1 .. This work is licensed under a
2 .. Creative Commons Attribution 4.0 International License.
3 .. http://creativecommons.org/licenses/by/4.0
14 Policy life cycle API comprises of policy design API and policy deployment API. This documentation focuses on policy
15 design API. Policy design API is publicly exposed for clients to Create/Read/Update/Delete (CRUD) policy types, policy type
16 implementation and policies which can be recognized and executable by appropriate policy engines incorporated in ONAP
17 policy framework. Policy design API backend is running in an independent building block component of policy framework
18 that provides REST service for aforementioned CRUD behaviors. Policy design API component interacts with a policy database
19 for storing and fetching new policies or policy types as needed. Apart from CRUD, API is also exposed for clients to retrieve
20 healthcheck status of this API REST service and statistics report including a variety of counters that reflect the history
23 Starting from Dublin release, we strictly follow `TOSCA Specification <http://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-YAML/v1.1/TOSCA-Simple-Profile-YAML-v1.1.pdf>`_
24 to define policy type and policy. Policy type is equivalent to policy model mentioned by clients before Dublin release.
25 Both policy type and policy are included in a TOSCA Service Template which is used as the entity passed into API POST call
26 and the entity returned by API GET and DELETE calls. More details are presented in following sessions.
27 We encourage clients to compose all kinds of policies and corresponding policy types in well-formed TOSCA Service Template.
28 One Service Template can contain one or more policies and policy types. Each policy type can have multiple policies created
29 atop. In other words, different policies can match the same or different policy types. Existence of a policy type is a prerequisite
30 of creating such type of policies. In the payload body of each policy to create, policy type name and version should be indicated and
31 the specified policy type should be valid and existing in policy database.
33 In El Alto release, to ease policy creation, we preload several widely used policy types in policy database. Below is a table summarizing
34 preloaded policy types.
37 :header: "Policy Type Name", "Payload"
40 "Controlloop.Guard.Blacklist", `onap.policies.controlloop.guard.Blacklist.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.Blacklist.yaml>`_
41 "Controlloop.Guard.FrequencyLimiter", `onap.policies.controlloop.guard.FrequencyLimiter.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.FrequencyLimiter.yaml>`_
42 "Controlloop.Guard.MinMax", `onap.policies.controlloop.guard.MinMax.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.MinMax.yaml>`_
43 "Controlloop.Guard.Coordination.FirstBlocksSecond", `onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml>`_
44 "Controlloop.Operational", `onap.policies.controlloop.Operational.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.controlloop.Operational.yaml>`_
45 "Monitoring.TCA", `onap.policies.monitoring.cdap.tca.hi.lo.app.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml>`_
46 "Monitoring.Collectors", `onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml>`_
47 "Optimization", `onap.policies.Optimization.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.Optimization.yaml>`_
48 "Optimization.AffinityPolicy", `onap.policies.optimization.AffinityPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.AffinityPolicy.yaml>`_
49 "Optimization.DistancePolicy", `onap.policies.optimization.DistancePolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.DistancePolicy.yaml>`_
50 "Optimization.HpaPolicy", `onap.policies.optimization.HpaPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.HpaPolicy.yaml>`_
51 "Optimization.OptimizationPolicy", `onap.policies.optimization.OptimizationPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.OptimizationPolicy.yaml>`_
52 "Optimization.PciPolicy", `onap.policies.optimization.PciPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.PciPolicy.yaml>`_
53 "Optimization.QueryPolicy", `onap.policies.optimization.QueryPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.QueryPolicy.yaml>`_
54 "Optimization.SubscriberPolicy", `onap.policies.optimization.SubscriberPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.SubscriberPolicy.yaml>`_
55 "Optimization.Vim_fit", `onap.policies.optimization.Vim_fit.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.Vim_fit.yaml>`_
56 "Optimization.VnfPolicy", `onap.policies.optimization.VnfPolicy.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policytypes/onap.policies.optimization.VnfPolicy.yaml>`_
58 Also, in El Alto release, We provide backward compatibility support for controlloop operational and guard
59 policies encoded in legacy format. Below is a table containing sample legacy guard/operational policies and
60 well-formed TOSCA monitoring policies.
63 :header: "Policy Name", "Payload"
66 "vCPE.Monitoring.Tosca", `vCPE.policy.monitoring.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.yaml>`_ `vCPE.policy.monitoring.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policy.monitoring.input.tosca.json>`_
67 "vCPE.Optimization.Tosca", `vCPE.policies.optimization.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policies.optimization.input.tosca.yaml>`_
68 "vCPE.Operational.Legacy", `vCPE.policy.operational.input.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vCPE.policy.operational.input.json>`_
69 "vDNS.Guard.FrequencyLimiting.Legacy", `vDNS.policy.guard.frequency.input.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.guard.frequency.input.json>`_
70 "vDNS.Guard.MinMax.Legacy", `vDNS.policy.guard.minmax.input.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.guard.minmax.input.json>`_
71 "vDNS.Monitoring.Tosca", `vDNS.policy.monitoring.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.monitoring.input.tosca.yaml>`_ `vDNS.policy.monitoring.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.monitoring.input.tosca.json>`_
72 "vDNS.Operational.Legacy", `vDNS.policy.operational.input.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vDNS.policy.operational.input.json>`_
73 "vFirewall.Monitoring.Tosca", `vFirewall.policy.monitoring.input.tosca.yaml <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewall.policy.monitoring.input.tosca.yaml>`_ `vFirewall.policy.monitoring.input.tosca.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewall.policy.monitoring.input.tosca.json>`_
74 "vFirewall.Operational.Legacy", `vFirewall.policy.operational.input.json <https://github.com/onap/policy-models/blob/master/models-examples/src/main/resources/policies/vFirewall.policy.operational.input.json>`_
