Policy Release Notes

Version: 8.0.1

Release Date

2021-08-12 (Honolulu Maintenance Release #1)

Artifacts

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.3.2

policy/common

1.8.2

policy/models

2.4.4

policy/api

2.4.4

onap/policy-api:2.4.4

policy/pap

2.4.5

onap/policy-pap:2.4.5

policy/drools-pdp

1.8.4

onap/policy-drools:1.8.4

policy/apex-pdp

2.5.4

onap/policy-apex-pdp:2.5.4

policy/xacml-pdp

2.4.5

onap/policy-xacml-pdp:2.4.5

policy/drools-applications

1.8.4

onap/policy-pdpd-cl:1.8.4

policy/distribution

2.5.4

onap/policy-distribution:2.5.4

policy/docker

2.2.1

onap/policy-jdk-alpine:2.2.1, onap/policy-jre-alpine:2.2.1

Bug Fixes and Necessary Enhancements

  • [POLICY-3062] - Update the ENTRYPOINT in APEX-PDP Dockerfile

  • [POLICY-3066] - Stackoverflow error in APEX standalone after changing to onap java image

  • [POLICY-3078] - Support SSL communication in Kafka IO plugin of Apex-PDP

  • [POLICY-3173] - APEX-PDP incorrectly reports successful policy deployment to PAP

  • [POLICY-3202] - PDP-D: no locking feature: service loader not locking the no-lock-manager

  • [POLICY-3227] - Implementation of context album improvements in apex-pdp

  • [POLICY-3230] - Make default PDP-D and PDP-D-APPS work out of the box

  • [POLICY-3248] - PdpHeartbeats are not getting processed by PAP

  • [POLICY-3301] - Apex Avro Event Schemas - Not support for colon ‘:’ character in field names

  • [POLICY-3305] - Ensure XACML PDP application/translator methods are extendable

  • [POLICY-3331] - PAP: should allow for external configuration of groups other than defaultGroup

  • [POLICY-3338] - Upgrade CDS dependency to the latest version

  • [POLICY-3366] - PDP-D: support configuration of overarching DMAAP https flag

  • [POLICY-3450] - PAP should support turning on/off via configuration storing PDP statistics

  • [POLICY-3454] - PDP-D CL APPS: swagger mismatched libraries cause telemetry shell to fail

  • [POLICY-3485] - Limit statistics record count

  • [POLICY-3507] - CDS Operation Policy execution runtime error

  • [POLICY-3516] - Upgrade CDS dependency to the 1.1.5 version

Known Limitations

The APIs provided by xacml-pdp (e.g., healthcheck, statistics, decision) are always active. While PAP controls which policies are deployed to a xacml-pdp, it does not control whether or not the APIs are active. In other words, xacml-pdp will respond to decision requests, regardless of whether PAP has made it ACTIVE or PASSIVE.

Version: 8.0.0

Release Date

2021-04-29 (Honolulu Release)

New features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.3.0

policy/common

1.8.0

policy/models

2.4.2

policy/api

2.4.2

onap/policy-api:2.4.2

policy/pap

2.4.2

onap/policy-pap:2.4.2

policy/drools-pdp

1.8.2

onap/policy-drools:1.8.2

policy/apex-pdp

2.5.2

onap/policy-apex-pdp:2.5.2

policy/xacml-pdp

2.4.2

onap/policy-xacml-pdp:2.4.2

policy/drools-applications

1.8.2

onap/policy-pdpd-cl:1.8.2

policy/distribution

2.5.2

onap/policy-distribution:2.5.2

policy/docker

2.2.1

onap/policy-jdk-alpine:2.2.1, onap/policy-jre-alpine:2.2.1

Key Updates

  • Enhanced statistics
    • PDPs provide statistics, retrievable via PAP REST API

  • PDP deployment status
    • Policy deployment API enhanced to reflect actual policy deployment status in PDPs

    • Make PAP component stateless

  • Policy support
    • Upgrade XACML 3.0 code to use new Time Extensions

    • Enhancements for interoperability between Native Policies and other policy types

    • Support for arbitrary policy types on the Drools PDP

    • Improve handling of multiple policies in APEX PDP

    • Update policy-models TOSCA handling with Control Loop Entities

  • Alternative locking mechanisms
    • Support NO locking feature in Drools-PDP

  • Security
    • Remove credentials in code from the Apex JMS plugin

  • Actor enhancements
    • Actors should give better warnings than NPE when data is missing

    • Remove old event-specific actor code

  • PDP functional assignments
    • Make PDP type configurable in drools-pdp

    • Make PDP type configurable in xacml-pdp

  • Performance improvements
    • Support policy updates between PAP and the PDPs, phase 1

  • Maintainability
    • Use ONAP base docker image

    • Remove GPLv3 components from docker containers

    • Move CSITs to Policy repos

    • Deprecate server pool feature in drools-pdp

  • PoCs
    • Merge CLAMP functionality into Policy Framework project

    • TOSCA Defined Control Loop

Known Limitations, Issues and Workarounds

System Limitations

The policy API component requires a fresh new database when migrating to the honolulu release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.

Known Vulnerabilities

Workarounds

Security Notes

  • POLICY-3005 - Bump direct dependency versions
    • Upgrade org.onap.dmaap.messagerouter.dmaapclient to 1.1.12

    • Upgrade org.eclipse.persistence to 2.7.8

    • Upgrade org.glassfish.jersey.containers to 2.33

    • Upgrade com.fasterxml.jackson.module to 2.11.3

    • Upgrade com.google.re2j to 1.5

    • Upgrade org.mariadb.jdbc to 2.7.1

    • Upgrade commons-codec to 1.15

    • Upgrade com.thoughtworks.xstream to 1.4.15

    • Upgrade org.apache.httpcomponents:httpclient to 4.5.13

    • Upgrade org.apache.httpcomponents:httpcore to 4.4.14

    • Upgrade org.json to 20201115

    • Upgrade org.projectlombok to 1.18.16

    • Upgrade org.yaml to 1.27

    • Upgrade io.cucumber to 6.9.1

    • Upgrade org.apache.commons:commons-lang3 to 3.11

    • Upgrade commons-io to 2.8.0

  • POLICY-2936 - Upgrade to latest version of CDS API
    • Upgrade io.grpc to 1.35.0

    • Upgrade com.google.protobuf to 3.14.0

References

For more information on the ONAP Honolulu release, please see:

  1. ONAP Home Page

  2. ONAP Documentation

  3. ONAP Release Downloads

  4. ONAP Wiki Page

Quick Links:

Version: 7.0.0

Release Date

2020-12-03 (Guilin Release)

New features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.2.0

policy/common

1.7.1

policy/models

2.3.5

policy/api

2.3.3

onap/policy-api:2.3.3

policy/pap

2.3.3

onap/policy-pap:2.3.3

policy/drools-pdp

1.7.4

onap/policy-drools:1.7.4

policy/apex-pdp

2.4.4

onap/policy-apex-pdp:2.4.4

policy/xacml-pdp

2.3.3

onap/policy-xacml-pdp:2.3.3

policy/drools-applications

1.7.5

onap/policy-pdpd-cl:1.7.5

policy/distribution

2.4.3

onap/policy-distribution:2.4.3

policy/docker

2.1.1

onap/policy-jdk-alpine:2.1.1, onap/policy-jre-alpine:2.1.1

Key Updates

  • Kubernetes integration
    • All components return with non-zero exit code in case of application failure

    • All components log to standard out (i.e., k8s logs) by default

    • Continue to write log files inside individual pods, as well

  • Multi-tenancy
    • Basic initial support using the existing features

  • E2E Network Slicing
    • Added ModifyNSSI operation to SO actor

  • Consolidated health check
    • Indicate failure if there aren’t enough PDPs registered

  • Legacy operational policies
    • Removed from all components

  • OOM helm charts refactoring
    • Name standardization

    • Automated certificate generation

  • Actor Model
    • Support various use cases and provide more flexibility to Policy Designers

    • Reintroduced the “usecases” controller into drools-pdp, supporting the use cases under the revised actor architecture

  • Guard Application
    • Support policy filtering

  • Matchable Application - Support for ONAP or 3rd party components to create matchable policy types out of the box

  • Policy Lifecycle & Administration API
    • Query/Delete by policy name & version without policy type

  • Apex-PDP enhancements
    • Support multiple event & response types coming from a single endpoint

    • Standalone installation now supports Tosca-based policies

    • Legacy policy format has been removed

    • Support chaining/handling of gRPC failure responses

  • Policy Distribution
    • HPA decoders & related classes have been removed

  • Policy Engine
    • Deprecated

Known Limitations, Issues and Workarounds

System Limitations

The policy API component requires a fresh new database when migrating to the guilin release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.

Known Vulnerabilities

  • POLICY-2463 - In APEX Policy javascript task logic, JSON.stringify causing stackoverflow exceptions

Workarounds

  • POLICY-2463 - Use the stringify method of the execution context

Security Notes

  • POLICY-2878 - Dependency upgrades
    • Upgrade com.fasterxml.jackson to 2.11.1

  • POLICY-2387 - Dependency upgrades
    • Upgrade org.json to 20200518

    • Upgrade com.google.re2j to 1.4

    • Upgrade com.thoughtworks.xstream to 1.4.12

    • Upgrade org.eclipse.persistence to 2.2.1

    • Upgrade org.apache.httpcomponents to 4.5.12

    • Upgrade org.projectlombok to 1.18.12

    • Upgrade org.slf4j to 1.7.30

    • Upgrade org.codehaus.plexus to 3.3.0

    • Upgrade com.h2database to 1.4.200

    • Upgrade io.cucumber to 6.1.2

    • Upgrade org.assertj to 3.16.1

    • Upgrade com.openpojo to 0.8.13

    • Upgrade org.mockito to 3.3.3

    • Upgrade org.awaitility to 4.0.3

    • Upgrade org.onap.aaf.authz to 2.1.21

  • POLICY-2668 - Dependency upgrades
    • Upgrade org.java-websocket to 1.5.1

  • POLICY-2623 - Remove log4j dependency

  • POLICY-1996 - Dependency upgrades
    • Upgrade org.onap.dmaap.messagerouter.dmaapclient to 1.1.11

References

For more information on the ONAP Guilin release, please see:

  1. ONAP Home Page

  2. ONAP Documentation

  3. ONAP Release Downloads

  4. ONAP Wiki Page

Quick Links:

Version: 6.0.1

Release Date

2020-08-21 (Frankfurt Maintenance Release #1)

Artifacts

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/drools-applications

1.6.4

onap/policy-pdpd-cl:1.6.4

Bug Fixes

Security Notes

Fixed Security Issues

  • [POLICY-2678] - policy/engine tomcat upgrade for CVE-2020-11996

Version: 6.0.0

Release Date

2020-06-04 (Frankfurt Release)

New features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.1.3

policy/common

1.6.5

policy/models

2.2.6

policy/api

2.2.4

onap/policy-api:2.2.4

policy/pap

2.2.3

onap/policy-pap:2.2.3

policy/drools-pdp

1.6.3

onap/policy-drools:1.6.3

policy/apex-pdp

2.3.2

onap/policy-apex-pdp:2.3.2

policy/xacml-pdp

2.2.2

onap/policy-xacml-pdp:2.2.2

policy/drools-applications

1.6.4

onap/policy-pdpd-cl:1.6.4

policy/engine

1.6.4

onap/policy-pe:1.6.4

policy/distribution

2.3.2

onap/policy-distribution:2.3.2

policy/docker

2.0.1

onap/policy-jdk-alpine:2.0.1, onap/policy-jre-alpine:2.0.1, onap/policy-jdk-debian:2.0.1, onap/policy-jre-debian:2.0.1

Summary

New features include policy update notifications, native policy support, streamlined health check for the Policy Administration Point (PAP), configurable pre-loading/pre-deployment of policies, new APIs (e.g. to create one or more Policies with a single call), new experimental PDP monitoring GUI, and enhancements to all three PDPs: XACML, Drools, APEX.

Common changes in all policy components

  • Upgraded all policy components to Java 11.

  • Logback file can be now loaded using OOM configmap.
    • If needed, logback file can be loaded as a configmap during the OOM deployment. For this, just put the logback.xml file in corresponding config directory in OOM charts.

  • TOSCA changes:
    • “tosca_definitions_version” is now “tosca_simple_yaml_1_1_0”

    • typeVersion→ type_version, int→integer, bool→boolean, String→string, Map→map, List→list

  • SupportedPolicyTypes now removed from pdp status message.
    • All PDPs now send PdpGroup to which they belong to in the registration message.

    • SupportedPolicyTypes are not sent anymore.

  • Native Policy Support
    • Each PDP engine has its own native policy language. A new Policy Type onap.policies.Native was created and supported for each PDP engine to support native policy types.

POLICY-PAP

  • Policy Update Notifications
    • PAP now generates notifications via the DMaaP Message Router when policies are successfully or unsuccessfully deployed (or undeployed) from all relevant PDPs.

  • PAP API to fetch Policy deployment status
    • Clients will be able to poll the PAP API to find out when policies have been successfully or unsuccessfully deployed to the PDP’s.

  • Removing supportedPolicyTypes from PdpStatus
    • PDPs are assigned to a PdpGroup based on what group is mentioned in the heartbeat. Earlier this was done based on the supportedPolicyTypes.

  • Support policy types with wild-cards, Preload wildcard supported type in PAP

  • PAP should NOT make a PDP passive if it cannot deploy a policy.
    • If a PDP fails to deploy one or more policies specified in a PDP-UPDATE message, PAP will undeploy those policies that failed to deploy to the PDP. This entails removing the policies from the Pdp Group(s), issuing new PDP-UPDATE requests, and updating the notification tracking data.

