Policy Administration Point (PAP) Architecture

The Policy Administration Point (PAP) keeps track of PDPs, supporting the deployment of PDP groups and the deployment of policies across those PDP groups. Policies are created using the Policy API, but are deployed via the PAP.

The PAP is stateless in a RESTful sense, using the database (persistent storage) to track PDPs and the deployment of policies to those PDPs. In short, policy management on PDPs is the responsibility of PAP; management of policies by any other manner is not permitted.

Because the PDP is the main unit of scalability in the Policy Framework, the framework is designed to allow PDPs in a PDP group to arbitrarily appear and disappear and for policy consistency across all PDPs in a PDP group to be easily maintained. The PAP is responsible for controlling the state across the PDPs in a PDP group. The PAP interacts with the policy database and transfers policies to PDPs.

The unit of execution and scaling in the Policy Framework is a PolicyImpl entity. A PolicyImpl entity runs on a PDP. As is explained above, a PolicyImpl entity is a PolicyTypeImpl implementation parameterized with a TOSCA Policy.

../_images/PolicyImplPDPSubGroup.svg

In order to achieve horizontal scalability, we group the PDPs running instances of a given PolicyImpl entity logically together into a PDPSubGroup. The number of PDPs in a PDPSubGroup can then be scaled up and down using Kubernetes. In other words, all PDPs in a subgroup run the same PolicyImpl, that is the same policy template implementation (in XACML, Drools, or APEX) with the same parameters.

The figure above shows the layout of PDPGroup and PDPSubGroup entities. The figure shows examples of PDP groups for Control Loop and Monitoring policies on the right.

The health of PDPs is monitored by the PAP in order to alert operations teams managing policies. The PAP manages the life cycle of policies running on PDPs.

The table below shows the deployment methods in which PolicyImpl entities can be deployed to PDP Subgroups.

Method

Description

Advantages

Disadvantages

Cold

The PolicyImpl (PolicyTypeImpl and TOSCA Policy) are predeployed on the PDP. PDP is fully configured and ready to execute when started.

PDPs register with the PAP when they start, providing the pdpGroup they have been preconfigured with.

No run time configuration required and run time administration is simple.

Very restrictive, no run time configuration of PDPs is possible.

Warm

The PolicyTypeImpl entity is predeployed on the PDP. A TOSCA Policy may be loaded at startup. The PDP may be configured or reconfigured with a new or updated TOSCA Policy at run time.

PDPs register with the PAP when they start, providing the pdpGroup they have been predeployed with if any. The PAP may update the TOSCA Policy on a PDP at any time after registration.

The configuration, parameters, and PDP group of PDPs may be changed at run time by loading or updating a TOSCA Policy into the PDP.

Support TOSCA Policy entity life cycle managgement is supported, allowing features such as PolicyImpl Safe Mode and PolicyImpl retirement.

Administration and management is required. The configuration and life cycle of the TOSCA policies can change at run time and must be administered and managed.

Hot

The PolicyImpl (PolicyTypeImpl and TOSCA Policy) are deployed at run time. The PolicyImpl (PolicyTypeImpl and TOSCA Policy) may be loaded at startup. The PDP may be configured or reconfigured with a new or updated PolicyTypeImpl and/or TOSCA Policy at run time.

PDPs register with the PAP when they start, providing the pdpGroup they have been preconfigured with if any. The PAP may update the TOSCA Policy and PolicyTypeImpl on a PDP at any time after registration

The policy logic, rules, configuration, parameters, and PDP group of PDPs may be changed at run time by loading or updating a TOSCA Policy and PolicyTypeImpl into the PDP.

Lifecycle management of TOSCA Policy entities and PolicyTypeImpl entites is supported, allowing features such as PolicyImpl Safe Mode and PolicyImpl retirement.

Administration and management is more complex. The PolicyImpl itself and its configuration and life cycle as well as the life cycle of the TOSCA policies can change at run time and must be administered and managed.

1 APIs

The APIs in the subchapters below are supported by the PAP.

