summaryrefslogtreecommitdiffstats
path: root/docs/pap/InternalPapPdp.rst
blob: 998514af8e5887e7c452cca9a65234a292c42be3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
.. This work is licensed under a
.. Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0

.. _pap-pdp-label:

The Internal Policy Framework PAP-PDP API
#########################################

.. contents::
    :depth: 3

This page describes the API between the PAP and PDPs. The APIs in this section are implemented using `DMaaP
API <https://wiki.onap.org/display/DW/DMaaP+API>`__ messaging. The APIs in this section are used for internal
communication in the Policy Framework. The APIs are NOT supported for use by components outside the Policy Framework and
are subject to revision and change at any time.

There are four messages on the API:

1. PDP_STATUS: PDP→PAP, used by PDPs to report to the PAP

2. PDP_UPDATE: PAP→PDP, used by the PAP to update the policies running on PDPs, triggers a PDP_STATUS message with
   the result of the PDP_UPDATE operation

3. PDP_STATE_CHANGE: PAP→PDP, used by the PAP to change the state of PDPs, triggers a PDP_STATUS message with the result
   of the PDP_STATE_CHANGE operation

4. PDP_HEALTH_CHECK: PAP→PDP, used by the PAP to order a health check on PDPs, triggers a PDP_STATUS message with the
   result of the PDP_HEALTH_CHECK operation

The fields in the table below are valid on API calls:

=============================== ======== ======== ======== ======= =====================================================
**Field**                       **PDP    **PDP    **PDP    **PDP   **Comment**
                                STATUS** UPDATE** STATE    HEALTH
                                                  CHANGE** CHECK**
=============================== ======== ======== ======== ======= =====================================================
(message_name)                  M        M        M        M       pdp_status, pdp_update, pdp_state_change, or
                                                                   pdp_health_check
name                            M        M        C        C       The name of the PDP, for state changes and health
                                                                   checks, the PDP group and subgroup can be used to
                                                                   specify the scope of the operation
version                         M        N/A      N/A      N/A     The version of the PDP
pdp_type                        M        M        N/A      N/A     The type of the PDP, currently xacml, drools, or apex
state                           M        N/A      M        N/A     The administrative state of the PDP group: PASSIVE,
                                                                   SAFE, TEST, ACTIVE, or TERMINATED
healthy                         M        N/A      N/A      N/A     The result of the latest health check on the PDP:
                                                                   HEALTHY/NOT_HEALTHY/TEST_IN_PROGRESS
description                     O        O        N/A      N/A     The description of the PDP
pdp_group                       O        M        C        C       The PDP group to which the PDP belongs, the PDP group
                                                                   and subgroup can be used to specify the scope of the
                                                                   operation
pdp_subgroup                    O        M        C        C       The PDP subgroup to which the PDP belongs, the PDP
                                                                   group and subgroup can be used to specify the scope
                                                                   of the operation
supported_policy_types          M        N/A      N/A      N/A     A list of the policy types supported by the PDP
policies                        O        M        N/A      N/A     The list of policies running on the PDP
->(name)                        O        M        N/A      N/A     The name of a TOSCA policy running on the PDP
->policy_type                   O        M        N/A      N/A     The TOSCA policy type of the policyWhen a PDP starts,
                                                                   it commences periodic sending of *PDP_STATUS*
                                                                   messages on DMaaP. The PAP receives these messages
                                                                   and acts in whatever manner is appropriate.
->policy_type_version           O        M        N/A      N/A     The version of the TOSCA policy type of the policy
->properties                    O        M        N/A      N/A     The properties of the policy for the XACML, Drools,
                                                                   or APEX PDP for details
instance                        M        N/A      N/A      N/A     The instance ID of the PDP running in a Kuberenetes
                                                                   Pod
deployment_instance_info        M        N/A      N/A      N/A     Information on the node running the PDP
properties                      O        O        N/A      N/A     Other properties specific to the PDP
statistics                      M        N/A      N/A      N/A     Statistics on policy execution in the PDP
->policy_download_count         M        N/A      N/A      N/A     The number of policies downloaded into the PDP
->policy_download_success_count M        N/A      N/A      N/A     The number of policies successfully downloaded into
                                                                   the PDP
->policy_download_fail_count    M        N/A      N/A      N/A     The number of policies downloaded into the PDP where
                                                                   the download failed
->policy_executed_count         M        N/A      N/A      N/A     The number of policy executions on the PDP
->policy_executed_success_count M        N/A      N/A      N/A     The number of policy executions on the PDP that
                                                                   completed successfully
->policy_executed_fail_count    M        N/A      N/A      N/A     The number of policy executions on the PDP that
                                                                   failed
response                        O        N/A      N/A      N/A     The response to the last operation that the PAP
                                                                   executed on the PDP
->response_to                   M        N/A      N/A      N/A     The PAP to PDP message to which this is a response
->response_status               M        N/A      N/A      N/A     SUCCESS or FAIL
->response_message              O        N/A      N/A      N/A     Message giving further information on the successful
                                                                   or failed operation
=============================== ======== ======== ======== ======= =====================================================

