OPA PDP Development Plan
- Deena Mukundan
OPA- PDP Development is planned in two phases and will be available in Paris Release
Phase-1
1.Design and develop an OPA PDP engine that can be deployed using the "Cold" method, where the Policy is pre-deployed on the PDP. The PDP should be fully configured and ready to execute when started.
Following to be implemented as part of this :-
OPA PDP should implement a Kafka listener on topic POLICY-PDP-PAP for receiving messages from the PAP.
OPA PDP should support registration with the Policy Administration Point (PAP) during startup and is configured with a preconfigured pdpGroup.
OPA PDP should support sending PDP_STATUS heartbeat messages periodically as configured by the PAP.
OPA PDP should support providing decisions for the input requests given
Policy management via PAP is not considered in Phase-1.
Phase-2
Design and develop an OPA PDP engine that can be deployed using the "Warm" method & also PDP should be able to support run time POLICY updates from PAP and should be able respond to any decision queries.
Following to be implemented as part of this :-
Finalize the API for the following operations:
Create OPA Policy Type: Finalize if data types and operations supported are needed to extend the API other than supporting only OPA native
Create Policy: Finalize if it is acceptable to have raw code under "properties"? or we need to define different fields to show the policy details
A Policy may be loaded at startup, and the PDP can be configured or reconfigured with a new or updated Policy at runtime. PDPs register with the PAP when they start, providing the pdpGroup they have been pre-deployed with, if any. OPA PDP should handle subsequent PDP_UPDATE messages for policy update from the PAP and send PAP_STATUS messages.
PDP should support runtime POLICY updates from PAP
Perform end-to-end verification of policy creation, policy deployment and decision-making from PAP to OPA PDP.
Single policy decision will be supported