Policy Framework Release Notes
Version: 14.0.0
- Release Date:
2024-06-13 (Newdelhi Release)
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
4.1.4 |
N/A |
policy/docker |
3.1.3 |
policy-jre-alpine
policy-jdk-alpine
policy-db-migrator
|
policy/common |
2.1.3 |
N/A |
policy/models |
3.1.3 |
N/A |
policy/api |
3.1.3 |
policy-api |
policy/pap |
3.1.3 |
policy-pap |
policy/apex-pdp |
3.1.3 |
policy-apex-pdp |
policy/drools-pdp |
2.1.3 |
policy-drools |
policy/xacml-pdp |
3.1.3 |
policy-xacml-pdp |
policy/distribution |
3.1.3 |
policy-distribution |
policy/clamp |
7.1.3 |
policy-clamp-ac-pf-ppnt
policy-clamp-ac-k8s-ppnt
policy-clamp-ac-http-ppnt
policy-clamp-runtime-acm’
|
policy/gui |
3.1.3 |
policy-gui |
policy/drools-applications |
2.1.3 |
policy-pdpd-cl |
Key Updates
Improvements to CLAMP Automation Composition Management (ACM)
CLAMP ACM is improved with various new capabilities in newdelhi release. ACM supports tracing feature with the integration of openTelemetry for http and kafka tracing. This provides a more efficient way of diagnosing bottlenecks and performance issues in the system. Participant’s outProperties are now retained during the restart and redeployment scenario that can be consumed by the participants. New Regression test suite has been added to test the ACM workflow with various combinations of ACM-R and participant versions. ACM element versions can now be upgraded during Migration.
- See:
POLICY-4865 - R14: Improvements specific to clamp
Backward compatibility support in ACM
From Newdelhi release, Users can deploy a newer version of ACM-R against an older participant version maintaining the backward compatibility. Participant intermediary provides flexibility for the users to maintain the older version participant when ACM-R is upgraded.
- See:
POLICY-4952 - R14: Backward compatibility between ACM-R and participants
Oparent dependency removed
From newdelhi onwards, Policy framework can be installed without oparent maven dependency. policy-parent provides all the required dependencies and design rule configurations for the policy components.
- See:
POLICY-4960 - R14: Remove oparent dependency from PF
Tracing support in clamp
Distributed tracing of messages between acm, participants, databases, rest is available in policy clamp that helps to diagnose the bottlenecks and performance issues in the system. A combination of OpenTelemetry and Micrometer is used to achieve this.
- See:
POLICY-4875 - R14: Add support for Open Telemetry in ACM.
Known Limitations, Issues and Workarounds
System Limitations
N/A
Known Vulnerabilities
N/A
Workarounds
N/A
Security Notes
N/A
Functional Improvements
Necessary Improvements and Bug Fixes
Necessary Improvements
Bug Fixes
References
For more information on the ONAP London release, please see:
- Quick Links:
Version: 13.0.0
- Release Date:
2023-11-30 (Montreal Release)
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
4.0.2 |
N/A |
policy/docker |
3.0.2 |
policy-jre-alpine
policy-jdk-alpine
policy-db-migrator
|
policy/common |
2.0.2 |
N/A |
policy/models |
3.0.2 |
N/A |
policy/api |
3.0.2 |
policy-api |
policy/pap |
3.0.2 |
policy-pap |
policy/apex-pdp |
3.0.2 |
policy-apex-pdp |
policy/drools-pdp |
2.0.2 |
policy-drools |
policy/xacml-pdp |
3.0.2 |
policy-xacml-pdp |
policy/distribution |
3.0.2 |
policy-distribution |
policy/clamp |
7.0.3 |
policy-clamp-ac-pf-ppnt
policy-clamp-ac-k8s-ppnt
policy-clamp-ac-http-ppnt
policy-clamp-runtime-acm’
|
policy/gui |
3.0.2 |
policy-gui |
policy/drools-applications |
2.0.2 |
policy-pdpd-cl |
Key Updates
Improvements to CLAMP Automation Composition Management (ACM)
CLAMP ACM is improved with new features and Failure handling capabilities. ACM can handle a restarted participant and send updates to the participant with the runtime data. In addition, the user can also update instance properties on the deployed instances without impacting the ACM system. From Montreal release, the ACM participants can handle multiple messages from ACM simultaneously. ACM configuration now supports customizable element names in the compositions.
- See:
POLICY-4505 - R13: Improvements specific to clamp
Migration functionality in ACM
From Montreal release, Users can migrate the deployed AC instances to a different composition definition with updated configurations without impacting the running system.
- See:
POLICY-4809 - R13: Instance Migration/Upgrade in ACM
Java 17 Upgrade
All the components in the policy framework are upgraded to java 17 version. Spring version upgraded to spring 6 and spring boot 3. This improves the overall performance of the applications along with the latest java capabilities. Also this upgrade is very significant in removing the critical security vulnerabilities.
- See:
POLICY-4665 - R13: Java 17 and associated dependency upgrade
Remove AAF from Policy Framework
AAF project is deprecated in ONAP. Policy Framework is refactored to remove unused functionalities and configurations related to AAF.
- See:
POLICY-4592 - R13: Remove AAF from Policy Framework
Known Limitations, Issues and Workarounds
System Limitations
N/A
Known Vulnerabilities
N/A
Workarounds
N/A
Security Notes
Policy Framework upgraded to Spring 6 and Springboot 3 and eliminated critical security vulnerabilities. Java version upgraded to Java 17.
Functional Improvements
Necessary Improvements and Bug Fixes
Necessary Improvements
Bug Fixes
References
For more information on the ONAP London release, please see:
- Quick Links:
Version: 12.0.0
- Release Date:
2023-06-15 (London Release)
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.7.2 |
N/A |
policy/docker |
2.6.2 |
policy-jre-alpine
policy-jdk-alpine
policy-db-migrator
|
policy/common |
1.12.2 |
N/A |
policy/models |
2.8.2 |
N/A |
policy/api |
2.8.2 |
policy-api |
policy/pap |
2.8.2 |
policy-pap |
policy/apex-pdp |
2.9.2 |
policy-apex-pdp |
policy/drools-pdp |
1.12.2 |
policy-drools |
policy/xacml-pdp |
2.8.2 |
policy-xacml-pdp |
policy/distribution |
2.9.2 |
policy-distribution |
policy/clamp |
6.4.3 |
policy-clamp-ac-pf-ppnt
policy-clamp-ac-k8s-ppnt
policy-clamp-ac-http-ppnt
policy-clamp-runtime-acm’
|
policy/gui |
2.4.2 |
policy-gui |
policy/drools-applications |
1.12.2 |
policy-pdpd-cl |
Key Updates
Improvements to CLAMP Automation Composition Management (ACM)
CLAMP ACM is improved to allow much more flexibility in the specification and life cycle management of rApps. ACM can manage the lifecycle of rApps made up of an arbitrary number of microservices and rules/learning models/schemas in the form of metadata. In the London release, the state machine is improved to allow priming of rApp types, and to support deploymeent/undeployment and locking/unlocking of rApps. Update of the properties of rApps is also supported at run time. In addition, ITU Recommendation X.731 is now supported for state reporting from rApp microservices.
- See:
POLICY-4401 - R12: Improvements specific to clamp
Improved database support in CLAMP ACM
CLAMP ACM now supports MySql 8.x as a database and supports secured DB communication.
- See:
POLICY-4395 - R12: Database related issues
Metadata driven API Generation
Up until now, the Policy Framework components used handwritten code to implement their REST interfaces and the Swagger 2 API documentation was generated from annotations in the code. From the London release on, the REST API code is generated from OpenAPI 3.0 (Swagger 3.0) documents. In addition, the API documentation is substantially enhanced. See the Policy Offered APIs in the documentation.
- See:
POLICY-4123 - R12: OpenAPI Adaption and Swagger Cleanup
Improved Metrics and SLAs
The metrics generated by the Policy Framework have been substantially improved for the London release. In addition to gathering metrics on REST call performance and policy deployment and execution time, we have defined SLA values for these metrics. We have implemented automated tests that run as part of the CSIT testing that ensure the SLAs are complied with.
- See:
POLICY-4124 - R12: Add metrics to measure SLAs
Improved Testing
- Testing is much improved in the London release.
S3P tests have been automated and run as CSIT tests
Automated tests to verify SLA compliance using prometheus metrics are added
A suite of contract tests is provided for each REST API
Tests now use http rather than https
- See:
POLICY-4125 - R12: New Test Development
POLICY-4126 - R12: Improve Automated Testing and Policy Framework S3P Tests
Known Limitations, Issues and Workarounds
System Limitations
N/A
Known Vulnerabilities
Dependency |
Security Threat Level |
Policy Framework Components |
Comment |
---|---|---|---|
com.fasterxml.jackson.core:jackson-core:2.14.1 (2.15.1) |
10 |
policy/common (D)
policy/models (T)
policy/api (T)
policy/pap (T)
policy/distribution (T)
policy/clamp (T)
policy/gui (T)
policy/apex-pdp (T)
policy/xacml-pdp (T)
policy/drools-pdp (T)
policy/drools-applications (T)
|
Used in the implementation of policy endpoints |
com.google.protobuf:protobuf-java:3.10.0 |
10 |
policy/models (T)
policy/clamp (T)
policy/apex-pdp (T)
policy/drools-applications (T)
|
Transitive dependency pulled in by CDS/Spring/Springboot |
com.squareup.okhttp3:okhttp:4.9.1 |
10 |
policy/clamp (T)
|
Transitive dependency pulled in by Spring/Springboot |
com.sthoughtworks.xstrea:xstream:1.4.19 |
10 |
policy/drools-pdp (T)
|
Transitive dependency pulled in by Drools rules |
net.minidev:json-smart:2.4.6 |
10 |
policy/models (T)
policy/apex-pdp (T)
policy/drools-applications (T)
|
Transitive dependency pulled in by CDS |
io.grpc:grpc-core:1.25.0 |
6 |
policy/models (T)
policy/apex-pdp (T)
policy/drools-applications (T)
|
Transitive dependency pulled in by CDS |
org.apache.maven:maven-model:3.8.6 |
6 |
policy/drools-pdp (T)
|
Transitive dependency pulled in to handle artifact generation |
org.apache.tomcat.embed:tomcat-embed-core:9.0.71 |
10 |
policy/api (T)
policy/pap (T)
policy/clamp (T)
|
Transitive dependency pulled in by org.springframework.boot:spring-boot-starter-web |
org.bouncycastle:bc.fips:1.0.2.3 |
6 |
policy/common (T)
policy/models (T)
policy/distribution (T)
policy/apex-pdp (T)
|
Transitive dependency pulled in by org.bouncycastle:bcpkix-fips:1.0.5 in the utils-test module |
org.eclipse.jetty:jetty-http:10.0.13 |
6 |
policy/common (T)
policy/models (T)
policy/api (T)
policy/pap (T)
policy/distribution (T)
policy/clamp (T)
policy/gui (T)
policy/apex-pdp (T)
policy/drools-pdp (T)
policy/xacml-pdp (T)
policy/drools-applications (T)
|
Transitive dependency pulled in by org.eclipse.jetty:jetty-server |
org.eclipse.jetty:jetty-server:10.0.13 |
6 |
policy/common (D)
policy/models (T)
policy/api (T)
policy/pap (T)
policy/distribution (T)
policy/clamp (T)
policy/gui (T)
policy/apex-pdp (T)
policy/drools-pdp (T)
policy/xacml-pdp (T)
policy/drools-applications (T)
|
Used in the implementation of policy endpoints |
org.jetbrains.kotlin:kotlin-daemon-client:1.3.61 |
6 |
policy/models (T)
policy/apex-pdp (T)
policy/drools-applications (T)
|
Transitive dependency pulled in by CDS |
org.jetbrains.kotlin:kotlin-scripting-jvm:1.3.61 |
6 |
policy/models (T)
policy/apex-pdp (T)
policy/drools-applications (T)
|
Transitive dependency pulled in by CDS |
org.springframework:spring-web:5.3.25 |
10 |
policy/api (T)
policy/pap (T)
policy/clamp (T)
policy/gui (T)
|
Transitive dependency pulled in by Spring/Springboot |
org.springframework:spring-webmvc:5.3.25 |
10 |
policy/api (T)
policy/pap (T)
policy/clamp (T)
policy/gui (T)
|
Transitive dependency pulled in by Spring/Springboot |
org.springframework.boot:spring-boot-actuator-autoconfigure:2.7.8 |
10 |
policy/api (T)
policy/pap (T)
policy/clamp (T)
policy/gui (T)
|
Transitive dependency pulled in by Spring/Springboot |
org.springframework.boot:spring-boot-autoconfigure:2.7.8 |
10 |
policy/models (T)
policy/api (T)
policy/pap (T)
policy/clamp (T)
policy/gui (T)
policy/apex-pdp (T)
policy/drools-applications (T)
|
Transitive dependency pulled in by Spring/Springboot |
org.springframework.security:spring-security-config:5.7.6 |
10 |
policy/api (T)
policy/pap (T)
policy/clamp (T)
|
Transitive dependency pulled in by Spring/Springboot |
org.springframework.security:spring-security-web:5.7.6 |
10 |
policy/api (T)
policy/pap (T)
policy/clamp (T)
|
Transitive dependency pulled in by Spring/Springboot |
org.webjars:jquery-ui:1.12.1 |
6 |
policy/gui (T)
|
Used by GUI for doing jquery queries |
Workarounds
N/A
Security Notes
Upgrading to Spring 6 and Springboot 3 is required to remove security vulnerabilities above. This change requries moving to Java 17. This change will be done in the Montreal release of the Policy Framework. See POLICY-4665.
Functional Improvements
Necessary Improvements and Bug Fixes
Necessary Improvements
Bug Fixes
References
For more information on the ONAP London release, please see:
- Quick Links:
Version: 11.0.0
- Release Date:
2022-11-20 (Kohn Release)
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.6.1 |
N/A |
policy/docker |
2.5.1 |
policy-jre-alpine
policy-jdk-alpine
policy-db-migrator
|
policy/common |
1.11.1 |
N/A |
policy/models |
2.7.2 |
N/A |
policy/api |
2.7.2 |
policy-api |
policy/pap |
2.7.2 |
policy-pap |
policy/apex-pdp |
2.8.2 |
policy-apex-pdp |
policy/drools-pdp |
1.11.2 |
policy-drools |
policy/xacml-pdp |
2.7.2 |
policy-xacml-pdp |
policy/distribution |
2.8.2 |
policy-distribution |
policy/clamp |
6.3.2 |
policy-clamp-ac-pf-ppnt
policy-clamp-ac-k8s-ppnt
policy-clamp-ac-http-ppnt
policy-clamp-runtime-acm’
|
policy/gui |
2.3.2 |
policy-gui |
policy/drools-applications |
1.11.2 |
policy-pdpd-cl |
Key Updates
Support for O1 and A1 Policy Payloads in the 5G SON use Case
The 5G SON policy is updated to allow O1 and A1 Policy payloads to be passed to SDN-R. Now, policies can pass O1 and A1 Policy payloads.
- See:
REQ-1212 - 5G SON use case enhancements for Kohn release
POLICY-4108 Control Loop Policy for A1-based action for SON Use Case
Native Kafka messaging bewtween Policy Framework components
The Policy Framework can now be configured to use Kafka for asynchronous communication between PAP and PDPs and between CLAMP ACM Runtime and Participants. Kafka messaging is an alternative to using DMaaP MR for asynchronous messaging. The Policy Framework components are configured to use either DMaaP or Kafka messaging, with DMaaP being the default. This change is supported by APEX-PDP in this release and will be supported DROOLS-PDP and XACML-PDP in future releases.
- See:
POLICY-4121 - R11: DMaaP and Kafka updates
Support for Secured Database Communication
Database communiction with MariaDB, MySql, or PostgreSQL can be configured to be secure. Secure database communication is introduced for API, PAP, DROOLS-PDP and XACML-PDP. Support for secure database communication will be introduced in CLAMP ACM in a future release.
- See:
POLICY-4176 - Support Secured Database Connections
Support for MySql 8
The Policy Framework can use MySql 8 for persistence in addition to MariaDb and Postgres. Interoperability with MySql 8 has been added for DB-MIGRATOR, API, PAP, DROOLS-PDP, XACML-PDP, and CLAM ACM.
- See:
POLICY-4314 - Support for MySql 8.x DB client interfaces
Support for Service Mesh
All Policy Framework components and images support service mesh and are service mesh compatible. The OOM charts for all Policy Framework components have been updated to supprot configuration for Service Mesh. In addition, some minor bugs in startup scripts were fixed to allow HTTP or HTTPS to be configured on components.
XACML-PDP improvements
Support for XACML 3.1 introduced
Exposure of application level metrics
Support for Postgres database as well as MariaDB
Support for DCAE TCAGEN2 monitoring app changes
Logging to standard output
XACML tutorial updated and improved
- See:
POLICY-4049 - R11: Improvements specific to xacml-pdp
DROOLS-PDP and DROOLS-Applications improvements
Latest Drools libraries supported
JDBC pooling libraries upgraded
- See:
POLICY-4050 - R11: Improvements specific to drools-pdp and drools-applications
APEX-PDP Improvements
Support for event definitions in JSON as well as AVRO is added
Support for Metadata Set generation from the APEX CLI editor
Support for deserialization of messages encoded in Avro carried over Kafka
- See:
POLICY-4048 - R11: Improvements specific to apex-pdp
Policy-Distribution Improvements
Configuration added to allow distribution of CLAMP ACM compositions
Policy distribution re-synchs if SDC is reinstalled
- See:
POLICY-4052 - R11: Improvements to distribution
CLAMP Improvements
Instance properties can be edited
Helm repository can be configured in the Kubernetes participant
- See:
POLICY-4053 - R11: Improvements specific to clamp
- System Attribute Improvements
Demo Grafana dashboards available for policy framework components
All parameters in Helm Charts have default values
Springboot dependency handling improved in policy-parent
CSITs amended to use HTTP rather than HTTPS and to use released image versions from Nexus when snapshot image versions are not available
Updates to database drivers to latest versions
Known Limitations, Issues and Workarounds
System Limitations
N/A
Known Vulnerabilities
Dependency |
Security Threat Level |
Policy Framework Components |
Comment |
---|---|---|---|
io.grpc:grpc-core:1.25.0 |
6 |
policy/models
policy/apex-pdp
|
Transitive dependency pulled in by the CDS project |
io.springfox:springfox-swagger-ui:3.0.0 |
6 |
policy/api
policy/pap
policy/clamp
|
Dependency used to generate Swagger files from annotations |
io.springfox:springfox-swagger2:3.0.0 |
6 |
policy/api
policy/pap
policy/clamp
|
Dependency used to generate Swagger files from annotations |
io.projectreactor.netty:reactor-netty-core:1.0.19 |
6 |
policy/clamp
|
TBC |
io.projectreactor.netty:reactor-netty-http:1.0.19 |
6 |
policy/clamp
|
TBC |
org.webjars jquery-ui 1.12.1 |
6 |
policy/gui
|
TBC |
com.thoughtworks.xstream:xstream:1.4.17 |
10 |
policy/drools-pdp
|
Pulled in by the Drools rule engine |
org.apache.maven:maven-compat:3.3.9 |
10 |
policy/drools-pdp
|
Pulled in by the Drools rule engine |
org.apache.maven:maven-core:3.3.9 |
10 |
policy/drools-pdp
|
Pulled in by the Drools rule engine |
org.apache.maven:maven-settings:3.3.9 |
10 |
policy/drools-pdp
|
Pulled in by the Drools rule engine |
org.jsoup:jsoup:1.7.2 |
10 |
policy/drools-pdp
|
Pulled in by the Drools rule engine |
Workarounds
N/A
Security Notes
Dependency |
Security Threat Level |
Policy Framework Components |
Comment |
---|---|---|---|
org.springframework:spring-web:5.3.22 |
10 |
policy/common
policy/api
policy/pap
policy/clamp
policy/gui
|
Threat only applies when serialising and deserialising Java Objects, which the Policy Framework does not do |
Functional Improvements
Necessary Improvements and Bug Fixes
Necessary Improvements
Bug Fixes
References
For more information on the ONAP Kohn release, please see:
- Quick Links:
Version: 10.0.0
- Release Date:
2022-05-12 (Jakarta Release)
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.5.3 |
N/A |
policy/docker |
2.4.3 |
policy-jre-alpine
policy-jdk-alpine
policy-db-migrator
|
policy/common |
1.10.3 |
N/A |
policy/models |
2.6.3 |
N/A |
policy/api |
2.6.3 |
policy-api |
policy/pap |
2.6.3 |
policy-pap |
policy/apex-pdp |
2.7.3 |
policy-apex-pdp |
policy/drools-pdp |
1.10.3 |
policy-drools |
policy/xacml-pdp |
2.6.3 |
policy-xacml-pdp |
policy/distribution |
2.7.3 |
policy-distribution |
policy/clamp |
6.2.3 |
policy-clamp-backend
policy-clamp-ac-pf-ppnt
policy-clamp-ac-k8s-ppnt
policy-clamp-ac-http-ppnt
policy-clamp-runtime-acm’
|
policy/gui |
2.2.3 |
policy-gui |
policy/drools-applications |
1.10.3 |
policy-pdpd-cl |
Key Updates
REQ-994 - Control Loop in TOSCA LCM Improvement CLAMP (Control Loop Automation Management Platform) functionalities, moved to the Policy project in the Istanbul release, provides a Control Loop Lifecycle management architecture. A control Loop is a key concept for Automation and Assurance Use Cases and remains a top priority for ONAP as an automation platform butit is not the only possible composition of components that is possible to combine to deliver functionality.
