===========
The ONAP Policy Framework is a comprehensive policy design, deployment,
and execution environment. The Policy Framework is the decision
making component in `an ONAP
===========
The ONAP Policy Framework is a comprehensive policy design, deployment,
and execution environment. The Policy Framework is the decision
making component in `an ONAP
It allows you to specify, deploy, and execute the governance of the
features and functions in your ONAP system, be they closed loop,
orchestration, or more traditional open loop use case implementations.
It allows you to specify, deploy, and execute the governance of the
features and functions in your ONAP system, be they closed loop,
orchestration, or more traditional open loop use case implementations.
The *PolicyDevelopment* component implements the functionality for
development of policy types and policies. *PolicyAdministration* is
The *PolicyDevelopment* component implements the functionality for
development of policy types and policies. *PolicyAdministration* is
*PolicyExecution* is the set of PDPs running in the ONAP system and is
responsible for making policy decisions and for managing the
administrative state of the PDPs as directed
*PolicyExecution* is the set of PDPs running in the ONAP system and is
responsible for making policy decisions and for managing the
administrative state of the PDPs as directed
and the supporting information from the policy database whilst deploying
policy artifacts. Once the policy artifacts are deployed,
*PolicyAdministration* handles the run-time management of the PDPs on
and the supporting information from the policy database whilst deploying
policy artifacts. Once the policy artifacts are deployed,
*PolicyAdministration* handles the run-time management of the PDPs on
inspired by `RFC-2753 <https://tools.ietf.org/html/rfc2753>`__ and
`RFC-3198 <https://tools.ietf.org/html/rfc3198>`__.
inspired by `RFC-2753 <https://tools.ietf.org/html/rfc2753>`__ and
`RFC-3198 <https://tools.ietf.org/html/rfc3198>`__.
*PolicyDevelopment* provides a
`CRUD <https://en.wikipedia.org/wiki/Create,_read,_update_and_delete>`__
*PolicyDevelopment* provides a
`CRUD <https://en.wikipedia.org/wiki/Create,_read,_update_and_delete>`__
*PolicyExecution* is the set of running PDPs that are executing
policies, logically partitioned into PDP groups and subgroups.
*PolicyExecution* is the set of running PDPs that are executing
policies, logically partitioned into PDP groups and subgroups.
The figure above shows how *PolicyExecution* looks at run time with PDPs
running in Kubernetes. A *PDPGroup* is a purely logical construct that
The figure above shows how *PolicyExecution* looks at run time with PDPs
running in Kubernetes. A *PDPGroup* is a purely logical construct that
`Deployment <https://kubernetes.io/docs/concepts/workloads/controllers/deployment/>`__.
PDPs are defined as Kubernetes
`Pods <https://kubernetes.io/docs/concepts/workloads/pods/pod/>`__. At
`Deployment <https://kubernetes.io/docs/concepts/workloads/controllers/deployment/>`__.
PDPs are defined as Kubernetes
`Pods <https://kubernetes.io/docs/concepts/workloads/pods/pod/>`__. At
in the configuration of the *Deployment* of that *PDPSubGroup* in
Kubernetes. This structuring of PDPs is required because, in order to
simplify deployment and scaling of PDPs in Kubernetes, we gather all the
in the configuration of the *Deployment* of that *PDPSubGroup* in
Kubernetes. This structuring of PDPs is required because, in order to
simplify deployment and scaling of PDPs in Kubernetes, we gather all the
The UML class diagram above shows the portion of the Policy Framework
Object Model that applies to *PolicyDeployment* and *PolicyExecution.*
The UML class diagram above shows the portion of the Policy Framework
Object Model that applies to *PolicyDeployment* and *PolicyExecution.*
The UML class diagram above shows the portion of the Policy Framework
Object Model that applies to *PolicyDevelopment* and *PolicyDeployment.*
The UML class diagram above shows the portion of the Policy Framework
Object Model that applies to *PolicyDevelopment* and *PolicyDeployment.*
Policy Type Design is the task of creating policy types that capture the
generic and vendor independent aspects of a policy for a particular
Policy Type Design is the task of creating policy types that capture the
generic and vendor independent aspects of a policy for a particular
types and to generate policies from these policy types in a uniform way
regardless of the domain that the policy type is addressing or the PDP
technology that will execute the policy. The interface is used by
types and to generate policies from these policy types in a uniform way
regardless of the domain that the policy type is addressing or the PDP
technology that will execute the policy. The interface is used by
the structure, type, and definition of the model information that must
be supplied to the policy type to generate a concrete policy.
the structure, type, and definition of the model information that must
be supplied to the policy type to generate a concrete policy.
