diff options
Diffstat (limited to 'docs/design')
-rw-r--r-- | docs/design/InternalPapPdp.rst | 428 |
1 files changed, 0 insertions, 428 deletions
diff --git a/docs/design/InternalPapPdp.rst b/docs/design/InternalPapPdp.rst deleted file mode 100644 index 998514af..00000000 --- a/docs/design/InternalPapPdp.rst +++ /dev/null @@ -1,428 +0,0 @@ -.. This work is licensed under a -.. Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 - -.. _pap-pdp-label: - -The Internal Policy Framework PAP-PDP API -######################################### - -.. contents:: - :depth: 3 - -This page describes the API between the PAP and PDPs. The APIs in this section are implemented using `DMaaP -API <https://wiki.onap.org/display/DW/DMaaP+API>`__ messaging. The APIs in this section are used for internal -communication in the Policy Framework. The APIs are NOT supported for use by components outside the Policy Framework and -are subject to revision and change at any time. - -There are four messages on the API: - -1. PDP_STATUS: PDP→PAP, used by PDPs to report to the PAP - -2. PDP_UPDATE: PAP→PDP, used by the PAP to update the policies running on PDPs, triggers a PDP_STATUS message with - the result of the PDP_UPDATE operation - -3. PDP_STATE_CHANGE: PAP→PDP, used by the PAP to change the state of PDPs, triggers a PDP_STATUS message with the result - of the PDP_STATE_CHANGE operation - -4. PDP_HEALTH_CHECK: PAP→PDP, used by the PAP to order a health check on PDPs, triggers a PDP_STATUS message with the - result of the PDP_HEALTH_CHECK operation - -The fields in the table below are valid on API calls: - -=============================== ======== ======== ======== ======= ===================================================== -**Field** **PDP **PDP **PDP **PDP **Comment** - STATUS** UPDATE** STATE HEALTH - CHANGE** CHECK** -=============================== ======== ======== ======== ======= ===================================================== -(message_name) M M M M pdp_status, pdp_update, pdp_state_change, or - pdp_health_check -name M M C C The name of the PDP, for state changes and health - checks, the PDP group and subgroup can be used to - specify the scope of the operation -version M N/A N/A N/A The version of the PDP -pdp_type M M N/A N/A The type of the PDP, currently xacml, drools, or apex -state M N/A M N/A The administrative state of the PDP group: PASSIVE, - SAFE, TEST, ACTIVE, or TERMINATED -healthy M N/A N/A N/A The result of the latest health check on the PDP: - HEALTHY/NOT_HEALTHY/TEST_IN_PROGRESS -description O O N/A N/A The description of the PDP -pdp_group O M C C The PDP group to which the PDP belongs, the PDP group - and subgroup can be used to specify the scope of the - operation -pdp_subgroup O M C C The PDP subgroup to which the PDP belongs, the PDP - group and subgroup can be used to specify the scope - of the operation -supported_policy_types M N/A N/A N/A A list of the policy types supported by the PDP -policies O M N/A N/A The list of policies running on the PDP -->(name) O M N/A N/A The name of a TOSCA policy running on the PDP -->policy_type O M N/A N/A The TOSCA policy type of the policyWhen a PDP starts, - it commences periodic sending of *PDP_STATUS* - messages on DMaaP. The PAP receives these messages - and acts in whatever manner is appropriate. -->policy_type_version O M N/A N/A The version of the TOSCA policy type of the policy -->properties O M N/A N/A The properties of the policy for the XACML, Drools, - or APEX PDP for details -instance M N/A N/A N/A The instance ID of the PDP running in a Kuberenetes - Pod -deployment_instance_info M N/A N/A N/A Information on the node running the PDP -properties O O N/A N/A Other properties specific to the PDP -statistics M N/A N/A N/A Statistics on policy execution in the PDP -->policy_download_count M N/A N/A N/A The number of policies downloaded into the PDP -->policy_download_success_count M N/A N/A N/A The number of policies successfully