This page shows how the Policy Design and API Flow to/from the PAP and PDP's will work to support Model Driven Control Loops in Dublin.
The figure below shows the Artifacts (Blue) in the ONAP Policy Framework, the Activities (Yellow) that manipulate them, and important components (Pink) that interact with them.
eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IkxpYW0gRmFsbG9uIiwib3V0cHV0VHlwZSI6ImJsb2NrIiwibGFzdE1vZGlmaWVyTmFtZSI6IkxpYW0gRmFsbG9uIiwibGFuZ3VhZ2UiOiJlbiIsImRpYWdyYW1EaXNwbGF5TmFtZSI6IiIsInNGaWxlSWQiOiIiLCJhdHRJZCI6IjUzMjUxNTU3IiwiZGlhZ3JhbU5hbWUiOiJBUElzIGluIFBvbGljeSBGcmFtZXdvcmsiLCJhc3BlY3QiOiIiLCJsaW5rcyI6ImF1dG8iLCJjZW9OYW1lIjoiUG9saWN5IERlc2lnbiBhbmQgQVBJIEZsb3cgZm9yIE1vZGVsIERyaXZlbiBDb250cm9sIExvb3AgLSBEcmFmdCIsInRic3R5bGUiOiJ0b3AiLCJjYW5Db21tZW50IjpmYWxzZSwiZGlhZ3JhbVVybCI6IiIsImNzdkZpbGVVcmwiOiIiLCJib3JkZXIiOnRydWUsIm1heFNjYWxlIjoiMSIsIm93bmluZ1BhZ2VJZCI6NTMyNDgzNDEsImVkaXRhYmxlIjpmYWxzZSwiY2VvSWQiOjU2MTMyMDg0LCJwYWdlSWQiOiIiLCJsYm94Ijp0cnVlLCJzZXJ2ZXJDb25maWciOnsiZW1haWxwcmV2aWV3IjoiMSJ9LCJvZHJpdmVJZCI6IiIsInJldmlzaW9uIjoxOCwibWFjcm9JZCI6ImRmODIyNWQ5LTIwM2QtNDEwMi1hZjRiLWMyZWZhMzBlOWU3NCIsInByZXZpZXdOYW1lIjoiQVBJcyBpbiBQb2xpY3kgRnJhbWV3b3JrLnBuZyIsImxpY2Vuc2VTdGF0dXMiOiJPSyIsInNlcnZpY2UiOiIiLCJpc1RlbXBsYXRlIjoiIiwid2lkdGgiOiIxMDMxIiwic2ltcGxlVmlld2VyIjpmYWxzZSwibGFzdE1vZGlmaWVkIjoxNTUwMTQxMzI0MDAwLCJleGNlZWRQYWdlV2lkdGgiOmZhbHNlLCJvQ2xpZW50SWQiOiIifQ==
Please see the TOSCA Policy Primer page for an introduction to TOSCA policy concepts.
TOSCA defines a PolicyType, the definition of a type of policy that can be applied to a service. In the Policy Framework, we must handle and manage these TOSCA definitions and tie them to real implementations of policies that can run on PDPs.
The diagram above outlines how this is achieved. Each TOSCA PolicyType must have a corresponding PolicyTypeImpl in the Policy Framework. Once the Policy artifact exists, it can be used together with the PolicyTypeImpl artifact to create a PolicyImpl artifact. A PolicyImpl artifact is an executable policy implementation that can run on a PDP.
The TOSCA PolicyType artifact defines the external characteristics of the policy; defining its properties, the types of entities it acts on, and its triggers. A PolicyTypeImpl artifact is an XACML, Drools, or APEX implementation of that policy definition. PolicyType and PolicyTypeImpl artifacts may be preloaded, may be loaded manually, or may be created using the Lifecycle API. Alternatively, PolicyType definitions may be loaded over the Lifecycle API for preloaded PolicyTypeImpl artifacts.
The TOSCA Policy artifact is used internally by the Policy Framework, or is input by CLAMP or other systems. This artifact specifies the values of the properties for the policy and specifies the specific entities the policy acts on. Policy Design uses the TOSCA Policy artifact and the PolicyTypeImpl artifact to create an executable PolicyImpl artifact.
Policy Type Design manages TOSCA PolicyType artifacts and their PolicyTypeImpl implementations.
TOSCA PolicyType may ultimately be defined by the modeling team but for now are defined by the Policy Framework project. Various editors and GUIs are available for creating PolicyTypeImpl implementations. However, systematic integration of PolicyTypeImpl implementation is outside the scope of the ONAP Dublin release.
The PolicyType definitions and implementations listed below are preloaded and are always available for use in the Policy Framework.
Policy Type | Description |
---|
onap.policies.Monitoring | Overarching model that supports Policy driven DCAE microservice components used in a Control Loops |
onap.policies.controlloop.Operational | Used to support actor/action operational policies for control loops |
onap.policies.controlloop.Guard | Control Loop guard policies for policing control loops |
onap.policies.controlloop.Coordination | Control Loop Coordination policies to assist in coordinating multiple control loops at runtime |
This is a base Policy Type that supports Policy driven DCAE microservice components used in a Control Loops. The implementation of this Policy Type is developed using the XACML PDP to support question/answer Policy Decisions during runtime for the DCAE Policy Handler.
