1 .. This work is licensed under a
2 .. Creative Commons Attribution 4.0 International License.
3 .. http://creativecommons.org/licenses/by/4.0
13 The purpose of this API is to support CRUD of TOSCA *PolicyType* entities. This API is provided by the
14 *PolicyDevelopment* component of the Policy Framework, see the :ref:`The ONAP Policy Framework Architecture
15 <architecture-label>` page. Policy design API backend is running in an independent building block component of policy framework
16 that provides REST service for aforementioned CRUD behaviors. Policy design API component interacts with a policy database
17 for storing and fetching new policies or policy types as needed. Apart from CRUD, API is also exposed for clients to retrieve
18 healthcheck status of this API REST service and statistics report including a variety of counters that reflect the history
21 We strictly follow `TOSCA Specification <http://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-YAML/v1.1/TOSCA-Simple-Profile-YAML-v1.1.pdf>`_
22 to define policy type and policy. A policy type is equivalent to the policy model mentioned by clients before Dublin release.
23 Both policy type and policy are included in a TOSCA Service Template which is used as the entity passed into API POST call
24 and the entity returned by API GET and DELETE calls. More details are presented in following sessions.
25 We encourage clients to compose all kinds of policies and corresponding policy types in well-formed TOSCA Service Template.
26 One Service Template can contain one or more policies and policy types. Each policy type can have multiple policies created
27 atop. In other words, different policies can match the same or different policy types. Existence of a policy type is a prerequisite
28 of creating such type of policies. In the payload body of each policy to create, policy type name and version should be indicated and
29 the specified policy type should be valid and existing in policy database.
31 The API allows applications to create, update, delete, and query *PolicyType* entities so that they become available for
32 use in ONAP by applications such as CLAMP. Some Policy Type entities are preloaded in the Policy Framework. The TOSCA
33 fields below are valid on API calls:
35 ============ ======= ======== ========== ===============================================================================
36 **Field** **GET** **POST** **DELETE** **Comment**
37 ============ ======= ======== ========== ===============================================================================
38 (name) M M M The definition of the reference to the Policy Type, GET allows ranges to be
40 version O M C GET allows ranges to be specified, must be specified if more than one version
41 of the Policy Type exists
42 description R O N/A Desciption of the Policy Type
43 derived_from R C N/A Must be specified when a Policy Type is derived from another Policy Type such
44 as in the case of derived Monitoring Policy Types
45 metadata R O N/A Metadata for the Policy Type
46 properties R M N/A This field holds the specification of the specific Policy Type in ONAP
47 targets R O N/A A list of node types and/or group types to which the Policy Type can be applied
48 triggers R O N/A Specification of policy triggers, not currently supported in ONAP
49 ============ ======= ======== ========== ===============================================================================
52 On this and subsequent tables, use the following legend: M-Mandatory, O-Optional, R-Read-only, C-Conditional.
53 Conditional means the field is mandatory when some other field is present.
56 Preloaded policy types may only be queried over this API, modification or deletion of preloaded policy type
57 implementations is disabled.
60 Policy types that are in use (referenced by defined Policies) may not be deleted.
63 The group types of targets in TOSCA are groups of TOSCA nodes, not PDP groups; the *target* concept in TOSCA is
64 equivalent to the Policy Enforcement Point (PEP) concept
67 To ease policy creation, we preload several widely used policy types in policy database. Below is a table listing the preloaded policy types.