downloaded into - the PDP -->policy_download_fail_count M N/A N/A N/A The number of policies downloaded into the PDP where - the download failed -->policy_executed_count M N/A N/A N/A The number of policy executions on the PDP -->policy_executed_success_count M N/A N/A N/A The number of policy executions on the PDP that - completed successfully -->policy_executed_fail_count M N/A N/A N/A The number of policy executions on the PDP that - failed -response O N/A N/A N/A The response to the last operation that the PAP - executed on the PDP -->response_to M N/A N/A N/A The PAP to PDP message to which this is a response -->response_status M N/A N/A N/A SUCCESS or FAIL -->response_message O N/A N/A N/A Message giving further information on the successful - or failed operation -=============================== ======== ======== ======== ======= ===================================================== - -YAML is used for illustrative purposes in the examples in this section. JSON (application/json) is used as the content -type in the implementation of this API. - -1 PAP API for PDPs -================== -The purpose of this API is for PDPs to provide heartbeat, status, health, and statistical information to Policy -Administration. There is a single *PDP_STATUS* message on this API. PDPs send this message to the PAP using the -*POLICY_PDP_PAP* DMaaP topic. The PAP listens on this topic for messages. - -When a PDP starts, it commences periodic sending of *PDP_STATUS* messages on DMaaP. The PAP receives these messages and -acts in whatever manner is appropriate. *PDP_UPDATE*, *PDP_STATE_CHANGE*, and *PDP_HEALTH_CHECK* operations trigger a -*PDP_STATUS* message as a response. - -The *PDP_STATUS* message is used for PDP heartbeat monitoring. A PDP sends a *PDP_STATUS* message with a state of -*TERMINATED* when it terminates normally. If a *PDP_STATUS* message is not received from a PDP periodically or in -response to a pdp_update, pdp-state_change, or pdp_health_check message in a certain configurable time, then the PAP -assumes the PDP has failed. - -A PDP may be preconfigured with its PDP group, PDP subgroup, and policies. If the PDP group, subgroup, or any policy -sent to the PAP in a *PDP_STATUS* message is unknown to the PAP, the PAP locks the PDP in state PASSIVE. - -.. code-block:: yaml - :caption: PDP_STATUS message from an XACML PDP running control loop policies - :linenos: - - pdp_status: - name: xacml_1 - version: 1.2.3 - pdp_type: xacml - state: active - healthy: true - description: XACML PDP running control loop policies - pdp_group: onap.pdpgroup.controlloop.operational - pdp_subgroup: xacml - supported_policy_types: - - onap.policies.controlloop.guard.FrequencyLimiter - - onap.policies.controlloop.guard.BlackList - - onap.policies.controlloop.guard.MinMax - policies: - - onap.policies.controlloop.guard.frequencylimiter.EastRegion: - policy_type: onap.policies.controlloop.guard.FrequencyLimiter - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - - onap.policies.controlloop.guard.blacklist.eastRegion: - policy_type: onap.policies.controlloop.guard.BlackList - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - - onap.policies.controlloop.guard.minmax.eastRegion: - policy_type: onap.policies.controlloop.guard.MinMax - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - instance: xacml_1 - deployment_instance_info: - node_address: xacml_1_pod - # Other deployment instance info - statistics: - policy_download_count: 0 - policy_download_success_count: 0 - policy_download_fail_count: 0 - policy_executed_count: 123 - policy_executed_success_count: 122 - policy_executed_fail_count: 1 - -.. code-block:: yaml - :caption: PDP_STATUS message from a Drools PDP running control loop policies - :linenos: - - pdp_status: - name: drools_2 - version: 2.3.4 - pdp_type: drools - state: safe - healthy: true - description: Drools PDP running control loop policies - pdp_group: onap.pdpgroup.controlloop.operational - pdp_subgroup: drools - supported_policy_types: - - onap.controllloop.operational.drools.vCPE - - onap.controllloop.operational.drools.vFW - policies: - - onap.controllloop.operational.drools.vcpe.EastRegion: - policy_type: onap.controllloop.operational.drools.vCPE - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - - onap.controllloop.operational.drools.vfw.EastRegion: - policy_type: onap.controllloop.operational.drools.vFW - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - instance: drools_2 - deployment_instance_info: - node_address: drools_2_pod - # Other deployment instance info - statistics: - policy_download_count: 3 - policy_download_success_count: 3 - policy_download_fail_count: 0 - policy_executed_count: 123 - policy_executed_success_count: 122 - policy_executed_fail_count: 1 - response: - response_to: PDP_HEALTH_CHECK - response_status: SUCCESS - -.. code-block:: yaml - :caption: PDP_STATUS message from an APEX PDP running control loop policies - :linenos: - - pdp_status: - name: drools_2 - version: 2.3.4 - pdp_type: drools - state: safe - healthy: true - description: Drools PDP running control loop policies - pdp_group: onap.pdpgroup.controlloop.operational - pdp_subgroup: drools - supported_policy_types: - - onap.controllloop.operational.drools.vCPE - - onap.controllloop.operational.drools.vFW - policies: - - onap.controllloop.operational.drools.vcpe.EastRegion: - policy_type: onap.controllloop.operational.drools.vCPE - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - - onap.controllloop.operational.drools.vfw.EastRegion: - policy_type: onap.controllloop.operational.drools.vFW - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - instance: drools_2 - deployment_instance_info: - node_address: drools_2_pod - # Other deployment instance info - statistics: - policy_download_count: 3 - policy_download_success_count: 3 - policy_download_fail_count: 0 - policy_executed_count: 123 - policy_executed_success_count: 122 - policy_executed_fail_count: 1 - response: - response_to: PDP_HEALTH_CHECK - response_status: SUCCESS - -.. code-block:: yaml - :caption: PDP_STATUS message from an XACML PDP running monitoring policies - :linenos: - - pdp_status: - name: xacml_1 - version: 1.2.3 - pdp_type: xacml - state: active - healthy: true - description: XACML PDP running monitoring policies - pdp_group: onap.pdpgroup.Monitoring - pdp_subgroup: xacml - supported_policy_types: - - onap.monitoring.cdap.tca.hi.lo.app - policies: - - onap.scaleout.tca:message - policy_type: onap.policies.monitoring.cdap.tca.hi.lo.app - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - instance: xacml_1 - deployment_instance_info: - node_address: xacml_1_pod - # Other deployment instance info - statistics: - policy_download_count: 0 - policy_download_success_count: 0 - policy_download_fail_count: 0 - policy_executed_count: 123 - policy_executed_success_count: 122 - policy_executed_fail_count: 1 - -2 PDP API for PAPs -================== - -The purpose of this API is for the PAP to load and update policies on PDPs and to change the state of PDPs. It also -allows the PAP to order health checks to run on PDPs. The PAP sends *PDP_UPDATE*, *PDP_STATE_CHANGE*, and -*PDP_HEALTH_CHECK* messages to PDPs using the *POLICY_PAP_PDP* DMaaP topic. PDPs listen on this topic for messages. - -The PAP can set the scope of *PDP_STATE_CHANGE* and *PDP_HEALTH_CHECK* messages: - -- PDP Group: If a PDP group is specified in a message, then the PDPs in that PDP group respond to the message and all - other PDPs ignore it. - -- PDP Group and subgroup: If a PDP group and subgroup are specified in a message, then only the PDPs of that subgroup - in the PDP group respond to the message and all other PDPs ignore it. - -- Single PDP: If the name of a PDP is specified in a message, then only that PDP responds to the message and all other - PDPs ignore it. - -Note: *PDP_UPDATE* messages must be issued individually to PDPs