Is there a GET query to see the current policy for (com.BRMSParamvFirewall) ?
Brian From: onap-discuss-boun...@lists.onap.org [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of FREEMAN, BRIAN D Sent: Thursday, November 02, 2017 11:47 AM To: DRAGOSH, PAM <pdrag...@research.att.com>; HERNANDEZ-HERRERO, JORGE <jh1...@att.com>; Yunxia Chen <helen.c...@huawei.com>; onap-discuss <onap-discuss@lists.onap.org> Subject: Re: [onap-discuss] [integration][policy]Need help from Policy now ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. So we would replace “d0a1dfc6-94f5-4fd4-a5b5-4630b438850a” with the “37e0d462-7415-49a5-a7bc-8ee7795a1ea7” based on the AAI query https://{{aai}}:8443/aai/v11/business/customers/customer/Demonstration?depth=all<https://urldefense.proofpoint.com/v2/url?u=https-3A__-257b-257baai-257d-257d-3A8443_aai_v11_business_customers_customer_Demonstration-3Fdepth-3Dall&d=DwMGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=W-bbX1NPpIxD8olEGqvcbE3CeRdOJDnnMQq3k6r2ERw&s=XOkS8mt-JxFwJjCI91m45OsO7EItjx5CZYBilSWfFDE&e=> Does that match with testing last night in SB00 ? Brian "service-type": "vFW", "resource-version": "1509587772094", "service-instances": { "service-instance": [ { "service-instance-id": "21da1452-e317-4024-a150-e4b4585beb8f", "service-instance-name": "demosiVFW110103", "model-invariant-id": "37e0d462-7415-49a5-a7bc-8ee7795a1ea7", "model-version-id": "58d9c25e-7294-46aa-a806-8360a6b92e93", "resource-version": "1509590302522", "relationship-list": { From: DRAGOSH, PAM Sent: Thursday, November 02, 2017 11:32 AM To: FREEMAN, BRIAN D <bf1...@att.com<mailto:bf1...@att.com>>; HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>; onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: Re: [onap-discuss] [integration][policy]Need help from Policy now Since there is a policy there already, we just update it: curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "policyConfigType": "BRMS_PARAM", "policyName": "com.BRMSParamvFirewall", "policyDescription": "BRMS Param vFirewall policy", "policyScope": "com", "attributes": { "MATCHING": { "controller" : "amsterdam" }, "RULE": { "templateName": "ClosedLoopControlName", "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "controlLoopYaml": "controlLoop%3A%0D%0A+version%3A+2.0.0%0D%0AcontrolLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0Atrigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0Atimeout%3A+1200%0D%0Aabatement%3A+false%0D%0A%0D%0Apolicies%3A%0D%0A+++name%3A+modify+packet+gen+config%0D%0A++description%3A%0D%0A++actor%3A+APPC%0D%0A++recipe%3A+ModifyConfig%0D%0A++target%3A%0D%0A++++%23+TBDCannot+be+known+until+instantiation+is+done%0D%0A++++resourceID%3A5f492678-c2e3-4385-a16a-1e781756ce1c%0D%0A+++++type%3A+VNF%0D%0A++retry%3A+0%0D%0A++timeout%3A+300%0D%0A++success%3A+final_success%0D%0A++failure%3A+final_failure%0D%0A++failure_timeout%3A+final_failure_timeout%0D%0A++failure_retries%3A+final_failure_retries%0D%0A++failure_exception%3A+final_failure_exception%0D%0A+++failure_guard%3A+final_failure_guard" } } }' 'http://pdp:8081/pdp/api/updatePolicy<https://urldefense.proofpoint.com/v2/url?u=http-3A__pdp-3A8081_pdp_api_updatePolicy&d=DwQGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=e3d1ehx3DI5AoMgDmi2Fzw&m=W-bbX1NPpIxD8olEGqvcbE3CeRdOJDnnMQq3k6r2ERw&s=LWIUwtmV_ZcqSc6hBlDWx1ALaIZCJTDYqs2ASarX4y8&e=>' From: "FREEMAN, BRIAN D" <bf1...@att.com<mailto:bf1...@att.com>> Date: Thursday, November 2, 2017 at 11:30 AM To: "HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>, "DRAGOSH, PAMELA L (PAM)" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>, Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>, onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: RE: [onap-discuss] [integration][policy]Need help from Policy now Lets start with the basic POSTMAN assuming we have the model-invariant-uuid and can put that in the right place in the url/body. Brian From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of FREEMAN, BRIAN D Sent: Thursday, November 02, 2017 11:22 AM To: HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; DRAGOSH, PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>; onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: Re: [onap-discuss] [integration][policy]Need help from Policy now ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. The test team will actually run the POSTMAN/curl to create the operational policy before they start testing. So can we get an example template for the create ? Brian From: HERNANDEZ-HERRERO, JORGE Sent: Thursday, November 02, 2017 11:19 AM To: FREEMAN, BRIAN D <bf1...@att.com<mailto:bf1...@att.com>>; DRAGOSH, PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>; onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: RE: [onap-discuss] [integration][policy]Need help from Policy now Of course operational policy at design time should contain the right data from the start .. but you don’t have CLAMP so the “official” sequence of operations is just not happening here .. Just suggesting possibilities to make progress in runtime use case testing, in any case, I agree is better to just change the policy, just providing options to the testing team to test runtime. Jorge From: FREEMAN, BRIAN D Sent: Thursday, November 02, 2017 10:04 AM To: DRAGOSH, PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>; onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: RE: [onap-discuss] [integration][policy]Need help from Policy now Agree – we should create the operational policy to match the resourceID for the VNF deployed. Seems like the policy should be the same for all resources of the same type rather than a specific instance but I may be mis-undertanding which resourceID we need to label the policy with. Brian From: DRAGOSH, PAM Sent: Thursday, November 02, 2017 10:49 AM To: HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; FREEMAN, BRIAN D <bf1...@att.com<mailto:bf1...@att.com>>; Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>; onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: Re: [onap-discuss] [integration][policy]Need help from Policy now No we should not modify the A&AI data. That will never work long-term. The operational policy has to be created using whichever value was setup in A&AI. This cannot be known ahead of time. Pam From: "HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>> Date: Thursday, November 2, 2017 at 10:28 AM To: "DRAGOSH, PAMELA L (PAM)" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>, "FREEMAN, BRIAN D" <bf1...@att.com<mailto:bf1...@att.com>>, Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>, onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: RE: [onap-discuss] [integration][policy]Need help from Policy now It seems there is a mismatch between the resourceID in the vFW operational policy, and the AAI named query response .. (see below), we can modify either aai data or the operational policy and run the test again later in our testing session.. Eace933104d443b496b8.nodes.heat.vpg (op policy) Vs 5f492678-c2e3-4385-a16a-1e781756ce1c (model-invariant-id in response) { "inventory-response-item": [ { "model-name": "374fbfc3-b7fd-4f00-9792", "generic-vnf": { "vnf-id": "6e3b0069-a760-4ee4-851d-b80fe2dd8562", "vnf-name": "demovnfVFW110103", "vnf-type": "demoVFW/374fbfc3-b7fd-4f00-9792 0", "service-id": "0b4fa6bc-44de-4d3f-a8c3-c5950b78e5e9", "prov-status": "PREPROV", "orchestration-status": "Created", "in-maint": false, "is-closed-loop-disabled": false, "resource-version": "1509590351043", "model-invariant-id": "5f492678-c2e3-4385-a16a-1e781756ce1c", "model-version-id": "fead6cbe-a374-49ef-9245-4a2bd18d8d7b", "model-customization-id": "977921fb-8e6f-427d-9a0a-2b98bbfdb8c7", "nf-type": "", "nf-function": "", "nf-role": "", "nf-naming-code": "" }, "extra-properties": {}, "inventory-response-items": { "inventory-response-item": [ { "model-name": "demoVFW", "service-instance": { "service-instance-id": "21da1452-e317-4024-a150-e4b4585beb8f", "service-instance-name": "demosiVFW110103", "model-invariant-id": "37e0d462-7415-49a5-a7bc-8ee7795a1ea7", "model-version-id": "58d9c25e-7294-46aa-a806-8360a6b92e93", "resource-version": "1509590302522" }, "extra-properties": {} } ] } } ] } From: DRAGOSH, PAM Sent: Thursday, November 02, 2017 8:26 AM To: FREEMAN, BRIAN D <bf1...@att.com<mailto:bf1...