You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

Background

The Policy Framework solution uses the TOSCA policy model as a way to allow users to access common Policy Framework capabilities. The model is extended for specific PDPs. All concepts supported in Policy Framework are extensions of the concepts specified in the standard TOSCA policy definition specification. The concept of Targets in the TOSCA specification is not implemented in common Policy Framework functionality. However, equivalent functionality can be realized using policies in existing PDPs e.g. to return a decision on a 'guard' policy, an XACML policy can be used, or to apply a filter an Apex policy could be used. Therefore to deploy Target like functionality in the Policy Framework, a PDP is deployed.

Scenario and Need(s)

It is proposed that a PoC should be executed to analyze how the Policy Framework could evolve to support the TOSCA specification for Targets while ensuring that the existing Policy Framework functionality and requirements are maintained. The findings of the PoC will inform requirements for the Policy Framework for the Honolulu release.

  1. Describe how the TOSCA Target concept can be introduced into the ONAP Policy Framework in a common way for all PDPs
  2. Show how the TOSCA modelling will look in this common approach for various policy types and PDPs
  3. Describe the implementation of the common functionality
  4. create a set of sample policy definitions using targets, which follow the TOSCA standard and are supported in the Policy Framework
  5. execute a series of sample UCs to verify that the policies created in the previous step can be successfully processed by the PDPs in the Policy Framework

PolicyType and Policy Targets in TOSCA

The TOSCA specification for for targets on policy types and policies is identical in Versions 1.0, 1.1, 1.2, and 1.3 of the TOSCA Simple Profile in YAML. For both PolicyType and Policytargets are defined as a list of strings. AS there is no difference in the definition of targets in any of the TOSCA versions above, the approach described on this page applies to all those versions.

Definition of targets for PolicyType from Section 3.7.12.1 of Version 1.3 of the TOSCA specification.

Definition of targets for Policies from Section 3.8.6.1 of Version 1.3 of the TOSCA specification.

Support for targets in the Policy Framework

The TOSCA specification is silent on how targets, should be interpreted. Therefore the Policy Framework will allow the user to specify what way the targets should be treated for each PolicyType or Policy on which targets are specified. This will be achieved by asking the user to specify a XACML policy for each PolicyType or Policy on which targets have been specified.

If targets are specified on a PolicyType or Policy, the user specifies the name and version of an XACML policy to execute prior to execution. The list of targets is passed to the XACML target policy, which returns a boolean value of true or false. Execution of the Policy proper only proceeds if the XACML target policy returns true.

The following properties are introduced on PolicyType and Policy specifications to identify the XACML target policy to execute for targets.

Porperty NameRequiredTypeDescription
targetPolicyNameConditionalStringThe name of an XACML policy to execute to check whether execution should continue for a given set of targets. If the targets keyname is specified and the targetPolicyName property is not specified, policy execution is aborted and an error is reported. If the policy specified in the targetPolicyName property does not exist, policy execution is aborted and an error is reported.
targetPolicyVersionOptionalStringThe version the XACML policy specified in the targetPolicyName property. If the targetPolicyVersion property is not specified, the latest version of the policy specified in the targetPolicyName propertyis used. If the version of the policy specified in the targetPolicyVersion property does not exist, policy execution is aborted and an error is reported.

In the Policy Framework, targets are supported only for policies that are actually fired by the Policy Framework.

Type of PolicySupportedDescription
OperationalYes
NativeYes
GuardNoGuard policies may already be called by other policies, and a target policy is similar to a guard policy
MonitoringNoMonitoring policies are parameter policies and are not fired by the Policy Framework
OptimizationNoOptimization policies are parameter policies and are not fired by the Policy Framework
Match??
Naming??

