Policy Release Notes

Version: 9.0.0

Release Date

2021-11-04 (Istanbul Release)

New features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.4.3

N/A

policy/docker

2.3.1

onap/policy-jdk-alpine:2.3.1
onap/policy-jre-alpine:2.3.1
onap/policy-db-migrator:2.3.1

policy/common

1.9.1

N/A

policy/models

2.5.1

N/A

policy/api

2.5.1

onap/policy-api:2.5.1

policy/pap

2.5.1

onap/policy-pap:2.5.1

policy/drools-pdp

1.9.1

onap/policy-drools:1.9.1

policy/apex-pdp

2.6.1

onap/policy-apex-pdp:2.6.1

policy/xacml-pdp

2.5.1

onap/policy-xacml-pdp:2.5.1

policy/drools-applications

1.9.1

onap/policy-pdpd-cl:1.9.1

policy/clamp

6.1.3

onap/policy-clamp-backend:6.1.3
onap/policy-clamp-frontend:6.1.3
onap/policy-clamp-cl-pf-ppnt:6.1.3
onap/policy-clamp-cl-k8s-ppnt:6.1.3
onap/policy-clamp-cl-http-ppnt:6.1.3
onap/policy-clamp-cl-runtime:6.1.3

policy/gui

2.1.1

onap/policy-gui:2.1.1

policy/distribution

2.6.1

onap/policy-distribution:2.6.1

Key Updates

Clamp -> policy Control Loop Database

  • REQ-684 - Merge CLAMP functionality into Policy Framework project
    • keep CLAMP functions into ONAP

    • reduce ONAP footprint

    • consolidate the UI (Control loop UI and policy)

    • enables code sharing and common handling for REST and TOSCA

    • introduces the Spring Framework into the Policy Framework

    • see the CLAMP documentation

  • REQ-716 - Control Loop in TOSCA LCM
    • Allows Control Loops to be defined and described in Metadata using TOSCA

    • Control loops can run on the fly on any component that implements a participant API

    • Control Loops can be commissioned into Policy/CLAMP, they can be parameterized, initiated on arbitrary participants, activated and monitored

    • See the CLAMP TOSCA Control Loop documentation

  • CLAMP Client Policy and TOSCA Handling
    • Push existing policy(tree) into pdp

    • Handling of PDP Groups

    • Handling of Policy Types

    • Handling of TOSCA Service Templates

    • Push of Policies to PDPs

    • Support multiple PDP Groups per Policy Type

    • Tree view in Policies list

    • Integration of new TOSCA Control Loop GUI into CLAMP GUI

  • Policy Handling Improvements
    • Support delta policies in PDPs

    • Allow XACML rules to specify EventManagerService

    • Sending of notifications to Kafka & Rest in apex-pdp policies

    • External configuration of groups other than defaultGroup

    • XACML Decision support for Multiple Requests

    • Updated query parameter names and support for wildcards in APIs

    • Added new APIs for Policy Audit capabilities

    • Capability to send multiple output events from a state in APEX-PDP

  • System Attribute Improvements
    • Support for upgrade and rollback, starting with upgrade from the Honolulu release to the Istanbul release

    • Consolidated health check

    • Phase 1 of Spring Framework introduction

    • Phase 1 of Prometheus introduction, base Prometheus metrics

Known Limitations, Issues and Workarounds

System Limitations

N/A

Known Vulnerabilities

N/A

Workarounds

N/A

Security Notes

POLICY-3169 - Remove security issues reported by NEXUS-IQ
POLICY-3315 - Review license scan issues
POLICY-3327 - OOM AAF generated certificates contain invalid SANs entries
POLICY-3338 - Upgrade CDS dependency to the latest version
POLICY-3384 - Use signed certificates in the CSITs
POLICY-3431 - Review license scan issues
POLICY-3516 - Upgrade CDS dependency to the 1.1.5 version
POLICY-3590 - Address security vulnerabilities and License issues in Policy Framework
POLICY-3697 - Review license scan issues

Functional Improvements

REQ-684 - Merge CLAMP functionality into Policy Framework project
REQ-716 - Control Loop in TOSCA LCM
POLICY-1787 - Support mariadb upgrade/rollback functionality
POLICY-2535 - Query deployed policies by regex on the name, for a given policy type
POLICY-2618 - PDP-D make legacy configuration interface (used by brmsgw) an optional feature
POLICY-2769 - Support multiple PAP instances
POLICY-2865 - Add support and documentation on how an application can control what info is returned in Decision API
POLICY-2896 - Improve consolidated health check to include dependencies
POLICY-2920 - policy-clamp ui is capable to push and existing policy(tree) into pdp
POLICY-2921 - use the policy-clamp ui to manage pdp groups
POLICY-2923 - use the policy-clamp ui to manage policy types
POLICY-2930 - clamp-backend rest api to push policies to pdp
POLICY-2931 - clamp GUI to push policy to pdp
POLICY-3072 - clamp ui support multiple pdp group per policy type
POLICY-3107 - Support delta policies in PDPs
POLICY-3165 - Implement tree view in policies list
POLICY-3209 - CLAMP Component Lifecycle Management using Spring Framework
POLICY-3218 - Integrate CLAMP GUIs (Instantiation/Monitoring) in the policy-gui repo
POLICY-3227 - Implementation of context album improvements in apex-pdp
POLICY-3228 - Implement clamp backend part to add policy models api
POLICY-3229 - Implement the front end part to add tosca model
POLICY-3230 - Make default PDP-D and PDP-D-APPS work out of the box
POLICY-3260 - Allow rules to specify EventManagerService
POLICY-3324 - Design a solution for sending notifications to Kafka & Rest in apex-pdp policies
POLICY-3331 - PAP: should allow for external configuration of groups other than defaultGroup
POLICY-3340 - Create REST API’s in PAP to fetch the audit information stored in DB
POLICY-3514 - XACML Decision support for Multiple Requests
POLICY-3524 - Explore options to integrate prometheus with policy framework components
POLICY-3527 - Update query parameter names in policy audit api’s
POLICY-3533 - PDP-D: make DB port provisionable
POLICY-3538 - Export basic metrics from policy components for prometheus
POLICY-3545 - Use generic create policy url in policy/distribution
POLICY-3557 - Export basic prometheus metrics from clamp

Necessary Improvements and Bug Fixes

Necessary Improvements

POLICY-2418 - Refactor XACML PDP POJO’s into Bean objects in order to perform validation more simply
POLICY-2429 - Mark policy/engine read-only and remove ci-management jobs for it
POLICY-2542 - Improve the REST parameter validation for PAP api’s
POLICY-2767 - Improve error handling of drools-pdp when requestID in onset is not valid UUID
POLICY-2899 - Store basic audit details of deploy/undeploy operations in PAP
POLICY-2996 - Address technical debt left over from Honolulu
POLICY-3059 - Fix name of target-database property in persistence.xml files
POLICY-3062 - Update the ENTRYPOINT in APEX-PDP Dockerfile
POLICY-3078 - Support SSL communication in Kafka IO plugin of Apex-PDP
POLICY-3087 - Use sl4fj instead of EELFLogger
POLICY-3089 - Cleanup logs for success/failure consumers in apex-pdp
POLICY-3096 - Fix intermittent test failures in APEX
POLICY-3128 - Use command command-line handler across policy repos
POLICY-3129 - Refactor command-line handling across policy-repos
POLICY-3132 - Apex-pdp documentation refers to missing logos.png
POLICY-3134 - Use base image for policy-jdk docker images
POLICY-3136 - Ignore jacoco and checkstyle when in eclipse
POLICY-3143 - Remove keystore files from policy repos
POLICY-3145 - HTTPS clients should not allow self-signed certificates
POLICY-3147 - Xacml-pdp should not use RestServerParameters for client parameters
POLICY-3155 - Use python3 for CSITs
POLICY-3160 - Use “sh” instead of “ash” where possible
POLICY-3163 - Remove spaces from xacml file name
POLICY-3166 - Use newer onap base image in clamp
POLICY-3171 - Fix sporadic error in models provider junits
POLICY-3175 - Minor clean-up of drools-apps
POLICY-3182 - Update npm repo
POLICY-3189 - Create a new key class which uses the @GeneratedValue annotation
POLICY-3190 - Investigate handling of context albums in Apex-PDP for failure responses (ex - AAI)
POLICY-3198 - Remove VirtualControlLoopEvent from OperationsHistory classes
POLICY-3211 - Parameter Handling and Parameter Validation
POLICY-3214 - Change Monitoring UI implementation to use React
POLICY-3215 - Update CLAMP Module structure to Multi Module Maven approach
POLICY-3221 - wrong lifecycle state information in INFO.yaml for policy/clamp
POLICY-3222 - Use existing clamp gui to set the parameters during CL instantiation
POLICY-3235 - gui-editor-apex fails to start
POLICY-3257 - Update csit test cases to include policy status & statistics api’s
POLICY-3261 - Rules need a way to release locks
POLICY-3262 - Extract more common code from UsecasesEventManager
POLICY-3292 - Update the XACML PDP Tutorial docker compose files to point to release Honolulu images
POLICY-3298 - Add key names to IndexedXxx factory class toString() methods
POLICY-3299 - Merge policy CSITs into docker/csit
POLICY-3300 - PACKAGES UPGRADES IN DIRECT DEPENDENCIES FOR ISTANBUL
POLICY-3303 - Update the default logback.xml in APEX to log to STDOUT
POLICY-3305 - Ensure XACML PDP application/translator methods are extendable
POLICY-3306 - Fix issue where apex-pdp test is failing in gitlab
POLICY-3307 - Turn off frankfurt CSITs
POLICY-3333 - bean validator should use SerializedName
POLICY-3336 - APEX CLI/Model: multiple outputs for nextState NULL
POLICY-3337 - Move clamp documentation to policy/parent
POLICY-3366 - PDP-D: support configuration of overarching DMAAP https flag
POLICY-3367 - oom: policy-clamp-create-tables.sql: add IF NOT EXISTS clauses
POLICY-3374 - Docker registry should be defined in the parent pom
POLICY-3378 - Move groovy scripts to separate/common file
POLICY-3382 - Create document for policy chaining in drools-pdp
POLICY-3383 - Standardize policy deployment vs undeployment count in PdpStatistics
POLICY-3388 - policy/gui merge jobs failing
POLICY-3389 - Use lombok annotations instead of hashCode, equals, toString, get, set
POLICY-3404 - Rolling DB errors in log output for API, PAP, and DB components
POLICY-3419 - Remove operationshistory10 DB
POLICY-3450 - PAP should support turning on/off via configuration storing PDP statistics
POLICY-3456 - Use new RestClientParameters class instead of BusTopicParams
POLICY-3457 - Topic source should not go into fast-fail loop when dmaap is unreachable
POLICY-3459 - Document how to turn off collection of PdpStatistics
POLICY-3473 - CSIT for xacml doesn’t check dmaap msg status
POLICY-3474 - Delete extra simulators from policy-models
POLICY-3486 - policy-jdk docker image should have at least one up to date image
POLICY-3499 - Improve Apex-PDP logs to avoid printing errors for irrelevant events in multiple policy deployment
POLICY-3501 - Refactor guard actor
POLICY-3511 - Limit statistics record count
POLICY-3525 - Improve policy/pap csit automation test cases
POLICY-3528 - Update documents & postman collection for pdp statistics api’s
POLICY-3531 - PDP-X: initialization delays causes liveness checks to be missed under OOM deployment
POLICY-3532 - Add Honolulu Maintenance Release notes to read-the-docs
POLICY-3539 - Use RestServer from policy/common in apex-pdp
POLICY-3547 - METADATA tables for policy/docker db-migrator should be different than counterpart in policy/drools-pdp seed
POLICY-3556 - Document xacml REST server limitations
POLICY-3605 - Enhance dmaap simulator to support “”/topics” endpoint
POLICY-3609 - Add CSIT test case for policy consolidated health check

Bug Fixes

POLICY-2845 - Policy dockers contain GPLv3
POLICY-3066 - Stackoverflow error in APEX standalone after changing to onap java image
POLICY-3161 - OOM clamp BE/FE do not start properly when clamp db exists in the cluster
POLICY-3174 - POLICY-APEX log does not include the DATE in STDOUT
POLICY-3176 - POLICY-DROOLS log does not include the DATE in STDOUT
POLICY-3177 - POLICY-PAP log does not include the DATE in STDOUT
POLICY-3201 - fix CRITICAL weak-cryptography issues identified in sonarcloud
POLICY-3202 - PDP-D: no locking feature: service loader not locking the no-lock-manager
POLICY-3203 - Update the PDP deployment in policy window failure
POLICY-3204 - Clamp UI does not accept to deploy policy to PDP
POLICY-3205 - The submit operation in Clamp cannot be achieved successfully
POLICY-3225 - Clamp policy UI does not send right pdp command
POLICY-3226 - Clamp policy UI does 2 parallel queries to policy list
POLICY-3248 - PdpHeartbeats are not getting processed by PAP
POLICY-3301 - Apex Avro Event Schemas - Not support for colon ‘:’ character in field names
POLICY-3322 - gui-editor-apex doesn’t contain webapp correctly
POLICY-3332 - Issues around delta policy deployment in APEX
POLICY-3369 - Modify NSSI closed loop not running
POLICY-3445 - Version conflicts in spring boot dependency jars in CLAMP
POLICY-3454 - PDP-D CL APPS: swagger mismatched libraries cause telemetry shell to fail
POLICY-3468 - PDPD-CL APPS: Clean up library transitive dependencies conflicts (jackson version) from new CDS libraries
POLICY-3507 - CDS Operation Policy execution runtime error
POLICY-3526 - OOM start of policy-distribution fails (keyStore values)
POLICY-3558 - Delete Instance Properties if Instantiation is Unitialized
POLICY-3600 - Some REST calls in Clamp GUI do not include pathname
POLICY-3601 - Static web resource paths in gui-editor-apex are incorrect
POLICY-3602 - Context schema table is not populated in Apex Editor
POLICY-3603 - gui-pdp-monitoring broken in gui docker image
POLICY-3608 - LASTUPDATE column in pdp table causing Nullpointer Exception in PAP initialization
POLICY-3610 - PDP-D-APPS: audit and metric logging information is incorrect
POLICY-3611 - “API,PAP: decrease eclipselink verbosity in persistence.xml”
POLICY-3625 - Terminated PDPs are not being removed by PAP
POLICY-3637 - Policy-mariadb connection intermittently fails from PF components
POLICY-3639 - CLAMP_REST_URL environment variable is not needed
POLICY-3647 - Cannot create Instance from Policy GUI
POLICY-3649 - SSL Handshake failure between CL participants and DMaap
POLICY-3650 - Disable apex-editor and pdp-monitoring in gui docker
POLICY-3660 - DB-Migrator job completes even during failed upgrade
POLICY-3678 - K8s participants tests are skipped due to json parsing error.
POLICY-3679 - Modify pdpstatistics to prevent duplicate keys
POLICY-3680 - PDP Monitoring GUI fails to parse JSON from PAP
POLICY-3682 - Unable to list the policies in Policy UI
POLICY-3683 - clamp-fe & policy-gui: useless rolling logs
POLICY-3684 - Unable to select a PDP group & Subgroup when configuring a control loop policy
POLICY-3685 - Fix CL state change issues in runtime and participants
POLICY-3686 - Update Participant Status after Commissioning
POLICY-3687 - Continuous sending CONTROL_LOOP_STATE_CHANGE message
POLICY-3688 - Register participant in ParticipantRegister message
POLICY-3689 - Handle ParticipantRegister
POLICY-3691 - Problems Parsing Service Template
POLICY-3695 - Tosca Constraint “in_range” not supported by policy/models
POLICY-3706 - Telemetry not working in drools-pdp
POLICY-3707 - Cannot delete a loop in design state

References

For more information on the ONAP Istanbul release, please see:

  1. ONAP Home Page

  2. ONAP Documentation

  3. ONAP Release Downloads

  4. ONAP Wiki Page

Quick Links:

Version: 8.0.1

Release Date

2021-08-12 (Honolulu Maintenance Release #1)

Artifacts

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.3.2

policy/common

1.8.2

policy/models

2.4.4

policy/api

2.4.4

onap/policy-api:2.4.4

policy/pap

2.4.5

onap/policy-pap:2.4.5

policy/drools-pdp

1.8.4

onap/policy-drools:1.8.4

policy/apex-pdp

2.5.4

onap/policy-apex-pdp:2.5.4

policy/xacml-pdp

2.4.5

onap/policy-xacml-pdp:2.4.5

policy/drools-applications

1.8.4

onap/policy-pdpd-cl:1.8.4

policy/distribution

2.5.4

onap/policy-distribution:2.5.4

policy/docker

2.2.1

onap/policy-jdk-alpine:2.2.1, onap/policy-jre-alpine:2.2.1

Bug Fixes and Necessary Enhancements

  • [POLICY-3062] - Update the ENTRYPOINT in APEX-PDP Dockerfile

  • [POLICY-3066] - Stackoverflow error in APEX standalone after changing to onap java image

  • [POLICY-3078] - Support SSL communication in Kafka IO plugin of Apex-PDP

  • [POLICY-3173] - APEX-PDP incorrectly reports successful policy deployment to PAP

  • [POLICY-3202] - PDP-D: no locking feature: service loader not locking the no-lock-manager

  • [POLICY-3227] - Implementation of context album improvements in apex-pdp

  • [POLICY-3230] - Make default PDP-D and PDP-D-APPS work out of the box

  • [POLICY-3248] - PdpHeartbeats are not getting processed by PAP

  • [POLICY-3301] - Apex Avro Event Schemas - Not support for colon ‘:’ character in field names

  • [POLICY-3305] - Ensure XACML PDP application/translator methods are extendable

  • [POLICY-3331] - PAP: should allow for external configuration of groups other than defaultGroup

  • [POLICY-3338] - Upgrade CDS dependency to the latest version

  • [POLICY-3366] - PDP-D: support configuration of overarching DMAAP https flag

  • [POLICY-3450] - PAP should support turning on/off via configuration storing PDP statistics

  • [POLICY-3454] - PDP-D CL APPS: swagger mismatched libraries cause telemetry shell to fail

  • [POLICY-3485] - Limit statistics record count

  • [POLICY-3507] - CDS Operation Policy execution runtime error

  • [POLICY-3516] - Upgrade CDS dependency to the 1.1.5 version

Known Limitations

The APIs provided by xacml-pdp (e.g., healthcheck, statistics, decision) are always active. While PAP controls which policies are deployed to a xacml-pdp, it does not control whether or not the APIs are active. In other words, xacml-pdp will respond to decision requests, regardless of whether PAP has made it ACTIVE or PASSIVE.

Version: 8.0.0

Release Date

2021-04-29 (Honolulu Release)

New features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.3.0

policy/common

1.8.0

policy/models

2.4.2

policy/api

2.4.2

onap/policy-api:2.4.2

policy/pap

2.4.2

onap/policy-pap:2.4.2

policy/drools-pdp

1.8.2

onap/policy-drools:1.8.2

policy/apex-pdp

2.5.2

onap/policy-apex-pdp:2.5.2

policy/xacml-pdp

2.4.2

onap/policy-xacml-pdp:2.4.2

policy/drools-applications

1.8.2

onap/policy-pdpd-cl:1.8.2

policy/distribution

2.5.2

onap/policy-distribution:2.5.2

policy/docker

2.2.1

onap/policy-jdk-alpine:2.2.1, onap/policy-jre-alpine:2.2.1

Key Updates

  • Enhanced statistics
    • PDPs provide statistics, retrievable via PAP REST API

  • PDP deployment status
    • Policy deployment API enhanced to reflect actual policy deployment status in PDPs

    • Make PAP component stateless

  • Policy support
    • Upgrade XACML 3.0 code to use new Time Extensions

    • Enhancements for interoperability between Native Policies and other policy types

    • Support for arbitrary policy types on the Drools PDP

    • Improve handling of multiple policies in APEX PDP

    • Update policy-models TOSCA handling with Control Loop Entities

  • Alternative locking mechanisms
    • Support NO locking feature in Drools-PDP

  • Security
    • Remove credentials in code from the Apex JMS plugin

  • Actor enhancements
    • Actors should give better warnings than NPE when data is missing

    • Remove old event-specific actor code

  • PDP functional assignments
    • Make PDP type configurable in drools-pdp

    • Make PDP type configurable in xacml-pdp

  • Performance improvements
    • Support policy updates between PAP and the PDPs, phase 1

  • Maintainability
    • Use ONAP base docker image

    • Remove GPLv3 components from docker containers

    • Move CSITs to Policy repos

    • Deprecate server pool feature in drools-pdp

  • PoCs
    • Merge CLAMP functionality into Policy Framework project

    • TOSCA Defined Control Loop

Known Limitations, Issues and Workarounds

System Limitations

The policy API component requires a fresh new database when migrating to the honolulu release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.

Known Vulnerabilities

Workarounds

  • POLICY-2998 - Provide a script to periodically purge the statistics table

Security Notes

  • POLICY-3005 - Bump direct dependency versions
    • Upgrade org.onap.dmaap.messagerouter.dmaapclient to 1.1.12

    • Upgrade org.eclipse.persistence to 2.7.8

    • Upgrade org.glassfish.jersey.containers to 2.33

    • Upgrade com.fasterxml.jackson.module to 2.11.3

    • Upgrade com.google.re2j to 1.5

    • Upgrade org.mariadb.jdbc to 2.7.1

    • Upgrade commons-codec to 1.15

    • Upgrade com.thoughtworks.xstream to 1.4.15

    • Upgrade org.apache.httpcomponents:httpclient to 4.5.13

    • Upgrade org.apache.httpcomponents:httpcore to 4.4.14

    • Upgrade org.json to 20201115

    • Upgrade org.projectlombok to 1.18.16

    • Upgrade org.yaml to 1.27

    • Upgrade io.cucumber to 6.9.1

    • Upgrade org.apache.commons:commons-lang3 to 3.11

    • Upgrade commons-io to 2.8.0

  • POLICY-2943 - Review license scan issues
    • Upgrade com.hazelcast to 4.1.1

    • Upgrade io.netty to 4.1.58.Final

  • POLICY-2936 - Upgrade to latest version of CDS API
    • Upgrade io.grpc to 1.35.0

    • Upgrade com.google.protobuf to 3.14.0

References

For more information on the ONAP Honolulu release, please see:

  1. ONAP Home Page

  2. ONAP Documentation

  3. ONAP Release Downloads

  4. ONAP Wiki Page

Quick Links:

Version: 7.0.0

Release Date

2020-12-03 (Guilin Release)

New features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.2.0

policy/common

1.7.1

policy/models

2.3.5

policy/api

2.3.3

onap/policy-api:2.3.3

policy/pap

2.3.3

onap/policy-pap:2.3.3

policy/drools-pdp

1.7.4

onap/policy-drools:1.7.4

policy/apex-pdp

2.4.4

onap/policy-apex-pdp:2.4.4

policy/xacml-pdp

2.3.3

onap/policy-xacml-pdp:2.3.3

policy/drools-applications

1.7.5

onap/policy-pdpd-cl:1.7.5

policy/distribution

2.4.3

onap/policy-distribution:2.4.3

policy/docker

2.1.1

onap/policy-jdk-alpine:2.1.1, onap/policy-jre-alpine:2.1.1

Key Updates

  • Kubernetes integration
    • All components return with non-zero exit code in case of application failure

    • All components log to standard out (i.e., k8s logs) by default

    • Continue to write log files inside individual pods, as well

  • E2E Network Slicing
    • Added ModifyNSSI operation to SO actor

  • Consolidated health check
    • Indicate failure if there aren’t enough PDPs registered

  • Legacy operational policies
    • Removed from all components

  • OOM helm charts refactoring
    • Name standardization

    • Automated certificate generation

  • Actor Model
    • Support various use cases and provide more flexibility to Policy Designers

    • Reintroduced the “usecases” controller into drools-pdp, supporting the use cases under the revised actor architecture

  • Guard Application
    • Support policy filtering

  • Matchable Application - Support for ONAP or 3rd party components to create matchable policy types out of the box

  • Policy Lifecycle & Administration API
    • Query/Delete by policy name & version without policy type

  • Apex-PDP enhancements
    • Support multiple event & response types coming from a single endpoint

    • Standalone installation now supports Tosca-based policies

    • Legacy policy format has been removed

    • Support chaining/handling of gRPC failure responses

  • Policy Distribution
    • HPA decoders & related classes have been removed

  • Policy Engine
    • Deprecated

Known Limitations, Issues and Workarounds

System Limitations

The policy API component requires a fresh new database when migrating to the guilin release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.

Known Vulnerabilities

  • POLICY-2463 - In APEX Policy javascript task logic, JSON.stringify causing stackoverflow exceptions

Workarounds

  • POLICY-2463 - Use the stringify method of the execution context

Security Notes

  • POLICY-2878 - Dependency upgrades
    • Upgrade com.fasterxml.jackson to 2.11.1

  • POLICY-2387 - Dependency upgrades
    • Upgrade org.json to 20200518

    • Upgrade com.google.re2j to 1.4

    • Upgrade com.thoughtworks.xstream to 1.4.12

    • Upgrade org.eclipse.persistence to 2.2.1

    • Upgrade org.apache.httpcomponents to 4.5.12

    • Upgrade org.projectlombok to 1.18.12

    • Upgrade org.slf4j to 1.7.30

    • Upgrade org.codehaus.plexus to 3.3.0

    • Upgrade com.h2database to 1.4.200

    • Upgrade io.cucumber to 6.1.2

    • Upgrade org.assertj to 3.16.1

    • Upgrade com.openpojo to 0.8.13

    • Upgrade org.mockito to 3.3.3

    • Upgrade org.awaitility to 4.0.3

    • Upgrade org.onap.aaf.authz to 2.1.21

  • POLICY-2668 - Dependency upgrades
    • Upgrade org.java-websocket to 1.5.1

  • POLICY-2623 - Remove log4j dependency

  • POLICY-1996 - Dependency upgrades
    • Upgrade org.onap.dmaap.messagerouter.dmaapclient to 1.1.11

References

For more information on the ONAP Guilin release, please see:

  1. ONAP Home Page

  2. ONAP Documentation

  3. ONAP Release Downloads

  4. ONAP Wiki Page

Quick Links:

Version: 6.0.1

Release Date

2020-08-21 (Frankfurt Maintenance Release #1)

Artifacts

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/drools-applications

1.6.4

onap/policy-pdpd-cl:1.6.4

Bug Fixes

Security Notes

Fixed Security Issues

  • [POLICY-2678] - policy/engine tomcat upgrade for CVE-2020-11996

Version: 6.0.0

Release Date

2020-06-04 (Frankfurt Release)

New features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.1.3

policy/common

1.6.5

policy/models

2.2.6

policy/api

2.2.4

onap/policy-api:2.2.4

policy/pap

2.2.3

onap/policy-pap:2.2.3

policy/drools-pdp

1.6.3

onap/policy-drools:1.6.3

policy/apex-pdp

2.3.2

onap/policy-apex-pdp:2.3.2

policy/xacml-pdp

2.2.2

onap/policy-xacml-pdp:2.2.2

policy/drools-applications

1.6.4

onap/policy-pdpd-cl:1.6.4

policy/engine

1.6.4

onap/policy-pe:1.6.4

policy/distribution

2.3.2

onap/policy-distribution:2.3.2

policy/docker

2.0.1

onap/policy-jdk-alpine:2.0.1, onap/policy-jre-alpine:2.0.1, onap/policy-jdk-debian:2.0.1, onap/policy-jre-debian:2.0.1

Summary

New features include policy update notifications, native policy support, streamlined health check for the Policy Administration Point (PAP), configurable pre-loading/pre-deployment of policies, new APIs (e.g. to create one or more Policies with a single call), new experimental PDP monitoring GUI, and enhancements to all three PDPs: XACML, Drools, APEX.