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
- onap.policies.Monitoring:
derived_from: tosca.policies.Root
description: a base policy type for all policies that govern monitoring provision
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:will be developed
- onap.policies.Monitoring:
derived_from: tosca.policies.Root
description: a base policy type for all policies that govern monitoring provision
- onap.policies.Monitoring.MyDCAEComponent:
derived_from: onap.policies.Monitoring
properties:
mydcaecomponent_policy:
type: map
description: The Policy Body I need
entry_schema:
type: onap.datatypes.monitoring.mydatatype
data_types:
- onap.datatypes.monitoring.mydatatype:
derived_from: tosca.datatypes.Root
properties:
my_property_1:
type: string
description: A description of this property
constraints:
- valid_values:
- value example 1
- value example 2
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.Monitoring:
derived_from: tosca.policies.Root
description: a base policy type for all policies that govern monitoring provision
onap.policy.monitoring.cdap.tca.hi.lo.app:
derived_from: onap.policies.Monitoring
properties:
tca_policy:
type: map
description: TCA Policy JSON
default: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"Mfvs_eNodeB_RANKPI","controlLoopSchemaType":"VNF","policyScope":"resource=vFirewall;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":4000,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":20000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ABATED","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":0,"direction":"EQUAL","severity":"CRITICAL"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VNF","policyScope":"resource=vLoadBalancer;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":500,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":5000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"}]}]}'
entry_schema:
type: onap.datatypes.monitoring.tca_policy
data_types:
onap.datatypes.monitoring.metricsPerEventName:
derived_from: tosca.datatypes.Root
properties:
controlLoopSchemaType:
type: string
description: Specifies Control Loop Schema Type for the
event Name e.g. VNF, VM
constraints:
- valid_values:
- VM
- VNF
eventName:
type: string
description: Event name to which thresholds need to be
applied
policyName:
type: string
description: TCA Policy Scope Name
policyScope:
type: string
description: TCA Policy Scope
policyVersion:
type: string
description: TCA Policy Scope Version
thresholds:
type: list
description: Thresholds associated with eventName
entry_schema: derived_from: tosca.datatypes.Root
type: onap.datatypes.monitoring.thresholds
onap.datatypes.monitoring.tca_policy:
derived_from: tosca.datatypes.Root
properties:
domain:
type: string
description: Domain name to which TCA needs to be applied
default: measurementsForVfScaling
constraints:
- equal: measurementsForVfScaling
metricsPerEventName:
type: list
description: Contains eventName and threshold details
that need to be applied to given eventName
entry_schema:
type: onap.datatypes.monitoring.metricsPerEventName
onap.datatypes.monitoring.thresholds:
derived_from: tosca.datatypes.Root
properties:
closedLoopControlName:
type: string
description: Closed Loop Control Name associated with
the threshold
closedLoopEventStatus:
type: string
description: Closed Loop Event Status of the threshold
constraints:
- valid_values:
- ONSET
- ABATED
direction:
type: string
description: Direction of the threshold
constraints:
- valid_values:
- LESS
- LESS_OR_EQUAL
- GREATER
- GREATER_OR_EQUAL
fieldPath:
type: string
description: Json field Path as per CEF message which
needs to be analyzed for TCA
severity:
type: string
description: Threshold Event Severity
constraints:
- valid_values:
- CRITICAL
- MAJOR
- MINOR
- WARNING
- NORMAL
thresholdValue:
type: integer
description: Threshold value for the field Path inside
CEF message
version:
type: string
description: Version number associated with the threshold
This policy type is used to support actor/action operational policies for control loops. There are two types of implementations for this policy type
- Existing Drools implementations that supports runtime Control Loop actions taken on components such as SO/APPC/VFC/SDNC/SDNR
- New implementations using APEX to support Control Loops.
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
- onap.policies.controlloop.Operation:
derived_from: tosca.policies.Root
description: Operational Policy for Control Loops
TODO: Operational Policy Model Parameter Schema for Drools
TODO: Operational Policy Model Parameter Schema for APEX
This policy type is the the type definition for Control Loop guard policies for frequency limiting, blacklisting and min/max guards to help protect runtime Control Loop Actions from doing harm to the network. This policy type is developed using the XACML PDP to support question/answer Policy Decisions during runtime for the Drools and APEX onap.controlloop.Operational policy type implementations.
The base schema is defined as below:
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
- onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
As with onap.policies.Monitoring policy type, the PolicyTypeImpl implementation of the onap.policies.controlloop.Guard Policy Type is generic to support definition of TOSCA PolicyType artifacts in the Policy Framework using the Policy Type Design API.
The derived Policy Type definitions below are preloaded in the Policy Framework.
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
- onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
- onap.policies.controlloop.Guard.FrequencyLimiter:
derived_from: onap.policies.controlloop.Guard
description: Supports limiting the frequency of actions being taken by a Actor.
properties:
frequency_policy:
type: map
description:
entry_schema:
type: onap.datatypes.Guard.FrequencyLimiter
data_types:
- onap.datatypes.Guard.FrequencyLimiter:
derived_from: tosca.datatypes.Root
properties:
actor:
type: string
description: Specifies the Actor
required: true
recipe:
type: string
description: Specified the Recipe
required: true
time_window:
type: scalar-unit.time
description: The time window to count the actions against.
required: true
limit:
type: integer
description: The limit
required: true
constraints:
- greater_than: 0Schema
time_range:
type: tosca.datatypes.TimeInterval
description: An optional range of time during the day the frequency is valid for.
required: false
controlLoopName:
type: string
description: An optional specific control loop to apply this guard to.
required: false
target:
type: string
description: An optional specific VNF to apply this guard to.