This work evolves the Control Loop LCM architecture to provide abstract Automation Composition Management (ACM) logic with a generic Automation Composition definition, isolating Composition logic logic from ONAP component logic. It elaborates APIs that allow integrate with other design systems as well as 3PP component integration.
The current PMSH and TCS control loops are migrated to use an Automation Composition approach. Support for Automation Compositions in SDC is also introduced.
Metadata Sets for Policy Types.
A Metadata set allows a global set of metadata containing rules or global parameters that all instances of a certain policy type can use. Metadta sets are introduced in the Policy Framework in the Jakarta release. This means that different rule set implementations can be associated with a policy type, which can be used in appropriate situations.
Introduction of Prometheus for monitoring Policy components so that necessary alerts can be easily triggered and possible outages can be avoided in production systems.
Expose application level metrics in policy components. An end user can plug in a prometheus instance and start listening to the metrics exposed by policy components and either raise alerts or show them on a Grafana dashboard for operations team to keep monitoring the health of the system.
Provide sample Grafana dashboards for policy metrics.
Improve the policy/api and policy/pap readiness probes to handle database failures so that the policy/api and policy/pap kubernetes pods are marked ready only if the policy database pod is ready.
Migration of Policy Framework components to Springboot to support easier handling, configuration and maintenance. The migrated components are policy/api, policy/pap, policy/clamp, and policy/gui.
Enhanced healthchecks on drools pdp to report on stuck applications. This together with enhanced liveness probes self-heals the unresponsive pod in such condition by restarting it.
Drools PDP has been upgraded to the latest available stable version: 7.68.0.Final.
Extend CDS actor model to decouple VNF handling from the vFirewall use case.
Policy Framework Database Configurability. Some of the components in the Policy Framework can be configured to use any JDBC-compliant RDBMS and configuraiton files are supplied for the Postgres RDBMS. MariaDB remains the default RDBMS for the Policy Framework in ONAP. Further testing will be carried out using Postgres in Kohn and future releases.
- System Attribute Improvements
Transaction boundaries on REST calls are implemented per REST call on applications migrated to Spring (policy/api, policy/pap, and policy/clamp)
JDBC backend uses Spring and Hibernate rather than Eclipselink
All GUIs are now included in the policy/gui microservice
Documentation is retionalized and cleaned up, testing documentation is now complete
Scripts are added to make release of the Policy Framework easier
Known Limitations, Issues and Workarounds
System Limitations
N/A
Known Vulnerabilities
N/A
Workarounds
N/A
Security Notes
Functional Improvements
Necessary Improvements and Bug Fixes
Necessary Improvements
Bug Fixes
References
For more information on the ONAP Jakarta release, please see:
- Quick Links:
Version: 9.0.1
- Release Date:
2022-02-17 (Istanbul Maintenance Release #1)
Artifacts
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.4.4 |
N/A |
policy/docker |
2.3.2 |
onap/policy-jdk-alpine:2.3.2
onap/policy-jre-alpine:2.3.2
onap/policy-db-migrator:2.3.2
|
policy/common |
1.9.2 |
N/A |
policy/models |
2.5.2 |
N/A |
policy/api |
2.5.2 |
onap/policy-api:2.5.2 |
policy/pap |
2.5.2 |
onap/policy-pap:2.5.2 |
policy/drools-pdp |
1.9.2 |
onap/policy-drools:1.9.2 |
policy/apex-pdp |
2.6.2 |
onap/policy-apex-pdp:2.6.2 |
policy/xacml-pdp |
2.5.2 |
onap/policy-xacml-pdp:2.5.2 |
policy/drools-applications |
1.9.2 |
onap/policy-pdpd-cl:1.9.2 |
policy/clamp |
6.1.4 |
onap/policy-clamp-backend:6.1.4
onap/policy-clamp-frontend:6.1.4
onap/policy-clamp-cl-pf-ppnt:6.1.4
onap/policy-clamp-cl-k8s-ppnt:6.1.4
onap/policy-clamp-cl-http-ppnt:6.1.4
onap/policy-clamp-cl-runtime:6.1.4
|
policy/gui |
2.1.2 |
onap/policy-gui:2.1.2 |
policy/distribution |
2.6.2 |
onap/policy-distribution:2.6.2 |
Bug Fixes and Necessary Enhancements
[POLICY-3862] - Check all code for Log4J before version 2.15.0 and upgrade if necessary
Version: 9.0.0
- Release Date:
2021-11-04 (Istanbul Release)
New features
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.4.3 |
N/A |
policy/docker |
2.3.1 |
onap/policy-jdk-alpine:2.3.1
onap/policy-jre-alpine:2.3.1
onap/policy-db-migrator:2.3.1
|
policy/common |
1.9.1 |
N/A |
policy/models |
2.5.1 |
N/A |
policy/api |
2.5.1 |
onap/policy-api:2.5.1 |
policy/pap |
2.5.1 |
onap/policy-pap:2.5.1 |
policy/drools-pdp |
1.9.1 |
onap/policy-drools:1.9.1 |
policy/apex-pdp |
2.6.1 |
onap/policy-apex-pdp:2.6.1 |
policy/xacml-pdp |
2.5.1 |
onap/policy-xacml-pdp:2.5.1 |
policy/drools-applications |
1.9.1 |
onap/policy-pdpd-cl:1.9.1 |
policy/clamp |
6.1.3 |
onap/policy-clamp-backend:6.1.3
onap/policy-clamp-frontend:6.1.3
onap/policy-clamp-cl-pf-ppnt:6.1.3
onap/policy-clamp-cl-k8s-ppnt:6.1.3
onap/policy-clamp-cl-http-ppnt:6.1.3
onap/policy-clamp-cl-runtime:6.1.3
|
policy/gui |
2.1.1 |
onap/policy-gui:2.1.1 |
policy/distribution |
2.6.1 |
onap/policy-distribution:2.6.1 |
Key Updates
Clamp -> policy Control Loop Database
- REQ-684 - Merge CLAMP functionality into Policy Framework project
keep CLAMP functions into ONAP
reduce ONAP footprint
consolidate the UI (Control loop UI and policy)
enables code sharing and common handling for REST and TOSCA
introduces the Spring Framework into the Policy Framework
- REQ-716 - Control Loop in TOSCA LCM
Allows Control Loops to be defined and described in Metadata using TOSCA
Control loops can run on the fly on any component that implements a participant API
Control Loops can be commissioned into Policy/CLAMP, they can be parameterized, initiated on arbitrary participants, activated and monitored
- CLAMP Client Policy and TOSCA Handling
Push existing policy(tree) into pdp
Handling of PDP Groups
Handling of Policy Types
Handling of TOSCA Service Templates
Push of Policies to PDPs
Support multiple PDP Groups per Policy Type
Tree view in Policies list
Integration of new TOSCA Control Loop GUI into CLAMP GUI
- Policy Handling Improvements
Support delta policies in PDPs
Allow XACML rules to specify EventManagerService
Sending of notifications to Kafka & Rest in apex-pdp policies
External configuration of groups other than defaultGroup
XACML Decision support for Multiple Requests
Updated query parameter names and support for wildcards in APIs
Added new APIs for Policy Audit capabilities
Capability to send multiple output events from a state in APEX-PDP
- System Attribute Improvements
Support for upgrade and rollback, starting with upgrade from the Honolulu release to the Istanbul release
Consolidated health check
Phase 1 of Spring Framework introduction
Phase 1 of Prometheus introduction, base Prometheus metrics
Known Limitations, Issues and Workarounds
System Limitations
N/A
Known Vulnerabilities
N/A
Workarounds
N/A
Security Notes
Functional Improvements
Necessary Improvements and Bug Fixes
Necessary Improvements
Bug Fixes
References
For more information on the ONAP Istanbul release, please see:
- Quick Links:
Version: 8.0.1
- Release Date:
2021-08-12 (Honolulu Maintenance Release #1)
Artifacts
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.3.2 |
|
policy/common |
1.8.2 |
|
policy/models |
2.4.4 |
|
policy/api |
2.4.4 |
onap/policy-api:2.4.4 |
policy/pap |
2.4.5 |
onap/policy-pap:2.4.5 |
policy/drools-pdp |
1.8.4 |
onap/policy-drools:1.8.4 |
policy/apex-pdp |
2.5.4 |
onap/policy-apex-pdp:2.5.4 |
policy/xacml-pdp |
2.4.5 |
onap/policy-xacml-pdp:2.4.5 |
policy/drools-applications |
1.8.4 |
onap/policy-pdpd-cl:1.8.4 |
policy/distribution |
2.5.4 |
onap/policy-distribution:2.5.4 |
policy/docker |
2.2.1 |
onap/policy-jdk-alpine:2.2.1, onap/policy-jre-alpine:2.2.1 |
Bug Fixes and Necessary Enhancements
[POLICY-3062] - Update the ENTRYPOINT in APEX-PDP Dockerfile
[POLICY-3066] - Stackoverflow error in APEX standalone after changing to onap java image
[POLICY-3078] - Support SSL communication in Kafka IO plugin of Apex-PDP
[POLICY-3173] - APEX-PDP incorrectly reports successful policy deployment to PAP
[POLICY-3202] - PDP-D: no locking feature: service loader not locking the no-lock-manager
[POLICY-3227] - Implementation of context album improvements in apex-pdp
[POLICY-3230] - Make default PDP-D and PDP-D-APPS work out of the box
[POLICY-3248] - PdpHeartbeats are not getting processed by PAP
[POLICY-3301] - Apex Avro Event Schemas - Not support for colon ‘:’ character in field names
[POLICY-3305] - Ensure XACML PDP application/translator methods are extendable
[POLICY-3331] - PAP: should allow for external configuration of groups other than defaultGroup
[POLICY-3338] - Upgrade CDS dependency to the latest version
[POLICY-3366] - PDP-D: support configuration of overarching DMAAP https flag
[POLICY-3450] - PAP should support turning on/off via configuration storing PDP statistics
[POLICY-3454] - PDP-D CL APPS: swagger mismatched libraries cause telemetry shell to fail
[POLICY-3485] - Limit statistics record count
[POLICY-3507] - CDS Operation Policy execution runtime error
[POLICY-3516] - Upgrade CDS dependency to the 1.1.5 version
Known Limitations
The APIs provided by xacml-pdp (e.g., healthcheck, statistics, decision) are always active. While PAP controls which policies are deployed to a xacml-pdp, it does not control whether or not the APIs are active. In other words, xacml-pdp will respond to decision requests, regardless of whether PAP has made it ACTIVE or PASSIVE.
