From 9a4d3c5b8dc9c7697275cab38ee45b014dff9e55 Mon Sep 17 00:00:00 2001 From: Alex Shatov Date: Mon, 1 Apr 2019 11:32:06 -0400 Subject: 5.0.0 policy-handler - new PDP API or old PDP API - in R4 Dublin the policy-engine introduced a totally new API - policy-handler now has a startup option to either use the new PDP API or the old PDP API that was created-updated before the end of 2018 - see README.md and README_pdp_api_v0.md for instructions on how to setup the policy-handler running either with the new PDP API or the old (pdp_api_v0) PDP API - this is a massive refactoring that changed almost all the source files, but kept the old logic when using the old (pdp_api_v0) PDP API - all the code related to PDP API version is split into two subfolders = pdp_api/ contains the new PDP API source code = pdp_api_v0/ contains the old (2018) PDP API source code = pdp_client.py imports from either pdp_api or pdp_api_v0 = the rest of the code is only affected when it needs to branch the logic - logging to policy_handler.log now shows the path of the source file to allow tracing which PDP API is actually used - when the new PDP API is used, the policy-update flow is disabled = passive mode of operation = no web-socket = no periodic catch_up = no policy-filters = reduced web-API - only a single /policy_latest endpoint is available /policies_latest returns 404 /catch_up request is accepted, but ignored - on new PDP API: http /policy_latest returns the new data from the new PDP API with the following fields added by the policy-handler to keep other policy related parts intact in R4 (see pdp_api/policy_utils.py) = "policyName" = policy_id + "." + "policyVersion" + ".xml" = "policyVersion" = str("metadata"."policy-version") = "config" - is the renamed "properties" from the new PDP API response - unit tests are split into two subfolders as well = main/ for the new PDP API testing = pdp_api_v0/ for the old (2018) PDP API - removed the following line from the license text of changed files ECOMP is a trademark and service mark of AT&T Intellectual Property. - the new PDP API is expected to be extended and redesigned in R5 El Alto - on retiring the old PDP API - the intention is to be able to remove the pdp_api_v0/ subfolder and minimal related cleanup of the code that imports that as well as the cleanup of the config.py, etc. Change-Id: Ief9a2ae4541300308caaf97377f4ed051535dbe4 Signed-off-by: Alex Shatov Issue-ID: DCAEGEN2-1128 --- policyhandler/pdp_api/__init__.py | 30 +++++ policyhandler/pdp_api/pdp_consts.py | 35 +++++ policyhandler/pdp_api/policy_listener.py | 55 ++++++++ policyhandler/pdp_api/policy_matcher.py | 25 ++++ policyhandler/pdp_api/policy_rest.py | 215 +++++++++++++++++++++++++++++++ policyhandler/pdp_api/policy_updates.py | 49 +++++++ policyhandler/pdp_api/policy_utils.py | 123 ++++++++++++++++++ 7 files changed, 532 insertions(+) create mode 100644 policyhandler/pdp_api/__init__.py create mode 100644 policyhandler/pdp_api/pdp_consts.py create mode 100644 policyhandler/pdp_api/policy_listener.py create mode 100644 policyhandler/pdp_api/policy_matcher.py create mode 100644 policyhandler/pdp_api/policy_rest.py create mode 100644 policyhandler/pdp_api/policy_updates.py create mode 100644 policyhandler/pdp_api/policy_utils.py (limited to 'policyhandler/pdp_api') diff --git a/policyhandler/pdp_api/__init__.py b/policyhandler/pdp_api/__init__.py new file mode 100644 index 0000000..4d009ed --- /dev/null +++ b/policyhandler/pdp_api/__init__.py @@ -0,0 +1,30 @@ +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +"""2019 