1 .. This work is licensed under a
2 .. Creative Commons Attribution 4.0 International License.
3 .. http://creativecommons.org/licenses/by/4.0
5 CDS actor support in Policy
6 ###########################
11 1. Overview of CDS Actor support in Policy
12 ==========================================
13 ONAP Policy Framework now enables Controller Design Studio (CDS) as one of the supported actors.
14 This allows the users to configure Operational Policy to use CDS as an actor to remedy a situation.
16 Behind the scene, when an incoming event is received and validated against rules, Policy uses gRPC to trigger
17 the CBA (Controller Blueprint Archive: CDS artifact) as configured in the operational policy and providing CDS
18 with all the input parameters that is required to execute the chosen CBA.
22 The goal of the user guide is to clarify the contract between Policy and CDS so that a CBA developer can respect
23 this input contract towards CDS when implementing the CBA.
25 3. Contract between Policy and CDS
26 ==================================
27 Policy upon receiving an incoming event from DCAE fires the rules and decides which actor to trigger.
28 If the CDS actor is the chosen, Policy triggers the CBA execution using gRPC.
30 The parameters required for the execution of a CBA are internally handled by Policy.
31 It makes uses of the incoming event, the operational policy configured and AAI lookup to build the CDS request payload.
33 3.1 CDS Blueprint Execution Payload format as invoked by Policy
34 ---------------------------------------------------------------
35 Below are the details of the contract established between Policy and CDS to enable the automation of a remediation
36 action within the scope of a closed loop usecase in ONAP.
38 The format of the input payload for CDS follows the below guidelines, hence a CBA developer must consider this when
39 implementing the CBA logic.
40 For the sake of simplicity a JSON payload is used instead of a gRPC payload and each attribute of the child-nodes
46 The "commonHeader" field in the CBA execute payload is built by policy.
48 =============================== =========== ================================================================
49 "commonHeader" field name type Description
50 =============================== =========== ================================================================
51 subRequestId string Generated by Policy. Is a UUID and used internally by policy.
52 requestId string Inserted by Policy. Maps to the UUID sent by DCAE i.e. the ID
53 used throughout the closed loop lifecycle to identify a request.
54 originatorId string Generated by Policy and fixed to "POLICY"
55 =============================== =========== ================================================================
57 3.1.2 ActionIdentifiers
58 ***********************
60 The "actionIdentifiers" field uniquely identifies the CBA and the workflow to execute.
62 ==================================== =========== =============================================================
63 "actionIdentifiers" field name type Description
64 ==================================== =========== =============================================================
65 mode string Inserted by Policy and fixed to "sync" presently.
66 blueprintName string Inserted by Policy. Maps to the attribute that holds the
67 blueprint-name in the operational policy configuration.
68 blueprintVersion string Inserted by Policy. Maps to the attribute that holds the
69 blueprint-version in the operational policy configuration.
70 actionName string Inserted by Policy. Maps to the attribute that holds the
71 action-name in the operational policy configuration.
72 ==================================== =========== =============================================================
77 The "payload" JSON node is generated by Policy for the action-name specified in the "actionIdentifiers" field
78 which is eventually supplied through the operational policy configuration as indicated above.
80 3.1.3.1 Action request object
81 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
83 The "$actionName-request" object is generated by CDS for the action-name specified in the "actionIdentifiers" field.
85 The "$actionName-request" object contains:
87 * a field called "resolution-key" which CDS uses to store the resolved parameters into the CDS context
88 * a child node object called "$actionName-properties" which holds a map of all the parameters that serve
89 as inputs to the CBA. It presently holds the below information:
91 * all the AAI enriched attributes
92 * additional parameters embedded in the Control Loop Event format which is sent by DCAE (analytics application).
93 * any static information supplied through operational policy configuration which is not specific to an event
94 but applies across all the events.
96 The data description for the action request object fields is as below:
100 ===================================== =========== ======================================================================
101 "$actionName-request" field name type Description
102 ===================================== =========== ======================================================================
103 resolution-key string Generated by Policy. Is a UUID, generated each time CBA execute
105 ===================================== =========== ======================================================================
107 - Action properties object
109 ======================================== =============== ===============================================================
110 "$actionName-properties" field name type Description
111 ======================================== =============== ===============================================================
112 [$aai_node_type.$aai_attribute] map Inserted by Policy after performing AAI enrichment.