Version: 8.0.0
- Release Date:
2021-04-29 (Honolulu Release)
New features
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.3.0 |
|
policy/common |
1.8.0 |
|
policy/models |
2.4.2 |
|
policy/api |
2.4.2 |
onap/policy-api:2.4.2 |
policy/pap |
2.4.2 |
onap/policy-pap:2.4.2 |
policy/drools-pdp |
1.8.2 |
onap/policy-drools:1.8.2 |
policy/apex-pdp |
2.5.2 |
onap/policy-apex-pdp:2.5.2 |
policy/xacml-pdp |
2.4.2 |
onap/policy-xacml-pdp:2.4.2 |
policy/drools-applications |
1.8.2 |
onap/policy-pdpd-cl:1.8.2 |
policy/distribution |
2.5.2 |
onap/policy-distribution:2.5.2 |
policy/docker |
2.2.1 |
onap/policy-jdk-alpine:2.2.1, onap/policy-jre-alpine:2.2.1 |
Key Updates
- Enhanced statistics
PDPs provide statistics, retrievable via PAP REST API
- PDP deployment status
Policy deployment API enhanced to reflect actual policy deployment status in PDPs
Make PAP component stateless
- Policy support
Upgrade XACML 3.0 code to use new Time Extensions
Enhancements for interoperability between Native Policies and other policy types
Support for arbitrary policy types on the Drools PDP
Improve handling of multiple policies in APEX PDP
Update policy-models TOSCA handling with Control Loop Entities
- Alternative locking mechanisms
Support NO locking feature in Drools-PDP
- Security
Remove credentials in code from the Apex JMS plugin
- Actor enhancements
Actors should give better warnings than NPE when data is missing
Remove old event-specific actor code
- PDP functional assignments
Make PDP type configurable in drools-pdp
Make PDP type configurable in xacml-pdp
- Performance improvements
Support policy updates between PAP and the PDPs, phase 1
- Maintainability
Use ONAP base docker image
Remove GPLv3 components from docker containers
Move CSITs to Policy repos
Deprecate server pool feature in drools-pdp
- PoCs
Merge CLAMP functionality into Policy Framework project
TOSCA Defined Control Loop
Known Limitations, Issues and Workarounds
System Limitations
The policy API component requires a fresh new database when migrating to the honolulu release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.
Known Vulnerabilities
Workarounds
POLICY-2998 - Provide a script to periodically purge the statistics table
Security Notes
- POLICY-3005 - Bump direct dependency versions
Upgrade org.onap.dmaap.messagerouter.dmaapclient to 1.1.12
Upgrade org.eclipse.persistence to 2.7.8
Upgrade org.glassfish.jersey.containers to 2.33
Upgrade com.fasterxml.jackson.module to 2.11.3
Upgrade com.google.re2j to 1.5
Upgrade org.mariadb.jdbc to 2.7.1
Upgrade commons-codec to 1.15
Upgrade com.thoughtworks.xstream to 1.4.15
Upgrade org.apache.httpcomponents:httpclient to 4.5.13
Upgrade org.apache.httpcomponents:httpcore to 4.4.14
Upgrade org.json to 20201115
Upgrade org.projectlombok to 1.18.16
Upgrade org.yaml to 1.27
Upgrade io.cucumber to 6.9.1
Upgrade org.apache.commons:commons-lang3 to 3.11
Upgrade commons-io to 2.8.0
- POLICY-2943 - Review license scan issues
Upgrade com.hazelcast to 4.1.1
Upgrade io.netty to 4.1.58.Final
- POLICY-2936 - Upgrade to latest version of CDS API
Upgrade io.grpc to 1.35.0
Upgrade com.google.protobuf to 3.14.0
References
For more information on the ONAP Honolulu release, please see:
- Quick Links:
Version: 7.0.0
- Release Date:
2020-12-03 (Guilin Release)
New features
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.2.0 |
|
policy/common |
1.7.1 |
|
policy/models |
2.3.5 |
|
policy/api |
2.3.3 |
onap/policy-api:2.3.3 |
policy/pap |
2.3.3 |
onap/policy-pap:2.3.3 |
policy/drools-pdp |
1.7.4 |
onap/policy-drools:1.7.4 |
policy/apex-pdp |
2.4.4 |
onap/policy-apex-pdp:2.4.4 |
policy/xacml-pdp |
2.3.3 |
onap/policy-xacml-pdp:2.3.3 |
policy/drools-applications |
1.7.5 |
onap/policy-pdpd-cl:1.7.5 |
policy/distribution |
2.4.3 |
onap/policy-distribution:2.4.3 |
policy/docker |
2.1.1 |
onap/policy-jdk-alpine:2.1.1, onap/policy-jre-alpine:2.1.1 |
Key Updates
- Kubernetes integration
All components return with non-zero exit code in case of application failure
All components log to standard out (i.e., k8s logs) by default
Continue to write log files inside individual pods, as well
- E2E Network Slicing
Added ModifyNSSI operation to SO actor
- Consolidated health check
Indicate failure if there aren’t enough PDPs registered
- Legacy operational policies
Removed from all components
- OOM helm charts refactoring
Name standardization
Automated certificate generation
- Actor Model
Support various use cases and provide more flexibility to Policy Designers
Reintroduced the “usecases” controller into drools-pdp, supporting the use cases under the revised actor architecture
- Guard Application
Support policy filtering
Matchable Application - Support for ONAP or 3rd party components to create matchable policy types out of the box
- Policy Lifecycle & Administration API
Query/Delete by policy name & version without policy type
- Apex-PDP enhancements
Support multiple event & response types coming from a single endpoint
Standalone installation now supports Tosca-based policies
Legacy policy format has been removed
Support chaining/handling of gRPC failure responses
- Policy Distribution
HPA decoders & related classes have been removed
- Policy Engine
Deprecated
Known Limitations, Issues and Workarounds
System Limitations
The policy API component requires a fresh new database when migrating to the guilin release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.
Known Vulnerabilities
POLICY-2463 - In APEX Policy javascript task logic, JSON.stringify causing stackoverflow exceptions
Workarounds
POLICY-2463 - Use the stringify method of the execution context
Security Notes
- POLICY-2878 - Dependency upgrades
Upgrade com.fasterxml.jackson to 2.11.1
- POLICY-2387 - Dependency upgrades
Upgrade org.json to 20200518
Upgrade com.google.re2j to 1.4
Upgrade com.thoughtworks.xstream to 1.4.12
Upgrade org.eclipse.persistence to 2.2.1
Upgrade org.apache.httpcomponents to 4.5.12
Upgrade org.projectlombok to 1.18.12
Upgrade org.slf4j to 1.7.30
Upgrade org.codehaus.plexus to 3.3.0
Upgrade com.h2database to 1.4.200
Upgrade io.cucumber to 6.1.2
Upgrade org.assertj to 3.16.1
Upgrade com.openpojo to 0.8.13
Upgrade org.mockito to 3.3.3
Upgrade org.awaitility to 4.0.3
Upgrade org.onap.aaf.authz to 2.1.21
- POLICY-2668 - Dependency upgrades
Upgrade org.java-websocket to 1.5.1
POLICY-2623 - Remove log4j dependency
- POLICY-1996 - Dependency upgrades
Upgrade org.onap.dmaap.messagerouter.dmaapclient to 1.1.11
References
For more information on the ONAP Guilin release, please see:
- Quick Links:
Version: 6.0.1
- Release Date:
2020-08-21 (Frankfurt Maintenance Release #1)
Artifacts
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/drools-applications |
1.6.4 |
onap/policy-pdpd-cl:1.6.4 |
Bug Fixes
[POLICY-2704] - Legacy PDP-X and PAP stuck in PodIntializing
Security Notes
Fixed Security Issues
[POLICY-2678] - policy/engine tomcat upgrade for CVE-2020-11996
Version: 6.0.0
- Release Date:
2020-06-04 (Frankfurt Release)
New features
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.1.3 |
|
policy/common |
1.6.5 |
|
policy/models |
2.2.6 |
|
policy/api |
2.2.4 |
onap/policy-api:2.2.4 |
policy/pap |
2.2.3 |
onap/policy-pap:2.2.3 |
policy/drools-pdp |
1.6.3 |
onap/policy-drools:1.6.3 |
policy/apex-pdp |
2.3.2 |
onap/policy-apex-pdp:2.3.2 |
policy/xacml-pdp |
2.2.2 |
onap/policy-xacml-pdp:2.2.2 |
policy/drools-applications |
1.6.4 |
onap/policy-pdpd-cl:1.6.4 |
policy/engine |
1.6.4 |
onap/policy-pe:1.6.4 |
policy/distribution |
2.3.2 |
onap/policy-distribution:2.3.2 |
policy/docker |
2.0.1 |
onap/policy-jdk-alpine:2.0.1, onap/policy-jre-alpine:2.0.1, onap/policy-jdk-debian:2.0.1, onap/policy-jre-debian:2.0.1 |
Summary
New features include policy update notifications, native policy support, streamlined health check for the Policy Administration Point (PAP), configurable pre-loading/pre-deployment of policies, new APIs (e.g. to create one or more Policies with a single call), new experimental PDP monitoring GUI, and enhancements to all three PDPs: XACML, Drools, APEX.
Common changes in all policy components
Upgraded all policy components to Java 11.
- Logback file can be now loaded using OOM configmap.
If needed, logback file can be loaded as a configmap during the OOM deployment. For this, just put the logback.xml file in corresponding config directory in OOM charts.
- TOSCA changes:
“tosca_definitions_version” is now “tosca_simple_yaml_1_1_0”
typeVersion→ type_version, int→integer, bool→boolean, String→string, Map→map, List→list
- SupportedPolicyTypes now removed from pdp status message.
All PDPs now send PdpGroup to which they belong to in the registration message.
SupportedPolicyTypes are not sent anymore.
- Native Policy Support
Each PDP engine has its own native policy language. A new Policy Type onap.policies.Native was created and supported for each PDP engine to support native policy types.
POLICY-PAP
- Policy Update Notifications
PAP now generates notifications via the DMaaP Message Router when policies are successfully or unsuccessfully deployed (or undeployed) from all relevant PDPs.
- PAP API to fetch Policy deployment status
Clients will be able to poll the PAP API to find out when policies have been successfully or unsuccessfully deployed to the PDP’s.
- Removing supportedPolicyTypes from PdpStatus
PDPs are assigned to a PdpGroup based on what group is mentioned in the heartbeat. Earlier this was done based on the supportedPolicyTypes.
Support policy types with wild-cards, Preload wildcard supported type in PAP
- PAP should NOT make a PDP passive if it cannot deploy a policy.