YAML is used for illustrative purposes in the examples in this section. JSON (application/json) is used as the content
type in the implementation of this API.

1 PAP API for PDPs
==================
The purpose of this API is for PDPs to provide heartbeat, status, health, and statistical information to Policy
Administration. There is a single *PDP_STATUS* message on this API. PDPs send this message to the PAP using the
*POLICY_PDP_PAP* DMaaP topic. The PAP listens on this topic for messages.

When a PDP starts, it commences periodic sending of *PDP_STATUS* messages on DMaaP. The PAP receives these messages and
acts in whatever manner is appropriate. *PDP_UPDATE*, *PDP_STATE_CHANGE*, and *PDP_HEALTH_CHECK* operations trigger a
*PDP_STATUS* message as a response.

The *PDP_STATUS* message is used for PDP heartbeat monitoring. A PDP sends a *PDP_STATUS* message with a state of
*TERMINATED* when it terminates normally. If a *PDP_STATUS* message is not received from a PDP periodically or in
response to a pdp_update, pdp-state_change, or pdp_health_check message in a certain configurable time, then the PAP
assumes the PDP has failed.

A PDP may be preconfigured with its PDP group, PDP subgroup, and policies. If the PDP group, subgroup, or any policy
sent to the PAP in a *PDP_STATUS* message is unknown to the PAP, the PAP locks the PDP in state PASSIVE.

.. code-block:: yaml
  :caption: PDP_STATUS message from an XACML PDP running control loop policies
  :linenos:

  pdp_status:
    name: xacml_1
    version: 1.2.3
    pdp_type: xacml
    state: active
    healthy: true
    description: XACML PDP running control loop policies
    pdp_group: onap.pdpgroup.controlloop.operational
    pdp_subgroup: xacml
    supported_policy_types:
      - onap.policies.controlloop.guard.FrequencyLimiter
      - onap.policies.controlloop.guard.BlackList
      - onap.policies.controlloop.guard.MinMax
    policies:
      - onap.policies.controlloop.guard.frequencylimiter.EastRegion:
          policy_type: onap.policies.controlloop.guard.FrequencyLimiter
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
     - onap.policies.controlloop.guard.blacklist.eastRegion:
          policy_type: onap.policies.controlloop.guard.BlackList
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
      - onap.policies.controlloop.guard.minmax.eastRegion:
          policy_type: onap.policies.controlloop.guard.MinMax
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
    instance: xacml_1
    deployment_instance_info:
      node_address: xacml_1_pod
      # Other deployment instance info
    statistics:
      policy_download_count: 0
      policy_download_success_count: 0
      policy_download_fail_count: 0
      policy_executed_count: 123
      policy_executed_success_count: 122
      policy_executed_fail_count: 1