required: false
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
- onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
- onap.policies.controlloop.Guard.Blacklist:
derived_from: onap.policies.controlloop.Guard
description: Supports blacklist of VNF's from performing control loop actions on.
properties:
blacklist_policy:
type: map
description:
entry_schema:
type: onap.datatypes.Guard.Blacklist
data_types:
- onap.datatypes.Guard.Blacklist:
derived_from: tosca.datatypes.Root
properties:https://wiki.onap.org/display/DW/Policy+Types
actor:
type: string
description: Specifies the Actor
required: true
recipe:
type: string
description: Specified the Recipe
required: true
time_range:
type: tosca.datatypes.TimeInterval
description: An optional range of time during the day the blacklist is valid for.
required: false
controlLoopName:
type: string
description: An optional specific control loop to apply this guard to.
required: false
blacklist:
type: list
description: List of VNF's
required: true
policy_types:
- onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
- onap.policies.controlloop.Guard.MinMax:
derived_from: onap.policies.controlloop.Guard
description: Supports Min/Max number of VF Modules
properties:
minmax_policy:
type: map
description:
entry_schema:
type: onap.datatypes.Guard.MinMax
data_types:
- onap.datatypes.Guard.MinMax:
derived_from: tosca.datatypes.Root
properties:
actor:
type: stringhttps://wiki.onap.org/display/DW/Policy+Types
description: Specifies the Actor
required: true
recipe:
type: string
description: Specified the Recipe
required: true
time_range:
type: tosca.datatypes.TimeInterval
description: An optional range of time during the day the Min/Max limit is valid for.
required: false
controlLoopName:
type: string
description: An optional specific control loop to apply this guard to.
required: false
min_vf_module_instances:
type: integer
required: true
description: The minimum instances of this VF-Module
max_vf_module_instances:
type: integer
required: false
description: The maximum instances of this VF-Module
This policy type defines policies to assist in coordinating multiple control loops during runtime. This policy type is developed using XACML PDP to support question/answer policy decisions at runtime for the onap.policies.controlloop.operational policy types.
The unit of execution and scaling in the Policy Framework is a PolicyImpl entity. A PolicyImpl entity runs on a PDP. As is explained above a PolicyImpl entity is a PolicyTypeImpl implementation parameterized with a TOSCA Policy.
eyJleHRTcnZJbnRlZ1R5cGUiOiIiLCJnQ2xpZW50SWQiOiIiLCJjcmVhdG9yTmFtZSI6IkxpYW0gRmFsbG9uIiwib3V0cHV0VHlwZSI6ImJsb2NrIiwibGFzdE1vZGlmaWVyTmFtZSI6IkxpYW0gRmFsbG9uIiwibGFuZ3VhZ2UiOiJlbiIsImRpYWdyYW1EaXNwbGF5TmFtZSI6IiIsInNGaWxlSWQiOiIiLCJhdHRJZCI6IjU0NzIzNDQ2IiwiZGlhZ3JhbU5hbWUiOiJQb2xpY3lJbXBsUERQU3ViR3JvdXAiLCJhc3BlY3QiOiIiLCJsaW5rcyI6ImF1dG8iLCJjZW9OYW1lIjoiUG9saWN5IERlc2lnbiBhbmQgQVBJIEZsb3cgZm9yIE1vZGVsIERyaXZlbiBDb250cm9sIExvb3AgLSBEcmFmdCIsInRic3R5bGUiOiJ0b3AiLCJjYW5Db21tZW50IjpmYWxzZSwiZGlhZ3JhbVVybCI6IiIsImNzdkZpbGVVcmwiOiIiLCJib3JkZXIiOnRydWUsIm1heFNjYWxlIjoiMSIsIm93bmluZ1BhZ2VJZCI6NTMyNDgzNDEsImVkaXRhYmxlIjpmYWxzZSwiY2VvSWQiOjU2MTMyMDg0LCJwYWdlSWQiOiIiLCJsYm94Ijp0cnVlLCJzZXJ2ZXJDb25maWciOnsiZW1haWxwcmV2aWV3IjoiMSJ9LCJvZHJpdmVJZCI6IiIsInJldmlzaW9uIjo2LCJtYWNyb0lkIjoiZjU3MmEwYTgtYjU0NC00NmQ5LWIyYTYtMjkxOGJlZWMyMzc5IiwicHJldmlld05hbWUiOiJQb2xpY3lJbXBsUERQU3ViR3JvdXAucG5nIiwibGljZW5zZVN0YXR1cyI6Ik9LIiwic2VydmljZSI6IiIsImlzVGVtcGxhdGUiOiIiLCJ3aWR0aCI6Ijc2MSIsInNpbXBsZVZpZXdlciI6ZmFsc2UsImxhc3RNb2RpZmllZCI6MTU0OTYzNjIzMTAwMCwiZXhjZWVkUGFnZVdpZHRoIjpmYWxzZSwib0NsaWVudElkIjoiIn0=
In order to achieve horizontal scalability, we group the PDPs running instances of a given PolicyImpl entity logically together into a PDPSubGroup. The number of PDPs in a PDPSubGroup can then be scaled up and down using Kubernetes. In other words, all PDPs in a subgroup run the same PolicyImpl, that is the same policy template implementation (in XACML, Drools, or APEX) with the same parameters.
The figure above shows the layout of PDPGroup and PDPSubGroup entities. The figure shows examples of PDP groups for Control Loop and Monitoring policies on the right.