69 .. _policy-preload-label:
72 :header: "Policy Type Name", "Payload"
75 "Monitoring.TCA", `onap.policies.monitoring.cdap.tca.hi.lo.app.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml>`_
76 "Monitoring.Collectors", `onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml>`_
77 "Optimization", `onap.policies.Optimization.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.Optimization.yaml>`_
78 "Optimization.Resource", `onap.policies.optimization.Resource.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.Resource.yaml>`_
79 "Optimization.Resource.AffinityPolicy", `onap.policies.optimization.resource.AffinityPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml>`_
80 "Optimization.Resource.DistancePolicy", `onap.policies.optimization.resource.DistancePolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.resource.DistancePolicy.yaml>`_
81 "Optimization.Resource.HpaPolicy", `onap.policies.optimization.resource.HpaPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.resource.HpaPolicy.yaml>`_
82 "Optimization.Resource.OptimizationPolicy", `onap.policies.optimization.resource.OptimizationPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml>`_
83 "Optimization.Resource.PciPolicy", `onap.policies.optimization.resource.PciPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.resource.PciPolicy.yaml>`_
84 "Optimization.Resource.Vim_fit", `onap.policies.optimization.resource.Vim_fit.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.resource.Vim_fit.yaml>`_
85 "Optimization.Resource.VnfPolicy", `onap.policies.optimization.resource.VnfPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.resource.VnfPolicy.yaml>`_
86 "Optimization.Service", `onap.policies.optimization.Service.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.Service.yaml>`_
87 "Optimization.Service.QueryPolicy", `onap.policies.optimization.service.QueryPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.service.QueryPolicy.yaml>`_
88 "Optimization.Service.SubscriberPolicy", `onap.policies.optimization.service.SubscriberPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml>`_
89 "Controlloop.Guard.Common", `onap.policies.controlloop.guard.Common.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.Common.yaml>`_
90 "Controlloop.Guard.Common.Blacklist", `onap.policies.controlloop.guard.common.Blacklist.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml>`_
91 "Controlloop.Guard.Common.FrequencyLimiter", `onap.policies.controlloop.guard.common.FrequencyLimiter.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml>`_
92 "Controlloop.Guard.Common.MinMax", `onap.policies.controlloop.guard.common.MinMax.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.common.MinMax.yaml>`_
93 "Controlloop.Guard.Coordination.FirstBlocksSecond", `onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml>`_
94 "Controlloop.Operational", `onap.policies.controlloop.Operational.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.Operational.yaml>`_
95 "Controlloop.Operational.Common", `onap.policies.controlloop.operational.Common.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.Common.yaml>`_
96 "Controlloop.Operational.Common.Apex", `onap.policies.controlloop.operational.common.Apex.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Apex.yaml>`_
97 "Controlloop.Operational.Common.Drools", `onap.policies.controlloop.operational.common.Drools.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Drools.yaml>`_
98 "Naming", `onap.policies.Naming.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.Naming.yaml>`_
99 "Native.Drools", `onap.policies.native.Drools.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.native.Drools.yaml>`_
100 "Native.Xacml", `onap.policies.native.Xacml.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.native.Xacml.yaml>`_
101 "Native.Apex", `onap.policies.native.Apex.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.native.Apex.yaml>`_
103 We also preload a policy in the policy database. Below is a table listing the preloaded polic(ies).
106 :header: "Policy Type Name", "Payload"
109 "SDNC.Naming", `sdnc.policy.naming.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/sdnc.policy.naming.input.tosca.yaml>`_