XACML oriented for decision policies or Drools rules oriented for ECA
policies). The design environment and tool chain for a policy type is
specific for the type of policy being designed.
XACML oriented for decision policies or Drools rules oriented for ECA
policies). The design environment and tool chain for a policy type is
specific for the type of policy being designed.
specification of the specific rules or tasks, the flow of the policy,
its internal states and data structures and other relevant information.
A *PolicyTyp*\ e\ *Impl* is specific to a PDP technology, that is XACML,
specification of the specific rules or tasks, the flow of the policy,
its internal states and data structures and other relevant information.
A *PolicyTyp*\ e\ *Impl* is specific to a PDP technology, that is XACML,
implementations, to determine the model information, rules, or tasks
that they require, to specialize policy flow, and to generate policies
from policy types. This API is used by the ONAP Policy Framework and
implementations, to determine the model information, rules, or tasks
that they require, to specialize policy flow, and to generate policies
from policy types. This API is used by the ONAP Policy Framework and
policy types.
Consider a policy type created for managing faults on vCPE equipment in
a vendor independent way. The policy type captures the generic logic
required to manage the faults and specifies the vendor specific
information that must be supplied to the type for specific vendor vCPE
policy types.
Consider a policy type created for managing faults on vCPE equipment in
a vendor independent way. The policy type captures the generic logic
required to manage the faults and specifies the vendor specific
information that must be supplied to the type for specific vendor vCPE
equipment is created by setting the parameters specified in the policy
type together with the specific modeled information, rules and tasks in
the policy type implementation for that vendor model of vCPE.
equipment is created by setting the parameters specified in the policy
type together with the specific modeled information, rules and tasks in
the policy type implementation for that vendor model of vCPE.
The GUI implementation in another ONAP component such as SDC DCAE-DS
uses the *API_User* API to create and edit ONAP policy types.
The GUI implementation in another ONAP component such as SDC DCAE-DS
uses the *API_User* API to create and edit ONAP policy types.
For skilled developers, the most straightforward way to create a policy
type is to program it. Programming a policy type might simply mean
For skilled developers, the most straightforward way to create a policy
type is to program it. Programming a policy type might simply mean
under source control in git. This Eclipse project is structured
correctly for creating implementations for a specific type of PDP. It
includes the correct POM files for generating the policy type
under source control in git. This Eclipse project is structured
correctly for creating implementations for a specific type of PDP. It
includes the correct POM files for generating the policy type
is used to parameterize a policy type to create an executable policy. A
service designer and/or operations team can use tooling that reads the
TOSCA Policy Type specifications to express and capture a policy at its
highest abstraction level. Alternatively, the parameter for the policy
can be expressed in a raw JSON or YAML file and posted over the policy
is used to parameterize a policy type to create an executable policy. A
service designer and/or operations team can use tooling that reads the
TOSCA Policy Type specifications to express and capture a policy at its
highest abstraction level. Alternatively, the parameter for the policy
can be expressed in a raw JSON or YAML file and posted over the policy
process in *PolicyDevelopment* for creating a policy is the same for all
mechanisms. The most general mechanism for creating a policy is using
the RESTful *Policy Design API*, which provides a full interface to the
policy creation support of *PolicyDevelopment*. This API may be
process in *PolicyDevelopment* for creating a policy is the same for all
mechanisms. The most general mechanism for creating a policy is using
the RESTful *Policy Design API*, which provides a full interface to the
policy creation support of *PolicyDevelopment*. This API may be
creation, which again is a general purpose wrapper around the policy
creation API. The Policy GUI can interpret any TOSCA Model ingested and
flexibly presents a GUI for a user to create policies from. The
creation, which again is a general purpose wrapper around the policy
creation API. The Policy GUI can interpret any TOSCA Model ingested and
flexibly presents a GUI for a user to create policies from. The
modification supported by the ONAP Policy Framework.
2.2.2.1 Policy Design in the ONAP Policy Framework
modification supported by the ONAP Policy Framework.