The health of PDPs is monitored by the PAP in order to alert operations teams managing policy. The PAP manages the life cycle of policies running on PDPs.
The table below shows the methods in which PolicyImpl entities can be deployed to PDP Subgroups
Method | Description | Advantages | Disadvantages |
---|
Cold Deployment | The PolicyImpl (PolicyTypeImpl and TOSCA Policy) are predeployed on the PDP. The PDP is fully configured and ready to execute when started. PDPs register with the PAP when they start, providing the PolicyImpl they have been predeployed with. | No run time configuration required and run time administration is simple. | Very restrictive, no run time configuration of PDPs is possible. |
Warm Deployment | The PolicyTypeImpl entity is predeployed on the PDP. A TOSCA Policy may be loaded at startup. The PDP may be configured or reconfigured with a new or updated TOSCA Policy at run time. PDPs register with the PAP when they start, providing the PolicyImpl they have been predeployed with if any. The PAP may update the TOSCA Policy on a PDP at any time after registration. | The configuration and parameters of the PDPs in a PDP group may be changed at run time by loading or updating the TOSCA Policy of the PDP Group at run time. Lifecycle management of TOSCA Policy entities is supported, allowing features such as PolicyImpl Safe Mode and PolicyImpl retirement. | Administration and management is required. The configuration and life cycle of the TOSCA policies can change at run time and must be administered and managed. |
Hot Deployment | The PolicyImpl (PolicyTypeImpl and TOSCA Policy) are deployed at run time. The PolicyImpl (PolicyTypeImpl and TOSCA Policy) may be loaded at startup. The PDP may be configured or reconfigured with a new or updated PolicyTypeImpl and/or TOSCA Policy at run time. PDPs register with the PAP when they start, providing the PolicyImpl they have been predeployed with if any. The PAP may update the TOSCA Policy and PolicyTypeImpl on a PDP at any time after registration. | The policy logic, rules, configuration, and parameters of the PDPs in a PDP group may be changed at run time by loading or updating the PolicyTypeImpl and TOSCA Policy of the PDP Group at run time. Lifecycle management of TOSCA Policy entities and PolicyTypeImpl entites is supported, allowing features such as PolicyImpl Safe Mode and PolicyImpl retirement. | Administration and management is more complex. The PolicyImpl itself and its configuration and life cycle as well as the life cycle of the TOSCA policies can change at run time and must be administered and managed. |
The Policy Framework supports the APIs documented in the subsections below.
The purpose of this API is to support CRUD of TOSCA PolicyType entities. It also supports CRUD of PolicyTypeImpl policy type implementations, where the XACML, Drools, and APEX policy type implementations are supplied as strings. This API is provided by the PolicyDevelopment component of the Policy Framework, see The ONAP Policy Framework architecture.
Note that client-side editing support for TOSCA PolicyType definitions or for PolicyTypeImpl implementations in XACML, Drools, or APEX is outside the current scope of the API.
The API allows applications to create, update, delete, and query PolicyType entities so that they become available for use in ONAP by applications such as CLAMP. Some Policy Type entities are preloaded in the Policy Framework. The TOSCA fields below are valid on API calls:
Field | GET | POST | DELETE | Comment |
---|
(name) | M | M | M | The definition of the reference to the Policy Type, GET allows ranges to be specified |
version | O | M | C | GET allows ranges to be specified, must be specified if more than one version of the Policy Type exists |
description | R | O | O |
|
derived_from | R | C | N/A | Must be specified when a Policy Type is derived from another Policy Type such as in the case of derived Monitoring Policy Types |
metadata | R | O | N/A |
|
properties | R | M | N/A | This field holds the specification of the specific Policy Type in ONAP |
targets | R | O | N/A | A list of node types and/or group types to which the Policy Type can be applied |
triggers | R | O | N/A | Specification of policy triggers, not currently supported in ONAP |
Note: Preloaded policy types may only be queried over this API, modification or deletion of preloaded policy type implementations is disabled.
Note: Policy types that are in use (referenced by defined Policies) may not be deleted
Note: The group types of targets in TOSCA are groups of TOSCA nodes, not PDP groups; the target concept in TOSCA is equivalent to the Policy Enforcement Point (PEP) concept
The API allows applications (such as CLAMP and Integration) to query the PolicyType entities that are available for Policy creation using a GET operation.
policy_types:
- onap.policies.Monitoring:
version: 1.0.0Types
description: A base policy type for all policies that govern monitoring provision
derived_from: tosca.policies.Root
- onap.policies.controlloop.Operational:
version: 1.0.0
description: Operational Policy for Control Loops
derived_from: tosca.policies.Root
- onap.policies.controlloop.Guard:
version: 1.0.0
description: Operational Policy for Control Loops
derived_from: tosca.policies.Root
- onap.policies.controlloop.Guard.FrequencyLimiter:
version: 1.0.0
description: Supports limiting the frequency of actions being taken by a Actor.
derived_from: onap.policies.controlloop.Guard
- onap.policy.controlloop.guard.blacklist:
version: 1.0.0
description: Supports blacklist of VNF's from performing control loop actions on.
derived_from: onap.policies.controlloop.Guard
This API allows applications (such as CLAMP and Integration) to create, update, delete, and query Policy entities.
