Persist the cache of policy deployment status in the DB so other PAPs can read it.
JIRA: - POLICY-2648Getting issue details... STATUS
To satisfy the requirement to generate notifications when policies are fully deployed/undeployed, it is necessary to track the policy deployment/undeployment status for each PDP. With this in mind, two options present themselves:
- Create a new JPA data structure to manage the information; or
- Augment the existing PdpGroup data structure to maintain the additional information. This could be done by changing the list of policies to a list of policy-info structures, where each object contained:
- policy name and version
- flag indicating whether the policy is being deployed or undeployed
- list of PDPs for which PAP is still awaiting the outcome of the PDP-UPDATE message
An advantage of approach #2 is that it's easier to transactionalize updates to the PdpGroup along with the list of waiting PDPs. One downside is the extra amount of data that must be retrieved when a PdpGroup is extracted from the DB.
One complicating factor of #2 is that the same class, PdpGroup is used as both the data store structure and the PAP REST API structure. If the same structure were to continue to be used, then the extra data fields would have to be handled (e.g., discarded on input from REST). On the other hand, it could provide a mechanism for clients of the REST API to determine the actual PDP deployment status of each policy.
3 Comments
Jim Hahn
I'm currently pursuing option #2 by modifying the Pdp class, adding lists of policies awaiting deployment & undeployment, as well as a list of policies that failed undeployment. (Note: no failure list is needed for deployment, as failures immediately trigger an undeployment of the policy.) I believe this can be done without breaking any of the interfaces. Rules/pseudocode for use:
Jim Hahn
Feedback was that option #1 is preferable, to isolate the impacts.
With that in mind, rather than creating a complex structure just to track the state of policy deployments, the simple proposal would be to create a single table whose records contain:
Note: once all records for a given policy have been marked "undeployed" or "failed undeployment", those records will be deleted, as the corresponding policy no longer appears within the PdpGroup records.
Performance concern: Do we have a guesstimate of how many records there could be for a given group? If it's many, then we may want to eliminate records that are marked "deployed", as any PDP that appears in the PdpSubGroup containing the policy would be implicitly deployed, unless there's a record for one of the other status values (i.e., awaiting, failed). However, that would make some of the cases more complicated, as the list of successfully deployed PDPs would now have to be queried from the PdpGroup (which may defeat the purpose, because now all policy IDs within the group will have to be loaded, as part of the group structure). Proposal is to keep it simple for now.
This requires an additional rules:
Ram Krishna Verma
Looks good Jim. Few points from my side: