Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Phase-1 implementation Details

In Phase-1 the OPA-PDP will be pre-loaded with sample policy, deployment of policy via PAP is not supported.

  • OPA-PDP implements a kafka listener, Publisher to receiving and sending messages to PAP

    • Once OPA-PDP is up it will send “Registration”( PDP_STATUS) message to PAP

    • Some of the information included in the message are:

    • pdpType the type of the PDP opa .

    • pdpGroup to which the PDP should belong to opaGroup

    • state the initial state of the PDP which is PASSIVE.

    • healthy whether the PDP is “HEALTHY” or not.

    • name a name that is unique to the PDP instance for e.g. “opa-f849384c-dd78-4016-a7b5-1c660fb6ee0e”

    • Code Block
      Sample Registration Message 
      {
        "messageName": "PDP_STATUS",
        "pdpType": "opa",
        "state": "PASSIVE",
        "healthy": "HEALTHY",
        "description": "Pdp Status Registration Message",
        "response": null,
        "policies": null,
        "name": "opa-949018d3-cc9b-429b-96ae-46ca9c314e42",
        "requestId": "9fed8880-d023-4004-b6bf-647efd10a7df",
        "pdpGroup": "opaGroup",
        "pdpSubgroup": null,
        "timestampMs": "1731335546889"
      }
  • On receiving the registration message from a PDP, PAP checks and assigns it to a subgroup under the group. PAP sends PDP_UPDATE message. PAP also sends the pdpHeartbeatIntervalMs which is the time interval in which PDPs should send heartbeats to PAP. Currently (In first phase) OPA-PDP handles only the pdpHeartbeatIntervalMs and starts a timer for sending STATUS messages periodically. OPA-PDP sends PDP_STATUS response to PDP_UPDATE message.

...