113 Is a map that contains AAI parameters for the target and
114 conforms to the notation: $aai_node_type.$aai_attribute.
115 E.g. for PNF the map looks like below.
120 "pnf.equip-vendor":"Vendor-A",
121 "pnf.ipaddress-v4-oam":"10.10.10.10",
122 "pnf.in-maint":false,
123 "pnf.pnf-ipv4-address":"3.3.3.3",
124 "pnf.resource-version":"1570746989505",
125 "pnf.nf-role":"ToR DC101",
126 "pnf.equip-type":"Router",
127 "pnf.equip-model":"model-123456",
129 "pnf.pnf-name":"demo-pnf"
131 data json object Inserted by Policy. Maps to the static payload supplied
132 OR string through operational policy configuration. Used to hold
133 any static information which applies across all the
134 events as described above. If the value of the data
135 field is a valid JSON string it is converted to a JSON
136 object, else will be retained as a string.
137 [$additionalEventParams] map Inserted by Policy. Maps to the map of
138 additionalEvent parameters embedded into the
139 Control Loop Event message from DCAE.
140 ======================================== =============== ===============================================================
144 3.1.4 Summing it up: CBA execute payload generation as done by Policy
145 *********************************************************************
147 Putting all the above information together below is the REST equivalent of the CDS blueprint execute gRPC request
150 REST equivalent of the gRPC request from Policy to CDS to execute a CBA.
155 'http://{{ip}}:{{port}}/api/v1/execution-service/process' \
156 -u 'ccsdkapps:ccsdkapps' \
157 -H 'Content-Type: application/json' \
158 -H 'cache-control: no-cache' \
161 "subRequestId":"{generated_by_policy}",
162 "requestId":"{req_id_from_DCAE}",
163 "originatorId":"POLICY"
165 "actionIdentifiers":{
167 "blueprintName":"{blueprint_name_from_operational_policy_config}",
168 "blueprintVersion":"{blueprint_version_from_operational_policy_config}",
169 "actionName":"{blueprint_action_name_from_operational_policy_config}"
172 "$actionName-request":{
173 "resolution-key":"{generated_by_policy}",
174 "$actionName-properties":{
175 "$aai_node_type.$aai_attribute_1":"",
176 "$aai_node_type.$aai_attribute_2":"",
178 "data":"{static_payload_data_from_operational_policy_config}",
179 "$additionalEventParam_1":"",
180 "$additionalEventParam_2":"",
190 Sample CBA execute request generated by Policy for PNF target type when "data" field is a string:
195 'http://{{ip}}:{{port}}/api/v1/execution-service/process' \
196 -u 'ccsdkapps:ccsdkapps' \
197 -H 'Content-Type: application/json' \
198 -H 'cache-control: no-cache' \
201 "subRequestId":"14384b21-8224-4055-bb9b-0469397db801",
202 "requestId":"d57709fb-bbec-491d-a2a6-8a25c8097ee8",
203 "originatorId":"POLICY"
205 "actionIdentifiers":{
207 "blueprintName":"PNF-demo",
208 "blueprintVersion":"1.0.0",
209 "actionName":"reconfigure-pnf"
212 "reconfigure-pnf-request":{
213 "resolution-key":"8338b828-51ad-4e7c-ac8b-08d6978892e2",
214 "reconfigure-pnf-properties":{
215 "pnf.equip-vendor":"Vendor-A",
216 "pnf.ipaddress-v4-oam":"10.10.10.10",
217 "pnf.in-maint":false,
218 "pnf.pnf-ipv4-address":"3.3.3.3",
219 "pnf.resource-version":"1570746989505",
220 "pnf.nf-role":"ToR DC101",
221 "pnf.equip-type":"Router",
222 "pnf.equip-model":"model-123456",
224 "pnf.pnf-name":"demo-pnf",
225 "data": "peer-as=64577",
226 "peer-group":"demo-peer-group",
227 "neighbor-address":"4.4.4.4"
233 Sample CBA execute request generated by Policy for VNF target type when "data" field is a valid JSON string:
238 'http://{{ip}}:{{port}}/api/v1/execution-service/process' \
239 -u 'ccsdkapps:ccsdkapps' \
240 -H 'Content-Type: application/json' \
241 -H 'cache-control: no-cache' \
244 "subRequestId":"14384b21-8224-4055-bb9b-0469397db801",
245 "requestId":"d57709fb-bbec-491d-a2a6-8a25c8097ee8",
246 "originatorId":"POLICY"
248 "actionIdentifiers":{
250 "blueprintName":"vFW-CDS",
251 "blueprintVersion":"1.0.0",
252 "actionName":"config-deploy"
255 "config-deploy-request":{
