Policy Life Cycle API

Policy life cycle API comprises of policy design API and policy deployment API. This documentation focuses on policy design API. Policy design API is publicly exposed for clients to Create/Read/Update/Delete (CRUD) policy types, policy type implementation and policies which can be recognized and executable by appropriate policy engines incorporated in ONAP policy framework. Policy design API backend is running in an independent building block component of policy framework that provides REST service for aforementioned CRUD behaviors. Policy design API component interacts with a policy database for storing and fetching new policies or policy types as needed. Apart from CRUD, API is also exposed for clients to retrieve healthcheck status of this API REST service and statistics report including a variety of counters that reflect the history of API invocation.

Starting from Dublin release, we strictly follow TOSCA Specification to define policy type and policy. Policy type is equivalent to policy model mentioned by clients before Dublin release. Both policy type and policy are included in a TOSCA Service Template which is used as the entity passed into API POST call and the entity returned by API GET and DELETE calls. More details are presented in following sessions. We encourage clients to compose all kinds of policies and corresponding policy types in well-formed TOSCA Service Template. One Service Template can contain one or more policies and policy types. Each policy type can have multiple policies created atop. In other words, different policies can match the same or different policy types. Existence of a policy type is a prerequisite of creating such type of policies. In the payload body of each policy to create, policy type name and version should be indicated and the specified policy type should be valid and existing in policy database.

In Dublin release, to ease policy creation, we preload several widely used policy types in policy database. Below is a table summarizing preloaded policy types.

Policy Type Name Preloaded JSON
Controlloop.Guard.Blacklist link
Controlloop.Guard.FrequencyLimiter link
Controlloop.Guard.MinMax link
Controlloop.Operational link
Monitoring.TCA link
Monitoring.Collectors link
Optimization.AffinityPolicy link
Optimization.DistancePolicy link
Optimization.HpaPolicy link
Optimization.OptimizationPolicy link
Optimization.PciPolicy link
Optimization.QueryPolicy link
Optimization.SubscriberPolicy link
Optimization.Vim_fit link
Optimization.VnfPolicy link

Also, in Dublin release, We provide backward compatibility support for controlloop operational and guard policies encoded in legacy format. Below is a table containing sample legacy guard/operational policies and well-formed TOSCA monitoring policies.

Policy Name Policy JSON
vCPE.Monitoring.Tosca link
vCPE.Operational.Legacy link
vDNS.Guard.FrequencyLimiting.Legacy link
vDNS.Guard.MinMax.Legacy link
vDNS.Monitoring.Tosca link
vDNS.Operational.Legacy link
vFirewall.Monitoring.Tosca link
vFirewall.Operational.Legacy link

Below is a global API table from where swagger JSON for different types of policy design API can be downloaded.

Global API Table

API name Swagger JSON
Healthcheck API link
Statistics API link
Tosca Policy Type API link
Tosca Policy API link
Legacy Guard Policy API link
Legacy Operational Policy API link

API Swagger

It is worth noting that we use basic authorization for API access with username and password set to healthcheck and zb!XztG34 respectively. Also, the new APIs support both http and https.

For every API call, client is encouraged to insert an uuid-type requestID as parameter. It is helpful for tracking each http transaction and facilitates debugging. Mostly importantly, it complies with Logging requirements v1.2. If client does not provider the requestID in API call, one will be randomly generated and attached to response header x-onap-requestid.

In accordance with ONAP API Common Versioning Strategy Guidelines, in the response of each API call, several custom headers are added:

x-latestversion: 1.0.0
x-minorversion: 0
x-patchversion: 0
x-onap-requestid: e1763e61-9eef-4911-b952-1be1edd9812b

x-latestversion is used only to communicate an API’s latest version.

x-minorversion is used to request or communicate a MINOR version back from the client to the server, and from the server back to the client.

x-patchversion is used only to communicate a PATCH version in a response for troubleshooting purposes only, and will not be provided by the client on request.

x-onap-requestid is used to track REST transactions for logging purpose, as described above.