because the *PDP_UPDATE* operation can change the PDP -group to which a PDP belongs. - -2.1 PDP Update --------------- - -The *PDP_UPDATE* operation allows the PAP to modify the PDP group to which a PDP belongs and the policies in a PDP. - -The following examples illustrate how the operation is used. - -.. code-block:: yaml - :caption: PDP_UPDATE message to upgrade XACML PDP control loop policies to version 1.0.1 - :linenos: - - pdp_update: - name: xacml_1 - pdp_type: xacml - description: XACML PDP running control loop policies, Upgraded - pdp_group: onap.pdpgroup.controlloop.operational - pdp_subgroup: xacml - policies: - - onap.policies.controlloop.guard.frequencylimiter.EastRegion: - policy_type: onap.policies.controlloop.guard.FrequencyLimiter - policy_type_version: 1.0.1 - properties: - # Omitted for brevity - - onap.policies.controlloop.guard.blackList.EastRegion: - policy_type: onap.policies.controlloop.guard.BlackList - policy_type_version: 1.0.1 - properties: - # Omitted for brevity - - onap.policies.controlloop.guard.minmax.EastRegion: - policy_type: onap.policies.controlloop.guard.MinMax - policy_type_version: 1.0.1 - properties: - # Omitted for brevity - -.. code-block:: yaml - :caption: PDP_UPDATE message to a Drools PDP to add an extra control loop policy - :linenos: - - pdp_update: - name: drools_2 - pdp_type: drools - description: Drools PDP running control loop policies, extra policy added - pdp_group: onap.pdpgroup.controlloop.operational - pdp_subgroup: drools - policies: - - onap.controllloop.operational.drools.vcpe.EastRegion: - policy_type: onap.controllloop.operational.drools.vCPE - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - - onap.controllloop.operational.drools.vfw.EastRegion: - policy_type: onap.controllloop.operational.drools.vFW - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - - onap.controllloop.operational.drools.vfw.WestRegion: - policy_type: onap.controllloop.operational.drools.vFW - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - -.. code-block:: yaml - :caption: PDP_UPDATE message to an APEX PDP to remove a control loop policy - :linenos: - - pdp_update: - name: apex_3 - pdp_type: apex - description: APEX PDP updated to remove a control loop policy - pdp_group: onap.pdpgroup.controlloop.operational - pdp_subgroup: apex - policies: - - onap.controllloop.operational.apex.bbs.EastRegion: - policy_type: onap.controllloop.operational.apex.BBS - policy_type_version: 1.0.0 - properties: - # Omitted for brevity - -2.2 PDP State Change --------------------- - -The *PDP_STATE_CHANGE* operation allows the PAP to order state changes on PDPs in PDP groups and subgroups. The -following examples illustrate how the operation is used. - -.. code-block:: yaml - :caption: Change the state of all control loop Drools PDPs to ACTIVE - :linenos: - - pdp_state_change: - state: active - pdp_group: onap.pdpgroup.controlloop.Operational - pdp_subgroup: drools - -.. code-block:: yaml - :caption: Change the state of all monitoring PDPs to SAFE - :linenos: - - pdp_state_change: - state: safe - pdp_group: onap.pdpgroup.Monitoring - -.. code-block:: yaml - :caption: Change the state of a single APEX PDP to TEST - :linenos: - - pdp_state_change: - state: test - name: apex_3 - -2.3 PDP Health Check --------------------- - -The *PDP_HEALTH_CHECK* operation allows the PAP to order health checks on PDPs in PDP groups and subgroups. The -following examples illustrate how the operation is used. - -.. code-block:: yaml - :caption: Perform a health check on all control loop Drools PDPs - :linenos: - - pdp_health_check: - pdp_group: onap.pdpgroup.controlloop.Operational - pdp_subgroup: drools - -.. code-block:: yaml - :caption: perform a health check on all monitoring PDPs - :linenos: - - pdp_health_check: - pdp_group: onap.pdpgroup.Monitoring - -.. code-block:: yaml - :caption: Perform a health check on a single APEX PDP - :linenos: - - pdp_health_check: - name: apex_3 |