2.2.2.1 Policy Design in the ONAP Policy Framework
Policy creation in *PolicyDevelopment* follows the general sequence
shown in the sequence diagram below. An *API_USER* is any component that
Policy creation in *PolicyDevelopment* follows the general sequence
shown in the sequence diagram below. An *API_USER* is any component that
A *PolicyDevAPIUser* first gets a reference to and the metadata for the
Policy type for the policy they want to work on from
A *PolicyDevAPIUser* first gets a reference to and the metadata for the
Policy type for the policy they want to work on from
-exists, \ *PolicyDevelopment* reads the artifact and returns the
-reference of the existing policy to the \ *PolicyDevAPIUser* with the
+exists, \ *PolicyDevelopment* reads the artifact and returns the
+reference of the existing policy to the \ *PolicyDevAPIUser* with the
-exist, \ *PolicyDevelopment* creates and new reference and metadata and
-returns that to the \ *API_User*.
+exist, \ *PolicyDevelopment* creates and new reference and metadata and
+returns that to the \ *API_User*.
-requests \ *PolicyDevelopment* to create the
-policy. \ *PolicyDevelopment* creates the policy, stores the created
+requests \ *PolicyDevelopment* to create the
+policy. \ *PolicyDevelopment* creates the policy, stores the created
policy artifact and its metadata in the database.
2.2.2.2 Model Driven VF (Virtual Function) Policy Design via VNF SDK Packaging
policy artifact and its metadata in the database.
2.2.2.2 Model Driven VF (Virtual Function) Policy Design via VNF SDK Packaging
VF vendors express policies such as SLA, Licenses, hardware placement,
run-time metric suggestions, etc. These details are captured within the
VF vendors express policies such as SLA, Licenses, hardware placement,
run-time metric suggestions, etc. These details are captured within the
read from a CSAR received from SDC.
*PolicyDesign* uses the *PolicyDistribution* component for managing
read from a CSAR received from SDC.
*PolicyDesign* uses the *PolicyDistribution* component for managing
is an *API_User*, it uses the Policy Design API for policy creation and
update. It reads the information it needs to populate the policy type
from a TOSCA specification in a CSAR received from SDC and then uses
is an *API_User*, it uses the Policy Design API for policy creation and
update. It reads the information it needs to populate the policy type
from a TOSCA specification in a CSAR received from SDC and then uses
the policy is to be composed from the TOSCA definition, it must also
parse the TOSCA definition.
the policy is to be composed from the TOSCA definition, it must also
parse the TOSCA definition.
events to SDC such as DOWNLOAD_OK, DOWNLOAD_ERROR, DEPLOY_OK,
DEPLOY_ERROR, NOTIFIED.
events to SDC such as DOWNLOAD_OK, DOWNLOAD_ERROR, DEPLOY_OK,
DEPLOY_ERROR, NOTIFIED.
Service policies such as optimization and placement policies can be
specified as a TOSCA Policy at design time. These policies use a TOSCA
Service policies such as optimization and placement policies can be
specified as a TOSCA Policy at design time. These policies use a TOSCA
All policy types must be certified as being fit for deployment prior to
run time deployment. In the case of design-time via the SDC application,
All policy types must be certified as being fit for deployment prior to
run time deployment. In the case of design-time via the SDC application,
The ONAP Policy Framework follows the architectural approach for micro
services recommended by the `ONAP Architecture
The ONAP Policy Framework follows the architectural approach for micro
services recommended by the `ONAP Architecture
The ONAP Policy Framework defines `Kubernetes
Services <https://kubernetes.io/docs/concepts/services-networking/service/>`__
to manage the life cycle of Policy Framework executable components at
The ONAP Policy Framework defines `Kubernetes
Services <https://kubernetes.io/docs/concepts/services-networking/service/>`__
to manage the life cycle of Policy Framework executable components at
number of instances (pods in Kubernetes terminology) that should be
deployed for a particular service to be specified and a common endpoint
for that service to be defined. Once the service is started in
number of instances (pods in Kubernetes terminology) that should be
deployed for a particular service to be specified and a common endpoint
for that service to be defined. Once the service is started in
The diagram above gives an indicative structure of the run time topology
information in the Policy Framework database. Note that
The diagram above gives an indicative structure of the run time topology
information in the Policy Framework database. Note that
information for life cycle management of PDP groups and PDPs.
2.3.3 Startup, Shutdown and Restart
information for life cycle management of PDP groups and PDPs.
2.3.3 Startup, Shutdown and Restart
This section describes the interactions between Policy Framework
components themselves and with other ONAP components at startup,
shutdown and restart.
2.3.3.1 PAP Startup and Shutdown
This section describes the interactions between Policy Framework
components themselves and with other ONAP components at startup,
shutdown and restart.