1.1 REST API

The purpose of this API is to support CRUD of PDP groups and subgroups and to support the deployment and life cycles of policies on PDP sub groups and PDPs. This API is provided by the PolicyAdministration component (PAP) of the Policy Framework, see the ONAP Policy Framework Architecture page.

PDP groups and subgroups may be prefedined in the system. Predefined groups and subgroups may be modified or deleted over this API. The policies running on predefined groups or subgroups as well as the instance counts and properties may also be modified.

A PDP may be preconfigured with its PDP group, PDP subgroup, and policies. The PDP sends this information to the PAP when it starts. If the PDP group, subgroup, or any policy is unknown to the PAP, the PAP locks the PDP in state PASSIVE.

PAP supports the operations listed in the following table, via its REST API:

Operation

Description

Health check

Queries the health of the PAP

Consolidated healthcheck

Queries the health of all policy components

Statistics

Queries various statistics

PDP state change

Changes the state of all PDPs in a PDP Group

PDP Group create/update

Creates/updates PDP Groups

PDP Group delete

Deletes a PDP Group

PDP Group query

Queries all PDP Groups

Deployment update

Deploy/undeploy one or more policies in specified PdpGroups

Deploy policy

Deploys one or more policies to the PDPs

Undeploy policy

Undeploys a policy from the PDPs

Policy Status

Queries the status of all policies

Policy deployment status

Queries the status of all deployed policies

PDP statistics

Queries the statistics of PDPs

Policy Audit

Queries the audit records of policies

1.2 DMaaP API

PAP interacts with the PDPs via the DMaaP Message Router. The messages listed in the following table are transmitted via DMaaP:

Message

Direction

Description

PDP status

Incoming

Registers a PDP with PAP; also sent as a periodic heart beat; also sent in response to requests from the PAP

PDP update

Outgoing

Assigns a PDP to a PDP Group and Subgroup; also deploys or undeploys policies from the PDP

PDP state change

Outgoing

Changes the state of a PDP or all PDPs within a PDP Group or Subgroup

In addition, PAP generates notifications via the DMaaP Message Router when policies are successfully or unsuccessfully deployed (or undeployed) from all relevant PDPs.

Here is a sample notification:

{
    "deployed-policies": [
        {
            "policy-type": "onap.policies.monitoring.tcagen2",
            "policy-type-version": "1.0.0",
            "policy-id": "onap.scaleout.tca",
            "policy-version": "2.0.0",
            "success-count": 3,
            "failure-count": 0
        }
    ],
    "undeployed-policies": [
        {
            "policy-type": "onap.policies.monitoring.tcagen2",
            "policy-type-version": "1.0.0",
            "policy-id": "onap.firewall.tca",
            "policy-version": "6.0.0",
            "success-count": 3,
            "failure-count": 0
        }
    ]
}

2 PAP REST API Swagger

It is worth noting that we use basic authorization for access with user name and password set to healthcheck and zb!XztG34, respectively.

For every call, the client is encouraged to insert a uuid-type requestID as parameter. It is helpful for tracking each http transaction and facilitates debugging. More importantly, it complies with Logging requirements v1.2. If the client does not provide the requestID in a call, one will be randomly generated and attached to the response header, x-onap-requestid.

In accordance with ONAP API Common Versioning Strategy Guidelines, several custom headers are added in the response to each call:

Header

Example value

Description

x-latestversion

1.0.0

latest version of the API

x-minorversion

0

MINOR version of the API

x-patchversion

0

PATCH version of the API

x-onap-requestid

e1763e61-9eef-4911-b952-1be1edd9812b

described above; used for logging purposes

Download Health Check PAP API Swagger

HealthCheck

GET /policy/pap/v1/healthcheck

Perform healthcheck

  • Description: Returns healthy status of the Policy Administration component

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation performs a health check on the PAP.

Here is a sample response:

{
    "code": 200,
    "healthy": true,
    "message": "alive",
    "name": "Policy PAP",
    "url": "self"
}

Download Consolidated Health Check PAP API Swagger

Consolidated Healthcheck

GET /policy/pap/v1/components/healthcheck

Returns health status of all policy components, including PAP, API, Distribution, and PDPs

  • Description: Queries health status of all policy components, returning all policy components health status

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation performs a health check of all policy components. The response contains the health check result of each component. The consolidated health check is reported as healthy only if all the components are healthy, otherwise the “healthy” flag is marked as false.

Here is a sample response:

{
  "pdps": {
    "xacml": [
      {
        "instanceId": "dev-policy-xacml-pdp-5b6697c845-9j8lb",
        "pdpState": "ACTIVE",
        "healthy": "HEALTHY"
      }
    ],
    "drools": [
      {
        "instanceId": "dev-drools-0",
        "pdpState": "ACTIVE",
        "healthy": "HEALTHY"
      }
    ],
    "apex": [
      {
        "instanceId": "dev-policy-apex-pdp-0",
        "pdpState": "ACTIVE",
        "healthy": "HEALTHY",
        "message": "Pdp Heartbeat"
      }
    ]
  },
  "healthy": true,
  "api": {
    "name": "Policy API",
    "url": "https://dev-policy-api-7fb479754f-7nr5s:6969/policy/api/v1/healthcheck",
    "healthy": true,
    "code": 200,
    "message": "alive"
  },
  "distribution": {
    "name": "Policy SSD",
    "url": "https://dev-policy-distribution-84854cd6c7-zn8vh:6969/healthcheck",
    "healthy": true,
    "code": 200,
    "message": "alive"
  },
  "pap": {
    "name": "Policy PAP",
    "url": "https://dev-pap-79fd8f78d4-hwx7j:6969/policy/pap/v1/healthcheck",
    "healthy": true,
    "code": 200,
    "message": "alive"
  }
}

Download Statistics PAP API Swagger

Statistics

GET /policy/pap/v1/statistics

Fetch current statistics

  • Description: Returns current statistics of the Policy Administration component

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows statistics for PDP groups, PDP subgroups, and individual PDPs to be retrieved.

Note

While this API is supported, most of the statistics are not currently updated; that work has been deferred to a later release.

Here is a sample response:

{
    "code": 200,
    "policyDeployFailureCount": 0,
    "policyDeploySuccessCount": 0,
    "policyDownloadFailureCount": 0,
    "policyDownloadSuccessCount": 0,
    "totalPdpCount": 0,
    "totalPdpGroupCount": 0,
    "totalPolicyDeployCount": 0,
    "totalPolicyDownloadCount": 0
}

Download State Change PAP Swagger

PdpGroup State Change

PUT /policy/pap/v1/pdps/groups/{name}

Change state of a PDP Group

  • Description: Changes state of PDP Group, returning optional error details

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

name

path

PDP Group Name

string

state

query

PDP Group State

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

The state of PDP groups is managed by this operation. PDP groups can be in states PASSIVE, TEST, SAFE, or ACTIVE. For a full description of PDP group states, see the ONAP Policy Framework Architecture page.

Download Group Batch PAP API Swagger

PdpGroup Create/Update

POST /policy/pap/v1/pdps/groups/batch

Create or update PDP Groups

  • Description: Create or update one or more PDP Groups, returning optional error details

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

body

body

List of PDP Group Configuration

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows the PDP groups and subgroups to be created and updated. Many PDP groups can be created or updated in a single POST operation by specifying more than one PDP group in the POST operation body. This can be used to create the PDP group by providing all the details including the supported policy types for each subgroup. However, it cannot be used to update policies; that is done using one of the deployment requests. Consequently, the “policies” property of this request will be ignored. This can also be used to update a PDP Group, but supported policy types cannot be updated during the update operation. So, “policies” and “supportedPolicyTypes” properties in the request will be ignored if provided during the PDP Group update operation.

The “desiredInstanceCount” specifies the minimum number of PDPs of the given type that should be registered with PAP. Currently, this is just used for health check purposes; if the number of PDPs registered with PAP drops below the given value, then PAP will return an “unhealthy” indicator if a “Consolidated Health Check” is performed.

Note

If a subgroup is to be deleted from a PDP Group, then the policies must be removed from the subgroup first.

Note

Policies cannot be added/updated during PDP Group create/update operations. So, if provided, they are ignored. Supported policy types are defined during PDP Group creation. They cannot be updated once they are created. So, supportedPolicyTypes are expected during PDP Group create, but ignored if provided during PDP Group update.

Here is a sample request:

{
    "groups": [
        {
            "name": "SampleGroup",
            "pdpGroupState": "ACTIVE",
            "properties": {},
            "pdpSubgroups": [
                {
                    "pdpType": "apex",
                    "desiredInstanceCount": 2,
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.controlloop.operational.common.Apex",
                            "version": "1.0.0"
                        }
                    ],
                    "policies": []
                },
                {
                    "pdpType": "xacml",
                    "desiredInstanceCount": 1,
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.monitoring.tcagen2",
                            "version": "1.0.0"
                        }
                    ],
                    "policies": []
                }
            ]
        }
    ]
}

Download Group Delete PAP API Swagger

PdpGroup Delete

DELETE /policy/pap/v1/pdps/groups/{name}

Delete PDP Group

  • Description: Deletes a PDP Group, returning optional error details

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

name

path

PDP Group Name

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

The API also allows PDP groups to be deleted. DELETE operations are only permitted on PDP groups in PASSIVE state.

Download Group Query PAP API Swagger

PdpGroup Query

GET /policy/pap/v1/pdps

Query details of all PDP groups

  • Description: Queries details of all PDP groups, returning all group details

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows the PDP groups and subgroups to be listed as well as the policies that are deployed on each PDP group and subgroup.

Here is a sample response:

{
    "groups": [
        {
            "description": "This group should be used for managing all control loop related policies and pdps",
            "name": "controlloop",
            "pdpGroupState": "ACTIVE",
            "pdpSubgroups": [
                {
                    "currentInstanceCount": 0,
                    "desiredInstanceCount": 1,
                    "pdpInstances": [],
                    "pdpType": "apex",
                    "policies": [],
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.controlloop.operational.common.Apex",
                            "version": "1.0.0"
                        }
                    ]
                },
                {
                    "currentInstanceCount": 0,
                    "desiredInstanceCount": 1,
                    "pdpInstances": [],
                    "pdpType": "drools",
                    "policies": [],
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.controlloop.operational.common.Drools",
                            "version": "1.0.0"
                        }
                    ]
                },
                {
                    "currentInstanceCount": 0,
                    "desiredInstanceCount": 1,
                    "pdpInstances": [],
                    "pdpType": "xacml",
                    "policies": [],
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.controlloop.Guard",
                            "version": "1.0.0"
                        }
                    ]
                }
            ],
            "properties": {}
        },
        {
            "description": "This group should be used for managing all monitoring related policies and pdps",
            "name": "monitoring",
            "pdpGroupState": "ACTIVE",
            "pdpSubgroups": [
                {
                    "currentInstanceCount": 0,
                    "desiredInstanceCount": 1,
                    "pdpInstances": [],
                    "pdpType": "xacml",
                    "policies": [],
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.Monitoring",
                            "version": "1.0.0"
                        }
                    ]
                }
            ],
            "properties": {}
        },
        {
            "description": "The default group that registers all supported policy types and pdps.",
            "name": "defaultGroup",
            "pdpGroupState": "ACTIVE",
            "pdpSubgroups": [
                {
                    "currentInstanceCount": 0,
                    "desiredInstanceCount": 1,
                    "pdpInstances": [],
                    "pdpType": "apex",
                    "policies": [],
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.controlloop.operational.common.Apex",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.native.Apex",
                            "version": "1.0.0"
                        }
                    ]
                },
                {
                    "currentInstanceCount": 0,
                    "desiredInstanceCount": 1,
                    "pdpInstances": [],
                    "pdpType": "drools",
                    "policies": [],
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.controlloop.operational.common.Drools",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.native.drools.Controller",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.native.drools.Artifact",
                            "version": "1.0.0"
                        }
                    ]
                },
                {
                    "currentInstanceCount": 0,
                    "desiredInstanceCount": 1,
                    "pdpInstances": [],
                    "pdpType": "xacml",
                    "policies": [],
                    "properties": {},
                    "supportedPolicyTypes": [
                        {
                            "name": "onap.policies.controlloop.guard.FrequencyLimiter",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.controlloop.guard.MinMax",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.controlloop.guard.Blacklist",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.controlloop.guard.coordination.FirstBlocksSecond",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.Monitoring",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.monitoring.*",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.AffinityPolicy",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.DistancePolicy",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.HpaPolicy",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.OptimizationPolicy",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.PciPolicy",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.QueryPolicy",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.SubscriberPolicy",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.Vim_fit",
                            "version": "1.0.0"
                        },
                        {
                            "name": "onap.policies.optimization.VnfPolicy",
                            "version": "1.0.0"
                        }
                    ]
                }
            ],
            "properties": {}
        }
    ]
}