Common changes in all policy components

  • Upgraded all policy components to Java 11.

  • Logback file can be now loaded using OOM configmap.
    • If needed, logback file can be loaded as a configmap during the OOM deployment. For this, just put the logback.xml file in corresponding config directory in OOM charts.

  • TOSCA changes:
    • “tosca_definitions_version” is now “tosca_simple_yaml_1_1_0”

    • typeVersion→ type_version, int→integer, bool→boolean, String→string, Map→map, List→list

  • SupportedPolicyTypes now removed from pdp status message.
    • All PDPs now send PdpGroup to which they belong to in the registration message.

    • SupportedPolicyTypes are not sent anymore.

  • Native Policy Support
    • Each PDP engine has its own native policy language. A new Policy Type onap.policies.Native was created and supported for each PDP engine to support native policy types.

POLICY-PAP

  • Policy Update Notifications
    • PAP now generates notifications via the DMaaP Message Router when policies are successfully or unsuccessfully deployed (or undeployed) from all relevant PDPs.

  • PAP API to fetch Policy deployment status
    • Clients will be able to poll the PAP API to find out when policies have been successfully or unsuccessfully deployed to the PDP’s.

  • Removing supportedPolicyTypes from PdpStatus
    • PDPs are assigned to a PdpGroup based on what group is mentioned in the heartbeat. Earlier this was done based on the supportedPolicyTypes.

  • Support policy types with wild-cards, Preload wildcard supported type in PAP

  • PAP should NOT make a PDP passive if it cannot deploy a policy.
    • If a PDP fails to deploy one or more policies specified in a PDP-UPDATE message, PAP will undeploy those policies that failed to deploy to the PDP. This entails removing the policies from the Pdp Group(s), issuing new PDP-UPDATE requests, and updating the notification tracking data.

    • Also, re-register pdp if not found in the DB during heartbeat processing.

  • Consolidated health check in PAP
    • PAP can report the health check for ALL the policy components now. The PDP’s health is tracked based on heartbeats, and other component’s REST API is used for healthcheck.

    • “healthCheckRestClientParameters” (REST parameters for API and Distribution healthcheck) are added to the startup config file in PAP.

  • PDP statistics from PAP
    • All PDPs send statistics data as part of the heartbeat. PAP reads this and saves this data to the database, and this statistics data can be accessed from the monitoring GUI.

  • PAP API for Create or Update PdpGroups
    • A new API is now available just for creating/updating PDP Groups. Policies cannot be added/updated during PDP Group create/update operations. There is another API for this. So, if provided in the create/update group request, they are ignored. Supported policy types are defined during PDP Group creation. They cannot be updated once they are created. Refer to this for details: https://github.com/onap/policy-parent/blob/master/docs/pap/pap.rst#id8

  • PAP API to deploy policies to PdpGroups
    • A new API is introduced to deploy policies on specific PDPGroups. Each subgroup includes an “action” property, which is used to indicate that the policies are being added (POST) to the subgroup, deleted (DELETE) from the subgroup, or that the subgroup’s entire set of policies is being replaced (PATCH) by a new set of policies.

POLICY-API

  • A new simplified API to create one or more policies in one call.
    • This simplified API doesn’t require policy type id & policy type version to be part of the URL.

    • The simple URI “policy/api/v1/policies” with a POST input body takes in a ToscaServiceTemplate with the policies in it.

  • List of Preloaded policy types are made configurable
    • Until El Alto, the list of pre-loaded policy types are hardcoded in the code. Now, this is made configurable, and the list can be specified in the startup config file for the API component under “preloadPolicyTypes”. The list is ignored if the DB already contains one or more policy types.

  • Preload default policies for ONAP components
    • The ability to configure the preloading of initial default policies into the system upon startup.

  • A lot of improvements to the API code and validations corresponding to the changes in policy-models.
    • Creating same policyType/policy repeatedly without any change in request body will always be successful with 200 response

    • If there is any change in the request body, then that should be a new version. If any change is posted without a version change, then 406 error response is returned.

  • Known versioning issues are there in Policy Types handling.
    • https://jira.onap.org/browse/POLICY-2377 covers the versioning issues in Policy. Basically, multiple versions of a Policy Type cannot be handled in TOSCA. So, in Frankfurt, the latest version of the policy type is examined. This will be further looked into in Guilin.

  • Cascaded GET of PolicyTypes and Policies
    • Fetching/GET PolicyType now returns all of the referenced/parent policyTypes and dataTypes as well.

    • Fetching/GET Policy allows specifying mode now.

    • By default the mode is “BARE”, which returns only the requested Policy in response. If mode is specified as “REFERENCED”, all of the referenced/parent policyTypes and dataTypes are returned as well.

  • The /deployed API is removed from policy/api
    • This run time administration job to see the deployment status of a policy is now possible via PAP.

  • Changes related to design and support of TOSCA Compliant Policy Types for the operational and guard policy models.

POLICY-DISTRIBUTION

  • From Frankfurt release, policy-distribution component uses APIs provided by Policy-API and Policy-PAP for creation of policy types and policies, and deployment of policies.
    • Note: If “deployPolicies” field in the startup config file is true, then only the policies are deployed using PAP endpoint.

  • Policy/engine & apex-pdp dependencies are removed from policy-distribution.

POLICY-APEX-PDP

  • Changed the JavaScript executor from Nashorn to Rhino as part of Java 11 upgrade.
  • APEX supports multiple policy deployment in Frankfurt.
    • Up through El Alto APEX-PDP had the capability to take in only a single ToscaPolicy. When PAP sends a list of Tosca Policies in PdpUpdate, only the first one is taken and only that single Policy is deployed in APEX. This is fixed in Frankfurt. Now, APEX can deploy a list of Tosca Policies altogether into the engine.

    • Note: There shouldn’t be any duplicates in the deployed policies (for e.g. same input/output parameter names, or same event/task names etc).

    • For example, when 3 policies are deployed and one has duplicates, say same input/task or any such concept is used in the 2nd and 3rd policy, then APEX-PDP ignores the 3rd policy and executes only the 1st and 2nd policies. APEX-PDP also respond back to PAP with the message saying that “only Policy 1 and 2 are deployed. Others failed due to duplicate concept”.

  • Context retainment during policy upgrade.
    • In APEX-PDP, context is referred by the apex concept ‘contextAlbum’. When there is no major version change in the upgraded policy to be deployed, the existing context of the currently running policy is retained. When the upgraded policy starts running, it will have access to this context as well.

    • For example, Policy A v1.1 is currently deployed to APEX. It has a contextAlbum named HeartbeatContext and heartbeats are currently added to the HeartbeatContext based on events coming in to the policy execution. Now, when Policy A v1.2 (with some other changes and same HeartbeatContext) is deployed, Policy Av1.1 is replaced by Policy A1.2 in the APEX engine, but the content in HeartbeatContext is retained for Policy A1.2.

  • APEX-PDP now specifies which PdpGroup it belongs to.
    • Up through El Alto, PAP assigned each PDP to a PDP group based on the supportedPolicyTypes it sends in the heartbeat. But in Frankfurt, each PDP comes up saying which PdpGroup they belong to, and this is sent to PAP in the heartbeat. PAP then registers the PDP the PdpGroup specified by the PDP. If no group name is specified like this, then PAP assigns the PDP to defaultGroup by default. SupportedPolicyTypes are not sent to PAP by the PDP now.

    • In APEX-PDP, this can be specified in the startup config file(OnapPfConfig.json). “pdpGroup”: “<groupName>” is added under “pdpStatusParameters” in the config file.

  • APEX-PDP now sends PdpStatistics data in heartbeat.
    • Apex now sends the PdpStatistics data in every heartbeat sent to PAP. PAP saves this data to the database, and this statistics data can be accessed from the monitoring GUI.

  • Removed “content” section from ToscaPolicy properties in APEX.
    • Up through El Alto, APEX specific policy information was placed under properties|content in ToscaPolicy. Avoid placing under “content” and keep the information directly under properties. So, the ToscaPolicy structure will have apex specific policy information in properties|engineServiceParameters, properties|eventInputParameters, properties|eventOutputParameters.

  • Passing parameters from ApexConfig to policy logic.
  • GRPC support for APEX-CDS interaction.

POLICY-XACML-PDP

  • Added optional Decision API param to Decision API for monitor decisions that returns abbreviated results.
    • Return only an abbreviated list of policies (e.g. metadata Policy Id and Version) without the actual contents of the policies (e.g. the Properties).

  • XACML PDP now support PASSIVE_MODE.

  • Added support to return status and error if pdp-x failed to load a policy.

  • Changed optimization Decision API application to support “closest matches” algorithm.

  • Changed Xacml-pdp to report the pdp group defined in XacmlPdpParameters config file as part of heartbeat. Also, removed supportedPolicyType from pdpStatus message.

  • Design the TOSCA policy model for SDNC naming policies and implement an application that translates it to a working policy and is available for decision API.

  • XACML pdp support for Control Loop Coordination
    • Added policies for SON and PCI to support each blocking the other, with test cases and appropriate requests

  • Extend PDP-X capabilities so that it can load in and enforce the native XACML policies deployed from PAP.

POLICY-DROOLS-PDP

  • Support for PDP-D in offline mode to support locked deployments. This is the default ONAP installation.

  • Parameterize maven repository URLs for easier CI/CD integration.

  • Support for Tosca Compliant Operational Policies.

  • Support for TOSCA Compliant Native Policies that allows creation and deployment of new drools-applications.

  • Validation of Operational and Native Policies against their policy type.

  • Support for a generic Drools-PDP docker image to host any type of application.

  • Experimental Server Pool feature that supports multiple active Drools PDP hosts.

POLICY-DROOLS-APPLICATIONS

  • Removal of DCAE ONSET alarm duplicates (with different request IDs).

  • Support of a new controller (frankfurt) that supports the ONAP use cases under the new actor architecture.

  • Deprecated the “usecases” controller supporting the use cases under the legacy actor architecture.

  • Deleted the unsupported “amsterdam” controller related projects.

Known Limitations, Issues and Workarounds

System Limitations

The policy API component requires a fresh new database when migrating to the frankfurt release. Therefore, upgrades require a fresh new database installation. Please see the Installing or Upgrading Policy section for appropriate procedures.

Known Vulnerabilities

  • POLICY-2463 - In APEX Policy javascript task logic, JSON.stringify causing stackoverflow exceptions

  • POLICY-2487 - policy/api hangs in loop if preload policy does not exist

Workarounds

  • POLICY-2463 - Parse incoming object using JSON.Parse() or cast the object to a String

Security Notes

  • POLICY-2221 - Password removal from helm charts

  • POLICY-2064 - Allow overriding of keystore and truststore in policy helm charts

  • POLICY-2381 - Dependency upgrades
    • Upgrade drools 7.33.0

    • Upgrade jquery to 3.4.1 in jquery-ui

    • Upgrade snakeyaml to 1.26

    • Upgrade org.infinispan infinispan-core 10.1.5.Final

    • upgrade io.netty 4.1.48.Final

    • exclude org.glassfish.jersey.media jersey-media-jaxb artifact

    • Upgrade com.fasterxml.jackson.core 2.10.0.pr3

    • Upgrade org.org.jgroups 4.1.5.Final

    • Upgrade commons-codec 20041127.091804

    • Upgrade com.github.ben-manes.caffeine 2.8.0

Version: 5.0.2

Release Date

2020-08-24 (El Alto Maintenance Release #1)

New Features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/api

2.1.3

onap/policy-api:2.1.3

policy/pap

2.1.3

onap/policy-pap:2.1.3

policy/drools-pdp

1.5.3

onap/policy-drools:1.5.3

policy/apex-pdp

2.2.3

onap/policy-apex-pdp:2.2.3

policy/xacml-pdp

2.1.3

onap/policy-xacml-pdp:2.1.3

policy/drools-applications

1.5.4

onap/policy-pdpd-cl:1.5.4

policy/engine

1.5.3

onap/policy-pe:1.5.3

policy/distribution

2.2.2

onap/policy-distribution:2.2.2

policy/docker

1.4.0

onap/policy-common-alpine:1.4.0, onap/policy/base-alpine:1.4.0

Bug Fixes

  • [PORTAL-760] - Access to Policy portal is impossible

  • [POLICY-2107] - policy/distribution license issue in resource needs to be removed

  • [POLICY-2169] - SDC client interface change caused compile error in policy distribution

  • [POLICY-2171] - Upgrade elalto branch models and drools-applications

  • [POLICY-1509] - Investigate Apex org.python.jython-standalone.2.7.1

  • [POLICY-2062] - APEX PDP logs > 4G filled local storage

Security Notes

Fixed Security Issues

Version: 5.0.1

Release Date

2019-10-24 (El Alto Release)

New Features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

3.0.1

policy/common

1.5.2

policy/models

2.1.4

policy/api

2.1.2

onap/policy-api:2.1.2

policy/pap

2.1.2

onap/policy-pap:2.1.2

policy/drools-pdp

1.5.2

onap/policy-drools:1.5.2

policy/apex-pdp

2.2.1

onap/policy-apex-pdp:2.2.1

policy/xacml-pdp

2.1.2

onap/policy-xacml-pdp:2.1.2

policy/drools-applications

1.5.3

onap/policy-pdpd-cl:1.5.3

policy/engine

1.5.2

onap/policy-pe:1.5.2

policy/distribution

2.2.1

onap/policy-distribution:2.2.1

policy/docker

1.4.0

onap/policy-common-alpine:1.4.0 onap/policy/base-alpine:1.4.0

The El Alto release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the El Alto release, refer to JiraPolicyElAlto.

  • [POLICY-1727] - This epic covers technical debt left over from Dublin

  • POLICY-969 Docker improvement in policy framwork modules

  • POLICY-1074 Fix checkstyle warnings in every repository

  • POLICY-1121 RPM build for Apex

  • POLICY-1223 CII Silver Badging Requirements

  • POLICY-1600 Clean up hash code equality checks, cloning and copying in policy-models

  • POLICY-1646 Replace uses of getCanonicalName() with getName()

  • POLICY-1652 Move PapRestServer to policy/common

  • POLICY-1732 Enable maven-checkstyle-plugin in apex-pdp

  • POLICY-1737 Upgrade oParent 2.0.0 - change daily jobs to staging jobs

  • POLICY-1742 Make HTTP return code handling configurable in APEX

  • POLICY-1743 Make URL configurable in REST Requestor and REST Client

  • POLICY-1744 Remove topic.properties and incorporate into overall properties

  • POLICY-1770 PAP REST API for PDPGroup Healthcheck

  • POLICY-1771 Boost policy/api JUnit code coverage

  • POLICY-1772 Boost policy/xacml-pdp JUnit code coverage

  • POLICY-1773 Enhance the policy/xacml-pdp S3P Stability and Performance tests

  • POLICY-1784 Better Handling of “version” field value with clients

  • POLICY-1785 Deploy same policy with a new version simply adds to the list

  • POLICY-1786 Create a simple way to populate the guard database for testing

  • POLICY-1791 Address Sonar issues in new policy repos

  • POLICY-1795 PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.

  • POLICY-1800 API|PAP components use different version formats

  • POLICY-1805 Build up stability test for api component to follow S3P requirements

  • POLICY-1806 Build up S3P performance test for api component

  • POLICY-1847 Add control loop coordination as a preloaded policy type

  • POLICY-1871 Change policy/distribution to support ToscaPolicyType & ToscaPolicy

  • POLICY-1881 Upgrade policy/distribution to latest SDC artifacts

  • POLICY-1885 Apex-pdp: Extend CLIEditor to generate policy in ToscaServiceTemplate format

  • POLICY-1898 Move apex-pdp & distribution documents to policy/parent

  • POLICY-1942 Boost policy/apex-pdp JUnit code coverage

  • POLICY-1953 Create addTopic taking BusTopicParams instead of Properties in policy/endpoints

  • Additional items delivered with the release.

  • POLICY-1637 Remove “version” from PdpGroup

  • POLICY-1653 Remove isNullVersion() method

  • POLICY-1966 Fix more sonar issues in policy drools

  • POLICY-1988 Generate El Alto AAF Certificates

  • [POLICY-1823] - This epic covers the work to develop features that will be deployed dark in El Alto.

  • POLICY-1762 Create CDS API model implementation

  • POLICY-1763 Create CDS Actor

  • POLICY-1899 Update optimization xacml application to support more flexible Decision API

  • POLICY-1911 XACML PDP must be able to retrieve Policy Type from API

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-1671] - policy/engine JUnit tests now take over 30 minutes to run

  • [POLICY-1725] - XACML PDP returns 500 vs 400 for bad syntax JSON

  • [POLICY-1793] - API|MODELS: Retrieving Legacy Operational Policy as a Tosca Policy with wrong version

  • [POLICY-1795] - PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.

  • [POLICY-1800] - API|PAP components use different version formats

  • [POLICY-1802] - Apex-pdp: context album is mandatory for policy model to compile

  • [POLICY-1803] - PAP should undeploy policies when subgroup is deleted

  • [POLICY-1807] - Latest version is always returned when using the endpoint to retrieve all versions of a particular policy

  • [POLICY-1808] - API|PAP|PDP-X [new] should publish docker images with the following tag X.Y-SNAPSHOT-latest

  • [POLICY-1810] - API: support “../deployed” REST API (URLs) for legacy policies

  • [POLICY-1811] - The endpoint of retrieving the latest version of TOSCA policy does not return the latest one, especially when there are double-digit versions

  • [POLICY-1818] - APEX does not allow arbitrary Kafka parameters to be specified

  • [POLICY-1838] - Drools-pdp error log is missing data in ErrorDescription field

  • [POLICY-1839] - Policy Model currently needs to be escaped

  • [POLICY-1843] - Decision API not returning monitoring policies when calling api with policy-type

  • [POLICY-1844] - XACML PDP does not update policy statistics

  • [POLICY-1858] - Usecase DRL - named query should not be invoked

  • [POLICY-1859] - Drools rules should not timeout when given timeout=0 - should be treated as infinite

  • [POLICY-1872] - brmsgw fails building a jar - trafficgenerator dependency does not exist

  • [POLICY-2047] - TOSCA Policy Types should be map not a list

  • [POLICY-2060] - ToscaProperties object is missing metadata field

  • [POLICY-2156] - missing field in create VF module request to SO

Security Notes

Fixed Security Issues

Known Security Issues

Known Vulnerabilities in Used Modules

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (El Alto Release).

Quick Links:

Known Issues

The following known issues will be addressed in a future release:

  • [POLICY-1276] - JRuby interpreter shutdown fails on second and subsequent runs

  • [POLICY-1291] - Maven Error when building Apex documentation in Windows

  • [POLICY-1578] - PAP pushPolicies.sh in startup fails due to race condition in some environments

  • [POLICY-1832] - API|PAP: data race condition seem to appear sometimes when creating and deploying policy

  • [POLICY-2103] - policy/distribution may need to re-synch if SDC gets reinstalled

  • [POLICY-2062] - APEX PDP logs > 4G filled local storage

  • [POLICY-2080] - drools-pdp JUnit fails intermittently in feature-active-standby-management

  • [POLICY-2111] - PDP-D APPS: AAF Cadi conflicts with Aether libraries

  • [POLICY-2158] - PAP loses synchronization with PDPs

  • [POLICY-2159] - PAP console (legacy): cannot edit policies with GUI

Version: 4.0.0

Release Date

2019-06-26 (Dublin Release)

New Features

Artifacts released:

Repository

Java Artifact

Docker Image (if applicable)

policy/parent

2.1.0

policy/common

1.4.0

policy/models

2.0.2

policy/api

2.0.1

onap/policy-api:2.0.1

policy/pap

2.0.1

onap/policy-pap:2.0.1

policy/drools-pdp

1.4.0

onap/policy-drools:1.4.0

policy/apex-pdp

2.1.0

onap/policy-apex-pdp:2.1.0

policy/xacml-pdp

2.1.0

onap/policy-xacml-pdp:2.1.0

policy/drools-applications

1.4.2

onap/policy-pdpd-cl:1.4.2

policy/engine

1.4.1

onap/policy-pe:1.4.1

policy/distribution

2.1.0

onap/policy-distribution:2.1.0

policy/docker

1.4.0

onap/policy-common-alpine:1.4.0 onap/policy/base-alpine:1.4.0

The Dublin release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Dublin release, refer to JiraPolicyDublin.

  • [POLICY-1068] - This epic covers the work to cleanup, enhance, fix, etc. any Control Loop based code base.
    • POLICY-1195 Separate model code from drools-applications into other repositories

    • POLICY-1367 Spike - Experimentation for management of Drools templates and Operational Policies

    • POLICY-1397 PDP-D: NOOP Endpoints Support to test Operational Policies.

    • POLICY-1459 PDP-D [Control Loop] : Create a Control Loop flavored PDP-D image

  • [POLICY-1069] - This epic covers the work to harden the codebase for the Policy Framework project.
    • POLICY-1007 Remove Jackson from policy framework components

    • POLICY-1202 policy-engine & apex-pdp are using different version of eclipselink

    • POLICY-1250 Fix issues reported by sonar in policy modules

    • POLICY-1368 Remove hibernate from policy repos

    • POLICY-1457 Use Alpine in base docker images

  • [POLICY-1072] - This epic covers the work to support S3P Performance criteria.
    • S3P Performance related items

  • [POLICY-1171] - Enhance CLC Facility
    • POLICY-1173 High-level specification of coordination directives

  • [POLICY-1220] - This epic covers the work to support S3P Security criteria
    • POLICY-1538 Upgrade Elasticsearch to 6.4.x to clear security issue

  • [POLICY-1269] - R4 Dublin - ReBuild Policy Infrastructure
    • POLICY-1270 Policy Lifecycle API RESTful HealthCheck/Statistics Main Entry Point

    • POLICY-1271 PAP RESTful HealthCheck/Statistics Main Entry Point

    • POLICY-1272 Create the S3P JMeter tests for API, PAP, XACML (2nd Gen)

    • POLICY-1273 Policy Type Application Design Requirements

    • POLICY-1436 XACML PDP RESTful HealthCheck/Statistics Main Entry Point

    • POLICY-1440 XACML PDP RESTful Decision API Main Entry Point

    • POLICY-1441 Policy Lifecycle API RESTful Create/Read Main Entry Point for Policy Types

    • POLICY-1442 Policy Lifecycle API RESTful Create/Read Main Entry Point for Concrete Policies

    • POLICY-1443 PAP Dmaap PDP Register/UnRegister Main Entry Point

    • POLICY-1444 PAP Dmaap Policy Deploy/Undeploy Policies Main Entry Point

    • POLICY-1445 XACML PDP upgrade to xacml 2.0.0

    • POLICY-1446 Policy Lifecycle API RESTful Delete Main Entry Point for Policy Types

    • POLICY-1447 Policy Lifecycle API RESTful Delete Main Entry Point for Concrete Policies

    • POLICY-1449 XACML PDP Dmaap Register/UnRegister Functionality

    • POLICY-1451 XACML PDP Dmaap Deploy/UnDeploy Functionality

    • POLICY-1452 Apex PDP Dmaap Register/UnRegister Functionality

    • POLICY-1453 Apex PDP Dmaap Deploy/UnDeploy Functionality

    • POLICY-1454 Drools PDP Dmaap Register/UnRegister Functionality

    • POLICY-1455 Drools PDP Dmaap Deploy/UnDeploy Functionality

    • POLICY-1456 Policy Architecture and Roadmap Documentation

    • POLICY-1458 Create S3P JMeter Tests for Policy API

    • POLICY-1460 Create S3P JMeter Tests for PAP

    • POLICY-1461 Create S3P JMeter Tests for Policy XACML Engine (2nd Generation)

    • POLICY-1462 Create S3P JMeter Tests for Policy SDC Distribution

    • POLICY-1471 Policy Application Designer - Develop Guard and Control Loop Coordination Policy Type application

    • POLICY-1474 Modifications of Control Loop Operational Policy to support new Policy Lifecycle API

    • POLICY-1515 Prototype Policy Lifecycle API Swagger Entry Points

    • POLICY-1516 Prototype the Policy Decision API

    • POLICY-1541 PAP REST API for PDPGroup Query, Statistics & Delete

    • POLICY-1542 PAP REST API for PDPGroup Deployment, State Management & Health Check

  • [POLICY-1399] - This epic covers the work to support model drive control loop design as defined by the Control Loop Subcommittee
    • Model drive control loop related items

  • [POLICY-1404] - This epic covers the work to support the CCVPN Use Case for Dublin
    • POLICY-1405 Develop SDNC API for trigger bandwidth

  • [POLICY-1408] - This epic covers the work done with the Casablanca release
    • POLICY-1410 List Policy API

    • POLICY-1413 Dashboard enhancements

    • POLICY-1414 Push Policy and DeletePolicy API enhancement

    • POLICY-1416 Model enhancements to support CLAMP

    • POLICY-1417 Resiliency improvements

    • POLICY-1418 PDP APIs - make ClientAuth optional

    • POLICY-1419 Better multi-role support

    • POLICY-1420 Model enhancement to support embedded JSON

    • POLICY-1421 New audit data for push/delete

    • POLICY-1422 Enhanced encryption

    • POLICY-1423 Save original model file

    • POLICY-1427 Controller Logging Feature

    • POLICY-1489 PDP-D: Nested JSON Event Filtering support with JsonPath

    • POLICY-1499 Mdc Filter Feature

  • [POLICY-1438] - This epic covers the work to support 5G OOF PCI Use Case
    • POLICY-1463 Functional code changes in Policy for OOF SON use case