2.3.3.1 PAP Startup and Shutdown
The sequence diagram below shows the actions of the PAP at startup.
The PAP is the run time point of coordination for the ONAP Policy
Framework. When it is started, it initializes itself using data from the
The sequence diagram below shows the actions of the PAP at startup.
The PAP is the run time point of coordination for the ONAP Policy
Framework. When it is started, it initializes itself using data from the
administration requests.
PAP shutdown is trivial. On receipt or a shutdown request, the PAP
completes or aborts any ongoing operations and shuts down gracefully.
2.3.3.2 PDP Startup and Shutdown
administration requests.
PAP shutdown is trivial. On receipt or a shutdown request, the PAP
completes or aborts any ongoing operations and shuts down gracefully.
2.3.3.2 PDP Startup and Shutdown
The sequence diagram below shows the actions of the PDP at startup. See
also Section 4 of the `Policy Design and API Flow for Model Driven
The sequence diagram below shows the actions of the PDP at startup. See
also Section 4 of the `Policy Design and API Flow for Model Driven
Loop <file://localhost/display/DW/Policy+Design+and+API+Flow+for+Model+Driven+Control+Loop>`__
page for the API used to implement this sequence.
Loop <file://localhost/display/DW/Policy+Design+and+API+Flow+for+Model+Driven+Control+Loop>`__
page for the API used to implement this sequence.
mode. The PDP begins sending periodic Status messages to the PAP.
The first Status message initializes the process of loading the correct
mode. The PDP begins sending periodic Status messages to the PAP.
The first Status message initializes the process of loading the correct
Policy execution is the execution of a policy in a PDP. Policy
enforcement occurs in the component that receives a policy decision.
Policy execution is the execution of a policy in a PDP. Policy
enforcement occurs in the component that receives a policy decision.
================== ===========================================================================================================================================================================================================================================================================================================================
2.3.5 Policy Lifecycle Management
================== ===========================================================================================================================================================================================================================================================================================================================
2.3.5 Policy Lifecycle Management
Policy lifecycle management manages the deployment and life cycle of
policies in PDP groups at run time. Policy sets can be deploy at run
Policy lifecycle management manages the deployment and life cycle of
policies in PDP groups at run time. Policy sets can be deploy at run
TEST, or even PASSIVE mode at any time if problems arise.
2.3.5.3 Policy Upgrade and Rollback
TEST, or even PASSIVE mode at any time if problems arise.
2.3.5.3 Policy Upgrade and Rollback
set into ACTIVE mode immediately. The advantage of this approach is that
the approach is straightforward. The obvious disadvantage is that the
PDP group is not executing on the target environment while the new
set into ACTIVE mode immediately. The advantage of this approach is that
the approach is straightforward. The obvious disadvantage is that the
PDP group is not executing on the target environment while the new
A second manner to tackle upgrade and rollback is to use a spare-wheel
approach. An special upgrade PDP group service is set up as a K8S
A second manner to tackle upgrade and rollback is to use a spare-wheel
approach. An special upgrade PDP group service is set up as a K8S
PDPs provide a periodic report of their status to the PAP. All PDPs
report using a standard reporting format that is extended to provide
PDPs provide a periodic report of their status to the PAP. All PDPs
report using a standard reporting format that is extended to provide
===================== ===============================================================================
2.3.7 PEP Registration and Enforcement Guidelines
===================== ===============================================================================
2.3.7 PEP Registration and Enforcement Guidelines
In ONAP there are several applications outside the Policy Framework that
enforce policy decisions based on models provided to the Policy
In ONAP there are several applications outside the Policy Framework that
enforce policy decisions based on models provided to the Policy
PDP Group A group of PDPs that execute the same set of policies
Policy Development The development environment for policies
Policy Type A generic prototype definition of a type of policy in TOSCA, see the `TOSCA Policy Primer <file://localhost/display/DW/TOSCA+Policy+Primer>`__
PDP Group A group of PDPs that execute the same set of policies
Policy Development The development environment for policies
Policy Type A generic prototype definition of a type of policy in TOSCA, see the `TOSCA Policy Primer <file://localhost/display/DW/TOSCA+Policy+Primer>`__
Policy Set A set of policies that are deployed on a PDP group. One and only one Policy Set is deployed on a PDP group
================================= =========================================================================================================================================================
Policy Set A set of policies that are deployed on a PDP group. One and only one Policy Set is deployed on a PDP group
================================= =========================================================================================================================================================