If a PDP fails to deploy one or more policies specified in a PDP-UPDATE message, PAP will undeploy those policies that failed to deploy to the PDP. This entails removing the policies from the Pdp Group(s), issuing new PDP-UPDATE requests, and updating the notification tracking data.
Also, re-register pdp if not found in the DB during heartbeat processing.
- Consolidated health check in PAP
PAP can report the health check for ALL the policy components now. The PDP’s health is tracked based on heartbeats, and other component’s REST API is used for healthcheck.
“healthCheckRestClientParameters” (REST parameters for API and Distribution healthcheck) are added to the startup config file in PAP.
- PDP statistics from PAP
All PDPs send statistics data as part of the heartbeat. PAP reads this and saves this data to the database, and this statistics data can be accessed from the monitoring GUI.
- PAP API for Create or Update PdpGroups
A new API is now available just for creating/updating PDP Groups. Policies cannot be added/updated during PDP Group create/update operations. There is another API for this. So, if provided in the create/update group request, they are ignored. Supported policy types are defined during PDP Group creation. They cannot be updated once they are created. Refer to this for details: https://github.com/onap/policy-parent/blob/master/docs/pap/pap.rst
- PAP API to deploy policies to PdpGroups
A new API is introduced to deploy policies on specific PDPGroups. Each subgroup includes an “action” property, which is used to indicate that the policies are being added (POST) to the subgroup, deleted (DELETE) from the subgroup, or that the subgroup’s entire set of policies is being replaced (PATCH) by a new set of policies.
POLICY-API
- A new simplified API to create one or more policies in one call.
This simplified API doesn’t require policy type id & policy type version to be part of the URL.
The simple URI “policy/api/v1/policies” with a POST input body takes in a ToscaServiceTemplate with the policies in it.
- List of Preloaded policy types are made configurable
Until El Alto, the list of pre-loaded policy types are hardcoded in the code. Now, this is made configurable, and the list can be specified in the startup config file for the API component under “preloadPolicyTypes”. The list is ignored if the DB already contains one or more policy types.
- Preload default policies for ONAP components
The ability to configure the preloading of initial default policies into the system upon startup.
- A lot of improvements to the API code and validations corresponding to the changes in policy-models.
Creating same policyType/policy repeatedly without any change in request body will always be successful with 200 response
If there is any change in the request body, then that should be a new version. If any change is posted without a version change, then 406 error response is returned.
- Known versioning issues are there in Policy Types handling.
https://lf-onap.atlassian.net/browse/POLICY-2377 covers the versioning issues in Policy. Basically, multiple versions of a Policy Type cannot be handled in TOSCA. So, in Frankfurt, the latest version of the policy type is examined. This will be further looked into in Guilin.
- Cascaded GET of PolicyTypes and Policies
Fetching/GET PolicyType now returns all of the referenced/parent policyTypes and dataTypes as well.
Fetching/GET Policy allows specifying mode now.
By default the mode is “BARE”, which returns only the requested Policy in response. If mode is specified as “REFERENCED”, all of the referenced/parent policyTypes and dataTypes are returned as well.
- The /deployed API is removed from policy/api
This run time administration job to see the deployment status of a policy is now possible via PAP.
Changes related to design and support of TOSCA Compliant Policy Types for the operational and guard policy models.
POLICY-DISTRIBUTION
- From Frankfurt release, policy-distribution component uses APIs provided by Policy-API and Policy-PAP for creation of policy types and policies, and deployment of policies.
Note: If “deployPolicies” field in the startup config file is true, then only the policies are deployed using PAP endpoint.
Policy/engine & apex-pdp dependencies are removed from policy-distribution.
POLICY-APEX-PDP
- Changed the JavaScript executor from Nashorn to Rhino as part of Java 11 upgrade.
There are minor changes in the JavaScript task logic files associated with this Rhino migration. An example for this change can be seen here: https://gerrit.onap.org/r/c/policy/apex-pdp/+/103546/2/examples/examples-onap-bbs/src/main/resources/logic/SdncResourceUpdateTask.js
There is a known issue in Rhino javascript related to the usage of JSON.stringify. This is captured in this JIRA https://lf-onap.atlassian.net/browse/POLICY-2463.
- APEX supports multiple policy deployment in Frankfurt.
Up through El Alto APEX-PDP had the capability to take in only a single ToscaPolicy. When PAP sends a list of Tosca Policies in PdpUpdate, only the first one is taken and only that single Policy is deployed in APEX. This is fixed in Frankfurt. Now, APEX can deploy a list of Tosca Policies altogether into the engine.
Note: There shouldn’t be any duplicates in the deployed policies (for e.g. same input/output parameter names, or same event/task names etc).
For example, when 3 policies are deployed and one has duplicates, say same input/task or any such concept is used in the 2nd and 3rd policy, then APEX-PDP ignores the 3rd policy and executes only the 1st and 2nd policies. APEX-PDP also respond back to PAP with the message saying that “only Policy 1 and 2 are deployed. Others failed due to duplicate concept”.
- Context retainment during policy upgrade.
In APEX-PDP, context is referred by the apex concept ‘contextAlbum’. When there is no major version change in the upgraded policy to be deployed, the existing context of the currently running policy is retained. When the upgraded policy starts running, it will have access to this context as well.
For example, Policy A v1.1 is currently deployed to APEX. It has a contextAlbum named HeartbeatContext and heartbeats are currently added to the HeartbeatContext based on events coming in to the policy execution. Now, when Policy A v1.2 (with some other changes and same HeartbeatContext) is deployed, Policy Av1.1 is replaced by Policy A1.2 in the APEX engine, but the content in HeartbeatContext is retained for Policy A1.2.
- APEX-PDP now specifies which PdpGroup it belongs to.
Up through El Alto, PAP assigned each PDP to a PDP group based on the supportedPolicyTypes it sends in the heartbeat. But in Frankfurt, each PDP comes up saying which PdpGroup they belong to, and this is sent to PAP in the heartbeat. PAP then registers the PDP the PdpGroup specified by the PDP. If no group name is specified like this, then PAP assigns the PDP to defaultGroup by default. SupportedPolicyTypes are not sent to PAP by the PDP now.
In APEX-PDP, this can be specified in the startup config file(OnapPfConfig.json). “pdpGroup”: “<groupName>” is added under “pdpStatusParameters” in the config file.
- APEX-PDP now sends PdpStatistics data in heartbeat.
Apex now sends the PdpStatistics data in every heartbeat sent to PAP. PAP saves this data to the database, and this statistics data can be accessed from the monitoring GUI.
- Removed “content” section from ToscaPolicy properties in APEX.
Up through El Alto, APEX specific policy information was placed under properties|content in ToscaPolicy. Avoid placing under “content” and keep the information directly under properties. So, the ToscaPolicy structure will have apex specific policy information in properties|engineServiceParameters, properties|eventInputParameters, properties|eventOutputParameters.
- Passing parameters from ApexConfig to policy logic.
TaskParameters can be used to pass parameters from ApexConfig to the policy logic. Consider a scenario where from CLAMP, serviceId or closedLoopId has to be passed to the policy, and this should be available to perform some logic or action within the policy. In the CLAMP UI, while configuring the APEX Policy, specifying taskParameters with these will enable this.
More information about the usage of Task Parameters can be found here: https://docs.onap.org/projects/onap-policy-parent/en/latest/apex/APEX-User-Manual.html#configure-task-parameters
In the taskLogic, taskParameters can be accessed as executor.parameters.get(“ParameterKey1”))
More information can be found here: https://docs.onap.org/projects/onap-policy-parent/en/latest/apex/APEX-Policy-Guide.html#accessing-taskparameters
- GRPC support for APEX-CDS interaction.
APEX-PDP now supports interaction with CDS over gRPC. Up through El Alto, CDS interaction was possible over REST only. A new plugin was developed in APEX for this feature. Refer the link for more details. https://docs.onap.org/projects/onap-policy-parent/en/latest/apex/APEX-User-Manual.html#grpc-io
POLICY-XACML-PDP
- Added optional Decision API param to Decision API for monitor decisions that returns abbreviated results.
Return only an abbreviated list of policies (e.g. metadata Policy Id and Version) without the actual contents of the policies (e.g. the Properties).
XACML PDP now support PASSIVE_MODE.
Added support to return status and error if pdp-x failed to load a policy.
Changed optimization Decision API application to support “closest matches” algorithm.
Changed Xacml-pdp to report the pdp group defined in XacmlPdpParameters config file as part of heartbeat. Also, removed supportedPolicyType from pdpStatus message.
Design the TOSCA policy model for SDNC naming policies and implement an application that translates it to a working policy and is available for decision API.
- XACML pdp support for Control Loop Coordination
Added policies for SON and PCI to support each blocking the other, with test cases and appropriate requests
Extend PDP-X capabilities so that it can load in and enforce the native XACML policies deployed from PAP.
POLICY-DROOLS-PDP
Support for PDP-D in offline mode to support locked deployments. This is the default ONAP installation.
Parameterize maven repository URLs for easier CI/CD integration.
Support for Tosca Compliant Operational Policies.
Support for TOSCA Compliant Native Policies that allows creation and deployment of new drools-applications.
Validation of Operational and Native Policies against their policy type.
Support for a generic Drools-PDP docker image to host any type of application.
Experimental Server Pool feature that supports multiple active Drools PDP hosts.
POLICY-DROOLS-APPLICATIONS
Removal of DCAE ONSET alarm duplicates (with different request IDs).
Support of a new controller (frankfurt) that supports the ONAP use cases under the new actor architecture.
Deprecated the “usecases” controller supporting the use cases under the legacy actor architecture.
Deleted the unsupported “amsterdam” controller related projects.
Known Limitations, Issues and Workarounds
System Limitations
The policy API component requires a fresh new database when migrating to the frankfurt release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.