http api to policy-engine https://:/decision/v1/ POST""" + +from .policy_matcher import PolicyMatcher +from .policy_rest import PolicyRest +from .policy_listener import PolicyListener +from .policy_updates import PolicyUpdates + +def get_pdp_api_info(): + """info on which version of pdp api is in effect""" + return ("folders: PolicyMatcher({}), PolicyRest({}), PolicyListener({}), PolicyUpdates({})" + .format(PolicyMatcher.PDP_API_FOLDER, PolicyRest.PDP_API_FOLDER, + PolicyListener.PDP_API_FOLDER, PolicyUpdates.PDP_API_FOLDER + )) diff --git a/policyhandler/pdp_api/pdp_consts.py b/policyhandler/pdp_api/pdp_consts.py new file mode 100644 index 0000000..2337456 --- /dev/null +++ b/policyhandler/pdp_api/pdp_consts.py @@ -0,0 +1,35 @@ +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +"""contants of PDP""" + +# fields from pdp API 2018 +POLICY_NAME = "policyName" +POLICY_VERSION = "policyVersion" +POLICY_CONFIG = 'config' + +# fields from pdp API 2019 +PDP_POLICIES = 'policies' +PDP_PROPERTIES = 'properties' +PDP_METADATA = 'metadata' +PDP_POLICY_ID = 'policy-id' +PDP_POLICY_VERSION = 'policy-version' + +# req to PDP +PDP_REQ_ONAP_NAME = "ONAPName" # always "DCAE" +PDP_REQ_ONAP_COMPONENT = "ONAPComponent" +PDP_REQ_ONAP_INSTANCE = "ONAPInstance" +PDP_REQ_RESOURCE = "resource" diff --git a/policyhandler/pdp_api/policy_listener.py b/policyhandler/pdp_api/policy_listener.py new file mode 100644 index 0000000..9fa4695 --- /dev/null +++ b/policyhandler/pdp_api/policy_listener.py @@ -0,0 +1,55 @@ +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +""" +policy-listener communicates with policy-engine +to receive push notifications +on updates and removal of policies. + +on receiving the policy-notifications, the policy-receiver +passes the notifications to policy-updater +""" + +import os + +from ..utils import ToBeImplementedException, Utils + +_LOGGER = Utils.get_logger(__file__) + +class PolicyListener(object): + """listener to PolicyEngine""" + PDP_API_FOLDER = os.path.basename(os.path.dirname(os.path.realpath(__file__))) + + def __init__(self, *_): + """listener to receive the policy notifications from PolicyEngine""" + _LOGGER.info("to_be_implemented") + raise ToBeImplementedException() + + def reconfigure(self, _): + """configure and reconfigure the listener""" + _LOGGER.info("to_be_implemented") + raise ToBeImplementedException() + + def run(self): + """listen on web-socket and pass the policy notifications to policy-updater""" + _LOGGER.info("to_be_implemented") + raise ToBeImplementedException() + + def shutdown(self, _): + """Shutdown the policy-listener""" + _LOGGER.info("to_be_implemented") + raise ToBeImplementedException() diff --git a/policyhandler/pdp_api/policy_matcher.py b/policyhandler/pdp_api/policy_matcher.py new file mode 100644 index 0000000..57258c3 --- /dev/null +++ b/policyhandler/pdp_api/policy_matcher.py @@ -0,0 +1,25 @@ +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +"""policy-matcher matches the policies from deployment-handler to policies from policy-engine""" + +import os + + +class PolicyMatcher(object): + """policy-matcher - static class""" + PDP_API_FOLDER = os.path.basename(os.path.dirname(os.path.realpath(__file__))) diff --git a/policyhandler/pdp_api/policy_rest.py b/policyhandler/pdp_api/policy_rest.py new file mode 100644 index 0000000..14d9296 --- /dev/null +++ b/policyhandler/pdp_api/policy_rest.py @@ -0,0 +1,215 @@ +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +"""policy-client communicates with policy-engine