.. code-block:: yaml
  :caption: PDP_STATUS message from a Drools PDP running control loop policies
  :linenos:

  pdp_status:
    name: drools_2
    version: 2.3.4
    pdp_type: drools
    state: safe
    healthy: true
    description: Drools PDP running control loop policies
    pdp_group: onap.pdpgroup.controlloop.operational
    pdp_subgroup: drools
    supported_policy_types:
      - onap.controllloop.operational.drools.vCPE
      - onap.controllloop.operational.drools.vFW
    policies:
      - onap.controllloop.operational.drools.vcpe.EastRegion:
          policy_type: onap.controllloop.operational.drools.vCPE
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
      - onap.controllloop.operational.drools.vfw.EastRegion:
          policy_type: onap.controllloop.operational.drools.vFW
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
    instance: drools_2
    deployment_instance_info:
      node_address: drools_2_pod
      # Other deployment instance info
    statistics:
      policy_download_count: 3
      policy_download_success_count: 3
      policy_download_fail_count: 0
      policy_executed_count: 123
      policy_executed_success_count: 122
      policy_executed_fail_count: 1
    response:
      response_to: PDP_HEALTH_CHECK
      response_status: SUCCESS

.. code-block:: yaml
  :caption: PDP_STATUS message from an APEX PDP running control loop policies
  :linenos:

  pdp_status:
    name: drools_2
    version: 2.3.4
    pdp_type: drools
    state: safe
    healthy: true
    description: Drools PDP running control loop policies
    pdp_group: onap.pdpgroup.controlloop.operational
    pdp_subgroup: drools
    supported_policy_types:
      - onap.controllloop.operational.drools.vCPE
      - onap.controllloop.operational.drools.vFW
    policies:
      - onap.controllloop.operational.drools.vcpe.EastRegion:
          policy_type: onap.controllloop.operational.drools.vCPE
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
      - onap.controllloop.operational.drools.vfw.EastRegion:
          policy_type: onap.controllloop.operational.drools.vFW
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
    instance: drools_2
    deployment_instance_info:
      node_address: drools_2_pod
      # Other deployment instance info
    statistics:
      policy_download_count: 3
      policy_download_success_count: 3
      policy_download_fail_count: 0
      policy_executed_count: 123
      policy_executed_success_count: 122
      policy_executed_fail_count: 1
    response:
      response_to: PDP_HEALTH_CHECK
      response_status: SUCCESS

.. code-block:: yaml
  :caption: PDP_STATUS message from an XACML PDP running monitoring policies
  :linenos:

  pdp_status:
    name: xacml_1
    version: 1.2.3
    pdp_type: xacml
    state: active
    healthy: true
    description: XACML PDP running monitoring policies
    pdp_group: onap.pdpgroup.Monitoring
    pdp_subgroup: xacml
    supported_policy_types:
      - onap.monitoring.cdap.tca.hi.lo.app
     policies:
      - onap.scaleout.tca:message
          policy_type: onap.policies.monitoring.cdap.tca.hi.lo.app
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
    instance: xacml_1
    deployment_instance_info:
      node_address: xacml_1_pod
      # Other deployment instance info
    statistics:
      policy_download_count: 0
      policy_download_success_count: 0
      policy_download_fail_count: 0
      policy_executed_count: 123
      policy_executed_success_count: 122
      policy_executed_fail_count: 1

2 PDP API for PAPs
==================

The purpose of this API is for the PAP to load and update policies on PDPs and to change the state of PDPs. It also
allows the PAP to order health checks to run on PDPs. The PAP sends *PDP_UPDATE**PDP_STATE_CHANGE*, and
*PDP_HEALTH_CHECK* messages to PDPs using the *POLICY_PAP_PDP* DMaaP topic. PDPs listen on this topic for messages.

The PAP can set the scope of *PDP_STATE_CHANGE* and *PDP_HEALTH_CHECK* messages:

-  PDP Group: If a PDP group is specified in a message, then the PDPs in that PDP group respond to the message and all
   other PDPs ignore it.

-  PDP Group and subgroup: If a PDP group and subgroup are specified in a message, then only the PDPs of that subgroup
   in the PDP group respond to the message and all other PDPs ignore it.

-  Single PDP: If the name of a PDP is specified in a message, then only that PDP responds to the message and all other
   PDPs ignore it.

Note: *PDP_UPDATE* messages must be issued individually to PDPs because the *PDP_UPDATE* operation can change the PDP
group to which a PDP belongs.