Download Deployments Batch PAP API Swagger

Deployments Update

POST /policy/pap/v1/pdps/deployments/batch

Updates policy deployments within specific PDP groups

  • Description: Updates policy deployments within specific PDP groups, returning optional error details

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

body

body

List of PDP Group Deployments

Responses

202 - operation accepted

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows policies to be deployed on specific PDP groups. Each subgroup includes an “action” property, which is used to indicate that the policies are being added (POST) to the subgroup, deleted (DELETE) from the subgroup, or that the subgroup’s entire set of policies is being replaced (PATCH) by a new set of policies. As such, a subgroup may appear more than once in a single request, one time to delete some policies and another time to add new policies to the same subgroup.

Here is a sample request:

{
    "groups": [
        {
            "name": "SampleGroup",
            "deploymentSubgroups": [
                {
                    "pdpType": "apex",
                    "action": "POST",
                    "policies": [
                        {
                            "name": "onap.policies.native.apex.bbs.EastRegion",
                            "version": "1.0.0"
                        }
                    ]
                }
            ]
        }
    ]
}

Here is a sample response:

{
    "message": "Use the policy status url to fetch the latest status. Kindly note that when a policy is successfully undeployed, it will no longer appear in policy status response.",
    "uri": "/policy/pap/v1/policies/status"
}

Download Deploy PAP API Swagger

Deploy Policy

POST /policy/pap/v1/pdps/policies

Deploy or update PDP Policies

  • Description: Deploys or updates PDP Policies, returning optional error details

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

body

body

PDP Policies; only the name is required

Responses

202 - operation accepted

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows policies to be deployed across all relevant PDP groups. PAP will deploy the specified policies to all relevant subgroups. Only the policies supported by a given subgroup will be deployed to that subgroup.

Note

The policy version is optional. If left unspecified, then the latest version of the policy is deployed. On the other hand, if it is specified, it may be an integer, or it may be a fully qualified version (e.g., “3.0.2”). In addition, a subgroup to which a policy is being deployed must have at least one PDP instance, otherwise the request will be rejected.

Here is a sample request:

{
  "policies": [
    {
      "policy-id": "onap.scaleout.tca",
      "policy-version": 1
    },
    {
      "policy-id": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3"
    },
    {
      "policy-id": "guard.frequency.ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3"
    },
    {
      "policy-id": "guard.minmax.ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3"
    }
  ]
}

Here is a sample response:

{
    "message": "Use the policy status url to fetch the latest status. Kindly note that when a policy is successfully undeployed, it will no longer appear in policy status response.",
    "uri": "/policy/pap/v1/policies/status"
}

