Summary
This operation will allow enabling/disabling individual policies running in PDP engine.
The policy still remains in PDP engine, only the execution of ONSET events/decision calls are stopped temporarily.
It is mainly beneficial in scenarios where network operators/administrators want to disable a particular policy in PDP engine for a period of time due to a failure in the system or for scheduled maintenance.
Impacted Policy components
| Component Name | Feasibility Analysis | Comments | Owner |
|---|---|---|---|
| PAP | |||
| Drools-PDP | |||
| Apex-PDP | |||
| Xacml-PDP | Pamela Dragosh |
Currently available alternative solutions
| Solution | Rank | Comments |
|---|---|---|
| ACTIVE/PASSIVE state change at PdpGroup Level | LOW | This solution makes all the policies running in PDP engine to stop/start execution. But the intent is to stop/start individual policies. |
| Deploy/Undeploy policy in PDP Engine | MEDIUM | This solution might work but includes overhead of deploying/undeploying policies from PAP to PDP engine. Delta update might help improve the list sent by PAP. Also, needs to know what happens if an event is under process and PDP receives message to undeploy policy. |
Proposed plan/changes
Utilize the deploy/undeploy API to achieve the ability for enabling/disabling policy in PDP engine. And make the following changes:
- Delta policy update between PAP & PDP
Currently the whole list of policies are transferred always between PAP & PDP for any deploy/undeploy operation. This should be changed to only send the policy for which deploy/undeploy operation has to be performed by the PDP.
This will help in not affecting other policies while trying to enable/disable a policy in PDP. Also, improves the overhead of sending the whole list again and again and PDP scanning through the list.
- Graceful undeploy of policy in PDP
When a PDP engine receives undeploy request from PAP, it should ideally try to finish the processing of any ongoing event and then gracefully undeploy the policy.