2.1 PDP Update
--------------

The *PDP_UPDATE* operation allows the PAP to modify the PDP group to which a PDP belongs and the policies in a PDP.

The following examples illustrate how the operation is used.

.. code-block:: yaml
  :caption: PDP_UPDATE message to upgrade XACML PDP control loop policies to version 1.0.1
  :linenos:

  pdp_update:
    name: xacml_1
    pdp_type: xacml
    description: XACML PDP running control loop policies, Upgraded
    pdp_group: onap.pdpgroup.controlloop.operational
    pdp_subgroup: xacml
    policies:
      - onap.policies.controlloop.guard.frequencylimiter.EastRegion:
          policy_type: onap.policies.controlloop.guard.FrequencyLimiter
          policy_type_version: 1.0.1
          properties:
            # Omitted for brevity
     - onap.policies.controlloop.guard.blackList.EastRegion:
          policy_type: onap.policies.controlloop.guard.BlackList
          policy_type_version: 1.0.1
          properties:
            # Omitted for brevity
      - onap.policies.controlloop.guard.minmax.EastRegion:
          policy_type: onap.policies.controlloop.guard.MinMax
          policy_type_version: 1.0.1
          properties:
            # Omitted for brevity

.. code-block:: yaml
  :caption: PDP_UPDATE message to a Drools PDP to add an extra control loop policy
  :linenos:

  pdp_update:
    name: drools_2
    pdp_type: drools
    description: Drools PDP running control loop policies, extra policy added
    pdp_group: onap.pdpgroup.controlloop.operational
    pdp_subgroup: drools
    policies:
      - onap.controllloop.operational.drools.vcpe.EastRegion:
          policy_type: onap.controllloop.operational.drools.vCPE
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
      - onap.controllloop.operational.drools.vfw.EastRegion:
          policy_type: onap.controllloop.operational.drools.vFW
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity
      - onap.controllloop.operational.drools.vfw.WestRegion:
          policy_type: onap.controllloop.operational.drools.vFW
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity

.. code-block:: yaml
  :caption: PDP_UPDATE message to an APEX PDP to remove a control loop policy
  :linenos:

    pdp_update:
    name: apex_3
    pdp_type: apex
    description: APEX PDP updated to remove a control loop policy
    pdp_group: onap.pdpgroup.controlloop.operational
    pdp_subgroup: apex
    policies:
      - onap.controllloop.operational.apex.bbs.EastRegion:
          policy_type: onap.controllloop.operational.apex.BBS
          policy_type_version: 1.0.0
          properties:
            # Omitted for brevity

2.2 PDP State Change
--------------------

The *PDP_STATE_CHANGE* operation allows the PAP to order state changes on PDPs in PDP groups and subgroups. The
following examples illustrate how the operation is used.

.. code-block:: yaml
  :caption: Change the state of all control loop Drools PDPs to ACTIVE
  :linenos:

  pdp_state_change:
    state: active
    pdp_group: onap.pdpgroup.controlloop.Operational
    pdp_subgroup: drools

.. code-block:: yaml
  :caption: Change the state of all monitoring PDPs to SAFE
  :linenos:

  pdp_state_change:
    state: safe
    pdp_group: onap.pdpgroup.Monitoring

.. code-block:: yaml
  :caption: Change the state of a single APEX PDP to TEST
  :linenos:

  pdp_state_change:
    state: test
    name: apex_3

2.3 PDP Health Check
--------------------

The *PDP_HEALTH_CHECK* operation allows the PAP to order health checks on PDPs in PDP groups and subgroups. The
following examples illustrate how the operation is used.

.. code-block:: yaml
  :caption: Perform a health check on all control loop Drools PDPs
  :linenos:

  pdp_health_check:
    pdp_group: onap.pdpgroup.controlloop.Operational
    pdp_subgroup: drools

.. code-block:: yaml
  :caption: perform a health check on all monitoring PDPs
  :linenos:

  pdp_health_check:
    pdp_group: onap.pdpgroup.Monitoring

.. code-block:: yaml
  :caption: Perform a health check on a single APEX PDP
  :linenos:

  pdp_health_check:
    name: apex_3