Download Undeploy PAP API Swagger

Undeploy Policy

DELETE /policy/pap/v1/pdps/policies/{name}

Undeploy a PDP Policy from PDPs

  • Description: Undeploys the latest version of a policy from the PDPs, returning optional error details

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

name

path

PDP Policy Name

string

Responses

202 - operation accepted

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

DELETE /policy/pap/v1/pdps/policies/{name}/versions/{version}

Undeploy version of a PDP Policy from PDPs

  • Description: Undeploys a specific version of a policy from the PDPs, returning optional error details

  • Produces: [‘application/json’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

name

path

PDP Policy Name

string

version

path

PDP Policy Version

string

Responses

202 - operation accepted

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows policies to be undeployed from PDP groups.

Note

If the policy version is specified, then it may be an integer, or it may be a fully qualified version (e.g., “3.0.2”). On the other hand, if left unspecified, then the latest deployed version will be undeployed.

Note

Due to current limitations, a fully qualified policy version must always be specified.

Here is a sample response:

{
    "message": "Use the policy status url to fetch the latest status. Kindly note that when a policy is successfully undeployed, it will no longer appear in policy status response.",
    "uri": "/policy/pap/v1/policies/status"
}

Download Policy Status PAP API Swagger

Policy Status

GET /policy/pap/v1/policies/status

Queries status of policies in all PdpGroups

  • Description: Queries status of policies in all PdpGroups, returning status of policies in all the PDPs belonging to all PdpGroups

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/policies/status/{pdpGroupName}

Queries status of policies in a specific PdpGroup

  • Description: Queries status of policies in a specific PdpGroup, returning status of policies in all the PDPs belonging to the PdpGroup

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

pdpGroupName

path

Name of the PdpGroup

string

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

404 - Resource not found

500 - Internal Server Error

GET /policy/pap/v1/policies/status/{pdpGroupName}/{policyName}

Queries status of all versions of a specific policy in a specific PdpGroup

  • Description: Queries status of all versions of a specific policy in a specific PdpGroup, returning status of all versions of the policy in the PDPs belonging to the PdpGroup

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

pdpGroupName

path

Name of the PdpGroup

string

policyName

path

Name of the Policy

string

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

404 - Resource not found

500 - Internal Server Error

GET /policy/pap/v1/policies/status/{pdpGroupName}/{policyName}/{policyVersion}

Queries status of a specific version of a specific policy in a specific PdpGroup

  • Description: Queries status of a specific version of a specific policy in a specific PdpGroup, returning status of the policy in the PDPs belonging to the PdpGroup

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

pdpGroupName

path

Name of the PdpGroup

string

policyName

path

Name of the Policy

string

policyVersion

path

Version of the Policy

string

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

404 - Resource not found

500 - Internal Server Error

This operation allows the status of all policies that are deployed or undeployed to be listed together. The result can be filtered based on pdp group name, policy name & version.

Note

When a policy is successfully undeployed, it will no longer appear in the policy status response.

Here is a sample response:

[
    {
        "pdpGroup": "defaultGroup",
        "pdpType": "apex",
        "pdpId": "policy-apex-pdp-0",
        "policy": {
            "name": "onap.policies.apex.Controlloop",
            "version": "1.0.0"
        },
        "policyType": {
            "name": "onap.policies.native.Apex",
            "version": "1.0.0"
        },
        "deploy": true,
        "state": "SUCCESS"
    },
    {
        "pdpGroup": "defaultGroup",
        "pdpType": "drools",
        "pdpId": "policy-drools-pdp-0",
        "policy": {
            "name": "OPERATIONAL_vFW_CDS_Service_v2_0_Drools_1_0_0_6SN",
            "version": "1.0.0"
        },
        "policyType": {
            "name": "onap.policies.controlloop.operational.common.Drools",
            "version": "1.0.0"
        },
        "deploy": true,
        "state": "SUCCESS"
    }
]

Download Deployed Policy PAP API Swagger

Policy Deployment Status

GET /policy/pap/v1/policies/deployed

Queries status of all deployed policies

  • Description: Queries status of all deployed policies, returning success and failure counts of the PDPs

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/policies/deployed/{name}

Queries status of specific deployed policies

  • Description: Queries status of specific deployed policies, returning success and failure counts of the PDPs

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

name

path

Policy Id

string

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/policies/deployed/{name}/{version}

Queries status of a specific deployed policy

  • Description: Queries status of a specific deployed policy, returning success and failure counts of the PDPs

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

name

path

Policy Id

string

version

path

Policy Version

string

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows the deployed policies to be listed together with their respective deployment status. The result can be filtered based on policy name & version.

Here is a sample response:

[
  {
    "policy-type": "onap.policies.monitoring.tcagen2",
    "policy-type-version": "1.0.0",
    "policy-id": "MICROSERVICE_vFW_CDS_Service_v2_0_app_1_0_0_I95",
    "policy-version": "1.0.0",
    "success-count": 1,
    "failure-count": 0,
    "incomplete-count": 0
  },
  {
    "policy-type": "onap.policies.monitoring.tcagen2",
    "policy-type-version": "1.0.0",
    "policy-id": "MICROSERVICE_vFW_CDS_Service_v2_0_app_1_0_0_WNX",
    "policy-version": "1.0.0",
    "success-count": 1,
    "failure-count": 0,
    "incomplete-count": 0
  },
  {
    "policy-type": "onap.policies.controlloop.operational.common.Drools",
    "policy-type-version": "1.0.0",
    "policy-id": "OPERATIONAL_vFW_CDS_Service_v2_0_Drools_1_0_0_6SN",
    "policy-version": "1.0.0",
    "success-count": 1,
    "failure-count": 0,
    "incomplete-count": 0
  }
]

Download PDP Statistics PAP API Swagger

PDP Statistics

GET /policy/pap/v1/pdps/statistics

Fetch statistics for all PDP Groups and subgroups in the system

  • Description: Returns for all PDP Groups and subgroups statistics of the Policy Administration component

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/pdps/statistics/{group}

Fetch current statistics for given PDP Group

  • Description: Returns statistics for given PDP Group of the Policy Administration component

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

group

path

PDP Group Name

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/pdps/statistics/{group}/{type}

Fetch statistics for the specified subgroup

  • Description: Returns statistics for the specified subgroup of the Policy Administration component

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

group

path

PDP Group Name

string

type

path

PDP SubGroup type

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/pdps/statistics/{group}/{type}/{pdp}

Fetch statistics for the specified pdp

  • Description: Returns statistics for the specified pdp of the Policy Administration component

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

group

path

PDP Group Name

string

type

path

PDP SubGroup type

string

pdp

path

PDP Instance name

string

recordCount

query

Record Count

integer

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows the PDP statistics to be retrieved for all registered PDPs. The result can be filtered based on PDP group, PDP subgroup & PDP instance.

Here is a sample response:

{
  "defaultGroup": {
    "apex": [
      {
        "pdpInstanceId": "dev-policy-apex-pdp-0",
        "timeStamp": "Apr 29, 2020, 6:15:29 PM",
        "pdpGroupName": "defaultGroup",
        "pdpSubGroupName": "apex",
        "policyDeployCount": 0,
        "policyDeploySuccessCount": 0,
        "policyDeployFailCount": 0,
        "policyExecutedCount": 0,
        "policyExecutedSuccessCount": 0,
        "policyExecutedFailCount": 0,
        "engineStats": []
      },
      {
        "pdpInstanceId": "dev-policy-apex-pdp-0",
        "timeStamp": "Apr 29, 2020, 6:17:29 PM",
        "pdpGroupName": "defaultGroup",
        "pdpSubGroupName": "apex",
        "policyDeployCount": 0,
        "policyDeploySuccessCount": 0,
        "policyDeployFailCount": 0,
        "policyExecutedCount": 0,
        "policyExecutedSuccessCount": 0,
        "policyExecutedFailCount": 0,
        "engineStats": []
      },
      {
        "pdpInstanceId": "dev-policy-apex-pdp-0",
        "timeStamp": "Apr 29, 2020, 6:19:29 PM",
        "pdpGroupName": "defaultGroup",
        "pdpSubGroupName": "apex",
        "policyDeployCount": 0,
        "policyDeploySuccessCount": 0,
        "policyDeployFailCount": 0,
        "policyExecutedCount": 0,
        "policyExecutedSuccessCount": 0,
        "policyExecutedFailCount": 0,
        "engineStats": []
      }
    ]
  }
}

Download Policy Audit PAP API Swagger

Policy Audit

GET /policy/pap/v1/policies/audit

Queries audit information for all the policies

  • Description: Queries audit information for all the policies, returning audit information for all the policies in the database

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

recordCount

query

Record count between 1-100

integer

fromDate

query

From date in epoch timestamp

integer

toDate

query

To date in epoch timestamp

integer

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/policies/audit/{pdpGroupName}

Queries audit information for all the policies in a PdpGroup

  • Description: Queries audit information for all the policies in a PdpGroup, returning audit information for all the policies belonging to the PdpGroup

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

recordCount

query

Record count between 1-100

integer

fromDate

query

From date in epoch timestamp

integer

toDate

query

To date in epoch timestamp

integer

pdpGroupName

path

PDP Group Name

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/policies/audit/{policyName}/{policyVersion}

Queries audit information for a specific version of a policy

  • Description: Queries audit information for a specific version of a policy, returning audit information for the policy

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

recordCount

query

Record count between 1-100

integer

fromDate

query

From date in epoch timestamp

integer

toDate

query

To date in epoch timestamp

integer

policyName

path

Policy Name

string

policyVersion

path

Policy Version

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

GET /policy/pap/v1/policies/audit/{pdpGroupName}/{policyName}/{policyVersion}

Queries audit information for a specific version of a policy in a PdpGroup

  • Description: Queries audit information for a specific version of a policy in a PdpGroup, returning audit information for the policy belonging to the PdpGroup

  • Produces: [‘application/json’, ‘application/yaml’]

Parameters

Name

Position

Description

Type

X-ONAP-RequestID

header

RequestID for http transaction

string

recordCount

query

Record count between 1-100

integer

fromDate

query

From date in epoch timestamp

integer

toDate

query

To date in epoch timestamp

integer

pdpGroupName

path

PDP Group Name

string

policyName

path

Policy Name

string

policyVersion

path

Policy Version

string

Responses

200 - successful operation

401 - Authentication Error

403 - Authorization Error

500 - Internal Server Error

This operation allows the audit records of policies to be listed together. The result can be filtered based on pdp group name, policy name & version. Along with record count, from date & to date as query parameters.

Here is a sample response:

[
    {
        "auditId": 123,
        "pdpGroup": "defaultGroup",
        "pdpType": "apex",
        "policy": {
            "name": "onap.policies.apex.Controlloop",
            "version": "1.0.0"
        },
        "action": "DEPLOYMENT",
        "timestamp": "2021-07-27T13:25:15Z",
        "user": "test"
    },
    {
        "auditId": 456,
        "pdpGroup": "defaultGroup",
        "pdpType": "drools",
        "policy": {
            "name": "operational.modifyconfig",
            "version": "1.0.0"
        },
        "action": "UNDEPLOYMENT",
        "timestamp": "2021-07-27T13:15:15Z",
        "user": "test"
    }
]

3.1 Disable collection of PDP Statistics

This configuration is to inform PAP to not save the PDP statistics in the database.

In config.json, add or change the property savePdpStatisticsInDb to false.

Note

By default, if the property is not present, it will be considered as false and PDP statistics will not be saved in the database.

4.1 Disable policies in PDP

This operation will allow disabling individual policies running in PDP engine. It is mainly beneficial in scenarios where network operators/administrators want to disable a particular policy in PDP engine for a period of time due to a failure in the system or for scheduled maintenance.

End of Document