Known Vulnerabilities
POLICY-2463 - In APEX Policy javascript task logic, JSON.stringify causing stackoverflow exceptions
POLICY-2487 - policy/api hangs in loop if preload policy does not exist
Workarounds
POLICY-2463 - Parse incoming object using JSON.Parse() or cast the object to a String
Security Notes
POLICY-2221 - Password removal from helm charts
POLICY-2064 - Allow overriding of keystore and truststore in policy helm charts
- POLICY-2381 - Dependency upgrades
Upgrade drools 7.33.0
Upgrade jquery to 3.4.1 in jquery-ui
Upgrade snakeyaml to 1.26
Upgrade org.infinispan infinispan-core 10.1.5.Final
upgrade io.netty 4.1.48.Final
exclude org.glassfish.jersey.media jersey-media-jaxb artifact
Upgrade com.fasterxml.jackson.core 2.10.0.pr3
Upgrade org.org.jgroups 4.1.5.Final
Upgrade commons-codec 20041127.091804
Upgrade com.github.ben-manes.caffeine 2.8.0
Version: 5.0.2
- Release Date:
2020-08-24 (El Alto Maintenance Release #1)
New Features
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/api |
2.1.3 |
onap/policy-api:2.1.3 |
policy/pap |
2.1.3 |
onap/policy-pap:2.1.3 |
policy/drools-pdp |
1.5.3 |
onap/policy-drools:1.5.3 |
policy/apex-pdp |
2.2.3 |
onap/policy-apex-pdp:2.2.3 |
policy/xacml-pdp |
2.1.3 |
onap/policy-xacml-pdp:2.1.3 |
policy/drools-applications |
1.5.4 |
onap/policy-pdpd-cl:1.5.4 |
policy/engine |
1.5.3 |
onap/policy-pe:1.5.3 |
policy/distribution |
2.2.2 |
onap/policy-distribution:2.2.2 |
policy/docker |
1.4.0 |
onap/policy-common-alpine:1.4.0, onap/policy/base-alpine:1.4.0 |
Bug Fixes
[PORTAL-760] - Access to Policy portal is impossible
[POLICY-2107] - policy/distribution license issue in resource needs to be removed
[POLICY-2169] - SDC client interface change caused compile error in policy distribution
[POLICY-2171] - Upgrade elalto branch models and drools-applications
[POLICY-1509] - Investigate Apex org.python.jython-standalone.2.7.1
[POLICY-2062] - APEX PDP logs > 4G filled local storage
Security Notes
Fixed Security Issues
[POLICY-2475] - Update El Alto component certificates
Version: 5.0.1
- Release Date:
2019-10-24 (El Alto Release)
New Features
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
3.0.1 |
|
policy/common |
1.5.2 |
|
policy/models |
2.1.4 |
|
policy/api |
2.1.2 |
onap/policy-api:2.1.2 |
policy/pap |
2.1.2 |
onap/policy-pap:2.1.2 |
policy/drools-pdp |
1.5.2 |
onap/policy-drools:1.5.2 |
policy/apex-pdp |
2.2.1 |
onap/policy-apex-pdp:2.2.1 |
policy/xacml-pdp |
2.1.2 |
onap/policy-xacml-pdp:2.1.2 |
policy/drools-applications |
1.5.3 |
onap/policy-pdpd-cl:1.5.3 |
policy/engine |
1.5.2 |
onap/policy-pe:1.5.2 |
policy/distribution |
2.2.1 |
onap/policy-distribution:2.2.1 |
policy/docker |
1.4.0 |
onap/policy-common-alpine:1.4.0 onap/policy/base-alpine:1.4.0 |
The El Alto release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the El Alto release, refer to JiraPolicyElAlto.
[POLICY-1727] - This epic covers technical debt left over from Dublin
POLICY-969 Docker improvement in policy framwork modules
POLICY-1074 Fix checkstyle warnings in every repository
POLICY-1121 RPM build for Apex
POLICY-1223 CII Silver Badging Requirements
POLICY-1600 Clean up hash code equality checks, cloning and copying in policy-models
POLICY-1646 Replace uses of getCanonicalName() with getName()
POLICY-1652 Move PapRestServer to policy/common
POLICY-1732 Enable maven-checkstyle-plugin in apex-pdp
POLICY-1737 Upgrade oParent 2.0.0 - change daily jobs to staging jobs
POLICY-1742 Make HTTP return code handling configurable in APEX
POLICY-1743 Make URL configurable in REST Requestor and REST Client
POLICY-1744 Remove topic.properties and incorporate into overall properties
POLICY-1770 PAP REST API for PDPGroup Healthcheck
POLICY-1771 Boost policy/api JUnit code coverage
POLICY-1772 Boost policy/xacml-pdp JUnit code coverage
POLICY-1773 Enhance the policy/xacml-pdp S3P Stability and Performance tests
POLICY-1784 Better Handling of “version” field value with clients
POLICY-1785 Deploy same policy with a new version simply adds to the list
POLICY-1786 Create a simple way to populate the guard database for testing
POLICY-1791 Address Sonar issues in new policy repos
POLICY-1795 PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.
POLICY-1800 API|PAP components use different version formats
POLICY-1805 Build up stability test for api component to follow S3P requirements
POLICY-1806 Build up S3P performance test for api component
POLICY-1847 Add control loop coordination as a preloaded policy type
POLICY-1871 Change policy/distribution to support ToscaPolicyType & ToscaPolicy
POLICY-1881 Upgrade policy/distribution to latest SDC artifacts
POLICY-1885 Apex-pdp: Extend CLIEditor to generate policy in ToscaServiceTemplate format
POLICY-1898 Move apex-pdp & distribution documents to policy/parent
POLICY-1942 Boost policy/apex-pdp JUnit code coverage
POLICY-1953 Create addTopic taking BusTopicParams instead of Properties in policy/endpoints
Additional items delivered with the release.
POLICY-1637 Remove “version” from PdpGroup
POLICY-1653 Remove isNullVersion() method
POLICY-1966 Fix more sonar issues in policy drools
POLICY-1988 Generate El Alto AAF Certificates
[POLICY-1823] - This epic covers the work to develop features that will be deployed dark in El Alto.
POLICY-1762 Create CDS API model implementation
POLICY-1763 Create CDS Actor
POLICY-1899 Update optimization xacml application to support more flexible Decision API
POLICY-1911 XACML PDP must be able to retrieve Policy Type from API
Bug Fixes
The following bug fixes have been deployed with this release:
[POLICY-1671] - policy/engine JUnit tests now take over 30 minutes to run
[POLICY-1725] - XACML PDP returns 500 vs 400 for bad syntax JSON
[POLICY-1793] - API|MODELS: Retrieving Legacy Operational Policy as a Tosca Policy with wrong version
[POLICY-1795] - PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.
[POLICY-1800] - API|PAP components use different version formats
[POLICY-1802] - Apex-pdp: context album is mandatory for policy model to compile
[POLICY-1803] - PAP should undeploy policies when subgroup is deleted
[POLICY-1807] - Latest version is always returned when using the endpoint to retrieve all versions of a particular policy
[POLICY-1808] - API|PAP|PDP-X [new] should publish docker images with the following tag X.Y-SNAPSHOT-latest
[POLICY-1810] - API: support “../deployed” REST API (URLs) for legacy policies
[POLICY-1811] - The endpoint of retrieving the latest version of TOSCA policy does not return the latest one, especially when there are double-digit versions
[POLICY-1818] - APEX does not allow arbitrary Kafka parameters to be specified
[POLICY-1838] - Drools-pdp error log is missing data in ErrorDescription field
[POLICY-1839] - Policy Model currently needs to be escaped
[POLICY-1843] - Decision API not returning monitoring policies when calling api with policy-type
[POLICY-1844] - XACML PDP does not update policy statistics
[POLICY-1858] - Usecase DRL - named query should not be invoked
[POLICY-1859] - Drools rules should not timeout when given timeout=0 - should be treated as infinite
[POLICY-1872] - brmsgw fails building a jar - trafficgenerator dependency does not exist
[POLICY-2047] - TOSCA Policy Types should be map not a list
[POLICY-2060] - ToscaProperties object is missing metadata field
[POLICY-2156] - missing field in create VF module request to SO
Security Notes
Fixed Security Issues
[POLICY-2115] - Upgrade org.jgroups : jgroups : 4.0.12.Final
[POLICY-2084] - Investigate pip (py2.py3-none-any) 9.0.1 (.whl) in apex-pdp
[POLICY-2072] - Upgrade io.netty : netty-codec-http2 and netty-common to 4.1.39.Final
[POLICY-2005] - Upgrade elastic search to 6.8.2
[POLICY-2001] - Upgrade com.thoughtworks.xstream to 1.4.11.1
[POLICY-2000] - Upgrade oparent 2.1.0-SNAPSHOT - to pull in jetty server to 9.4.20.v20190813
[POLICY-1999] - Upgrade to httpcomponents httpclient 4.5.9
[POLICY-1598] - mariadb container is outdated
[POLICY-1597] - nexus container is outdated
Known Security Issues
Known Vulnerabilities in Used Modules
POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (El Alto Release).
- Quick Links:
Known Issues
The following known issues will be addressed in a future release:
[POLICY-1276] - JRuby interpreter shutdown fails on second and subsequent runs
[POLICY-1291] - Maven Error when building Apex documentation in Windows
[POLICY-1578] - PAP pushPolicies.sh in startup fails due to race condition in some environments
[POLICY-1832] - API|PAP: data race condition seem to appear sometimes when creating and deploying policy
[POLICY-2103] - policy/distribution may need to re-synch if SDC gets reinstalled
[POLICY-2062] - APEX PDP logs > 4G filled local storage
[POLICY-2080] - drools-pdp JUnit fails intermittently in feature-active-standby-management
[POLICY-2111] - PDP-D APPS: AAF Cadi conflicts with Aether libraries
[POLICY-2158] - PAP loses synchronization with PDPs
[POLICY-2159] - PAP console (legacy): cannot edit policies with GUI
Version: 4.0.0
- Release Date:
2019-06-26 (Dublin Release)
New Features
Artifacts released:
Repository |
Java Artifact |
Docker Image (if applicable) |
---|---|---|
policy/parent |
2.1.0 |
|
policy/common |
1.4.0 |
|
policy/models |
2.0.2 |
|
policy/api |
2.0.1 |
onap/policy-api:2.0.1 |
policy/pap |
2.0.1 |
onap/policy-pap:2.0.1 |
policy/drools-pdp |
1.4.0 |
onap/policy-drools:1.4.0 |
policy/apex-pdp |
2.1.0 |
onap/policy-apex-pdp:2.1.0 |
policy/xacml-pdp |
2.1.0 |
onap/policy-xacml-pdp:2.1.0 |
policy/drools-applications |
1.4.2 |
onap/policy-pdpd-cl:1.4.2 |
policy/engine |
1.4.1 |
onap/policy-pe:1.4.1 |
policy/distribution |
2.1.0 |
onap/policy-distribution:2.1.0 |
policy/docker |
1.4.0 |
onap/policy-common-alpine:1.4.0 onap/policy/base-alpine:1.4.0 |
The Dublin release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Dublin release, refer to JiraPolicyDublin.
- [POLICY-1068] - This epic covers the work to cleanup, enhance, fix, etc. any Control Loop based code base.
POLICY-1195 Separate model code from drools-applications into other repositories
POLICY-1367 Spike - Experimentation for management of Drools templates and Operational Policies
POLICY-1397 PDP-D: NOOP Endpoints Support to test Operational Policies.
POLICY-1459 PDP-D [Control Loop] : Create a Control Loop flavored PDP-D image
- [POLICY-1069] - This epic covers the work to harden the codebase for the Policy Framework project.
