-
Sub-task
-
Resolution: Done
-
Medium
-
None
-
None
Would like to add support for policy config retrieval via CBS library. With dcae-service template enhancement ((https://gerrit.onap.org/r/c/oom/+/120618), components can enable for Policy-Sync Side car to be deployed to retrieve active policy configuration. When enabled Policy configuration will be retrieved as json into /etc/policies/policies.json within application container.
Current implementation
When getAll() method is invoked, ConfigBindingService API (service_component_all) will return a flattened json of structure (... represents arbitrary JSON values):
"{"config": ..., "policies": ... }"
from Consul; CBS clients returns this json to application as-is.
Proposed change:
Under new design to remove Consul & ConfigbindingService dependencies, application will require to read locally mounted app_config and policies files. This change will be instrumented on CBS client libraries to standardize behavior for all DCAE Applications (MS)
Processing Flow
- When getAll() method is invoked, CBS-Client lib reads configuration from the file /app-config/application_config.yaml (mounted via configMap)
- 1. If app-config file (specified via ENV: CBS_CLIENT_CONFIG_PATH or default - ENV*/app-config/*application_config.yaml) is present, convert to json and stores it as
"{"config": ...<converted json>...}"
- 1. If app-config file (specified via ENV: CBS_CLIENT_CONFIG_PATH or default - ENV*/app-config/*application_config.yaml) is present, convert to json and stores it as
1a. A value of CBS_CLIENT_CONFIG_PATH="" is treated the same as it not being present.
1b. If the app-config file is missing or mall-formed, an appropriate error will be logged and the Consul value will be returned instead.
2. If policy file (specified via ENV: CBS_CLIENT_POLICY_PATH or default - /etc/policies/policies.json*) is present, append into json object as{{ ** }}
"{"config": ...<converted json>..., "policies": ...<policy file content>... }"
2a. A value of CBS_CLIENT_POLICY_PATH="" is treated the same as it not being present.
2b. If the policy file is missing or malformed, an appropriate error will be logged and no "policies" block will be added.
3. Perform substitution of sensitive configuration from ENV exposed (retrieved from K8S secret)
4. Return flattened json to application
- If ENV: CBS_CLIENT_CONFIG_PATH not defined AND default - /app-config/application_config.yaml file is not found, skip check for policy-file
- CBS-Client falls back to the CBS REST interface (service_component_all), in the absence of a configuration file in given location.
- Configuration source fallback is implemented (Java)
- CBS-Client falls back to the built-in container file configuration, if the CBS REST interface doesn`t respond
- CBS-Client is reading the file periodically and updates the application config immediately after a read is completed. (Java)
Note: When get_config() is invoked, no policy file lookup is required. Only app-config file (/app-config/application_config.yaml) is checked in this case and if found, convert data to json and return directly the json
"{<converted json>}"
Example:
Policy file content
/opt/logs $ cat /etc/policies/policies.json
{"policies": {"items": [{"type": "onap.policies.monitoring.tcagen2", "type_version": "1.0.0", "name": "onap.vfirewall.tca", "version": "1.0.0", "metadata": {"policy-id": "onap.vfirewall.tca", "policy-version": "1.0.0"}, "policyName": "onap.vfirewall.tca.1-0-0.xml", "policyVersion": "1.0.0", "config": {"tca.policy": {"domain": "measurementsForVfScaling", "metricsPerEventName": [{"eventName": "vFirewallBroadcastPackets", "controlLoopSchemaType": "VM", "policyScope": "DCAE", "policyName": "DCAE.Config_tca-hi-lo", "policyVersion": "v0.0.1", "thresholds": [{"closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta", "thresholdValue": 300, "direction": "LESS_OR_EQUAL", "severity": "MAJOR", "closedLoopEventStatus": "ONSET"}, {"closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta", "thresholdValue": 700, "direction": "GREATER_OR_EQUAL", "severity": "CRITICAL", "closedLoopEventStatus": "ONSET"}]}]}}}]}, "event": {"action": "gathered", "timestamp": "2021-04-19T23:37:19.709Z", "update_id": "379fb01a-cfe2-4c06-8f6b-d51f3c8504af", "policies_count": 1}}
Returned JSON object
{"config": {}, "policies": {"items": [{"type": "onap.policies.monitoring.tcagen2", "type_version": "1.0.0", "name": "onap.vfirewall.tca", "version": "1.0.0", "metadata": {"policy-id": "onap.vfirewall.tca", "policy-version": "1.0.0"}, "policyName": "onap.vfirewall.tca.1-0-0.xml", "policyVersion": "1.0.0", "config": {"tca.policy": {"domain": "measurementsForVfScaling", "metricsPerEventName": [{"eventName": "vFirewallBroadcastPackets", "controlLoopSchemaType": "VM", "policyScope": "DCAE", "policyName": "DCAE.Config_tca-hi-lo", "policyVersion": "v0.0.1", "thresholds": [{"closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta", "thresholdValue": 300, "direction": "LESS_OR_EQUAL", "severity": "MAJOR", "closedLoopEventStatus": "ONSET"}, {"closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta", "thresholdValue": 700, "direction": "GREATER_OR_EQUAL", "severity": "CRITICAL", "closedLoopEventStatus": "ONSET"}]}]}}}]}, "event": {"action": "gathered", "timestamp": "2021-04-19T23:37:19.709Z", "update_id": "379fb01a-cfe2-4c06-8f6b-d51f3c8504af", "policies_count": 1}}