Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • ONLY minimal impacting changes will be accepted in G H release timeframe.

Current Blockers (which must be solved before proceeding)

  • DMaaP communication over multiple namespaces.
  • Policy DB communication over multiple namespaces. Mainly the security credentials generated randomly during DB pod creation.
  • Planning of what policy components needs to be centralized vs de-centralized and moved to tenant namespaces.
  • How DCAE/OOF or any other client decides which PDP engine to call for making decision. This is valid for scenarios where clients are making a REST (or any) call directly to PDP engine. Currently supported by Xacml-PDP.
  • Are there any impacts to CLAMP or any other clients who want to create/deploy policy in PDP Groups.
  • PDP in tenant namespace needs to check during initialization that DB is ready in the central namespace.
  • PDP → DB latency will increase if DB is in central namespace (Can be solved by splitting & moving DB to tenant namespace).

Scope for G H release 

  • Create a PdpGroup per tenant. And decide which & how many PDP instances are needed depending upon the tenant needs. 
  • Deploy/Undeploy policies to specific tenant based PdpGroup. 
  • Manage multiple PdpGroup & PDP instances from PAP.
  • Health check for all PDP instances from PAP.

Limitations for G H release (which will be solved in later releases) 

...