    • Also, re-register pdp if not found in the DB during heartbeat processing.

  • Consolidated health check in PAP
    • PAP can report the health check for ALL the policy components now. The PDP’s health is tracked based on heartbeats, and other component’s REST API is used for healthcheck.

    • “healthCheckRestClientParameters” (REST parameters for API and Distribution healthcheck) are added to the startup config file in PAP.

  • PDP statistics from PAP
    • All PDPs send statistics data as part of the heartbeat. PAP reads this and saves this data to the database, and this statistics data can be accessed from the monitoring GUI.

  • PAP API for Create or Update PdpGroups
    • A new API is now available just for creating/updating PDP Groups. Policies cannot be added/updated during PDP Group create/update operations. There is another API for this. So, if provided in the create/update group request, they are ignored. Supported policy types are defined during PDP Group creation. They cannot be updated once they are created. Refer to this for details: https://github.com/onap/policy-parent/blob/master/docs/pap/pap.rst#id8

  • PAP API to deploy policies to PdpGroups
    • A new API is introduced to deploy policies on specific PDPGroups. Each subgroup includes an “action” property, which is used to indicate that the policies are being added (POST) to the subgroup, deleted (DELETE) from the subgroup, or that the subgroup’s entire set of policies is being replaced (PATCH) by a new set of policies.

POLICY-API

  • A new simplified API to create one or more policies in one call.
    • This simplified API doesn’t require policy type id & policy type version to be part of the URL.

    • The simple URI “policy/api/v1/policies” with a POST input body takes in a ToscaServiceTemplate with the policies in it.

  • List of Preloaded policy types are made configurable
    • Until El Alto, the list of pre-loaded policy types are hardcoded in the code. Now, this is made configurable, and the list can be specified in the startup config file for the API component under “preloadPolicyTypes”. The list is ignored if the DB already contains one or more policy types.

  • Preload default policies for ONAP components
    • The ability to configure the preloading of initial default policies into the system upon startup.

  • A lot of improvements to the API code and validations corresponding to the changes in policy-models.
    • Creating same policyType/policy repeatedly without any change in request body will always be successful with 200 response

    • If there is any change in the request body, then that should be a new version. If any change is posted without a version change, then 406 error response is returned.

  • Known versioning issues are there in Policy Types handling.
    • https://jira.onap.org/browse/POLICY-2377 covers the versioning issues in Policy. Basically, multiple versions of a Policy Type cannot be handled in TOSCA. So, in Frankfurt, the latest version of the policy type is examined. This will be further looked into in Guilin.

  • Cascaded GET of PolicyTypes and Policies
    • Fetching/GET PolicyType now returns all of the referenced/parent policyTypes and dataTypes as well.

    • Fetching/GET Policy allows specifying mode now.

    • By default the mode is “BARE”, which returns only the requested Policy in response. If mode is specified as “REFERENCED”, all of the referenced/parent policyTypes and dataTypes are returned as well.

  • The /deployed API is removed from policy/api
    • This run time administration job to see the deployment status of a policy is now possible via PAP.

  • Changes related to design and support of TOSCA Compliant Policy Types for the operational and guard policy models.

POLICY-DISTRIBUTION

  • From Frankfurt release, policy-distribution component uses APIs provided by Policy-API and Policy-PAP for creation of policy types and policies, and deployment of policies.
    • Note: If “deployPolicies” field in the startup config file is true, then only the policies are deployed using PAP endpoint.

  • Policy/engine & apex-pdp dependencies are removed from policy-distribution.

POLICY-APEX-PDP

  • Changed the JavaScript executor from Nashorn to Rhino as part of Java 11 upgrade.
  • APEX supports multiple policy deployment in Frankfurt.
    • Up through El Alto APEX-PDP had the capability to take in only a single ToscaPolicy. When PAP sends a list of Tosca Policies in PdpUpdate, only the first one is taken and only that single Policy is deployed in APEX. This is fixed in Frankfurt. Now, APEX can deploy a list of Tosca Policies altogether into the engine.

    • Note: There shouldn’t be any duplicates in the deployed policies (for e.g. same input/output parameter names, or same event/task names etc).

    • For example, when 3 policies are deployed and one has duplicates, say same input/task or any such concept is used in the 2nd and 3rd policy, then APEX-PDP ignores the 3rd policy and executes only the 1st and 2nd policies. APEX-PDP also respond back to PAP with the message saying that “only Policy 1 and 2 are deployed. Others failed due to duplicate concept”.

  • Context retainment during policy upgrade.
    • In APEX-PDP, context is referred by the apex concept ‘contextAlbum’. When there is no major version change in the upgraded policy to be deployed, the existing context of the currently running policy is retained. When the upgraded policy starts running, it will have access to this context as well.

    • For example, Policy A v1.1 is currently deployed to APEX. It has a contextAlbum named HeartbeatContext and heartbeats are currently added to the HeartbeatContext based on events coming in to the policy execution. Now, when Policy A v1.2 (with some other changes and same HeartbeatContext) is deployed, Policy Av1.1 is replaced by Policy A1.2 in the APEX engine, but the content in HeartbeatContext is retained for Policy A1.2.

  • APEX-PDP now specifies which PdpGroup it belongs to.
    • Up through El Alto, PAP assigned each PDP to a PDP group based on the supportedPolicyTypes it sends in the heartbeat. But in Frankfurt, each PDP comes up saying which PdpGroup they belong to, and this is sent to PAP in the heartbeat. PAP then registers the PDP the PdpGroup specified by the PDP. If no group name is specified like this, then PAP assigns the PDP to defaultGroup by default. SupportedPolicyTypes are not sent to PAP by the PDP now.

    • In APEX-PDP, this can be specified in the startup config file(OnapPfConfig.json). “pdpGroup”: “<groupName>” is added under “pdpStatusParameters” in the config file.

  • APEX-PDP now sends PdpStatistics data in heartbeat.
    • Apex now sends the PdpStatistics data in every heartbeat sent to PAP. PAP saves this data to the database, and this statistics data can be accessed from the monitoring GUI.

  • Removed “content” section from ToscaPolicy properties in APEX.
    • Up through El Alto, APEX specific policy information was placed under properties|content in ToscaPolicy. Avoid placing under “content” and keep the information directly under properties. So, the ToscaPolicy structure will have apex specific policy information in properties|engineServiceParameters, properties|eventInputParameters, properties|eventOutputParameters.

  • Passing parameters from ApexConfig to policy logic.
  • GRPC support for APEX-CDS interaction.

POLICY-XACML-PDP

  • Added optional Decision API param to Decision API for monitor decisions that returns abbreviated results.
    • Return only an abbreviated list of policies (e.g. metadata Policy Id and Version) without the actual contents of the policies (e.g. the Properties).

  • XACML PDP now support PASSIVE_MODE.

  • Added support to return status and error if pdp-x failed to load a policy.

  • Changed optimization Decision API application to support “closest matches” algorithm.

  • Changed Xacml-pdp to report the pdp group defined in XacmlPdpParameters config file as part of heartbeat. Also, removed supportedPolicyType from pdpStatus message.

  • Design the TOSCA policy model for SDNC naming policies and implement an application that translates it to a working policy and is available for decision API.

  • XACML pdp support for Control Loop Coordination
    • Added policies for SON and PCI to support each blocking the other, with test cases and appropriate requests

  • Extend PDP-X capabilities so that it can load in and enforce the native XACML policies deployed from PAP.

POLICY-DROOLS-PDP

  • Support for PDP-D in offline mode to support locked deployments. This is the default ONAP installation.

  • Parameterize maven repository URLs for easier CI/CD integration.

  • Support for Tosca Compliant Operational Policies.

  • Support for TOSCA Compliant Native Policies that allows creation and deployment of new drools-applications.

  • Validation of Operational and Native Policies against their policy type.

  • Support for a generic Drools-PDP docker image to host any type of application.

  • Experimental Server Pool feature that supports multiple active Drools PDP hosts.

POLICY-DROOLS-APPLICATIONS

  • Removal of DCAE ONSET alarm duplicates (with different request IDs).

  • Support of a new controller (frankfurt) that supports the ONAP use cases under the new actor architecture.

  • Deprecated the “usecases” controller supporting the use cases under the legacy actor architecture.

  • Deleted the unsupported “amsterdam” controller related projects.

Known Limitations, Issues and Workarounds

System Limitations

The policy API component requires a fresh new database when migrating to the frankfurt release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.

Known Vulnerabilities

  • POLICY-2463 - In APEX Policy javascript task logic, JSON.stringify causing stackoverflow exceptions

  • POLICY-2487 - policy/api hangs in loop if preload policy does not exist

Workarounds

  • POLICY-2463 - Parse incoming object using JSON.Parse() or cast the object to a String

Security Notes

  • POLICY-2221 - Password removal from helm charts

  • POLICY-2064 - Allow overriding of keystore and truststore in policy helm charts

  • POLICY-2381 - Dependency upgrades
    • Upgrade drools 7.33.0

    • Upgrade jquery to 3.4.1 in jquery-ui

    • Upgrade snakeyaml to 1.26

    • Upgrade org.infinispan infinispan-core 10.1.5.Final

    • upgrade io.netty 4.1.48.Final

    • exclude org.glassfish.jersey.media jersey-media-jaxb artifact

    • Upgrade com.fasterxml.jackson.core 2.10.0.pr3

    • Upgrade org.org.jgroups 4.1.5.Final

    • Upgrade commons-codec 20041127.091804

    • Upgrade com.github.ben-manes.caffeine 2.8.0

Version: 5.0.2

Release Date

2020-08-24 (El Alto Maintenance Release #1)

New Features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/api

2.1.3

onap/policy-api:2.1.3

policy/pap

2.1.3

onap/policy-pap:2.1.3

policy/drools-pdp

1.5.3

onap/policy-drools:1.5.3

policy/apex-pdp

2.2.3

onap/policy-apex-pdp:2.2.3

policy/xacml-pdp

2.1.3

onap/policy-xacml-pdp:2.1.3

policy/drools-applications

1.5.4

onap/policy-pdpd-cl:1.5.4

policy/engine

1.5.3

onap/policy-pe:1.5.3

policy/distribution

2.2.2

onap/policy-distribution:2.2.2

policy/docker

1.4.0

onap/policy-common-alpine:1.4.0, onap/policy/base-alpine:1.4.0

Bug Fixes

  • [PORTAL-760] - Access to Policy portal is impossible

  • [POLICY-2107] - policy/distribution license issue in resource needs to be removed

  • [POLICY-2169] - SDC client interface change caused compile error in policy distribution

  • [POLICY-2171] - Upgrade elalto branch models and drools-applications

  • [POLICY-1509] - Investigate Apex org.python.jython-standalone.2.7.1

  • [POLICY-2062] - APEX PDP logs > 4G filled local storage

Security Notes

Fixed Security Issues

Version: 5.0.1

Release Date

2019-10-24 (El Alto Release)

New Features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.0.1

policy/common

1.5.2

policy/models

2.1.4

policy/api

2.1.2

onap/policy-api:2.1.2

policy/pap

2.1.2

onap/policy-pap:2.1.2

policy/drools-pdp

1.5.2

onap/policy-drools:1.5.2

policy/apex-pdp

2.2.1

onap/policy-apex-pdp:2.2.1

policy/xacml-pdp

2.1.2

onap/policy-xacml-pdp:2.1.2

policy/drools-applications

1.5.3

onap/policy-pdpd-cl:1.5.3

policy/engine

1.5.2

onap/policy-pe:1.5.2

policy/distribution

2.2.1

onap/policy-distribution:2.2.1

policy/docker

1.4.0

onap/policy-common-alpine:1.4.0 onap/policy/base-alpine:1.4.0

The El Alto release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the El Alto release, refer to JiraPolicyElAlto.

  • [POLICY-1727] - This epic covers technical debt left over from Dublin

  • POLICY-969 Docker improvement in policy framwork modules

  • POLICY-1074 Fix checkstyle warnings in every repository

  • POLICY-1121 RPM build for Apex

  • POLICY-1223 CII Silver Badging Requirements

  • POLICY-1600 Clean up hash code equality checks, cloning and copying in policy-models

  • POLICY-1646 Replace uses of getCanonicalName() with getName()

  • POLICY-1652 Move PapRestServer to policy/common

  • POLICY-1732 Enable maven-checkstyle-plugin in apex-pdp

  • POLICY-1737 Upgrade oParent 2.0.0 - change daily jobs to staging jobs

  • POLICY-1742 Make HTTP return code handling configurable in APEX

  • POLICY-1743 Make URL configurable in REST Requestor and REST Client

  • POLICY-1744 Remove topic.properties and incorporate into overall properties

  • POLICY-1770 PAP REST API for PDPGroup Healthcheck

  • POLICY-1771 Boost policy/api JUnit code coverage

  • POLICY-1772 Boost policy/xacml-pdp JUnit code coverage

  • POLICY-1773 Enhance the policy/xacml-pdp S3P Stability and Performance tests

  • POLICY-1784 Better Handling of “version” field value with clients

  • POLICY-1785 Deploy same policy with a new version simply adds to the list

  • POLICY-1786 Create a simple way to populate the guard database for testing

  • POLICY-1791 Address Sonar issues in new policy repos

  • POLICY-1795 PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.

  • POLICY-1800 API|PAP components use different version formats

  • POLICY-1805 Build up stability test for api component to follow S3P requirements

  • POLICY-1806 Build up S3P performance test for api component

  • POLICY-1847 Add control loop coordination as a preloaded policy type

  • POLICY-1871 Change policy/distribution to support ToscaPolicyType & ToscaPolicy

  • POLICY-1881 Upgrade policy/distribution to latest SDC artifacts

  • POLICY-1885 Apex-pdp: Extend CLIEditor to generate policy in ToscaServiceTemplate format

  • POLICY-1898 Move apex-pdp & distribution documents to policy/parent

  • POLICY-1942 Boost policy/apex-pdp JUnit code coverage

  • POLICY-1953 Create addTopic taking BusTopicParams instead of Properties in policy/endpoints

  • Additional items delivered with the release.

  • POLICY-1637 Remove “version” from PdpGroup

  • POLICY-1653 Remove isNullVersion() method

  • POLICY-1966 Fix more sonar issues in policy drools

  • POLICY-1988 Generate El Alto AAF Certificates

  • [POLICY-1823] - This epic covers the work to develop features that will be deployed dark in El Alto.

  • POLICY-1762 Create CDS API model implementation

  • POLICY-1763 Create CDS Actor

  • POLICY-1899 Update optimization xacml application to support more flexible Decision API

  • POLICY-1911 XACML PDP must be able to retrieve Policy Type from API

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-1671] - policy/engine JUnit tests now take over 30 minutes to run

  • [POLICY-1725] - XACML PDP returns 500 vs 400 for bad syntax JSON

  • [POLICY-1793] - API|MODELS: Retrieving Legacy Operational Policy as a Tosca Policy with wrong version

  • [POLICY-1795] - PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.

  • [POLICY-1800] - API|PAP components use different version formats

  • [POLICY-1802] - Apex-pdp: context album is mandatory for policy model to compile

  • [POLICY-1803] - PAP should undeploy policies when subgroup is deleted

  • [POLICY-1807] - Latest version is always returned when using the endpoint to retrieve all versions of a particular policy

  • [POLICY-1808] - API|PAP|PDP-X [new] should publish docker images with the following tag X.Y-SNAPSHOT-latest

  • [POLICY-1810] - API: support “../deployed” REST API (URLs) for legacy policies

  • [POLICY-1811] - The endpoint of retrieving the latest version of TOSCA policy does not return the latest one, especially when there are double-digit versions

  • [POLICY-1818] - APEX does not allow arbitrary Kafka parameters to be specified

  • [POLICY-1838] - Drools-pdp error log is missing data in ErrorDescription field

  • [POLICY-1839] - Policy Model currently needs to be escaped

  • [POLICY-1843] - Decision API not returning monitoring policies when calling api with policy-type

  • [POLICY-1844] - XACML PDP does not update policy statistics

  • [POLICY-1858] - Usecase DRL - named query should not be invoked

  • [POLICY-1859] - Drools rules should not timeout when given timeout=0 - should be treated as infinite

  • [POLICY-1872] - brmsgw fails building a jar - trafficgenerator dependency does not exist

  • [POLICY-2047] - TOSCA Policy Types should be map not a list

  • [POLICY-2060] - ToscaProperties object is missing metadata field

  • [POLICY-2156] - missing field in create VF module request to SO

Security Notes

Fixed Security Issues

Known Security Issues

Known Vulnerabilities in Used Modules

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (El Alto Release).

Quick Links:

Known Issues

The following known issues will be addressed in a future release:

  • [POLICY-1276] - JRuby interpreter shutdown fails on second and subsequent runs

  • [POLICY-1291] - Maven Error when building Apex documentation in Windows

  • [POLICY-1578] - PAP pushPolicies.sh in startup fails due to race condition in some environments

  • [POLICY-1832] - API|PAP: data race condition seem to appear sometimes when creating and deploying policy

  • [POLICY-2103] - policy/distribution may need to re-synch if SDC gets reinstalled

  • [POLICY-2062] - APEX PDP logs > 4G filled local storage

  • [POLICY-2080] - drools-pdp JUnit fails intermittently in feature-active-standby-management

  • [POLICY-2111] - PDP-D APPS: AAF Cadi conflicts with Aether libraries

  • [POLICY-2158] - PAP loses synchronization with PDPs

  • [POLICY-2159] - PAP console (legacy): cannot edit policies with GUI

Version: 4.0.0

Release Date

2019-06-26 (Dublin Release)

New Features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

2.1.0

policy/common

1.4.0

policy/models

2.0.2

policy/api

2.0.1

onap/policy-api:2.0.1

policy/pap

2.0.1

onap/policy-pap:2.0.1

policy/drools-pdp

1.4.0

onap/policy-drools:1.4.0

policy/apex-pdp

2.1.0

onap/policy-apex-pdp:2.1.0

policy/xacml-pdp

2.1.0

onap/policy-xacml-pdp:2.1.0

policy/drools-applications

1.4.2

onap/policy-pdpd-cl:1.4.2

policy/engine

1.4.1

onap/policy-pe:1.4.1

policy/distribution

2.1.0

onap/policy-distribution:2.1.0

policy/docker

1.4.0

onap/policy-common-alpine:1.4.0 onap/policy/base-alpine:1.4.0

The Dublin release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Dublin release, refer to JiraPolicyDublin.

  • [POLICY-1068] - This epic covers the work to cleanup, enhance, fix, etc. any Control Loop based code base.
    • POLICY-1195 Separate model code from drools-applications into other repositories

    • POLICY-1367 Spike - Experimentation for management of Drools templates and Operational Policies

    • POLICY-1397 PDP-D: NOOP Endpoints Support to test Operational Policies.

    • POLICY-1459 PDP-D [Control Loop] : Create a Control Loop flavored PDP-D image

  • [POLICY-1069] - This epic covers the work to harden the codebase for the Policy Framework project.
    • POLICY-1007 Remove Jackson from policy framework components

    • POLICY-1202 policy-engine & apex-pdp are using different version of eclipselink

    • POLICY-1250 Fix issues reported by sonar in policy modules

    • POLICY-1368 Remove hibernate from policy repos

    • POLICY-1457 Use Alpine in base docker images

  • [POLICY-1072] - This epic covers the work to support S3P Performance criteria.
    • S3P Performance related items

  • [POLICY-1171] - Enhance CLC Facility
    • POLICY-1173 High-level specification of coordination directives

  • [POLICY-1220] - This epic covers the work to support S3P Security criteria
    • POLICY-1538 Upgrade Elasticsearch to 6.4.x to clear security issue

  • [POLICY-1269] - R4 Dublin - ReBuild Policy Infrastructure
    • POLICY-1270 Policy Lifecycle API RESTful HealthCheck/Statistics Main Entry Point

    • POLICY-1271 PAP RESTful HealthCheck/Statistics Main Entry Point

    • POLICY-1272 Create the S3P JMeter tests for API, PAP, XACML (2nd Gen)

    • POLICY-1273 Policy Type Application Design Requirements

    • POLICY-1436 XACML PDP RESTful HealthCheck/Statistics Main Entry Point

    • POLICY-1440 XACML PDP RESTful Decision API Main Entry Point

    • POLICY-1441 Policy Lifecycle API RESTful Create/Read Main Entry Point for Policy Types

    • POLICY-1442 Policy Lifecycle API RESTful Create/Read Main Entry Point for Concrete Policies