- onap.policy.controlloop.guard.minmax:
version: 1.0.0
description: Supports Min/Max number of VF Modules
derived_from: onap.policies.controlloop.Guard
- onap.policy.controlloop.Coordination.TBD:(such as CLAMP and Integration)
description: CLC description TBD
derived_from: tosca.policies.Root
Following creation of a DCAE TCA policy type operation, the GET call for Monitoring policies returns looks similar to the output below:
http:{url}:{port}/api/v1/policytype?name=onap.Monitoring* GET
policy_types:
- onap.policies.Monitoring:
version: 1.0.0
derived_from: tosca.policies.Root
description: A base policy type for all policies that govern monitoring provision
- onap.policy.monitoring.cdap.tca.hi.lo.app:
version: 1.0.0
derived_from: onap.policies.Monitoring
description: A DCAE TCA high/low policy type
properties:
tca_policy:
type: map
description: TCA Policy JSON
default:'{<JSON omitted for brevity>}'
entry_schema:
type: onap.datatypes.monitoring.tca_policy
Now the onap.policies.Monitoring.cdap.tca.hi.lo.app Policy Type is available to CLAMP for creating concrete policies. See the Yaml contribution on the Model driven Control Loop Design page for a full listing of the DCAE TCA policy type used in the example above.
The table below shows some more examples of GET operations
Example | Description |
---|
http:{url}:{port}/api/v1/policytype | Get all Policy Type entities in the system |
http:{url}:{port}/api/v1/policytype?name=onap.Monitoring*
| Get all Policy Types that match the name wildcard supplied |
http:{url}:{port}/api/v1/policytype? name=onap.policy.monitoring.cdap.tca.hi.lo.app&version=1.0.0 | Get the specific Policy Type with the specified name and version |
The API allows applications and users (such as a DCAE microservice component developer) to create or update a Policy Type using a POST operation. This API allows new Policy Types to be created or existing Policy Types to be modified. POST operations with a new Policy Type name or a new version of an existing Policy Type name are used to create a new Policy Type. POST operations with an existing Policy Type name and version are used to update an existing Policy Type. Many Policy Types can be created or updated in a single POST operation by specifying more than one Policy Type on the TOSCA policy_types list.
For example, the POST operation below with the TOSCA body below is used t create a new Policy type for a DCAE microservice.
http:{url}:{port}/api/v1/policytype POST
policy_types:
- onap.policy.monitoring.cdap.tca.hi.lo.app:
version: 1.0.0
derived_from: onap.policies.Monitoring
description: A DCAE TCA high/low policy type
properties:
tca_policy:
type: map
description: TCA Policy JSON
default:'{<JSON omitted for brevity>}'
entry_schema:
type: onap.datatypes.monitoring.tca_policy
data_types:
<omitted for brevity>
See the Yaml contribution on the Model driven Control Loop Design page for a full listing of the DCAE TCA policy type used in the example above
Once this call is made, the Policy Type query in Section 3.1.1.1 returns a result with the new Policy Type defined.
The API also allows Policy Types to be deleted with a DELETE operation. The format of the delete operation is as below:
http:{url}:{port}/api/v1/policytype?name=onap.policy.monitoring.cdap.tca.hi.lo.app&version=1.0.0
Note: Predefined policy types cannot be deleted
Note: Policy types that are in use (Parameterized by a TOSCA Policy) may not be deleted, the parameterizing TOSCA policies must be deleted first
Note: The version parameter may be omitted on the DELETE operation if there is only one version of the policy type in the system
The policy Framework must have implementations for all Policy Type entities that may be specified in TOSCA. Policy type implementations may be predefined and preloaded into the Policy Framework. They may also be added, modified, queried, or deleted using this API.
Note: Preloaded policy type implementations may only be queried over this API, modification or deletion of preloaded policy type implementations is disabled.
Note: Policy type implementations that are in use (referenced by defined Policy Types) may not be deleted.
*** Note: The APIs in this section will be added later ***
The purpose of this API is to support CRUD of TOSCA Policy entities from TOSCA compliant PolicyType definitions. TOSCA Policy entities become the parameters for PolicyTypeImpl entities, producing PolicyImpl entities that can run on PDPs. This API is provided by the PolicyDevelopment component of the Policy Framework, see The ONAP Policy Framework architecture.
This API allows applications (such as CLAMP and Integration) to create, update, delete, and query Policy entities. The TOSCA fields below are valid on API calls:
Field | GET | POST | DELETE | Comment |
---|
(name) | M | M | M | The definition of the reference to the Policy, GET allows ranges to be specified |
type | O | M | O | The Policy Type of the policy, see section 3.1 |
description | R | O | O |
|
metadata | R | O | N/A |
|
properties | R | M | N/A | This field holds the specification of the specific Policy in ONAP |
targets | R | O | N/A | A list of nodes and/or groups to which the Policy can be applied |
Note: Policies that are deployed (used on deployed PolicyImpl entities) may not be deleted
Note: This API is NOT used by DCAE for a decision on what policy the DCAE PolicyHandler should retrieve and enforce
Note: The groups of targets in TOSCA are groups of TOSCA nodes, not PDP groups; the target concept in TOSCA is equivalent to the Policy Enforcement Point (PEP) concept
The API allows applications (such as CLAMP and Integration) to query the Policy entities that are available for deployment using a GET operation.