Execution Sequence for targets


PlantUML source for Sequence Diagram 
@startuml

title Policy Framework Target Execution

autonumber

participant PolicyCaller

box "PolicyFramework" #LightBlue
  participant AnyPDP
  participant XACML_PDP
end box

PolicyCaller --> AnyPDP : policy trigger

loop from root to last descendant PolicyType
  alt targets specified on PolicyType
    AnyPDP --> XACML_PDP : Invoke target policy specified on PolicyType
    alt targets policy rejects execution
      AnyPDP --> PolicyCaller : execution rejected
    end
  end
end

loop from root to last descendant Policy
  alt targets specified on Policy
    AnyPDP --> XACML_PDP : Invoke target policy specified on Policy
    alt targets policy rejects execution
      AnyPDP --> PolicyCaller : execution rejected
    end
  end
end

AnyPDP --> AnyPDP : execute policy

activate AnyPDP
deactivate AnyPDP

AnyPDP --> PolicyCaller : policy result

@enduml

The Policy Framework will introduce common support for targets as a library function that all PDPs can use. This support can be used by any of the Policy Framework PDPs, as shown above.

When a trigger event is received by a PDP (Step 1), the PDP invokes the common handling for targets (Steps 2 to 5). If this common handling permits execution to proceed, policy execution proceeds as normal (Step 6).

The common handling works as follows:

  • The Policy Framework loops over the root PolicyType to the last descendant PolicyType
    • A check of the Policy Type specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 2).
    • If the target policy for the Policy Type rejects the targets, execution of the policy proper is rejected (Step 3).
    • If no targets are specified on the Policy Type or the target policy for the Policy Type accepts the target, execution continues
  • The Policy Framework loops over the root Policy to the last descendant Policy
    • A check of the Policy specification is made to see if targets have been specified on it, if so, the XACML PDP is invoked with the specified target policy and the specified targets as parameters (Step 4).
    • If the target policy for the Policy rejects the targets, execution of the policy proper is rejected (Step 5).
    • If no targets are specified on the Policy or the target policy for the Policy accepts the target, execution continues (Step 6)

TOSCA Example for PolicyType targets

Targets in Policy Types 
tosca_definitions_version: tosca_simple_yaml_1_1_0
policy_types:
    onap.policies.controlloop.Operational:
        derived_from: tosca.policies.Root
        version: 1.0.0
        name: onap.policies.controlloop.Operational
        description: Operational Policy Root Type.
        targets: [ActiveZones, TestZones]
        properties:
            targetPolicyName: onap.policies.targets.Zones
            targetPolicyVersion: 1.6.2
    onap.policies.controlloop.operational.Common:
        derived_from: tosca.policies.Root
        version: 1.0.0
        name: onap.policies.controlloop.operational.Common
        description: |
            Operational Policy for Control Loop execution. Originated in Frankfurt to support TOSCA Compliant
            Policy Types. This does NOT support the legacy Policy YAML policy type.
    onap.policies.controlloop.operational.common.Acme:
        derived_from: onap.policies.controlloop.operational.Common
        type_version: 1.0.0
        version: 1.0.0
        name: onap.policies.controlloop.operational.common.Acme
        description: Operational policies for Acme PDP
        targets: [AcmeManagedControlLoops]
        properties:
            targetPolicyName: onap.policies.targets.AcmeControlLoops
    onap.policies.controlloop.operational.common.acme.VehicleManufacturing:
        derived_from: onap.policies.controlloop.operational.Common
        type_version: 1.0.0
        version: 1.0.0
        name: onap.policies.controlloop.operational.common.Acme
        description: Operational policies for Acme PDP
        targets: [CarManufacturing, TruckManufacturing]
        properties:
            targetPolicyName: onap.policies.targets.controlloop.common.acme.VehicleManufacturingPlants
            targetPolicyVersion: 2.4.1

Blah blah

Policy targets

Targets in Policy 
tosca_definitions_version: tosca_simple_yaml_1_1_0
topology_template:
    policies:
    -   operational.vehiclemanufacturing.electric-vehicle:
            type: onap.policies.controlloop.operational.common.acme.VehicleManufacturing
            type_version: 1.0.0
            version: 1.0.0
            name: operational.vehiclemanufacturing.electric-vehicle
            targets: [Wayne_Line4, Wayne_Line5, Dagenham_Line2, Koln_line5]
            properties:
                targetPolicyName: onap.policies.targets.enableEVBatteryTesting
                targetPolicyVersion: 2.1.2


Implementation Alternatives

  • No labels