    • POLICY-1443 PAP Dmaap PDP Register/UnRegister Main Entry Point

    • POLICY-1444 PAP Dmaap Policy Deploy/Undeploy Policies Main Entry Point

    • POLICY-1445 XACML PDP upgrade to xacml 2.0.0

    • POLICY-1446 Policy Lifecycle API RESTful Delete Main Entry Point for Policy Types

    • POLICY-1447 Policy Lifecycle API RESTful Delete Main Entry Point for Concrete Policies

    • POLICY-1449 XACML PDP Dmaap Register/UnRegister Functionality

    • POLICY-1451 XACML PDP Dmaap Deploy/UnDeploy Functionality

    • POLICY-1452 Apex PDP Dmaap Register/UnRegister Functionality

    • POLICY-1453 Apex PDP Dmaap Deploy/UnDeploy Functionality

    • POLICY-1454 Drools PDP Dmaap Register/UnRegister Functionality

    • POLICY-1455 Drools PDP Dmaap Deploy/UnDeploy Functionality

    • POLICY-1456 Policy Architecture and Roadmap Documentation

    • POLICY-1458 Create S3P JMeter Tests for Policy API

    • POLICY-1460 Create S3P JMeter Tests for PAP

    • POLICY-1461 Create S3P JMeter Tests for Policy XACML Engine (2nd Generation)

    • POLICY-1462 Create S3P JMeter Tests for Policy SDC Distribution

    • POLICY-1471 Policy Application Designer - Develop Guard and Control Loop Coordination Policy Type application

    • POLICY-1474 Modifications of Control Loop Operational Policy to support new Policy Lifecycle API

    • POLICY-1515 Prototype Policy Lifecycle API Swagger Entry Points

    • POLICY-1516 Prototype the Policy Decision API

    • POLICY-1541 PAP REST API for PDPGroup Query, Statistics & Delete

    • POLICY-1542 PAP REST API for PDPGroup Deployment, State Management & Health Check

  • [POLICY-1399] - This epic covers the work to support model drive control loop design as defined by the Control Loop Subcommittee
    • Model drive control loop related items

  • [POLICY-1404] - This epic covers the work to support the CCVPN Use Case for Dublin
    • POLICY-1405 Develop SDNC API for trigger bandwidth

  • [POLICY-1408] - This epic covers the work done with the Casablanca release
    • POLICY-1410 List Policy API

    • POLICY-1413 Dashboard enhancements

    • POLICY-1414 Push Policy and DeletePolicy API enhancement

    • POLICY-1416 Model enhancements to support CLAMP

    • POLICY-1417 Resiliency improvements

    • POLICY-1418 PDP APIs - make ClientAuth optional

    • POLICY-1419 Better multi-role support

    • POLICY-1420 Model enhancement to support embedded JSON

    • POLICY-1421 New audit data for push/delete

    • POLICY-1422 Enhanced encryption

    • POLICY-1423 Save original model file

    • POLICY-1427 Controller Logging Feature

    • POLICY-1489 PDP-D: Nested JSON Event Filtering support with JsonPath

    • POLICY-1499 Mdc Filter Feature

  • [POLICY-1438] - This epic covers the work to support 5G OOF PCI Use Case
    • POLICY-1463 Functional code changes in Policy for OOF SON use case

    • POLICY-1464 Config related aspects for OOF SON use case

  • [POLICY-1450] - This epic covers the work to support the Scale Out Use Case.
    • POLICY-1278 AAI named-queries are being deprecated and should be replaced with custom-queries

    • POLICY-1545 E2E Automation - Parse the newly added model ids from operation policy

  • Additional items delivered with the release.
    • POLICY-1159 Move expectException to policy-common/utils-test

    • POLICY-1176 Work on technical debt introduced by CLC POC

    • POLICY-1266 A&AI Modularity

    • POLICY-1274 further improvement in PSSD S3P test

    • POLICY-1401 Build onap.policies.Monitoring TOSCA Policy Template

    • POLICY-1465 Support configurable Heap Memory Settings for JVM processes

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-1241] - Test failure in drools-pdp if JAVA_HOME is not set

  • [POLICY-1289] - Apex only considers 200 response codes as successful result codes

  • [POLICY-1437] - Fix issues in FileSystemReceptionHandler of policy-distribution component

  • [POLICY-1501] - policy-engine JUnit tests are not independent

  • [POLICY-1627] - APEX does not support specification of a partitioner class for Kafka

Security Notes

Fixed Security Issues

  • [OJSI-117] - In default deployment POLICY (nexus) exposes HTTP port 30236 outside of cluster.

  • [OJSI-157] - In default deployment POLICY (policy-api) exposes HTTP port 30240 outside of cluster.

  • [OJSI-118] - In default deployment POLICY (policy-apex-pdp) exposes HTTP port 30237 outside of cluster.

  • [OJSI-184] - In default deployment POLICY (brmsgw) exposes HTTP port 30216 outside of cluster.

Known Security Issues

Known Vulnerabilities in Used Modules

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (Dublin Release).

Quick Links:

Known Issues

The following known issues will be addressed in a future release:

  • [POLICY-1795] - PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.

  • [POLICY-1810] - API: ensure that the REST APISs (URLs) are supported and consistent regardless the type of policy: operational, guard, tosca-compliant.

  • [POLICY-1277] - policy config takes too long time to become retrievable in PDP

  • [POLICY-1378] - add support to append value into policyScope while one policy could be used by several services

  • [POLICY-1650] - Policy UI doesn’t show left menu or any content

  • [POLICY-1671] - policy/engine JUnit tests now take over 30 minutes to run

  • [POLICY-1725] - XACML PDP returns 500 vs 400 for bad syntax JSON

  • [POLICY-1793] - API|MODELS: Retrieving Legacy Operational Policy as a Tosca Policy with wrong version

  • [POLICY-1800] - API|PAP components use different version formats

  • [POLICY-1802] - Apex-pdp: context album is mandatory for policy model to compile

  • [POLICY-1808] - API|PAP|PDP-X [new] should publish docker images with the following tag X.Y-SNAPSHOT-latest

  • [POLICY-1818] - APEX does not allow arbitrary Kafka parameters to be specified

  • [POLICY-1276] - JRuby interpreter shutdown fails on second and subsequent runs

  • [POLICY-1803] - PAP should undeploy policies when subgroup is deleted

  • [POLICY-1291] - Maven Error when building Apex documentation in Windows

  • [POLICY-1872] - brmsgw fails building a jar - trafficgenerator dependency does not exist

Version: 3.0.2

Release Date

2019-03-31 (Casablanca Maintenance Release #2)

The following items were deployed with the Casablanca Maintenance Release:

Bug Fixes

  • [POLICY-1522] - Policy doesn’t send “payload” field to APPC

Security Fixes

  • [POLICY-1538] - Upgrade Elasticsearch to 6.4.x to clear security issue

License Issues

  • [POLICY-1433] - Remove proprietary licenses in PSSD test CSAR

Known Issues

The following known issue will be addressed in a future release.

  • [POLICY-1650] - Policy UI doesn’t show left menu or any content

A workaround for this issue consists in bypassing the Portal UI when accessing the Policy UI. See PAP recipes for the specific procedure.

Version: 3.0.1

Release Date

2019-01-31 (Casablanca Maintenance Release)

The following items were deployed with the Casablanca Maintenance Release:

New Features

  • [POLICY-1221] - Policy distribution application to support HTTPS communication

  • [POLICY-1222] - Apex policy PDP to support HTTPS Communication

Bug Fixes

Version: 3.0.0

Release Date

2018-11-30 (Casablanca Release)

New Features

The Casablanca release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Casablanca release, refer to JiraPolicyCasablanca (Note: Jira details can also be viewed from this link).

  • [POLICY-701] - This epic covers the work to integrate Policy into the SDC Service Distribution

The policy team introduced a new application into the framework that provides integration of the Service Distribution Notifications from SDC to Policy.

  • [POLICY-719] - This epic covers the work to build the Policy Lifecycle API

  • [POLICY-726] - This epic covers the work to distribute policy from the PAP to the PDPs into the ONAP platform

  • [POLICY-876] - This epics covers the work to re-build how the PAP organizes the PDP’s into groups.

The policy team did some forward looking spike work towards re-building the Software Architecture.

  • [POLICY-809] - Maintain and implement performance

  • [POLICY-814] - 72 hour stability testing (component and platform)

The policy team made enhancements to the Drools PDP to further support S3P Performance. For the new Policy SDC Distribution application and the newly ingested Apex PDP the team established S3P performance standard and performed 72 hour stability tests.

  • [POLICY-824] - maintain and implement security

The policy team established AAF Root Certificate for HTTPS communication and CADI/AAF integration into the MVP applications. In addition, many java dependencies were upgraded to clear CLM security issues.

  • [POLICY-840] - Flexible control loop coordination facility.

Work towards a POC for control loop coordination policies were implemented.

  • [POLICY-841] - Covers the work required to support HPA

Enhancements were made to support the HPA use case through the use of the new Policy SDC Service Distribution application.

  • [POLICY-842] - This epic covers the work to support the Auto Scale Out functional requirements

Enhancements were made to support Scale Out Use Case to enforce new guard policies and updated SO and A&AI APIs.

  • [POLICY-851] - This epic covers the work to bring in the Apex PDP code

A new Apex PDP engine was ingested into the platform and work was done to ensure code cleared CLM security issues, sonar issues, and checkstyle.

  • [POLICY-1081] - This epic covers the contribution for the 5G OOF PCI Optimization use case.

Policy templates changes were submitted that supported the 5G OOF PCI optimization use case.

  • [POLICY-1182] - Covers the work to support CCVPN use case

Policy templates changes were submitted that supported the CCVPN use case.

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-799] - Policy API Validation Does Not Validate Required Parent Attributes in the Model

  • [POLICY-869] - Control Loop Drools Rules should not have exceptions as well as die upon an exception

  • [POLICY-872] - investigate potential race conditions during rules version upgrades during call loads

  • [POLICY-878] - pdp-d: feature-pooling disables policy-controllers preventing processing of onset events

  • [POLICY-909] - get_ZoneDictionaryDataByName class type error

  • [POLICY-920] - Hard-coded path in junit test

  • [POLICY-921] - XACML Junit test cannot find property file

  • [POLICY-1083] - Mismatch in action cases between Policy and APPC

Security Notes

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (Casablanca Release).

Quick Links:

Known Issues

Version: 2.0.0

Release Date

2018-06-07 (Beijing Release)

New Features

The Beijing release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Beijing release, refer to JiraPolicyBeijing.

  • [POLICY-390] - This epic covers the work to harden the Policy platform software base (incl 50% JUnit coverage)
    • POLICY-238 policy/drools-applications: clean up maven structure

    • POLICY-336 Address Technical Debt

    • POLICY-338 Address JUnit Code Coverage

    • POLICY-377 Policy Create API should validate input matches DCAE microservice template

    • POLICY-389 Cleanup Jenkin’s CI/CD process’s

    • POLICY-449 Policy API + Console : Common Policy Validation

    • POLICY-568 Integration with org.onap AAF project

    • POLICY-610 Support vDNS scale out for multiple times in Beijing release

  • [POLICY-391] - This epic covers the work to support Release Planning activities
    • POLICY-552 ONAP Licensing Scan - Use Restrictions

  • [POLICY-392] - Platform Maturity Requirements - Performance Level 1
    • POLICY-529 Platform Maturity Performance - Drools PDP

    • POLICY-567 Platform Maturity Performance - PDP-X

  • [POLICY-394] - This epic covers the work required to support a Policy developer environment in which Policy Developers can create, update policy templates/rules separate from the policy Platform runtime platform.
    • POLICY-488 pap should not add rules to official template provided in drools applications

  • [POLICY-398] - This epic covers the body of work involved in supporting policy that is platform specific.
    • POLICY-434 need PDP /getConfig to return an indicator of where to find the config data - in config.content versus config field

  • [POLICY-399] - This epic covers the work required to policy enable Hardware Platform Enablement
    • POLICY-622 Integrate OOF Policy Model into Policy Platform

  • [POLICY-512] - This epic covers the work to support Platform Maturity Requirements - Stability Level 1
    • POLICY-525 Platform Maturity Stability - Drools PDP

    • POLICY-526 Platform Maturity Stability - XACML PDP

  • [POLICY-513] - Platform Maturity Requirements - Resiliency Level 2
    • POLICY-527 Platform Maturity Resiliency - Policy Engine GUI and PAP

    • POLICY-528 Platform Maturity Resiliency - Drools PDP

    • POLICY-569 Platform Maturity Resiliency - BRMS Gateway

    • POLICY-585 Platform Maturity Resiliency - XACML PDP

    • POLICY-586 Platform Maturity Resiliency - Planning

    • POLICY-681 Regression Test Use Cases

  • [POLICY-514] - This epic covers the work to support Platform Maturity Requirements - Security Level 1
    • POLICY-523 Platform Maturity Security - CII Badging - Project Website

  • [POLICY-515] - This epic covers the work to support Platform Maturity Requirements - Escalability Level 1
    • POLICY-531 Platform Maturity Scalability - XACML PDP

    • POLICY-532 Platform Maturity Scalability - Drools PDP

    • POLICY-623 Docker image re-design

  • [POLICY-516] - This epic covers the work to support Platform Maturity Requirements - Manageability Level 1
    • POLICY-533 Platform Maturity Manageability L1 - Logging

    • POLICY-534 Platform Maturity Manageability - Instantiation < 1 hour

  • [POLICY-517] - This epic covers the work to support Platform Maturity Requirements - Usability Level 1
    • POLICY-535 Platform Maturity Usability - User Guide

    • POLICY-536 Platform Maturity Usability - Deployment Documentation

    • POLICY-537 Platform Maturity Usability - API Documentation

  • [POLICY-546] - R2 Beijing - Various enhancements requested by clients to the way we handle TOSCA models.