thru REST API""" + +import copy +import json +import os +import urllib.parse +from threading import Lock + +import requests + +from ..config import Config, Settings +from ..onap.audit import (REQUEST_X_ECOMP_REQUESTID, AuditHttpCode, + AuditResponseCode, Metrics) +from ..utils import Utils +from .pdp_consts import PDP_POLICIES +from .policy_utils import PolicyUtils + +_LOGGER = Utils.get_logger(__file__) + +class PolicyRest(object): + """using the http API to policy-engine""" + PDP_API_FOLDER = os.path.basename(os.path.dirname(os.path.realpath(__file__))) + _lazy_inited = False + DEFAULT_TIMEOUT_IN_SECS = 60 + + _lock = Lock() + _settings = Settings(Config.FIELD_POLICY_ENGINE, Config.POOL_CONNECTIONS) + + _target_entity = None + _requests_session = None + _url = None + _url_pdp_decision = None + _headers = None + _custom_kwargs = {} + _timeout_in_secs = DEFAULT_TIMEOUT_IN_SECS + + @staticmethod + def _init(): + """init static config""" + PolicyRest._custom_kwargs = {} + tls_ca_mode = None + + if not PolicyRest._requests_session: + PolicyRest._requests_session = requests.Session() + + changed, pool_size = PolicyRest._settings.get_by_key(Config.POOL_CONNECTIONS, 20) + if changed: + PolicyRest._requests_session.mount( + 'https://', requests.adapters.HTTPAdapter(pool_connections=pool_size, + pool_maxsize=pool_size)) + PolicyRest._requests_session.mount( + 'http://', requests.adapters.HTTPAdapter(pool_connections=pool_size, + pool_maxsize=pool_size)) + + _, config = PolicyRest._settings.get_by_key(Config.FIELD_POLICY_ENGINE) + if config: + PolicyRest._url = config.get("url") + if PolicyRest._url: + PolicyRest._url_pdp_decision = urllib.parse.urljoin( + PolicyRest._url, config.get("path_decision", "/decision/v1/")) + PolicyRest._headers = config.get("headers", {}) + PolicyRest._target_entity = config.get("target_entity", Config.FIELD_POLICY_ENGINE) + + tls_ca_mode = config.get(Config.TLS_CA_MODE) + PolicyRest._custom_kwargs = Config.get_requests_kwargs(tls_ca_mode) + PolicyRest._timeout_in_secs = config.get(Config.TIMEOUT_IN_SECS) + if not PolicyRest._timeout_in_secs or PolicyRest._timeout_in_secs < 1: + PolicyRest._timeout_in_secs = PolicyRest.DEFAULT_TIMEOUT_IN_SECS + + _LOGGER.info( + "PDP(%s) url(%s) headers(%s) tls_ca_mode(%s) timeout_in_secs(%s) custom_kwargs(%s): %s", + PolicyRest._target_entity, PolicyRest._url_pdp_decision, + Metrics.json_dumps(PolicyRest._headers), tls_ca_mode, + PolicyRest._timeout_in_secs, json.dumps(PolicyRest._custom_kwargs), + PolicyRest._settings) + + PolicyRest._settings.commit_change() + PolicyRest._lazy_inited = True + + @staticmethod + def reconfigure(): + """reconfigure""" + with PolicyRest._lock: + PolicyRest._settings.set_config(Config.discovered_config) + if not PolicyRest._settings.is_changed(): + PolicyRest._settings.commit_change() + return False + + PolicyRest._lazy_inited = False + PolicyRest._init() + return True + + @staticmethod + def _lazy_init(): + """init static config""" + if PolicyRest._lazy_inited: + return + + with PolicyRest._lock: + if PolicyRest._lazy_inited: + return + + PolicyRest._settings.set_config(Config.discovered_config) + PolicyRest._init() + + @staticmethod + def _pdp_get_decision(audit, pdp_req): + """Communication with the policy-engine""" + if not PolicyRest._url: + _LOGGER.error( + audit.error("no url for PDP", error_code=AuditResponseCode.AVAILABILITY_ERROR)) + audit.set_http_status_code(AuditHttpCode.SERVER_INTERNAL_ERROR.value) + return None + + with PolicyRest._lock: + session = PolicyRest._requests_session + target_entity = PolicyRest._target_entity + url = PolicyRest._url_pdp_decision + timeout_in_secs = PolicyRest._timeout_in_secs + headers = copy.deepcopy(PolicyRest._headers) + custom_kwargs = copy.deepcopy(PolicyRest._custom_kwargs) + + metrics = Metrics(aud_parent=audit, targetEntity=target_entity, targetServiceName=url) + + headers[REQUEST_X_ECOMP_REQUESTID] = metrics.request_id + + log_action = "post to {} at {}".format(target_entity, url) + log_data = "msg={} headers={}, custom_kwargs({}) timeout_in_secs({})".format( + json.dumps(pdp_req), Metrics.json_dumps(headers), json.dumps(custom_kwargs), + timeout_in_secs) + log_line = log_action + " " + log_data + + _LOGGER.info(metrics.metrics_start(log_line)) + + res = None + try: + res = session.post(url, json=pdp_req, headers=headers, timeout=timeout_in_secs, + **custom_kwargs) + except Exception as ex: + error_code = (AuditHttpCode.SERVICE_UNAVAILABLE_ERROR.value + if isinstance(ex, requests.exceptions.RequestException) + else AuditHttpCode.SERVER_INTERNAL_ERROR.value) + error_msg = ("failed {}: {} to {}".format(type(ex).__name__, str(ex), log_line)) + + _LOGGER.exception(error_msg) + metrics.set_http_status_code(error_code) + audit.set_http_status_code(error_code) + metrics.metrics(error_msg) + return None + + log_line = "response {} from {}: text={} headers={}".format( + res.status_code, log_line, res.text, + Metrics.json_dumps(dict(res.request.headers.items()))) + + _LOGGER.info(log_line) + metrics.set_http_status_code(res.status_code) + audit.set_http_status_code(res.status_code) + metrics.metrics(log_line) + + policy_bodies = None + if res.status_code == requests.codes.ok: + policy_bodies = res.json().get(PDP_POLICIES) + + return policy_bodies + + @staticmethod + def get_latest_policy(aud_policy_id): + """safely try retrieving the latest policy for the policy_id from the policy-engine""" + audit, policy_id, _, _ = aud_policy_id + try: + PolicyRest._lazy_init() + + pdp_req = PolicyUtils.gen_req_to_pdp(policy_id) + policy_bodies = PolicyRest._pdp_get_decision(audit, pdp_req) + + log_line = "looking for policy_id({}) in policy_bodies: {}".format( + policy_id, json.dumps(policy_bodies)) + _LOGGER.info(log_line) + + latest_policy = None + if policy_bodies and policy_id in policy_bodies: + latest_policy = PolicyUtils.convert_to_policy(policy_bodies[policy_id]) + + if not PolicyUtils.validate_policy(latest_policy): + audit.set_http_status_code(AuditHttpCode.DATA_NOT_FOUND_OK.value) + _LOGGER.error(audit.error( + "received invalid policy from PDP: {}".format(json.dumps(latest_policy)), + error_code=AuditResponseCode.DATA_ERROR)) + + return latest_policy + except Exception as ex: + error_msg = ("{}: get_latest_policy({}) crash {}: {}" + .format(audit.request_id, policy_id, type(ex).__name__, str(ex))) + + _LOGGER.exception(error_msg) + audit.fatal(error_msg, error_code=AuditResponseCode.BUSINESS_PROCESS_ERROR) + audit.set_http_status_code(AuditHttpCode.SERVER_INTERNAL_ERROR.value) + return None diff --git a/policyhandler/pdp_api/policy_updates.py b/policyhandler/pdp_api/policy_updates.py new file mode 100644 index 0000000..eb3c3d1 --- /dev/null +++ b/policyhandler/pdp_api/policy_updates.py @@ -0,0 +1,49 @@ +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +"""policy-updates accumulates the policy-update notifications from PDP""" + +import os + +from ..utils import Utils, ToBeImplementedException + + +_LOGGER = Utils.get_logger(__file__) + +class PolicyUpdates(object): + """Keep and consolidate the policy-updates (audit, policies_updated, policies_removed)""" + PDP_API_FOLDER = os.path.basename(os.path.dirname(os.path.realpath(__file__))) + + def __init__(self): + """init and reset""" + + def reset(self): + """resets the state""" + self.