diff options
author | Lukasz Rajewski <lukasz.rajewski@orange.com> | 2019-09-10 13:30:53 +0200 |
---|---|---|
committer | Marco Platania <platania@research.att.com> | 2019-09-13 16:21:28 +0000 |
commit | d0d957e94bf17d53ae758a9aa6f732dbd78a98ff (patch) | |
tree | bdcd6b8bebca68abd47346e6cc8ab487aa2c4d64 /tutorials/vFWDT/policies | |
parent | 1dfe955fc03f86fe0fea055d624da1338c5830bb (diff) |
vFW DT tutorial improvements
- Improvements in the workflow script to use OSDF request
- policy types added
- policy rules added
- script to upload policies added
Change-Id: I61e2bf3bbb10ca45088e989bbd801ec9ca439ae3
Signed-off-by: Lukasz Rajewski <lukasz.rajewski@orange.com>
Issue-ID: INT-751
Diffstat (limited to 'tutorials/vFWDT/policies')
8 files changed, 370 insertions, 0 deletions
diff --git a/tutorials/vFWDT/policies/rules/QueryPolicy_vFW_TD.json b/tutorials/vFWDT/policies/rules/QueryPolicy_vFW_TD.json new file mode 100644 index 00000000..300ac99d --- /dev/null +++ b/tutorials/vFWDT/policies/rules/QueryPolicy_vFW_TD.json @@ -0,0 +1,32 @@ +{ + "service": "queryPolicy", + "policyName": "OSDF_DUBLIN.QueryPolicy_vFW_TD", + "description": "Query policy for vFW TD", + "templateVersion": "OpenSource.version.1", + "version": "OpenSource.version.1", + "priority": "3", + "riskType": "test", + "riskLevel": "2", + "guard": "False", + "content": { + "queryProperties": [ + {"attribute":"customerLatitude", "attribute_location": "customerLatitude", "value": 1.1}, + {"attribute":"customerLongitude", "attribute_location": "customerLongitude", "value": 2.2}, + {"attribute":"chosen_region", "attribute_location": "chosenRegion"}, + {"attribute":"chosen_customer_id", "attribute_location": "chosenCustomerId"} + ], + "policyScope": [ + "td", + "us", + "vFW-SINK", + "vPGN" + ], + "policyType": "request_param_query", + "serviceName": "vFW_TD", + "identity": "vFW_TD_Query_Policy", + "resources": [ + "vFW-SINK", + "vPGN" + ] + } +} diff --git a/tutorials/vFWDT/policies/rules/affinity_vFW_TD.json b/tutorials/vFWDT/policies/rules/affinity_vFW_TD.json new file mode 100644 index 00000000..590de1c9 --- /dev/null +++ b/tutorials/vFWDT/policies/rules/affinity_vFW_TD.json @@ -0,0 +1,29 @@ +{ + "service": "affinityPolicy", + "policyName": "OSDF_DUBLIN.Affinity_vFW_TD", + "description": "Affinity policy for vPGN Anchor and vFW destination point", + "templateVersion": "OpenSource.version.1", + "version": "OpenSource.version.1", + "priority": "3", + "riskType": "test", + "riskLevel": "2", + "guard": "False", + "content": { + "identity": "affinity_vFW_TD", + "policyScope": [ + "td", + "us", + "vFW-SINK", + "vPGN" + ], + "affinityProperty": { + "qualifier": "same", + "category": "region" + }, + "policyType": "zone", + "resources": [ + "vFW-SINK", + "vPGN" + ] + } +} diff --git a/tutorials/vFWDT/policies/rules/uploadPolicies.sh b/tutorials/vFWDT/policies/rules/uploadPolicies.sh new file mode 100755 index 00000000..3200ba94 --- /dev/null +++ b/tutorials/vFWDT/policies/rules/uploadPolicies.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +`./yq > /dev/null 2>&1` + +if [ $? -ne 0 ]; then + echo "Install yq" + wget -cO yq https://github.com/mikefarah/yq/releases/download/2.4.0/yq_linux_amd64 + chmod 755 yq +fi + +`jo -p n=1 > /dev/null 2>&1` + +if [ $? -ne 0 ]; then + echo "Install jo" + sudo add-apt-repository -y ppa:duggan/jo + sudo apt update + sudo apt install jo -y +fi + +echo "Uploading policies" + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +PDP=`kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' | grep policy-pdp` + +echo $PDP +CMD='createPolicy' +MODE=$1 + +if [[ $MODE == "U" ]]; then + CMD='updatePolicy' +fi + +echo $CMD +SCRIPT="dt-policies.sh" +echo "#!