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-484] - Extend election handler run window and clean up error messages

  • [POLICY-494] - POLICY EELF Audit.log not in ECOMP Standards Compliance

  • [POLICY-501] - Fix issues blocking election handler and add directed interface for opstate

  • [POLICY-509] - Add IntelliJ file to .gitingore

  • [POLICY-510] - Do not enforce hostname validation

  • [POLICY-518] - StateManagement creation of EntityManagers.

  • [POLICY-519] - Correctly initialize the value of allSeemsWell in DroolsPdpsElectionHandler

  • [POLICY-629] - Fixed a bug on editor screen

  • [POLICY-684] - Fix regex for brmsgw dependency handling

  • [POLICY-707] - ONAO-PAP-REST unit tests fail on first build on clean checkout

  • [POLICY-717] - Fix a bug in checking required fields if the object has include function

  • [POLICY-734] - Fix Fortify Header Manipulation Issue

  • [POLICY-743] - Fixed data name since its name was changed on server side

  • [POLICY-753] - Policy Health Check failed with multi-node cluster

  • [POLICY-765] - junit test for guard fails intermittently

Security Notes

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project.

Quick Links:

Known Issues

The following known issues will be addressed in a future release:

  • [POLICY-522] - PAP REST APIs undesired HTTP response body for 500 responses

  • [POLICY-608] - xacml components : remove hardcoded secret key from source code

  • [POLICY-764] - Policy Engine PIP Configuration JUnit Test fails intermittently

  • [POLICY-776] - OOF Policy TOSCA models are not correctly rendered

  • [POLICY-799] - Policy API Validation Does Not Validate Required Parent Attributes in the Model

  • [POLICY-801] - fields mismatch for OOF flavorFeatures between implementation and wiki

  • [POLICY-869] - Control Loop Drools Rules should not have exceptions as well as die upon an exception

  • [POLICY-872] - investigate potential race conditions during rules version upgrades during call loads

Version: 1.0.2

Release Date

2018-01-18 (Amsterdam Maintenance Release)

Bug Fixes

The following fixes were deployed with the Amsterdam Maintenance Release:

  • [POLICY-486] - pdp-x api pushPolicy fails to push latest version

Version: 1.0.1

Release Date

2017-11-16 (Amsterdam Release)

New Features

The Amsterdam release continued evolving the design driven architecture of and functionality for POLICY. The following is a list of Epics delivered with the release. For a full list of stories and tasks delivered in the Amsterdam release, refer to JiraPolicyAmsterdam.

  • [POLICY-31] - Stabilization of Seed Code
    • POLICY-25 Replace any remaining openecomp reference by onap

    • POLICY-32 JUnit test code coverage

    • POLICY-66 PDP-D Feature mechanism enhancements

    • POLICY-67 Rainy Day Decision Policy

    • POLICY-93 Notification API

    • POLICY-158 policy/engine: SQL injection Mitigation

    • POLICY-269 Policy API Support for Rainy Day Decision Policy and Dictionaries

  • [POLICY-33] - This epic covers the body of work involved in deploying the Policy Platform components
    • POLICY-40 MSB Integration

    • POLICY-124 Integration with oparent

    • POLICY-41 OOM Integration

    • POLICY-119 PDP-D: noop sinks

  • [POLICY-34] - This epic covers the work required to support a Policy developer environment in which Policy Developers can create, update policy templates/rules separate from the policy Platform runtime platform.
    • POLICY-57 VF-C Actor code development

    • POLICY-43 Amsterdam Use Case Template

    • POLICY-173 Deployment of Operational Policies Documentation

  • [POLICY-35] - This epic covers the body of work involved in supporting policy that is platform specific.
    • POLICY-68 TOSCA Parsing for nested objects for Microservice Policies

  • [POLICY-36] - This epic covers the work required to capture policy during VNF on-boarding.

  • [POLICY-37] - This epic covers the work required to capture, update, extend Policy(s) during Service Design.
    • POLICY-64 CLAMP Configuration and Operation Policies for vFW Use Case

    • POLICY-65 CLAMP Configuration and Operation Policies for vDNS Use Case

    • POLICY-48 CLAMP Configuration and Operation Policies for vCPE Use Case

    • POLICY-63 CLAMP Configuration and Operation Policies for VOLTE Use Case

  • [POLICY-38] - This epic covers the work required to support service distribution by SDC.

  • [POLICY-39] - This epic covers the work required to support the Policy Platform during runtime.
    • POLICY-61 vFW Use Case - Runtime

    • POLICY-62 vDNS Use Case - Runtime

    • POLICY-59 vCPE Use Case - Runtime

    • POLICY-60 VOLTE Use Case - Runtime

    • POLICY-51 Runtime Policy Update Support

    • POLICY-328 vDNS Use Case - Runtime Testing

    • POLICY-324 vFW Use Case - Runtime Testing

    • POLICY-320 VOLTE Use Case - Runtime Testing

    • POLICY-316 vCPE Use Case - Runtime Testing

  • [POLICY-76] - This epic covers the body of work involved in supporting R1 Amsterdam Milestone Release Planning Milestone Tasks.
    • POLICY-77 Functional Test case definition for Control Loops

    • POLICY-387 Deliver the released policy artifacts

Bug Fixes
  • This is technically the first release of POLICY, previous release was the seed code contribution. As such, the defects fixed in this release were raised during the course of the release. Anything not closed is captured below under Known Issues. For a list of defects fixed in the Amsterdam release, refer to JiraPolicyAmsterdam.

Known Issues
  • The operational policy template has been tested with the vFW, vCPE, vDNS and VOLTE use cases. Additional development may/may not be required for other scenarios.

  • For vLBS Use Case, the following steps are required to setup the service instance:
    • Create a Service Instance via VID.

    • Create a VNF Instance via VID.

    • Preload SDNC with topology data used for the actual VNF instantiation (both base and DNS scaling modules). NOTE: you may want to set “vlb_name_0” in the base VF module data to something unique. This is the vLB server name that DCAE will pass to Policy during closed loop. If the same name is used multiple times, the Policy name-query to AAI will show multiple entries, one for each occurrence of that vLB VM name in the OpenStack zone. Note that this is not a limitation, typically server names in a domain are supposed to be unique.

    • Instantiate the base VF module (vLB, vPacketGen, and one vDNS) via VID. NOTE: The name of the VF module MUST start with Vfmodule_. The same name MUST appear in the SDNC preload of the base VF module topology. We’ll relax this naming requirement for Beijing Release.

    • Run heatbridge from the Robot VM using Vfmodule_ _ as stack name (it is the actual stack name in OpenStack)

    • Populate AAI with a dummy VF module for vDNS scaling.

Security Issues
  • None at this time

Other
  • None at this time

End of Release Notes