256 "resolution-key":"6128eb53-0eac-4c79-855c-ff56a7b81141",
257 "config-deploy-properties":{
258 "service-instance.service-instance-id":"40004db6-c51f-45b0-abab-ea4156bae422",
259 "generic-vnf.vnf-id":"8d09e3bd-ae1d-4765-b26e-4a45f568a092",
268 4. Operational Policy configuration to use CDS as an actor
269 ==========================================================
271 4.1 TOSCA compliant Control Loop Operational Policy to support CDS actor
272 ------------------------------------------------------------------------
274 A common base TOSCA policy type for defining an operational policy is documented below:
276 * https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.Common.yaml;h=fe6f974bb98a90e2e41639621ba35cc853679ee5;hb=HEAD
278 APEX PDP specific operational policy is derived from the common operational TOSCA policy type as defined in the link below:
279 * https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Apex.yaml;h=54b69c2d8a78ab7fd8d41d3f7c05632c4d7e433d;hb=HEAD
281 Drools PDP specific operational policy is also derived from the common operational TOSCA policy type and is defined in the link below:
282 * https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Drools.yaml;h=69d73db5827cb6743172f9e0b1930eca8ba4ec0c;hb=HEAD
284 For integration testing CLAMP UI can be used to configure the Operational Policy.
286 E.g. Sample Operational Policy definition for vFW usecase to use CDS as an actor:
290 tosca_definitions_version: tosca_simple_yaml_1_1_0
293 - operational.modifyconfig.cds:
294 type: onap.policies.controlloop.operational.common.Drools
298 policy-id: operational.modifyconfig.cds
300 id: ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a
303 trigger: unique-policy-id-1-modifyConfig
305 - id: unique-policy-id-1-modifyConfig
306 description: Modify the packet generator
309 operation: ModifyConfig
313 resourceID: bbb3cefd-01c8-413c-9bdd-2b92f9ca3d38
315 artifact_name: vfw-cds
316 artifact_version: 1.0.0
318 data: '{"active-streams":"7"}'
321 success: final_success
322 failure: final_failure
323 failure_timeout: final_failure_timeout
324 failure_retries: final_failure_retries
325 failure_exception: final_failure_exception
326 failure_guard: final_failure_guard
327 controllerName: usecases
329 4.2 API to configure the Control Loop Operational policy
330 --------------------------------------------------------
332 4.2.1 Policy creation
333 *********************
335 Policy API endpoint is used to create policy i.e. an instance of the TOSCA compliant Operational policy type.
336 E.g. For vFW usecase the policy-type is "onap.policies.controlloop.operational.common.Drools".
338 In the below rest endpoint, the hostname points to K8S service "policy-api" and internal port 6969.
342 curl POST 'https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0' \
343 -H 'Accept: application/json' \
344 -H 'Content-Type: application/json' \
345 -u 'healthcheck:zb!XztG34' \
346 -d '{$vfw-tosca-policy}
348 Note: In order to create an operational policy when using APEX PDP use the policy-type:
349 "onap.policies.controlloop.operational.common.Apex".
351 4.2.2 Policy deployment to PDP
352 ******************************
354 Policy PAP endpoint is used in order to deploy the policy to the appropriate PDP instance.
355 In the rest endpoint URI, the hostname points to the service "policy-pap" and internal port 6969.
359 curl POST 'https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps/deployments/batch' \
360 -H 'Content-Type: application/json' \
361 -H 'Accept: application/json' \
362 -u 'healthcheck:zb!XztG34' \
366 "name": "defaultGroup",
367 "deploymentSubgroups": [
372 "name": "operational.modifyconfig.cds",
381 To view the configured policies use the below REST API.
385 curl GET 'https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0' \
386 -H 'Accept: application/json' \
387 -u 'healthcheck:zb!XztG34'
391 curl --location --request GET 'https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps' \
392 -H 'Accept: application/json' \
393 -u 'healthcheck:zb!XztG34'