/bin/bash" > $SCRIPT + +for f in $DIR/*.json; do + NAME=`./yq r $f policyName` + SCOPE="$(cut -d'.' -f1 <<< $NAME )" + RULE=`cat $f` + BODY="\"$RULE\"" + echo "Processing $NAME rule.."; + echo "echo \"$NAME Policy\"" >> $SCRIPT + BODY=`jo -p configBody="$BODY" -p policyName=$NAME -p policyConfigType=MicroService -p onapName=SampleDemo -p policyScope=$SCOPE` + LINK="curl -k -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '$BODY' 'https://localhost:8081/pdp/api/$CMD'" + LINK="${LINK/\"\\\"{\\n/\"{}" + LINK="${LINK/\\\"\"/\"}" + LINK="${LINK//\\n/ }" + echo "$LINK" >> $SCRIPT + BODY=`jo -p policyType=MicroService -p pdpGroup=default -p policyName=$NAME` + LINK="curl -k -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '$BODY' 'https://localhost:8081/pdp/api/pushPolicy'" + echo "$LINK" >> $SCRIPT +done + +`kubectl cp $SCRIPT onap/$PDP:/tmp/policy-install` +`kubectl exec $PDP -- chmod 755 $SCRIPT` +`kubectl exec $PDP -- ./$SCRIPT` + diff --git a/tutorials/vFWDT/policies/rules/vnfPolicy_vFW_TD.json b/tutorials/vFWDT/policies/rules/vnfPolicy_vFW_TD.json new file mode 100644 index 00000000..8df45e33 --- /dev/null +++ b/tutorials/vFWDT/policies/rules/vnfPolicy_vFW_TD.json @@ -0,0 +1,41 @@ +{ + "service": "vnfPolicy", + "policyName": "OSDF_DUBLIN.vnfPolicy_vFW_TD", + "description": "vnfPolicy", + "templateVersion": "OpenSource.version.1", + "version": "OpenSource.version.1", + "priority": "6", + "riskType": "test", + "riskLevel": "3", + "guard": "False", + "content": { + "identity": "vnf_vFW_TD", + "policyScope": [ + "td", + "us", + "vFW-SINK" + ], + "policyType": "vnfPolicy", + "resources": ["vFW-SINK"], + "applicableResources": "any", + "vnfProperties": [{ + "inventoryProvider": "aai", + "serviceType": "", + "inventoryType": "vfmodule", + "customerId": { + "get_param": "chosen_customer_id" + }, + "equipmentRole": "", + "attributes": { + "orchestrationStatus": ["active"], + "provStatus": "ACTIVE", + "cloudRegionId": { + "get_param": "chosen_region" + }, + "service_instance_id": { + "get_param": "service_id" + } + } + }] + } +} diff --git a/tutorials/vFWDT/policies/rules/vnfPolicy_vPGN_TD.json b/tutorials/vFWDT/policies/rules/vnfPolicy_vPGN_TD.json new file mode 100644 index 00000000..452fdb63 --- /dev/null +++ b/tutorials/vFWDT/policies/rules/vnfPolicy_vPGN_TD.json @@ -0,0 +1,41 @@ +{ + "service": "vnfPolicy", + "policyName": "OSDF_DUBLIN.vnfPolicy_vPGN_TD", + "description": "vnfPolicy", + "templateVersion": "OpenSource.version.1", + "version": "OpenSource.version.1", + "priority": "6", + "riskType": "test", + "riskLevel": "3", + "guard": "False", + "content": { + "identity": "vnf_vPGN_TD", + "policyScope": [ + "td", + "us", + "vPGN" + ], + "policyType": "vnfPolicy", + "resources": ["vPGN"], + "applicableResources": "any", + "vnfProperties": [{ + "inventoryProvider": "aai", + "serviceType": "", + "inventoryType": "vfmodule", + "customerId": { + "get_param": "chosen_customer_id" + }, + "equipmentRole": "", + "attributes": { + "orchestrationStatus": ["active"], + "provStatus": "ACTIVE", + "cloudRegionId": { + "get_param": "chosen_region" + }, + "service_instance_id": { + "get_param": "service_id" + } + } + }] + } +} diff --git a/tutorials/vFWDT/policies/types/affinityPolicy-v20181031.yml b/tutorials/vFWDT/policies/types/affinityPolicy-v20181031.yml new file mode 100644 index 00000000..89a3e9d5 --- /dev/null +++ b/tutorials/vFWDT/policies/types/affinityPolicy-v20181031.yml @@ -0,0 +1,58 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +node_types: + policy.nodes.affinityPolicy: + derived_from: policy.nodes.Root + properties: + policyScope: + type: list + description: scope where the policy is applicable + required: true + matchable: true + entry_schema: + type: string + policyType: + type: list + description: type of a policy + required: true + matchable: true + entry_schema: + type: string + consraints: + - valid_values: + - zone + identity: + type: string + required: true + applicableResources: + type: list + required: true + entry_schema: + type: string + constraints: + - valid_values: + - any + - all + affinityProperties: + type: policy.data.affinityProperties_properties + required: true + resources: + type: list + required: true + entry_schema: + type: string +data_types: + policy.data.affinityProperties_properties: + derived_from: tosca.nodes.Root + properties: + qualifier: + type: list + required: true + entry_schema: + type: string + constraints: + - valid_values: + - same + - different + category: + type: string + required: true diff --git a/tutorials/vFWDT/policies/types/queryPolicy-v20181031.yml b/tutorials/vFWDT/policies/types/queryPolicy-v20181031.yml new file mode 100644 index 00000000..09824db9 --- /dev/null +++ b/tutorials/vFWDT/policies/types/queryPolicy-v20181031.yml @@ -0,0 +1,43 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +node_types: + policy.nodes.queryPolicy: + derived_from: policy.nodes.Root + properties: + policyScope: + type: list + description: scope where the policy is applicable + required: true + matchable: true + entry_schema: + type: string + policyType: + type: list + description: type of a policy + required: true + matchable: true + entry_schema: + type: string + consraints: + - valid_values: + - request_param_query + identity: + type: string + required: true + queryProperties: + type: list + required: true + entry_schema: + type:policy.data.queryProperties_properties +data_types: + policy.data.queryProperties_properties: + derived_from: tosca.nodes.Root + properties: + attribute: + type: string + required: true + value: + type: string + required: true + attribute_location: + type: string + required: true diff --git a/tutorials/vFWDT/policies/types/vnfPolicy-v20181031.yml b/tutorials/vFWDT/policies/types/vnfPolicy-v20181031.yml new file mode 100644 index 00000000..4ce3b9fb --- /dev/null +++ b/tutorials/vFWDT/policies/types/vnfPolicy-v20181031.yml @@ -0,0 +1,68 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +node_types: + policy.nodes.vnfPolicy: + derived_from: policy.nodes.Root + properties: + policyScope: + type: list + description: scope where the policy is applicable + required: true + matchable: true + entry_schema: + type: string + policyType: + type: list + description: type of a policy + required: true + matchable: true + entry_schema: + type: string + consraints: + - valid_values: + - vnfPolicy + identity: + type: string + required: true + resources: + type: list + required: true + entry_schema: + type: string + applicableResources: + type: list + required: true + entry_schema: + type: string + constraints: + - valid_values: + - any + - all + vnfProperties: + type: list + required: true + entry_schema: + type:policy.data.vnfProperties_properties +data_types: + policy.data.vnfProperties_properties: + derived_from: tosca.nodes.Root + properties: + inventoryProvider: + type: string + required: true + serviceType: + type: string + required: true + inventoryType: + type: list + required: true + entry_schema: + type: string + constraints: + - valid_values: + - serviceInstanceId + - vnfName + - cloudRegionId + - vimId + customerId: + type: string + required: true |