111 Below is a table containing sample well-formed TOSCA compliant policies.
114 :header: "Policy Name", "Payload"
117 "vCPE.Monitoring.Tosca", `vCPE.policy.monitoring.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.yaml>`_ `vCPE.policy.monitoring.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.json>`_
118 "vCPE.Optimization.Tosca", `vCPE.policies.optimization.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policies.optimization.input.tosca.yaml>`_ `vCPE.policies.optimization.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policies.optimization.input.tosca.json>`_
119 "vCPE.Operational.Tosca", `vCPE.policy.operational.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policy.operational.input.tosca.yaml>`_ `vCPE.policy.operational.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policy.operational.input.tosca.json>`_
120 "vDNS.Guard.FrequencyLimiting.Tosca", `vDNS.policy.guard.frequencylimiter.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.guard.frequencylimiter.input.tosca.yaml>`_
121 "vDNS.Guard.MinMax.Tosca", `vDNS.policy.guard.minmaxvnfs.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.guard.minmaxvnfs.input.tosca.yaml>`_
122 "vDNS.Guard.Blacklist.Tosca", `vDNS.policy.guard.blacklist.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.guard.blacklist.input.tosca.yaml>`_
123 "vDNS.Monitoring.Tosca", `vDNS.policy.monitoring.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.monitoring.input.tosca.yaml>`_ `vDNS.policy.monitoring.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.monitoring.input.tosca.json>`_
124 "vDNS.Operational.Tosca", `vDNS.policy.operational.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.operational.input.tosca.yaml>`_ `vDNS.policy.operational.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.operational.input.tosca.json>`_
125 "vFirewall.Monitoring.Tosca", `vFirewall.policy.monitoring.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewall.policy.monitoring.input.tosca.yaml>`_ `vFirewall.policy.monitoring.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewall.policy.monitoring.input.tosca.json>`_
126 "vFirewall.Operational.Tosca", `vFirewall.policy.operational.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewall.policy.operational.input.tosca.yaml>`_ `vFirewall.policy.operational.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewall.policy.operational.input.tosca.json>`_
127 "vFirewallCDS.Operational.Tosca", `vFirewallCDS.policy.operational.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewallCDS.policy.operational.input.tosca.yaml>`_
130 Below is a global API table from where swagger JSON for different types of policy design API can be downloaded.
135 :header: "API name", "Swagger JSON"
138 "Healthcheck API", ":download:`link <swagger/healthcheck-api.json>`"
139 "Statistics API", ":download:`link <swagger/statistics-api.json>`"
140 "Tosca Policy Type API", ":download:`link <swagger/policytype-api.json>`"
141 "Tosca Policy API", ":download:`link <swagger/policy-api.json>`"
142 "Legacy Operational Policy API", ":download:`link <swagger/operational-policy-api.json>`"
147 It is worth noting that we use basic authorization for API access with username and password set to *healthcheck* and *zb!XztG34* respectively.
148 Also, the new APIs support both *http* and *https*.
150 For every API call, client is encouraged to insert an uuid-type requestID as parameter.
151 It is helpful for tracking each http transaction and facilitates debugging.
152 Mostly importantly, it complies with Logging requirements v1.2.
153 If client does not provider the requestID in API call, one will be randomly generated
154 and attached to response header *x-onap-requestid*.
156 In accordance with `ONAP API Common Versioning Strategy Guidelines <https://wiki.onap.org/display/DW/ONAP+API+Common+Versioning+Strategy+%28CVS%29+Guidelines>`_,
157 in the response of each API call, several custom headers are added::
159 x-latestversion: 1.0.0
162 x-onap-requestid: e1763e61-9eef-4911-b952-1be1edd9812b
163 x-latestversion is used only to communicate an API's latest version.
165 x-minorversion is used to request or communicate a MINOR version back from the client to the server, and from the server back to the client.
167 x-patchversion is used only to communicate a PATCH version in a response for troubleshooting purposes only, and will not be provided by the client on request.
169 x-onap-requestid is used to track REST transactions for logging purpose, as described above.
171 .. swaggerv2doc:: swagger/healthcheck-api.json
173 .. swaggerv2doc:: swagger/statistics-api.json
175 .. swaggerv2doc:: swagger/policytype-api.json
177 .. swaggerv2doc:: swagger/policy-api.json
179 When making a POST policy API call, the client must not only provide well-formed JSON/YAML,
180 but also must conform to the TOSCA specification. For example. the "type" field for a TOSCA
181 policy should strictly match the policy type name it derives.
182 Please check out the sample policies in above policy table.
184 Also, in the POST payload passed into each policy or policy type creation call (i.e. POST API invocation), the client needs to explicitly
185 specify the version of the policy or policy type to create. That being said, the "version" field is mandatory in the TOSCA service template
186 formatted policy or policy type payload. If the version is missing, that POST call will return "406 - Not Acceptable" and
187 the policy or policy type to create will not be stored in the database.
189 To avoid inconsistent versions between the database and policies deployed in the PDPs, policy API REST service employs some enforcement
190 rules that validate the version specified in the POST payload when a new version is to create or an existing version to update.
