PEP

PEP

PEP ( Policy Enforcement Point ) is the front-end of the whole Policy System. Any interaction with it must go through the PEP to ensure a smooth flow.

Firstly, it loads the PDP ( Policy Decision Point ) which actually is the module doing all dirty work ( finding policies, running them, merging their results, etc… ). Indeed, the PEP takes the output of the PDP for a given set of parameters ( decisionParams ) and enforces the actions that apply ( also determined by the PDP output ).

class DIRAC.ResourceStatusSystem.PolicySystem.PEP.PEP(Policy Enforcement Point)

Bases: object

__init__(clients={})

Constructor

Examples

>>> pep = PEP()
>>> pep1 = PEP( { 'ResourceStatusClient' : ResourceStatusClient() } )
>>> pep2 = PEP( { 'ResourceStatusClient' : ResourceStatusClient(), 'ClientY' : None } )
Parameters:
clients - [ None, dict ]

dictionary with clients to be used in the commands issued by the policies. If not defined, the commands will import them. It is a measure to avoid opening the same connection every time a policy is evaluated.

enforce(decisionParams)

Given a dictionary with decisionParams, it is passed to the PDP, which will return ( in case there is a/are positive match/es ) a dictionary containing three key-pair values: the original decisionParams ( decisionParams ), all the policies evaluated ( singlePolicyResults ) and the computed final result ( policyCombinedResult ).

To know more about decisionParams, please read PDP.setup where the decisionParams are sanitized.

Examples

>>> pep.enforce( { 'element' : 'Site', 'name' : 'MySite' } )
>>> pep.enforce( { 'element' : 'Resource', 'name' : 'myce.domain.ch' } )
Parameters:
decisionParams - dict

dictionary with the parameters that will be used to match policies.