HealthCheck

GET /policy/api/v1/healthcheck

Perform a system healthcheck

  • Produces: [u’application/json’]
  • Description: Returns healthy status of the Policy API component

Parameters

Name Position Description Type
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Healthcheck report will be returned.

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

Statistics

GET /policy/api/v1/statistics

Retrieve current statistics

  • Produces: [u’application/json’]
  • Description: Returns current statistics including the counters of API invocation

Parameters

Name Position Description Type
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; All statistics counters of API invocation will be returned.

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

PolicyType

GET /policy/api/v1/policytypes/{policyTypeId}

Retrieve all available versions of a policy type

  • Produces: [u’application/json’]
  • Description: Returns a list of all available versions for the specified policy type

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; All versions of specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

DELETE /policy/api/v1/policytypes/{policyTypeId}/versions/{versionId}

Delete one version of a policy type

  • Produces: [u’application/json’]
  • Description: Delete one version of a policy type. It must follow two rules. Rule 1: pre-defined policy types cannot be deleted; Rule 2: policy types that are in use (parameterized by a TOSCA policy) cannot be deleted. The parameterizing TOSCA policies must be deleted first.

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
versionId path Version of policy type string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Newly deleted policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

409 - Delete Conflict, Rule Violation

401 - Authentication Error

500 - Internal Server Error

GET /policy/api/v1/policytypes/{policyTypeId}/versions/{versionId}

Retrieve one particular version of a policy type

  • Produces: [u’application/json’]
  • Description: Returns a particular version for the specified policy type

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
versionId path Version of policy type string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; One specified version of specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

POST /policy/api/v1/policytypes

Create a new policy type

  • Produces: [u’application/json’]
  • Description: Create a new policy type. Client should provide TOSCA body of the new policy type
  • Consumes: [u’application/json’]

Parameters

Name Position Description Type
body body Entity body of policy type ToscaServiceTemplate
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; The newly created policy type will be returned.

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

400 - Invalid Body

GET /policy/api/v1/policytypes

Retrieve existing policy types

  • Produces: [u’application/json’]
  • Description: Returns a list of existing policy types stored in Policy Framework

Parameters

Name Position Description Type
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; All policy types will be returned.

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

GET /policy/api/v1/policytypes/{policyTypeId}/versions/latest

Retrieve latest version of a policy type

  • Produces: [u’application/json’]
  • Description: Returns latest version for the specified policy type

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Latest version of specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

Policy

GET /policy/api/v1/policytypes/{policyTypeId}/versions/{policyTypeVersion}/policies/{policyId}

Retrieve all version details of a policy created for a particular policy type version

  • Produces: [u’application/json’]
  • Description: Returns a list of all version details of the specified policy

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
policyTypeVersion path Version of policy type string
policyId path ID of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; All versions of specified policy matching specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

GET /policy/api/v1/policytypes/{policyTypeId}/versions/{policyTypeVersion}/policies/{policyId}/versions/deployed

Retrieve deployed versions of a particular policy in pdp groups

  • Produces: [u’application/json’]
  • Description: Returns deployed versions of specified policy in pdp groups

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
policyTypeVersion path Version of policy type string
policyId path ID of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Deployed versions of specified policy matching specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

DELETE /policy/api/v1/policytypes/{policyTypeId}/versions/{policyTypeVersion}/policies/{policyId}/versions/{policyVersion}

Delete a particular version of a policy

  • Produces: [u’application/json’]
  • Description: Delete a particular version of a policy. It must follow one rule. Rule: the version that has been deployed in PDP group(s) cannot be deleted

Parameters

Name Position Description Type
policyTypeId path PolicyType ID string
policyTypeVersion path Version of policy type string
policyId path ID of policy string
policyVersion path Version of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Newly deleted policy matching specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

409 - Delete Conflict, Rule Violation

401 - Authentication Error

500 - Internal Server Error

GET /policy/api/v1/policytypes/{policyTypeId}/versions/{policyTypeVersion}/policies/{policyId}/versions/{policyVersion}

Retrieve one version of a policy created for a particular policy type version

  • Produces: [u’application/json’]
  • Description: Returns a particular version of specified policy created for the specified policy type version