@att.com>>; Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>; HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: Re: [onap-discuss] [integration][policy]Need help from Policy now Ok thanks Brian I created INT-317. So let’s let Jorge and perhaps Daniel determine there wasn’t any bug on our end regarding vnf-name use. Then we can officially close the DCAEGEN2-175 ticket. Thanks Pam From: "FREEMAN, BRIAN D" <bf1...@att.com<mailto:bf1...@att.com>> Date: Thursday, November 2, 2017 at 8:46 AM To: "DRAGOSH, PAMELA L (PAM)" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>, Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>, "HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>, onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: RE: [onap-discuss] [integration][policy]Need help from Policy now Pam, You should create a ticket – can you put in the ticket the example API to call to create the operational policy. I assume it is a REST API call with some basic template that we have to customize the name of the resourceID after we instantiate the VNF ? So POSTMAN or CURL caould be used to call this API. Brian From: onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org> [mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of DRAGOSH, PAM Sent: Thursday, November 02, 2017 8:29 AM To: Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>>; HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>; onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: Re: [onap-discuss] [integration][policy]Need help from Policy now ***Security Advisory: This Message Originated Outside of AT&T *** Reference http://cso.att.com/EmailSecurity/IDSP.html for more information. Helen, That is not necessarily true. We will look at the logs to be sure but my suspicion is that the call to A&AI to find the vnf-id for the VPG fails because the resourceID in the Operational Policy is incorrect. Please recall that the event comes from a different vnf than what an action will be performed on. As I have mentioned before, the Operational Policy for vFW that is pushed from the Policy docker image isn’t up-to-date and we cannot possibly predict what the resourceID is for the ModifyConfig call. We have been asking for help from the Integration team for a few weeks on what the value is. What does the onboarded vFW service look like in the catalog? Are they pre-generated? If not, then without CLAMP in the picture then the Integration team or Robot scripts need to re-create the Operational Policy. Should I open a ticket on the Integration team in order to get this help prioritized? Thanks, Pam From: Yunxia Chen <helen.c...@huawei.com<mailto:helen.c...@huawei.com>> Date: Wednesday, November 1, 2017 at 11:06 PM To: "HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>, "DRAGOSH, PAMELA L (PAM)" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>, onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: Re: [onap-discuss] [integration][policy]Need help from Policy now From the following message inside Policy’s log file: "policyScope": "com", "policyName": "com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER", "policyVersion": "1", "notification": "FINAL: FAILURE", "message": "Target vnf-id could not be found", "notificationTime": "2017-11-02 03:03:07.643000+00:00", "history": [] It looks vnf-id, but DCAE gives it vnf-name. Regards, Helen Chen From: <onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org>> on behalf of Helen Chen 00725961 <helen.c...@huawei.com<mailto:helen.c...@huawei.com>> Date: Wednesday, November 1, 2017 at 7:54 PM To: "HERNANDEZ-HERRERO, JORGE" <jh1...@att.com<mailto:jh1...@att.com>>, "DRAGOSH, PAM" <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>, onap-discuss <onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>> Subject: [onap-discuss] [integration][policy]Need help from Policy now We are at bridge zoom: 44 6666 8888, testing the closed loop with DCAE and Multicloud. Need help from Policy team. Regards, Helen Chen
_______________________________________________ onap-discuss mailing list onap-discuss@lists.onap.org https://lists.onap.org/mailman/listinfo/onap-discuss