191 Policy API will not blindly override the version of the policy or policy type to create/update.
192 Instead, we encourage the client to carefully select a version for the policy or policy type to change and meanwhile policy API will check the validity
193 of the version and feed an informative warning back to the client if the specified version is not good.
194 To be specific, the following rules are implemented to enforce the version:
196 1. If the incoming version is not in the database, we simply insert it. For example: if policy version 1.0.0 is stored in the database and now
197 a client wants to create the same policy with updated version 3.0.0, this POST call will succeed and return "200" to the client.
199 2. If the incoming version is already in the database and the incoming payload is different from the same version in the database,
200 "406 - Not Acceptable" will be returned. This forces the client to update the version of the policy if the policy is changed.
202 3. If a client creates a version of a policy and wishes to update a property on the policy, they must delete that version of the policy and re-create it.
204 4. If multiple policies are included in the POST payload, policy API will also check if duplicate version exists in between
205 any two policies or policy types provided in the payload. For example, a client provides a POST payload which includes two policies with the same
206 name and version but different policy properties. This POST call will fail and return "406" error back to the calling application along with a
207 message such as "duplicate policy {name}:{version} found in the payload".
209 5. The same version validation is applied to policy types too.
211 6. To avoid unnecessary id/version inconsistency between the ones specified in the entity fields and the ones returned in the metadata field,
212 "policy-id" and "policy-version" in the metadata will only be set by policy API. Any incoming explicit specification in the POST payload will be
213 ignored. For example, A POST payload has a policy with name "sample-policy-name1" and version "1.0.0" specified. In this policy, the metadata
214 also includes "policy-id": "sample-policy-name2" and "policy-version": "2.0.0". The 200 return of this POST call will have this created policy with
215 metadata including "policy-id": "sample-policy-name1" and "policy-version": "1.0.0".
217 .. swaggerv2doc:: swagger/operational-policy-api.json
219 Regarding DELETE APIs for TOSCA compliant policies, we only expose API to delete one particular version of policy
220 or policy type at a time for safety purpose. If client has the need to delete multiple or a group of policies or policy types,
221 they will need to delete them one by one.
223 Sample API Curl Commands
224 -------------------------
226 From API client perspective, using *http* or *https* does not have much difference in curl command.
227 Here we list some sample curl commands (using *http*) for POST, GET and DELETE monitoring and operational policies that are used in vFirewall use case.
228 JSON payload for POST calls can be downloaded from policy table above.
230 If you are accessing the api from the container, the default *ip* and *port* would be **https:/policy-api:6969/policy/api/v1/**.
232 Create vFirewall Monitoring Policy::
233 curl --user 'healthcheck:zb!XztG34' -X POST "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies" -H "Accept: application/json" -H "Content-Type: application/json" -d @vFirewall.policy.monitoring.input.tosca.json
235 Get vFirewall Monitoring Policy::
236 curl --user 'healthcheck:zb!XztG34' -X GET "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies/onap.vfirewall.tca/versions/1.0.0" -H "Accept: application/json" -H "Content-Type: application/json"
238 Delete vFirewall Monitoring Policy::
239 curl --user 'healthcheck:zb!XztG34' -X DELETE "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies/onap.vfirewall.tca/versions/1.0.0" -H "Accept: application/json" -H "Content-Type: application/json"
241 Create vFirewall Operational Policy::
242 curl --user 'healthcheck:zb!XztG34' -X POST "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies" -H "Accept: application/json" -H "Content-Type: application/json" -d @vFirewall.policy.operational.input.tosca.json
244 Get vFirewall Operational Policy::
245 curl --user 'healthcheck:zb!XztG34' -X GET "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0" -H "Accept: application/json" -H "Content-Type: application/json"
247 Delete vFirewall Operational Policy::
248 curl --user 'healthcheck:zb!XztG34' -X DELETE "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0" -H "Accept: application/json" -H "Content-Type: application/json"