Note: This operation simply returns TOSCA policies that are defined in the Policy Framework, it does NOT make a decision.
http:{url}:{port}/api/v1/policy GET
policies:query
- onap.scaleout.tca:
type: onap.policy.monitoring.cdap.tca.hi.lo.app
description: Description of the ONAP scaleout TCA policy
properties:
status: Undeployed
The table below shows some more examples of GET operations
Example | Description |
---|
http:{url}:{port}/api/v1/policy | Get all Policies in the system |
http:{url}:{port}/api/v1/policy?type=onap.Monitoring*
| Get all policies for the Policy Types that match the name wildcard supplied |
http:{url}:{port}/api/v1/policy?name=onap.scaleout* | Get all policies that match the name wildcard supplied |
http:{url}:{port}/api/v1/policy?name=onap.scaleout.tca | Get the specific Policy with the specified name |
The API allows applications and users (such as CLAMP and Integration) to create or update a Policy using a POST operation. This API allows new Policies to be created or existing Policies to be modified. POST operations with a new Policy name are used to create a new Policy. POST operations with an existing Policy name are used to update an existing Policy. Many Policies can be created or updated in a single POST operation by specifying more than one Policy on the TOSCA policies list.
While designing a control loop using CLAMP, a Control Loop Designer uses the Policy Type for a specific DCAE mS component (See Section 3.1.1) to create a specific Policy. CLAMP then uses this API operation to submit the Policy to the Policy Framework.
For example, the POST operation below with the TOSCA body below is used to create a new scaleout Policy for the onap.policy.monitoring.cdap.tca.hi.lo.app microservice.
http:{url}:{port}/api/v1/policy POST
policies:
- onap.scaleout.tca:
type: onap.policy.monitoring.cdap.tca.hi.lo.app
properties:
domain: measurementsForVfScaling
metricsPerEventName:
-
eventName: vLoadBalancer
controlLoopSchemaType: VNF
policyScope: "type=configuration"
policyName: "onap.scaleout.tca"
policyVersion: "v0.0.1"
thresholds:
-
closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A"
closedLoopEventStatus: ONSET
version: "1.0.2"
fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated"
thresholdValue: 500
direction: LESS_OR_EQUAL
severity: MAJOR
-
closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B"
closedLoopEventStatus: ONSET
version: "1.0.2"
fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated"
thresholdValue: 5000
direction: GREATER_OR_EQUAL
severity: CRITICAL
The POST operation below is used to create the same scaleout Policy for the onap.policy.monitoring.cdap.tca.hi.lo.app microservice as above, but with a JSON body.
[{
"policy_id": "onap.scaleout.tca",
"policy_version": 1.0.0,
"policy_metadata": {
"policy_type": "onap.policy.monitoring.cdap.tca.hi.lo.app"
# HOW CAN WE GET THE closedLoopControlName as metadata?
}
}]
*** The JSON above needs to be fleshed out ***
TBD Liam Fallon Jorge Hernandez
TBD Pamela Dragosh Similar to Operational Policies
TBD Policy Design and API Flow for Model Driven Control Loop - Draft Similar to Operational Policies, stretch for Dublin
The API also allows Policies to be deleted with a DELETE operation. The format of the delete operation is as below:
http:{url}:{port}/api/v1/policy?name=onap.scaleout.tca
Note: Policies that are in use (deployed or used in a PolicyImpl entity) may not be deleted, the policy must be undeployed first
*** Note: This page has been restructured as far as here ***
The purpose of this API is to support CRUD of PDP groups and subgroups and to support the deployment and life cycles of PolicyImpl entities (TOSCA Policy and PolicyTypeImpl entities) on PDP sub groups and PDPs. See Section 2 for details on policy deployment on PDP groups and subgroups. This API is provided by the PolicyAdministration component (PAP) of the Policy Framework, see The ONAP Policy Framework architecture.
The fields below are valid on API calls:
Field | GET | POST | DELETE | Comment |
---|
name | M | M | M | The name of the PDP group |
version | O | M | C | The version of the PDP group |
state | R | N/A | N/A | The administrative state of the PDP group: PASSIVE, SAFE, TEST, or ACTIVE |
description | R | O | O | The PDP group descirotion |
properties | R | O | N/A | Specific properties for a PDP group |
pdp_subgroups | R | M | N/A | A list of PDP subgroups for a PDP group |
| pdp_type | R | M | N/A | The PDP type of this PDP subgroup, currently xacml, drools, or apex |
| policies | R | M | N/A | The list of policies runing on all PDPs in this PDP subgroup |
This part of the API supports CRUD of PDP groups and subgroups.
This operation allows the PDP groups and subgroups to be listed together with the policies that are deployed on each PDP group and subgroup.