__init__() + + def pop_policy_updates(self): + """ + Returns the consolidated (audit, policies_updated, policies_removed) + and resets the state + """ + _LOGGER.info("to_be_implemented") + return None, None, None + + def push_policy_updates(self, *_): + """consolidate the new policies_updated, policies_removed to existing ones""" + _LOGGER.info("to_be_implemented") + raise ToBeImplementedException() diff --git a/policyhandler/pdp_api/policy_utils.py b/policyhandler/pdp_api/policy_utils.py new file mode 100644 index 0000000..1d06d14 --- /dev/null +++ b/policyhandler/pdp_api/policy_utils.py @@ -0,0 +1,123 @@ +# ================================================================================ +# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +"""utils for policy usage and conversions""" + +from ..onap.audit import Audit +from ..policy_consts import POLICY_BODY, POLICY_ID +from .pdp_consts import (PDP_METADATA, PDP_POLICY_ID, + PDP_POLICY_VERSION, PDP_PROPERTIES, + PDP_REQ_ONAP_COMPONENT, PDP_REQ_ONAP_INSTANCE, + PDP_REQ_ONAP_NAME, PDP_REQ_RESOURCE, POLICY_CONFIG, + POLICY_NAME, POLICY_VERSION) + + +class PolicyUtils(object): + """policy-client utils""" + + @staticmethod + def gen_req_to_pdp(policy_id): + """request to get a single policy from pdp by policy_id""" + return { + PDP_REQ_ONAP_NAME: "DCAE", + PDP_REQ_ONAP_COMPONENT: Audit.service_name, + PDP_REQ_ONAP_INSTANCE: Audit.SERVICE_INSTANCE_UUID, + "action": "configure", + PDP_REQ_RESOURCE: {PDP_POLICY_ID: [policy_id]} + } + + @staticmethod + def convert_to_policy(policy_body): + """ + set policy id, name, version, config=properties and + wrap policy_body received from policy-engine with policy_id + + input: + { + "type": "onap.policies.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.scaleout.tca", + "policy-version": 1, + "description": "The scaleout policy for vDNS" + }, + "properties": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "vLoadBalancer", + "controlLoopSchemaType": "VNF", + "policyScope": "type=configuration" + } + ] + } + } + } + + output: + { + "policy_id": "onap.scaleout.tca", + "policy_body": { + "policyName": "onap.scaleout.tca.1.xml", + "policyVersion": 1, + "type": "onap.policies.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.scaleout.tca", + "policy-version": 1, + "description": "The scaleout policy for vDNS" + }, + "config": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "vLoadBalancer", + "controlLoopSchemaType": "VNF", + "policyScope": "type=configuration" + } + ] + } + } + } + } + """ + if not policy_body or not policy_body.get(PDP_PROPERTIES): + return None + + pdp_metadata = policy_body.get(PDP_METADATA, {}) + policy_id = pdp_metadata.get(PDP_POLICY_ID) + policy_version = pdp_metadata.get(PDP_POLICY_VERSION) + if not policy_id or not policy_version: + return None + + policy_body[POLICY_NAME] = "{}.{}.xml".format(policy_id, policy_version) + policy_body[POLICY_VERSION] = str(policy_version) + policy_body[POLICY_CONFIG] = policy_body[PDP_PROPERTIES] + del policy_body[PDP_PROPERTIES] + + return {POLICY_ID:policy_id, POLICY_BODY:policy_body} + + @staticmethod + def validate_policy(policy): + """validate have non-empty config in policy""" + if not policy: + return False + + policy_body = policy.get(POLICY_BODY) + return bool(policy_body and policy_body.get(POLICY_CONFIG)) -- cgit 1.2.3-korg