that is executing the policy that uses targets. At least one XACML PDP with a well known REST endpoint must be running in each PDP group that uses targets. For example, in an Kubernetes deployment, an XACML PDP may be instantiated in each POD together with a PDP that will execute policies that use targets.
At deployment, PolicyAdministration (the PAP) checks the policy being deployed to see if it uses targets. if so, the PAP reads the target policies from the policy database and deploys them to the XACML PDPs in the PDP group. It then deploys the policy that uses targets to the PDPs in the PDP group.
Development Effort
The table below gives a rough preliminary calculation of the effort required to develop this feature.
Activity | Component | Module | Effort | Description of Work |
---|---|---|---|---|
Design/Coding/Unit Test | policy-models | models-tosca | S | Add parsing and Database persistence for targets |
Design/Coding/Unit Test | policy-models | models-pap | XS | Add modelling for targets |
Design/Coding/Unit Test | policy-pap | pap-main | L | Add support for deployment of target policies |
Design/Coding/Unit Test | policy-models? | targets-common | XL | Implementation of common target handling on event reception |
Design/Coding/Unit Test | policy-xacml-pdp | applications.targets | L | Add support for target policies |
Design/Coding/Unit Test | policy-xacml-pdp | xacml-main | M | Add Target REST API |
Design/Coding/Unit Test | policy-apex-pdp | services-onappf | S | Add check for targets on event reception |
Design/Coding/Unit Test | policy-drools | S | Add check for targets on event reception | |
CSIT | L | |||
Documentation | M |
...
The diagram above shows how policies that use targets are deployed. When targets are specified, an XACML PDP is deployed with the PDP that is executing the policy that uses targets. At least one XACML PDP with a well known REST endpoint must be running in each PDP group that uses targets. For example, in an Kubernetes deployment, an XACML PDP may be instantiated in each POD together with a PDP that will execute policies that use targets.
At deployment, PolicyAdministration (the PAP) checks the policy being deployed to see if it uses targets. if so, the PAP reads the target policies from the policy database and deploys them to the XACML PDPs in the PDP group. It then deploys the policy that uses targets to the PDPs in the PDP group.
...