...
- Enhance PDP_UPDATE message to contain two new lists (deploy and undeploy), while maintaining its current full list of policies. When the PDPs support delta policies we can then remove the original full list.
- Enhance PDP_UPDATE message to contain one new list of policies to be updated, and a boolean value to determine whether to deploy/undeploy the policies while maintaining the full list of policies. When the PDPs support the delta policies we can remove the original list.
| Info | ||
|---|---|---|
| ||
At present, PAP has been updated so that when policies are updated, lists of delta policies are sent to the various PDPs via the PDP_UPDATE message. Similar to before, PAP does the basic checks for validation when a request is received from the REST layer and then generates a PDP_UPDATE message for that particular PdpSubGroup and sends it to the PDPs through DMaaP. This time however, PAP sends a list of "policiesToBeDeployed" and another list of "policiesToBeUndeployed" along with the full list of policies, for now. The goal is to remove sending the full list of policies when all PDPs have been updated to accept delta policies. This eliminates the need for PDPs on the other side to scan through the full list of policies as before to determine what policies need to be deployed and undeployed. This is administration work and is now handled on the administration side i.e. PAP. APEX-PDP and DROOLS-PDP are the only PDPs which can handle delta policies at the moment. Note: Apex sends back a list of deployed policies via the PDP_STATUS message to PAP while DROOLS-PDP sends back a full list of policies to PAP via the PDP_STATUS message. |