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
policyTypeVersion path Version of policy type string
policyId path ID of policy string
policyVersion path Version of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; The specified policy matching specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

POST /policy/api/v1/policytypes/{policyTypeId}/versions/{policyTypeVersion}/policies

Create a new policy for a policy type version

  • Produces: [u’application/json’]
  • Description: Create a new policy for a policy type. Client should provide TOSCA body of the new policy
  • Consumes: [u’application/json’]

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
policyTypeVersion path Version of policy type string
X-ONAP-RequestID header RequestID for http transaction string
body body Entity body of policy ToscaServiceTemplate

Responses

200 - successful operation; Newly created policy matching specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

401 - Authentication Error

400 - Invalid Body

500 - Internal Server Error

GET /policy/api/v1/policytypes/{policyTypeId}/versions/{policyTypeVersion}/policies

Retrieve all versions of a policy created for a particular policy type version

  • Produces: [u’application/json’]
  • Description: Returns a list of all versions of specified policy created for the specified policy type version

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
policyTypeVersion path Version of policy type string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; All policies matching specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

GET /policy/api/v1/policytypes/{policyTypeId}/versions/{policyTypeVersion}/policies/{policyId}/versions/latest

Retrieve the latest version of a particular policy

  • Produces: [u’application/json’]
  • Description: Returns the latest version of specified policy

Parameters

Name Position Description Type
policyTypeId path ID of policy type string
policyTypeVersion path Version of policy type string
policyId path ID of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Latest version of specified policy matching specified policy type will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

It is worth noting that in POST policy API, client needs to provide a policy payload encoded in well-formed TOSCA Service Template, and in the JSON payload, “type” field value should strictly match the policy type name embedded in the API path (case sensitive). Otherwise, it will complain the policy type does not exist. Please check out the sample policies in above policy table.

Legacy Guard Policy

POST /policy/api/v1/policytypes/onap.policies.controlloop.Guard/versions/1.0.0/policies

Create a new guard policy

  • Produces: [u’application/json’]
  • Description: Create a new guard policy. Client should provide entity body of the new guard policy
  • Consumes: [u’application/json’]

Parameters

Name Position Description Type
X-ONAP-RequestID header RequestID for http transaction string
body body Entity body of policy ToscaServiceTemplate

Responses

200 - successful operation; Newly created guard policy will be returned.

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

400 - Invalid Body

GET /policy/api/v1/policytypes/onap.policies.controlloop.Guard/versions/1.0.0/policies/{policyId}/versions/latest

Retrieve the latest version of a particular guard policy

  • Produces: [u’application/json’]
  • Description: Returns the latest version of the specified guard policy

Parameters

Name Position Description Type
policyId path ID of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Latest version of specified guard policy will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

DELETE /policy/api/v1/policytypes/onap.policies.controlloop.Guard/versions/1.0.0/policies/{policyId}/versions/{policyVersion}

Delete a particular version of a guard policy

  • Produces: [u’application/json’]
  • Description: Delete a particular version of a guard policy. It must follow one rule. Rule: the version that has been deployed in PDP group(s) cannot be deleted
  • Consumes: [u’application/json’]

Parameters

Name Position Description Type
policyId path ID of policy string
policyVersion path Version of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Newly deleted guard policy will be returned.

404 - Resource Not Found

403 - Authorization Error

409 - Delete Conflict, Rule Violation

401 - Authentication Error

500 - Internal Server Error

GET /policy/api/v1/policytypes/onap.policies.controlloop.Guard/versions/1.0.0/policies/{policyId}/versions/{policyVersion}

Retrieve one version of a particular guard policy

  • Produces: [u’application/json’]
  • Description: Returns a particular version of a specified guard policy

Parameters

Name Position Description Type
policyId path ID of policy string
policyVersion path Version of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Specified version of guard policy will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

It is worth noting that guard policy name should start with one of the three: guard.frequency., guard.minmax., or guard.blacklist.. Otherwise, it will complain that guard policy type cannot be found (does not exist). Apart from policy name, the policy version specified in API path should be an integer, e.g. 1, 2, 10, instead of “1.0.0”, “2.0.1”, etc. These naming restrictions will disappear after we evolve to use well-formed TOSCA Service Template for guard policies and legacy policy design API is then deprecated.