    • POLICY-1464 Config related aspects for OOF SON use case

  • [POLICY-1450] - This epic covers the work to support the Scale Out Use Case.
    • POLICY-1278 AAI named-queries are being deprecated and should be replaced with custom-queries

    • POLICY-1545 E2E Automation - Parse the newly added model ids from operation policy

  • Additional items delivered with the release.
    • POLICY-1159 Move expectException to policy-common/utils-test

    • POLICY-1176 Work on technical debt introduced by CLC POC

    • POLICY-1266 A&AI Modularity

    • POLICY-1274 further improvement in PSSD S3P test

    • POLICY-1401 Build onap.policies.Monitoring TOSCA Policy Template

    • POLICY-1465 Support configurable Heap Memory Settings for JVM processes

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-1241] - Test failure in drools-pdp if JAVA_HOME is not set

  • [POLICY-1289] - Apex only considers 200 response codes as successful result codes

  • [POLICY-1437] - Fix issues in FileSystemReceptionHandler of policy-distribution component

  • [POLICY-1501] - policy-engine JUnit tests are not independent

  • [POLICY-1627] - APEX does not support specification of a partitioner class for Kafka

Security Notes

Fixed Security Issues

  • [OJSI-117] - In default deployment POLICY (nexus) exposes HTTP port 30236 outside of cluster.

  • [OJSI-157] - In default deployment POLICY (policy-api) exposes HTTP port 30240 outside of cluster.

  • [OJSI-118] - In default deployment POLICY (policy-apex-pdp) exposes HTTP port 30237 outside of cluster.

  • [OJSI-184] - In default deployment POLICY (brmsgw) exposes HTTP port 30216 outside of cluster.

Known Security Issues

Known Vulnerabilities in Used Modules

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (Dublin Release).

Quick Links:

Known Issues

The following known issues will be addressed in a future release:

  • [POLICY-1795] - PAP: bounced apex and xacml pdps show deleted instance in pdp status through APIs.

  • [POLICY-1810] - API: ensure that the REST APISs (URLs) are supported and consistent regardless the type of policy: operational, guard, tosca-compliant.

  • [POLICY-1277] - policy config takes too long time to become retrievable in PDP

  • [POLICY-1378] - add support to append value into policyScope while one policy could be used by several services

  • [POLICY-1650] - Policy UI doesn’t show left menu or any content

  • [POLICY-1671] - policy/engine JUnit tests now take over 30 minutes to run

  • [POLICY-1725] - XACML PDP returns 500 vs 400 for bad syntax JSON

  • [POLICY-1793] - API|MODELS: Retrieving Legacy Operational Policy as a Tosca Policy with wrong version

  • [POLICY-1800] - API|PAP components use different version formats

  • [POLICY-1802] - Apex-pdp: context album is mandatory for policy model to compile

  • [POLICY-1808] - API|PAP|PDP-X [new] should publish docker images with the following tag X.Y-SNAPSHOT-latest

  • [POLICY-1818] - APEX does not allow arbitrary Kafka parameters to be specified

  • [POLICY-1276] - JRuby interpreter shutdown fails on second and subsequent runs

  • [POLICY-1803] - PAP should undeploy policies when subgroup is deleted

  • [POLICY-1291] - Maven Error when building Apex documentation in Windows

  • [POLICY-1872] - brmsgw fails building a jar - trafficgenerator dependency does not exist

Version: 3.0.2

Release Date

2019-03-31 (Casablanca Maintenance Release #2)

The following items were deployed with the Casablanca Maintenance Release:

Bug Fixes

  • [POLICY-1522] - Policy doesn’t send “payload” field to APPC

Security Fixes

  • [POLICY-1538] - Upgrade Elasticsearch to 6.4.x to clear security issue

License Issues

  • [POLICY-1433] - Remove proprietary licenses in PSSD test CSAR

Known Issues

The following known issue will be addressed in a future release.

  • [POLICY-1650] - Policy UI doesn’t show left menu or any content

A workaround for this issue consists in bypassing the Portal UI when accessing the Policy UI. See PAP recipes for the specific procedure.

Version: 3.0.1

Release Date

2019-01-31 (Casablanca Maintenance Release)

The following items were deployed with the Casablanca Maintenance Release:

New Features

  • [POLICY-1221] - Policy distribution application to support HTTPS communication

  • [POLICY-1222] - Apex policy PDP to support HTTPS Communication

Bug Fixes

Version: 3.0.0

Release Date

2018-11-30 (Casablanca Release)

New Features

The Casablanca release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Casablanca release, refer to JiraPolicyCasablanca (Note: Jira details can also be viewed from this link).

  • [POLICY-701] - This epic covers the work to integrate Policy into the SDC Service Distribution

The policy team introduced a new application into the framework that provides integration of the Service Distribution Notifications from SDC to Policy.

  • [POLICY-719] - This epic covers the work to build the Policy Lifecycle API

  • [POLICY-726] - This epic covers the work to distribute policy from the PAP to the PDPs into the ONAP platform

  • [POLICY-876] - This epics covers the work to re-build how the PAP organizes the PDP’s into groups.

The policy team did some forward looking spike work towards re-building the Software Architecture.

  • [POLICY-809] - Maintain and implement performance

  • [POLICY-814] - 72 hour stability testing (component and platform)

The policy team made enhancements to the Drools PDP to further support S3P Performance. For the new Policy SDC Distribution application and the newly ingested Apex PDP the team established S3P performance standard and performed 72 hour stability tests.

  • [POLICY-824] - maintain and implement security

The policy team established AAF Root Certificate for HTTPS communication and CADI/AAF integration into the MVP applications. In addition, many java dependencies were upgraded to clear CLM security issues.

  • [POLICY-840] - Flexible control loop coordination facility.

Work towards a POC for control loop coordination policies were implemented.

  • [POLICY-841] - Covers the work required to support HPA

Enhancements were made to support the HPA use case through the use of the new Policy SDC Service Distribution application.

  • [POLICY-842] - This epic covers the work to support the Auto Scale Out functional requirements

Enhancements were made to support Scale Out Use Case to enforce new guard policies and updated SO and A&AI APIs.

  • [POLICY-851] - This epic covers the work to bring in the Apex PDP code

A new Apex PDP engine was ingested into the platform and work was done to ensure code cleared CLM security issues, sonar issues, and checkstyle.

  • [POLICY-1081] - This epic covers the contribution for the 5G OOF PCI Optimization use case.

Policy templates changes were submitted that supported the 5G OOF PCI optimization use case.

  • [POLICY-1182] - Covers the work to support CCVPN use case

Policy templates changes were submitted that supported the CCVPN use case.

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-799] - Policy API Validation Does Not Validate Required Parent Attributes in the Model

  • [POLICY-869] - Control Loop Drools Rules should not have exceptions as well as die upon an exception

  • [POLICY-872] - investigate potential race conditions during rules version upgrades during call loads

  • [POLICY-878] - pdp-d: feature-pooling disables policy-controllers preventing processing of onset events

  • [POLICY-909] - get_ZoneDictionaryDataByName class type error

  • [POLICY-920] - Hard-coded path in junit test

  • [POLICY-921] - XACML Junit test cannot find property file

  • [POLICY-1083] - Mismatch in action cases between Policy and APPC

Security Notes

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project (Casablanca Release).

Quick Links:

Known Issues

Version: 2.0.0

Release Date

2018-06-07 (Beijing Release)

New Features

The Beijing release for POLICY delivered the following Epics. For a full list of stories and tasks delivered in the Beijing release, refer to JiraPolicyBeijing.