POLICY-1007 Remove Jackson from policy framework components
POLICY-1202 policy-engine & apex-pdp are using different version of eclipselink
POLICY-1250 Fix issues reported by sonar in policy modules
POLICY-1368 Remove hibernate from policy repos
POLICY-1457 Use Alpine in base docker images
- [POLICY-1072] - This epic covers the work to support S3P Performance criteria.
S3P Performance related items
- [POLICY-1171] - Enhance CLC Facility
POLICY-1173 High-level specification of coordination directives
- [POLICY-1220] - This epic covers the work to support S3P Security criteria
POLICY-1538 Upgrade Elasticsearch to 6.4.x to clear security issue
- [POLICY-1269] - R4 Dublin - ReBuild Policy Infrastructure
POLICY-1270 Policy Lifecycle API RESTful HealthCheck/Statistics Main Entry Point
POLICY-1271 PAP RESTful HealthCheck/Statistics Main Entry Point
POLICY-1272 Create the S3P JMeter tests for API, PAP, XACML (2nd Gen)
POLICY-1273 Policy Type Application Design Requirements
POLICY-1436 XACML PDP RESTful HealthCheck/Statistics Main Entry Point
POLICY-1440 XACML PDP RESTful Decision API Main Entry Point
POLICY-1441 Policy Lifecycle API RESTful Create/Read Main Entry Point for Policy Types
POLICY-1442 Policy Lifecycle API RESTful Create/Read Main Entry Point for Concrete Policies
POLICY-1443 PAP Dmaap PDP Register/UnRegister Main Entry Point
POLICY-1444 PAP Dmaap Policy Deploy/Undeploy Policies Main Entry Point
POLICY-1445 XACML PDP upgrade to xacml 2.0.0
POLICY-1446 Policy Lifecycle API RESTful Delete Main Entry Point for Policy Types
POLICY-1447 Policy Lifecycle API RESTful Delete Main Entry Point for Concrete Policies
POLICY-1449 XACML PDP Dmaap Register/UnRegister Functionality
POLICY-1451 XACML PDP Dmaap Deploy/UnDeploy Functionality
POLICY-1452 Apex PDP Dmaap Register/UnRegister Functionality
POLICY-1453 Apex PDP Dmaap Deploy/UnDeploy Functionality
POLICY-1454 Drools PDP Dmaap Register/UnRegister Functionality
POLICY-1455 Drools PDP Dmaap Deploy/UnDeploy Functionality
POLICY-1456 Policy Architecture and Roadmap Documentation
POLICY-1458 Create S3P JMeter Tests for Policy API
POLICY-1460 Create S3P JMeter Tests for PAP
POLICY-1461 Create S3P JMeter Tests for Policy XACML Engine (2nd Generation)
POLICY-1462 Create S3P JMeter Tests for Policy SDC Distribution
POLICY-1471 Policy Application Designer - Develop Guard and Control Loop Coordination Policy Type application
POLICY-1474 Modifications of Control Loop Operational Policy to support new Policy Lifecycle API
POLICY-1515 Prototype Policy Lifecycle API Swagger Entry Points
POLICY-1516 Prototype the Policy Decision API
POLICY-1541 PAP REST API for PDPGroup Query, Statistics & Delete
POLICY-1542 PAP REST API for PDPGroup Deployment, State Management & Health Check
- [POLICY-1399] - This epic covers the work to support model drive control loop design as defined by the Control Loop Subcommittee
Model drive control loop related items
- [POLICY-1404] - This epic covers the work to support the CCVPN Use Case for Dublin
POLICY-1405 Develop SDNC API for trigger bandwidth
- [POLICY-1408] - This epic covers the work done with the Casablanca release
POLICY-1410 List Policy API
POLICY-1413 Dashboard enhancements
POLICY-1414 Push Policy and DeletePolicy API enhancement
POLICY-1416 Model enhancements to support CLAMP
POLICY-1417 Resiliency improvements
POLICY-1418 PDP APIs - make ClientAuth optional
POLICY-1419 Better multi-role support
POLICY-1420 Model enhancement to support embedded JSON
POLICY-1421 New audit data for push/delete
POLICY-1422 Enhanced encryption
POLICY-1423 Save original model file
POLICY-1427 Controller Logging Feature
POLICY-1489 PDP-D: Nested JSON Event Filtering support with JsonPath
POLICY-1499 Mdc Filter Feature
- [POLICY-1438] - This epic covers the work to support 5G OOF PCI Use Case
POLICY-1463 Functional code changes in Policy for OOF SON use case
POLICY-1464 Config related aspects for OOF SON use case
- [POLICY-1450] - This epic covers the work to support the Scale Out Use Case.
POLICY-1278 AAI named-queries are being deprecated and should be replaced with custom-queries
POLICY-1545 E2E Automation - Parse the newly added model ids from operation policy
- Additional items delivered with the release.
POLICY-1159 Move expectException to policy-common/utils-test
POLICY-1176 Work on technical debt introduced by CLC POC
POLICY-1266 A&AI Modularity
POLICY-1274 further improvement in PSSD S3P test
POLICY-1401 Build onap.policies.Monitoring TOSCA Policy Template
POLICY-1465 Support configurable Heap Memory Settings for JVM processes
Bug Fixes
The following bug fixes have been deployed with this release:
[POLICY-1241] - Test failure in drools-pdp if JAVA_HOME is not set
[POLICY-1289] - Apex only considers 200 response codes as successful result codes
[POLICY-1437] - Fix issues in FileSystemReceptionHandler of policy-distribution component
[POLICY-1501] - policy-engine JUnit tests are not independent
[POLICY-1627] - APEX does not support specification of a partitioner class for Kafka
Security Notes
Fixed Security Issues
[OJSI-117] - In default deployment POLICY (nexus) exposes HTTP port 30236 outside of cluster.
[OJSI-157] - In default deployment POLICY (policy-api) exposes HTTP port 30240 outside of cluster.
[OJSI-118] - In default deployment POLICY (policy-apex-pdp) exposes HTTP port 30237 outside of cluster.
[OJSI-184] - In default deployment POLICY (brmsgw) exposes HTTP port 30216 outside of cluster.
Known Security Issues
Known Vulnerabilities in Used Modules
POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (Dublin Release).
- Quick Links:
Known Issues
The following known issues will be addressed in a future release:
[POLICY-1795] - PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.
[POLICY-1810] - API: ensure that the REST APISs (URLs) are supported and consistent regardless the type of policy: operational, guard, tosca-compliant.
[POLICY-1277] - policy config takes too long time to become retrievable in PDP
[POLICY-1378] - add support to append value into policyScope while one policy could be used by several services
[POLICY-1650] - Policy UI doesn’t show left menu or any content
[POLICY-1671] - policy/engine JUnit tests now take over 30 minutes to run
[POLICY-1725] - XACML PDP returns 500 vs 400 for bad syntax JSON
[POLICY-1793] - API|MODELS: Retrieving Legacy Operational Policy as a Tosca Policy with wrong version
[POLICY-1800] - API|PAP components use different version formats
[POLICY-1802] - Apex-pdp: context album is mandatory for policy model to compile
[POLICY-1808] - API|PAP|PDP-X [new] should publish docker images with the following tag X.Y-SNAPSHOT-latest
[POLICY-1818] - APEX does not allow arbitrary Kafka parameters to be specified
[POLICY-1276] - JRuby interpreter shutdown fails on second and subsequent runs
[POLICY-1803] - PAP should undeploy policies when subgroup is deleted
[POLICY-1291] - Maven Error when building Apex documentation in Windows
[POLICY-1872] - brmsgw fails building a jar - trafficgenerator dependency does not exist
Version: 3.0.2
- Release Date:
2019-03-31 (Casablanca Maintenance Release #2)
The following items were deployed with the Casablanca Maintenance Release:
Bug Fixes
[POLICY-1522] - Policy doesn’t send “payload” field to APPC
Security Fixes
[POLICY-1538] - Upgrade Elasticsearch to 6.4.x to clear security issue
License Issues
[POLICY-1433] - Remove proprietary licenses in PSSD test CSAR
Known Issues
The following known issue will be addressed in a future release.
[POLICY-1650] - Policy UI doesn’t show left menu or any content
A workaround for this issue consists in bypassing the Portal UI when accessing the Policy UI. See the PAP recipes documentation for the specific procedure.
Version: 3.0.1
- Release Date:
2019-01-31 (Casablanca Maintenance Release)
The following items were deployed with the Casablanca Maintenance Release:
New Features
[POLICY-1221] - Policy distribution application to support HTTPS communication
[POLICY-1222] - Apex policy PDP to support HTTPS Communication
Bug Fixes
[POLICY-1282] - Policy format with some problems
[POLICY-1395] - Apex PDP does not preserve context on model upgrade
Version: 3.0.0
- Release Date:
2018-11-30 (Casablanca Release)
New Features
The Casablanca release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Casablanca release, refer to JiraPolicyCasablanca (Note: Jira details can also be viewed from this link).
[POLICY-701] - This epic covers the work to integrate Policy into the SDC Service Distribution
The policy team introduced a new application into the framework that provides integration of the Service Distribution Notifications from SDC to Policy.
[POLICY-719] - This epic covers the work to build the Policy Lifecycle API
[POLICY-726] - This epic covers the work to distribute policy from the PAP to the PDPs into the ONAP platform
[POLICY-876] - This epics covers the work to re-build how the PAP organizes the PDP’s into groups.
The policy team did some forward looking spike work towards re-building the Software Architecture.
[POLICY-809] - Maintain and implement performance
[POLICY-814] - 72 hour stability testing (component and platform)
The policy team made enhancements to the Drools PDP to further support S3P Performance. For the new Policy SDC Distribution application and the newly ingested Apex PDP the team established S3P performance standard and performed 72 hour stability tests.
[POLICY-824] - maintain and implement security
The policy team established AAF Root Certificate for HTTPS communication and CADI/AAF integration into the MVP applications. In addition, many java dependencies were upgraded to clear CLM security issues.
[POLICY-840] - Flexible control loop coordination facility.
Work towards a POC for control loop coordination policies were implemented.
[POLICY-841] - Covers the work required to support HPA
Enhancements were made to support the HPA use case through the use of the new Policy SDC Service Distribution application.
[POLICY-842] - This epic covers the work to support the Auto Scale Out functional requirements
Enhancements were made to support Scale Out Use Case to enforce new guard policies and updated SO and A&AI APIs.
[POLICY-851] - This epic covers the work to bring in the Apex PDP code
A new Apex PDP engine was ingested into the platform and work was done to ensure code cleared CLM security issues, sonar issues, and checkstyle.
[POLICY-1081] - This epic covers the contribution for the 5G OOF PCI Optimization use case.
Policy templates changes were submitted that supported the 5G OOF PCI optimization use case.