http:{url}:{port}/pap/v1/pdps GET
pdp_groups:
- name: onap.pdpgroup.controlloop.operational
version: 1.0.0
state: active
description: ONAP Control Loop Operational and Guard policies
properties:
# PDP group level properties if any
pdp_subgroups:
- pdp_type: drools
policies:
- onap.controllloop.operational.drools.vCPE.eastRegion:
policy_type: onap.controllloop.operational.drools.vCPE
policy_type_version: 1.0.0
policy_type_implementation: onap.controllloop.operational.drools.impl
- onap.controllloop.operational.drools.vFW.eastRegion:
policy_type: onap.controllloop.operational.drools.vFW
policy_type_version: 1.0.0
policy_type_implementation: onap.controllloop.operational.drools.impl
instance_count: 3
properties:
# The properties below are for illustration only
instance_spawn_load_threshold: 70%
instance_kill_load_threshold: 50%
instance_geo_redundancy: true
kubernetes_info:
service_endpoint: https://<the drools service endpoint for this PDP group>
deployment: Kubernetes deployment identifier
# Other K8S info
instances:
- instance: drools_1
kubernetes_instance_info:
pod_id: drools_1_pod
# Other K8S instance info
- instance: drools_2
kubernetes_instance_info:
pod_id: drools_2_pod
# Other K8S instance info
- instance: drools_3
kubernetes_instance_info:
pod_id: drools_3_pod
# Other K8S instance info
- pdp_type: apex
policies:
- onap.controllloop.operational.apex.BBS.eastRegion:
policy_type: onap.controllloop.operational.apex.BBS
policy_type_version: 1.0.0
policy_type_implementation: onap.controllloop.operational.apex.impl
- onap.controllloop.operational.apex.Other.eastRegion:
policy_type: onap.controllloop.operational.apex.Other
policy_type_version: 1.0.0
policy_type_implementation: onap.controllloop.operational.apex.impl
instance_count: 3
properties:
# The properties below are for illustration only
instance_spawn_load_threshold: 80%
instance_kill_load_threshold: 60%
instance_geo_redundancy: true
kubernetes_info:
service_endpoint: https://<the apex service endpoint for this PDP group>
deployment: Kubernetes deployment identifier
# Other K8S info
instances:
- instance: apex_1
kubernetes_instance_info:
pod_id: apex_1_pod
# Other K8S instance info
- instance: apex_2
kubernetes_instance_info:
pod_id: apex_2_pod
# Other K8S instance infoCreation
- instance: apex_3
kubernetes_instance_info:
pod_id: apex_3_pod
# Other K8S instance info
- pdp_type: xacml
policies:
- onap.policies.controlloop.Guard.FrequencyLimiter.eastRegion:
policy_type: onap.policies.controlloop.Guard.FrequencyLimiter
policy_type_version: 1.0.0
policy_type_implementation: onap.controllloop.guard.impl
- onap.policies.controlloop.Guard.BlackList.eastRegion:
policy_type: onap.policies.controlloop.Guard.BlackList
policy_type_version: 1.0.0
policy_type_implementation: onap.controllloop.guard.impl
- onap.policies.controlloop.Guard.MinMax.eastRegion:
policy_type: onap.policies.controlloop.Guard.MinMax
policy_type_version: 1.0.0
policy_type_implementation: onap.controllloop.guard.impl
instance_count: 2
properties:
# The properties below are for illustration only
instance_geo_redundancy: true
kubernetes_info:
service_endpoint: https://<the XACML service endpoint for this PDP group>
deployment: Kubernetes deployment identifier
# Other K8S info
instances:
- instance: xacml_1
kubernetes_instance_info:
pod_id: xacml_1_pod
# Other K8S instance info
- instance: xacml_2
kubernetes_instance_info:
pod_id: xacml_2_pod
# Other K8S instance info
- name: onap.pdpgroup.monitoring
version: 2.1.3
state: active
description: DCAE mS Configuration Policies
properties:
# PDP group level properties if any
pdp_subgroups:
- pdp_type: xacml
policies:
- onap.scaleout.tca:
policy_type: onap.policy.monitoring.cdap.tca.hi.lo.app
policy_type_version: 1.0.0
policy_type_implementation: onap.policy.monitoring.impl
instance_count: 2
properties:
# The properties below are for illustration only
instance_geo_redundancy: true
kubernetes_info:
service_endpoint: https://<the XACML service endpoint for this PDP group>
deployment: Kubernetes deployment identifier
# Other K8S info
instances:
- instance: xacml_1
kubernetes_instance_info:
pod_id: xacml_1_pod
# Other K8S instance info
- instance: xacml_2
kubernetes_instance_info:
pod_id: xacml_2_pod
# Other K8S instance info
The table below shows some more examples of GET operations
Example | Description |
---|
http:{url}:{port}/pap/v1/pdps
| Get all PDP Groups and subgroups in the system |
http:{url}:{port}/pap/v1/pdps?group=onap.pdpgroup.controlloop*
| Get PDP Groups and subgroups that match the supplied name filter
|
http:{url}:{port}/pap/v1/policy?group=onap.pdpgroup.monitoring&subgroup=xacml | Get the PDP subgroup informtation for the specified subgroup |
This operation allows the PDP groups and subgroups to be created and deployed together with their policies.
http:{url}:{port}/pap/v1/pdps POST
# PAP - how it lists existing PDP Groups and Sub Groups and the models loaded
#
pdp_groups:
-
name: Control Loop runtime group
description: ONAP Control Loop Operational and Guard policies
subgroups:
-
pdp_type: drools
models:
# Maven coordinates here
- "onap.controlloop.operational:operational-standard"
- "onap.controlloop.operational:operational-enhanced"
instances:
# Parameters somehow passed to K8S for scaling
min_instances: 3
# The parameters below are for illustration in Dublin, may be implemented later
instance_spawn_load_threshold: 70%
instance_kill_load_threshold: 50%
instance_geo_redundnacy: true
-
pdp_type: apex
models:
# Maven coordinates here
- "onap.controlloop.operational:operational-standard"
- "onap.controlloop.operational:operational-enhanced"
instances:
# Parameters somehow passed to K8S for scaling
min_instances: 3
# The parameters below are for illustration in Dublin, may be implemented later
instance_spawn_load_threshold: 80%
instance_kill_load_threshold: 60%
instance_geo_redundnacy: true
-
pdp_type: xacml
models:
- "onap.controlloop.guard:guard-standard"
- "onap.controlloop.coordination:coordination-s*** Note: This page has been restructured as far as here ***tandard"
# Parameters somehow passed to K8S for scaling
min_instances: 2
# The parameters below are for illustration in Dublin, may be implemented later
instance_geo_redundnacy: true
-
name: DCAE policy group
subgroups:
-
pdp_type: xacml
models:
- "onap.controlloop.monitoring:monitoring-standard"
- "onap.controlloop.monitoring:monitoring-acme-inc"
# Parameters somehow passed to K8S for scaling
min_instances: 2
# The parameters below are for illustration in Dublin, may be implemented later
instance_geo_redundnacy: true
For CLAMP to deploy policies, we need to make sure there is a simple default way for this to support Dublin.