Legacy Operational Policy

DELETE /policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/{policyId}/versions/{policyVersion}

Delete a particular version of a specified operational policy

  • Produces: [u’application/json’]
  • Description: Delete a particular version of an operational policy. It must follow one rule. Rule: the version that has been deployed in PDP group(s) cannot be deleted

Parameters

Name Position Description Type
policyId path ID of policy string
policyVersion path Version of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Newly deleted operational policy will be returned.

404 - Resource Not Found

403 - Authorization Error

409 - Delete Conflict, Rule Violation

401 - Authentication Error

500 - Internal Server Error

GET /policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/{policyId}/versions/{policyVersion}

Retrieve one version of a particular operational policy

  • Produces: [u’application/json’]
  • Description: Returns a particular version of a specified operational policy

Parameters

Name Position Description Type
policyId path ID of policy string
policyVersion path Version of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Specified version of specified operational policy will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

POST /policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies

Create a new operational policy

  • Produces: [u’application/json’]
  • Description: Create a new operational policy. Client should provide entity body of the new operational policy
  • Consumes: [u’application/json’]

Parameters

Name Position Description Type
X-ONAP-RequestID header RequestID for http transaction string
body body Entity body of policy ToscaServiceTemplate

Responses

200 - successful operation; Newly created operational policy will be returned.

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

400 - Invalid Body

GET /policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/{policyId}/versions/latest

Retrieve the latest version of a particular operational policy

  • Produces: [u’application/json’]
  • Description: Returns the latest version of the specified operational policy

Parameters

Name Position Description Type
policyId path ID of policy string
X-ONAP-RequestID header RequestID for http transaction string

Responses

200 - successful operation; Latest version of specified operational policy will be returned.

404 - Resource Not Found

403 - Authorization Error

500 - Internal Server Error

401 - Authentication Error

Likewise, the policy version specified in operational policy API path should be an integer too, e.g. 1, 2, 10, instead of “1.0.0”, “2.0.1”, etc. This restriction will disappear after we deprecate legacy policy design API in the near future release.

Regarding DELETE APIs for both TOSCA policies and legacy policies, we only expose API to delete one particular version of policy or policy type at a time for safety purpose. If client has the need to delete multiple or a group of policies or policy types, they will need to delete one by one.

Sample API Curl Commands

From API client perspective, using http or https does not have much difference in curl command. Here we list some sample curl commands (using http) for POST, GET and DELETE monitoring and operational policies that are used in vFirewall use case.

JSON payload for POST calls can be downloaded from policy table above.

Create vFirewall Monitoring Policy::
curl –user ‘healthcheck:zb!XztG34’ -X POST “http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies” -H “Accept: application/json” -H “Content-Type: application/json” -d @vFirewall.policy.monitoring.input.tosca.json
Get vFirewall Monitoring Policy::
curl –user ‘healthcheck:zb!XztG34’ -X GET “http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies/onap.vfirewall.tca/versions/1.0.0” -H “Accept: application/json” -H “Content-Type: application/json”
Delete vFirewall Monitoring Policy::
curl –user ‘healthcheck:zb!XztG34’ -X DELETE “http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies/onap.vfirewall.tca/versions/1.0.0” -H “Accept: application/json” -H “Content-Type: application/json”
Create vFirewall Operational Policy::
curl –user ‘healthcheck:zb!XztG34’ -X POST “http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies” -H “Accept: application/json” -H “Content-Type: application/json” -d @vFirewall.policy.operational.input.json
Get vFirewall Operational Policy::
curl –user ‘healthcheck:zb!XztG34’ -X GET “http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/operational.modifyconfig/versions/1” -H “Accept: application/json” -H “Content-Type: application/json”
Delete vFirewall Operational Policy::
curl –user ‘healthcheck:zb!XztG34’ -X DELETE “http://{ip}:{port}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/operational.modifyconfig/versions/1” -H “Accept: application/json” -H “Content-Type: application/json”