77 Below is a global API table from where swagger JSON for different types of policy design API can be downloaded.
82 :header: "API name", "Swagger JSON"
85 "Healthcheck API", ":download:`link <swagger/healthcheck-api.json>`"
86 "Statistics API", ":download:`link <swagger/statistics-api.json>`"
87 "Tosca Policy Type API", ":download:`link <swagger/policytype-api.json>`"
88 "Tosca Policy API", ":download:`link <swagger/policy-api.json>`"
89 "Legacy Guard Policy API", ":download:`link <swagger/guard-policy-api.json>`"
90 "Legacy Operational Policy API", ":download:`link <swagger/operational-policy-api.json>`"
95 It is worth noting that we use basic authorization for API access with username and password set to *healthcheck* and *zb!XztG34* respectively.
96 Also, the new APIs support both *http* and *https*.
98 For every API call, client is encouraged to insert an uuid-type requestID as parameter. It is helpful for tracking each http transaction
99 and facilitates debugging. Mostly importantly, it complies with Logging requirements v1.2. If client does not provider the requestID in API call,
100 one will be randomly generated and attached to response header *x-onap-requestid*.
102 In accordance with `ONAP API Common Versioning Strategy Guidelines <https://wiki.onap.org/display/DW/ONAP+API+Common+Versioning+Strategy+%28CVS%29+Guidelines>`_,
103 in the response of each API call, several custom headers are added::
105 x-latestversion: 1.0.0
108 x-onap-requestid: e1763e61-9eef-4911-b952-1be1edd9812b
110 x-latestversion is used only to communicate an API's latest version.
112 x-minorversion is used to request or communicate a MINOR version back from the client to the server, and from the server back to the client.
114 x-patchversion is used only to communicate a PATCH version in a response for troubleshooting purposes only, and will not be provided by the client on request.
116 x-onap-requestid is used to track REST transactions for logging purpose, as described above.
119 .. swaggerv2doc:: swagger/healthcheck-api.json
121 .. swaggerv2doc:: swagger/statistics-api.json
123 .. swaggerv2doc:: swagger/policytype-api.json
125 .. swaggerv2doc:: swagger/policy-api.json
127 It is worth noting that in POST policy API, client needs to provide a policy payload encoded in well-formed TOSCA Service Template, and
128 in the JSON payload, "type" field value should strictly match the policy type name embedded in the API path (case sensitive).
129 Otherwise, it will complain the policy type does not exist. Please check out the sample policies in above policy table.
131 .. swaggerv2doc:: swagger/guard-policy-api.json
133 It is worth noting that guard policy name should start with one of the three: *guard.frequency.*, *guard.minmax.*, or *guard.blacklist.*.
134 Otherwise, it will complain that guard policy type cannot be found (does not exist). Apart from policy name, the policy version specified
135 in API path should be an integer, e.g. 1, 2, 10, instead of "1.0.0", "2.0.1", etc.
136 These naming restrictions will disappear after we evolve to use well-formed TOSCA Service Template for guard policies and
137 legacy policy design API is then deprecated.
139 .. swaggerv2doc:: swagger/operational-policy-api.json
141 Likewise, the policy version specified in operational policy API path should be an integer too, e.g. 1, 2, 10, instead of
142 "1.0.0", "2.0.1", etc. This restriction will disappear after we deprecate legacy policy design API in the near future release.
145 Regarding DELETE APIs for both TOSCA policies and legacy policies, we only expose API to delete one particular version of policy
146 or policy type at a time for safety purpose. If client has the need to delete multiple or a group of policies or policy types,
147 they will need to delete one by one.
149 Sample API Curl Commands
150 -------------------------
152 From API client perspective, using *http* or *https* does not have much difference in curl command. Here we list some sample curl commands (using *http*)
153 for POST, GET and DELETE monitoring and operational policies that are used in vFirewall use case.
155 JSON payload for POST calls can be downloaded from policy table above.
157 Create vFirewall Monitoring Policy::
158 curl --user 'healthcheck:zb!XztG34' -X POST "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies" -H "Accept: application/json" -H "Content-Type: application/json" -d @vFirewall.policy.monitoring.input.tosca.json
160 Get vFirewall Monitoring Policy::
161 curl --user 'healthcheck:zb!XztG34' -X GET "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies/onap.vfirewall.tca/versions/1.0.0" -H "Accept: application/json" -H "Content-Type: application/json"
163 Delete vFirewall Monitoring Policy::
164 curl --user 'healthcheck:zb!XztG34' -X DELETE "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies/onap.vfirewall.tca/versions/1.0.0" -H "Accept: application/json" -H "Content-Type: application/json"
166 Create vFirewall Operational Policy::
167 curl --user 'healthcheck:zb!XztG34' -X POST "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies" -H "Accept: application/json" -H "Content-Type: application/json" -d @vFirewall.policy.operational.input.json
169 Get vFirewall Operational Policy::
170 curl --user 'healthcheck:zb!XztG34' -X GET "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/operational.modifyconfig/versions/1" -H "Accept: application/json" -H "Content-Type: application/json"
172 Delete vFirewall Operational Policy::
173 curl --user 'healthcheck:zb!XztG34' -X DELETE "http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/operational.modifyconfig/versions/1" -H "Accept: application/json" -H "Content-Type: application/json"
Code Review / policy / parent.git / blob