[POLICY-1182] - Covers the work to support CCVPN use case
Policy templates changes were submitted that supported the CCVPN use case.
Bug Fixes
The following bug fixes have been deployed with this release:
[POLICY-799] - Policy API Validation Does Not Validate Required Parent Attributes in the Model
[POLICY-869] - Control Loop Drools Rules should not have exceptions as well as die upon an exception
[POLICY-872] - investigate potential race conditions during rules version upgrades during call loads
[POLICY-878] - pdp-d: feature-pooling disables policy-controllers preventing processing of onset events
[POLICY-909] - get_ZoneDictionaryDataByName class type error
[POLICY-920] - Hard-coded path in junit test
[POLICY-921] - XACML Junit test cannot find property file
[POLICY-1083] - Mismatch in action cases between Policy and APPC
Security Notes
POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (Casablanca Release).
- Quick Links:
Known Issues
[POLICY-1277] - policy config takes too long time to become retrievable in PDP
[POLICY-1282] - Policy format with some problems
Version: 2.0.0
- Release Date:
2018-06-07 (Beijing Release)
New Features
The Beijing release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Beijing release, refer to JiraPolicyBeijing.
- [POLICY-390] - This epic covers the work to harden the Policy platform software base (incl 50% JUnit coverage)
POLICY-238 policy/drools-applications: clean up maven structure
POLICY-336 Address Technical Debt
POLICY-338 Address JUnit Code Coverage
POLICY-377 Policy Create API should validate input matches DCAE microservice template
POLICY-389 Cleanup Jenkin’s CI/CD process’s
POLICY-449 Policy API + Console : Common Policy Validation
POLICY-568 Integration with org.onap AAF project
POLICY-610 Support vDNS scale out for multiple times in Beijing release
- [POLICY-391] - This epic covers the work to support Release Planning activities
POLICY-552 ONAP Licensing Scan - Use Restrictions
- [POLICY-392] - Platform Maturity Requirements - Performance Level 1
POLICY-529 Platform Maturity Performance - Drools PDP
POLICY-567 Platform Maturity Performance - PDP-X
- [POLICY-394] - This epic covers the work required to support a Policy developer environment in which Policy Developers can create, update policy templates/rules separate from the policy Platform runtime platform.
POLICY-488 pap should not add rules to official template provided in drools applications
- [POLICY-398] - This epic covers the body of work involved in supporting policy that is platform specific.
POLICY-434 need PDP /getConfig to return an indicator of where to find the config data - in config.content versus config field
- [POLICY-399] - This epic covers the work required to policy enable Hardware Platform Enablement
POLICY-622 Integrate OOF Policy Model into Policy Platform
- [POLICY-512] - This epic covers the work to support Platform Maturity Requirements - Stability Level 1
POLICY-525 Platform Maturity Stability - Drools PDP
POLICY-526 Platform Maturity Stability - XACML PDP
- [POLICY-513] - Platform Maturity Requirements - Resiliency Level 2
POLICY-527 Platform Maturity Resiliency - Policy Engine GUI and PAP
POLICY-528 Platform Maturity Resiliency - Drools PDP
POLICY-569 Platform Maturity Resiliency - BRMS Gateway
POLICY-585 Platform Maturity Resiliency - XACML PDP
POLICY-586 Platform Maturity Resiliency - Planning
POLICY-681 Regression Test Use Cases
- [POLICY-514] - This epic covers the work to support Platform Maturity Requirements - Security Level 1
POLICY-523 Platform Maturity Security - CII Badging - Project Website
- [POLICY-515] - This epic covers the work to support Platform Maturity Requirements - Escalability Level 1
POLICY-531 Platform Maturity Scalability - XACML PDP
POLICY-532 Platform Maturity Scalability - Drools PDP
POLICY-623 Docker image re-design
- [POLICY-516] - This epic covers the work to support Platform Maturity Requirements - Manageability Level 1
POLICY-533 Platform Maturity Manageability L1 - Logging
POLICY-534 Platform Maturity Manageability - Instantiation < 1 hour
- [POLICY-517] - This epic covers the work to support Platform Maturity Requirements - Usability Level 1
POLICY-535 Platform Maturity Usability - User Guide
POLICY-536 Platform Maturity Usability - Deployment Documentation
POLICY-537 Platform Maturity Usability - API Documentation
[POLICY-546] - R2 Beijing - Various enhancements requested by clients to the way we handle TOSCA models.
Bug Fixes
The following bug fixes have been deployed with this release:
[POLICY-484] - Extend election handler run window and clean up error messages
[POLICY-494] - POLICY EELF Audit.log not in ECOMP Standards Compliance
[POLICY-501] - Fix issues blocking election handler and add directed interface for opstate
[POLICY-509] - Add IntelliJ file to .gitingore
[POLICY-510] - Do not enforce hostname validation
[POLICY-518] - StateManagement creation of EntityManagers.
[POLICY-519] - Correctly initialize the value of allSeemsWell in DroolsPdpsElectionHandler
[POLICY-629] - Fixed a bug on editor screen
[POLICY-684] - Fix regex for brmsgw dependency handling
[POLICY-707] - ONAO-PAP-REST unit tests fail on first build on clean checkout
[POLICY-717] - Fix a bug in checking required fields if the object has include function
[POLICY-734] - Fix Fortify Header Manipulation Issue
[POLICY-743] - Fixed data name since its name was changed on server side
[POLICY-753] - Policy Health Check failed with multi-node cluster
[POLICY-765] - junit test for guard fails intermittently
Security Notes
POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project.
- Quick Links:
Known Issues
The following known issues will be addressed in a future release:
[POLICY-522] - PAP REST APIs undesired HTTP response body for 500 responses
[POLICY-608] - xacml components : remove hardcoded secret key from source code
[POLICY-764] - Policy Engine PIP Configuration JUnit Test fails intermittently
[POLICY-776] - OOF Policy TOSCA models are not correctly rendered
[POLICY-799] - Policy API Validation Does Not Validate Required Parent Attributes in the Model
[POLICY-801] - fields mismatch for OOF flavorFeatures between implementation and wiki
[POLICY-869] - Control Loop Drools Rules should not have exceptions as well as die upon an exception
[POLICY-872] - investigate potential race conditions during rules version upgrades during call loads
Version: 1.0.2
- Release Date:
2018-01-18 (Amsterdam Maintenance Release)
Bug Fixes
The following fixes were deployed with the Amsterdam Maintenance Release:
[POLICY-486] - pdp-x api pushPolicy fails to push latest version
Version: 1.0.1
- Release Date:
2017-11-16 (Amsterdam Release)
New Features
The Amsterdam release continued evolving the design driven architecture of and functionality for POLICY. The following is a list of Epics delivered with the release. For a full list of stories and tasks delivered in the Amsterdam release, refer to JiraPolicyAmsterdam.
- [POLICY-31] - Stabilization of Seed Code
POLICY-25 Replace any remaining openecomp reference by onap
POLICY-32 JUnit test code coverage
POLICY-66 PDP-D Feature mechanism enhancements
POLICY-67 Rainy Day Decision Policy
POLICY-93 Notification API
POLICY-158 policy/engine: SQL injection Mitigation
POLICY-269 Policy API Support for Rainy Day Decision Policy and Dictionaries
- [POLICY-33] - This epic covers the body of work involved in deploying the Policy Platform components
POLICY-40 MSB Integration
POLICY-124 Integration with oparent
POLICY-41 OOM Integration
POLICY-119 PDP-D: noop sinks
- [POLICY-34] - This epic covers the work required to support a Policy developer environment in which Policy Developers can create, update policy templates/rules separate from the policy Platform runtime platform.
POLICY-57 VF-C Actor code development
POLICY-43 Amsterdam Use Case Template
POLICY-173 Deployment of Operational Policies Documentation
- [POLICY-35] - This epic covers the body of work involved in supporting policy that is platform specific.
POLICY-68 TOSCA Parsing for nested objects for Microservice Policies
[POLICY-36] - This epic covers the work required to capture policy during VNF on-boarding.
- [POLICY-37] - This epic covers the work required to capture, update, extend Policy(s) during Service Design.
POLICY-64 CLAMP Configuration and Operation Policies for vFW Use Case
POLICY-65 CLAMP Configuration and Operation Policies for vDNS Use Case
POLICY-48 CLAMP Configuration and Operation Policies for vCPE Use Case
POLICY-63 CLAMP Configuration and Operation Policies for VOLTE Use Case
[POLICY-38] - This epic covers the work required to support service distribution by SDC.
- [POLICY-39] - This epic covers the work required to support the Policy Platform during runtime.
POLICY-61 vFW Use Case - Runtime
POLICY-62 vDNS Use Case - Runtime
POLICY-59 vCPE Use Case - Runtime
POLICY-60 VOLTE Use Case - Runtime
POLICY-51 Runtime Policy Update Support
POLICY-328 vDNS Use Case - Runtime Testing
POLICY-324 vFW Use Case - Runtime Testing
POLICY-320 VOLTE Use Case - Runtime Testing
POLICY-316 vCPE Use Case - Runtime Testing
- [POLICY-76] - This epic covers the body of work involved in supporting R1 Amsterdam Milestone Release Planning Milestone Tasks.
POLICY-77 Functional Test case definition for Control Loops
POLICY-387 Deliver the released policy artifacts
- Bug Fixes
This is technically the first release of POLICY, previous release was the seed code contribution. As such, the defects fixed in this release were raised during the course of the release. Anything not closed is captured below under Known Issues. For a list of defects fixed in the Amsterdam release, refer to JiraPolicyAmsterdam.
- Known Issues
The operational policy template has been tested with the vFW, vCPE, vDNS and VOLTE use cases. Additional development may/may not be required for other scenarios.
- For vLBS Use Case, the following steps are required to setup the service instance:
Create a Service Instance via VID.
Create a VNF Instance via VID.
Preload SDNC with topology data used for the actual VNF instantiation (both base and DNS scaling modules). NOTE: you may want to set “vlb_name_0” in the base VF module data to something unique. This is the vLB server name that DCAE will pass to Policy during closed loop. If the same name is used multiple times, the Policy name-query to AAI will show multiple entries, one for each occurrence of that vLB VM name in the OpenStack zone. Note that this is not a limitation, typically server names in a domain are supposed to be unique.
Instantiate the base VF module (vLB, vPacketGen, and one vDNS) via VID. NOTE: The name of the VF module MUST start with
Vfmodule_
. The same name MUST appear in the SDNC preload of the base VF module topology. We’ll relax this naming requirement for Beijing Release.Run heatbridge from the Robot VM using
Vfmodule_
_ as stack name (it is the actual stack name in OpenStack)Populate AAI with a dummy VF module for vDNS scaling.
- Security Issues
None at this time
- Other
None at this time
End of Release Notes