http:{url}:{port}/pap/v1/pdps PUT
Content-Type: application/yaml
#
# Return Output
#
HTTP/1.1 200 OK
Content-Type: application/yaml
policies:
- policy_id: onap.scaleout.tca
# TODO add the other operational and guard policies
Policy decisions are required by ONAP components to support the policy-driven ONAP architecture. Currently implemented using the XACML PDP, the calling application is required to provide attributes in order for the XACML PDP to return a correct decision.
{
"$schema": "http://json-schema.org/draft-06/schema#",
"$ref": "#/definitions/ONAPPolicyDecisionAPISchema",
"definitions": {
"ONAPPolicyDecisionAPISchema": {
"title": "ONAP Policy Decision API Schema",
"type": "object",
"properties": {
"pep": {
"$ref": "#/definitions/Pep"
},
"action": {
"type": "string"
},
"resource": {
"type": "array",
"items": {
"$ref": "#/definitions/Resource"
}
}
},
"required": [
"action",
"pep",
"resource"
]
},
"Pep": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"instance": {
"type": "string"
}
},
"required": [
"name"
],
"title": "Pep"
},
"Resource": {
"type": "object",
"additionalProperties": false,
"properties": {
"policy-metadata": {
"$ref": "#/definitions/PolicyMetadata"
},
"service-metadata": {
"$ref": "#/definitions/aaiMetadata"
},
"resource-metadata": {
"$ref": "#/definitions/aaiMetadata"
},
"closedLoopControlName": {
"type": "array",
"items": {
"type": "string"
}
}
},
"required": [],
"title": "Resource"
},
"PolicyMetadata": {
"type": "object",
"additionalProperties": false,
"properties": {
"policy-id": {
"type": "string"
},
"policy-type": {
"type": "string"
}
},
"required": [],
"title": "PolicyMetadata"
},
"aaiMetadata": {
"type": "object",
"additionalProperties": false,
"properties": {
"model-invariant-id": {
"type": "string",
"format": "uuid"
},
"model-version-id": {
"type": "string",
"format": "uuid"
},
"name": {
"type": "string"
}
},
"required": [],
"title": "Service and Resource A&AI metadata"
}
}
}
{
"pep": {
"name": "DCAE",
"instance": "policy-handler-0"
},
"action": "configure",
"resource": [
{
"policy-metadata": {
"policy-type": "onap.policy.monitoring.cdap.tca.hi.lo.app"
}
}
]
}
{
"pep": {
"name": "DCAE",
"instance": "policy-handler-0"
},
"action": "configure",
"resource": [
{
"policy-metadata": {
"policy-id": "onap.scaleout.tca"
}
}
]
}
{
"pep": {
"name": "DCAE",
"instance": "policy-handler-0"
},
"action": "configure",
"resource": [
{
"policy-metadata": {
"policy-id": "onap.scaleout.tca",
"policy-type": "onap.policy.monitoring.cdap.tca.hi.lo.app"
}
},
{
"service-metadata": {
"model-invariant-id": "ebacca8b-9fb8-498a-8a2b-24757f5236a9",
"model-version-id": "e9129f70-1657-4e6d-955c-2651aba4cc28",
"name": "vLoadBalancerMS"
}
},
{
"resource-metadata": {
"model-invariant-id": "20ad46cc-6b16-4404-9895-93d2baaa8d25",
"model-version-id": "4f715117-08b9-4221-9d63-f3fa86919742",
"name": "vLoadBalancerMS"
}
},
{
"controlloop-metadata": {
"closedLoopControlName": "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8"
}
}
]
}
http:{url}:{port}/decision/v1/ POST
Content-Type: application/yaml
Accepts: application/json
subject: DCAE
action: configure
resource:
policy_id: onap.scaleout.tca
#
# Return Output
#
HTTP/1.1 200 OK
Content-Type: application/json
{
"onap.scaleout.tca": {
"type": "onap.policy.monitoring.cdap.tca.hi.lo.app",
"properties": {
"domain": "measurementsForVfScaling",
"metricsPerEventName": [
{
"eventName": "vLoadBalancer",
"controlLoopSchemaType": "VNF",
"policyScope": "resource=vLoadBalancer;type=configuration",
"policyName": "onap.scaleout.tca",
"policyVersion": "v0.0.1",
"thresholds": [
{
"closedLoopControlName": "CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A",
"closedLoopEventStatus": "ONSET",
"version": "1.0.2",
"fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated",
"thresholdValue": 500,
"direction": "LESS_OR_EQUAL",
"severity": "MAJOR"
},
{
"closedLoopControlName": "CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B",
"closedLoopEventStatus": "ONSET",
"version": "1.0.2",
"fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated",
"thresholdValue": 5000,
"direction": "GREATER_OR_EQUAL",
"severity": "CRITICAL"8 Policy Lifecycle API - Creating Coordination Policies
}
]
}
]
}
}
}