  • [POLICY-390] - This epic covers the work to harden the Policy platform software base (incl 50% JUnit coverage)
    • POLICY-238 policy/drools-applications: clean up maven structure

    • POLICY-336 Address Technical Debt

    • POLICY-338 Address JUnit Code Coverage

    • POLICY-377 Policy Create API should validate input matches DCAE microservice template

    • POLICY-389 Cleanup Jenkin’s CI/CD process’s

    • POLICY-449 Policy API + Console : Common Policy Validation

    • POLICY-568 Integration with org.onap AAF project

    • POLICY-610 Support vDNS scale out for multiple times in Beijing release

  • [POLICY-391] - This epic covers the work to support Release Planning activities
    • POLICY-552 ONAP Licensing Scan - Use Restrictions

  • [POLICY-392] - Platform Maturity Requirements - Performance Level 1
    • POLICY-529 Platform Maturity Performance - Drools PDP

    • POLICY-567 Platform Maturity Performance - PDP-X

  • [POLICY-394] - This epic covers the work required to support a Policy developer environment in which Policy Developers can create, update policy templates/rules separate from the policy Platform runtime platform.
    • POLICY-488 pap should not add rules to official template provided in drools applications

  • [POLICY-398] - This epic covers the body of work involved in supporting policy that is platform specific.
    • POLICY-434 need PDP /getConfig to return an indicator of where to find the config data - in config.content versus config field

  • [POLICY-399] - This epic covers the work required to policy enable Hardware Platform Enablement
    • POLICY-622 Integrate OOF Policy Model into Policy Platform

  • [POLICY-512] - This epic covers the work to support Platform Maturity Requirements - Stability Level 1
    • POLICY-525 Platform Maturity Stability - Drools PDP

    • POLICY-526 Platform Maturity Stability - XACML PDP

  • [POLICY-513] - Platform Maturity Requirements - Resiliency Level 2
    • POLICY-527 Platform Maturity Resiliency - Policy Engine GUI and PAP

    • POLICY-528 Platform Maturity Resiliency - Drools PDP

    • POLICY-569 Platform Maturity Resiliency - BRMS Gateway

    • POLICY-585 Platform Maturity Resiliency - XACML PDP

    • POLICY-586 Platform Maturity Resiliency - Planning

    • POLICY-681 Regression Test Use Cases

  • [POLICY-514] - This epic covers the work to support Platform Maturity Requirements - Security Level 1
    • POLICY-523 Platform Maturity Security - CII Badging - Project Website

  • [POLICY-515] - This epic covers the work to support Platform Maturity Requirements - Escalability Level 1
    • POLICY-531 Platform Maturity Scalability - XACML PDP

    • POLICY-532 Platform Maturity Scalability - Drools PDP

    • POLICY-623 Docker image re-design

  • [POLICY-516] - This epic covers the work to support Platform Maturity Requirements - Manageability Level 1
    • POLICY-533 Platform Maturity Manageability L1 - Logging

    • POLICY-534 Platform Maturity Manageability - Instantiation < 1 hour

  • [POLICY-517] - This epic covers the work to support Platform Maturity Requirements - Usability Level 1
    • POLICY-535 Platform Maturity Usability - User Guide

    • POLICY-536 Platform Maturity Usability - Deployment Documentation

    • POLICY-537 Platform Maturity Usability - API Documentation

  • [POLICY-546] - R2 Beijing - Various enhancements requested by clients to the way we handle TOSCA models.

Bug Fixes

The following bug fixes have been deployed with this release:

  • [POLICY-484] - Extend election handler run window and clean up error messages

  • [POLICY-494] - POLICY EELF Audit.log not in ECOMP Standards Compliance

  • [POLICY-501] - Fix issues blocking election handler and add directed interface for opstate

  • [POLICY-509] - Add IntelliJ file to .gitingore

  • [POLICY-510] - Do not enforce hostname validation

  • [POLICY-518] - StateManagement creation of EntityManagers.

  • [POLICY-519] - Correctly initialize the value of allSeemsWell in DroolsPdpsElectionHandler

  • [POLICY-629] - Fixed a bug on editor screen

  • [POLICY-684] - Fix regex for brmsgw dependency handling

  • [POLICY-707] - ONAO-PAP-REST unit tests fail on first build on clean checkout

  • [POLICY-717] - Fix a bug in checking required fields if the object has include function

  • [POLICY-734] - Fix Fortify Header Manipulation Issue

  • [POLICY-743] - Fixed data name since its name was changed on server side

  • [POLICY-753] - Policy Health Check failed with multi-node cluster

  • [POLICY-765] - junit test for guard fails intermittently

Security Notes

POLICY code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The POLICY open Critical security vulnerabilities and their risk assessment have been documented as part of the project.

Quick Links:

Known Issues

The following known issues will be addressed in a future release:

  • [POLICY-522] - PAP REST APIs undesired HTTP response body for 500 responses

  • [POLICY-608] - xacml components : remove hardcoded secret key from source code

  • [POLICY-764] - Policy Engine PIP Configuration JUnit Test fails intermittently

  • [POLICY-776] - OOF Policy TOSCA models are not correctly rendered

  • [POLICY-799] - Policy API Validation Does Not Validate Required Parent Attributes in the Model

  • [POLICY-801] - fields mismatch for OOF flavorFeatures between implementation and wiki

  • [POLICY-869] - Control Loop Drools Rules should not have exceptions as well as die upon an exception

  • [POLICY-872] - investigate potential race conditions during rules version upgrades during call loads

Version: 1.0.2

Release Date

2018-01-18 (Amsterdam Maintenance Release)

Bug Fixes

The following fixes were deployed with the Amsterdam Maintenance Release:

  • [POLICY-486] - pdp-x api pushPolicy fails to push latest version

Version: 1.0.1

Release Date

2017-11-16 (Amsterdam Release)

New Features

The Amsterdam release continued evolving the design driven architecture of and functionality for POLICY. The following is a list of Epics delivered with the release. For a full list of stories and tasks delivered in the Amsterdam release, refer to JiraPolicyAmsterdam.

  • [POLICY-31] - Stabilization of Seed Code
    • POLICY-25 Replace any remaining openecomp reference by onap

    • POLICY-32 JUnit test code coverage

    • POLICY-66 PDP-D Feature mechanism enhancements

    • POLICY-67 Rainy Day Decision Policy

    • POLICY-93 Notification API

    • POLICY-158 policy/engine: SQL injection Mitigation

    • POLICY-269 Policy API Support for Rainy Day Decision Policy and Dictionaries

  • [POLICY-33] - This epic covers the body of work involved in deploying the Policy Platform components
    • POLICY-40 MSB Integration

    • POLICY-124 Integration with oparent

    • POLICY-41 OOM Integration

    • POLICY-119 PDP-D: noop sinks

  • [POLICY-34] - This epic covers the work required to support a Policy developer environment in which Policy Developers can create, update policy templates/rules separate from the policy Platform runtime platform.
    • POLICY-57 VF-C Actor code development

    • POLICY-43 Amsterdam Use Case Template

    • POLICY-173 Deployment of Operational Policies Documentation

  • [POLICY-35] - This epic covers the body of work involved in supporting policy that is platform specific.
    • POLICY-68 TOSCA Parsing for nested objects for Microservice Policies

  • [POLICY-36] - This epic covers the work required to capture policy during VNF on-boarding.

  • [POLICY-37] - This epic covers the work required to capture, update, extend Policy(s) during Service Design.
    • POLICY-64 CLAMP Configuration and Operation Policies for vFW Use Case

    • POLICY-65 CLAMP Configuration and Operation Policies for vDNS Use Case

    • POLICY-48 CLAMP Configuration and Operation Policies for vCPE Use Case

    • POLICY-63 CLAMP Configuration and Operation Policies for VOLTE Use Case

  • [POLICY-38] - This epic covers the work required to support service distribution by SDC.

  • [POLICY-39] - This epic covers the work required to support the Policy Platform during runtime.
    • POLICY-61 vFW Use Case - Runtime

    • POLICY-62 vDNS Use Case - Runtime

    • POLICY-59 vCPE Use Case - Runtime

    • POLICY-60 VOLTE Use Case - Runtime

    • POLICY-51 Runtime Policy Update Support

    • POLICY-328 vDNS Use Case - Runtime Testing

    • POLICY-324 vFW Use Case - Runtime Testing

    • POLICY-320 VOLTE Use Case - Runtime Testing

    • POLICY-316 vCPE Use Case - Runtime Testing

  • [POLICY-76] - This epic covers the body of work involved in supporting R1 Amsterdam Milestone Release Planning Milestone Tasks.
    • POLICY-77 Functional Test case definition for Control Loops

    • POLICY-387 Deliver the released policy artifacts

Bug Fixes
  • This is technically the first release of POLICY, previous release was the seed code contribution. As such, the defects fixed in this release were raised during the course of the release. Anything not closed is captured below under Known Issues. For a list of defects fixed in the Amsterdam release, refer to JiraPolicyAmsterdam.

Known Issues
  • The operational policy template has been tested with the vFW, vCPE, vDNS and VOLTE use cases. Additional development may/may not be required for other scenarios.

  • For vLBS Use Case, the following steps are required to setup the service instance:
    • Create a Service Instance via VID.

    • Create a VNF Instance via VID.

    • Preload SDNC with topology data used for the actual VNF instantiation (both base and DNS scaling modules). NOTE: you may want to set “vlb_name_0” in the base VF module data to something unique. This is the vLB server name that DCAE will pass to Policy during closed loop. If the same name is used multiple times, the Policy name-query to AAI will show multiple entries, one for each occurrence of that vLB VM name in the OpenStack zone. Note that this is not a limitation, typically server names in a domain are supposed to be unique.

    • Instantiate the base VF module (vLB, vPacketGen, and one vDNS) via VID. NOTE: The name of the VF module MUST start with Vfmodule_. The same name MUST appear in the SDNC preload of the base VF module topology. We’ll relax this naming requirement for Beijing Release.

    • Run heatbridge from the Robot VM using Vfmodule_ _ as stack name (it is the actual stack name in OpenStack)

    • Populate AAI with a dummy VF module for vDNS scaling.

Security Issues
  • None at this time

Other
  • None at this time

End of Release Notes