Skip to content

Commit

Permalink
Merge pull request #386 from permitio/dan/per-10258-add-docs-on-all-t…
Browse files Browse the repository at this point in the history
…he-pdp-config

dan/per-10258-add-docs-on-all-the-pdp-config
  • Loading branch information
danyi1212 authored Jul 16, 2024
2 parents 988e1f9 + ac71e0e commit 4c37227
Show file tree
Hide file tree
Showing 10 changed files with 647 additions and 62 deletions.
9 changes: 6 additions & 3 deletions docs/concepts/control-plane-and-data-plane.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,10 @@ So while you can opt to store information such as user names in the system, it i

## Local PDP - Policy Decision Point

The main component which enables the hybrid architecture is the [PDP (Policy Decision Point)](/overview/glossary#pdp).
A PDP is a network node responsible for answering authorization queries using policies and contextual data.
The PDP provided to you by Permit acts as your microservice for authorization and is deployed beside your own services.

This component is the main part of the hybrid architecture, and can be deployed as a side-car, cluster, or just as a single instance (for light workload scenarios).
The Permit.io PDP (Which bundles together OPA, OPAL, and an API server) is available publicly from [Docker hub](https://hub.docker.com/r/permitio/pdp-v2).
The PDP essentially becomes your microservice for authorization, and can be deployed as a side-car, cluster, or even as a single instance (for light workload scenarios).
Read more about [the Permit.io PDP here](/overview/glossary#pdp).

For more information, check out the [PDP Documentation](/concepts/pdp/overview).
53 changes: 0 additions & 53 deletions docs/concepts/pdp.mdx
Original file line number Diff line number Diff line change
@@ -1,53 +0,0 @@
---
sidebar_position: 4
title: Policy Decision Point (PDP)
---

# PDP (Policy Decision Point)

A PDP is a network node in an application that provides an endpoint to test for policy decisions- i.e. services may ask the PDP if specific actions or requests are allowed according to the set policy.
The PDP essentially becomes your microservice for authorization, and can be deployed as a side-car, cluster, or even as a single instance (for light workload scenarios).
PDPs need to be highly available, performant and physically close to the querying services to avoid latency.

## Deploying the PDP

The most straightforward way to integrate PDPs into a microservices architecture is as sidecars - meaning each microservice has a sidecar container next to it which it can query for policy.
Other topologies include centralized PDP, gateway to PDP (i.e. filtering requests at API gateways or proxies).

Permit.io supports all PDP layouts and provides the missing layers on-top of open-source PDP solutions (such as OpenPolicyAgent). These layers include policy delivery and updating, supporting data collection, application level SDKs, application level instrumentation and more.
Read about [the various layouts you can deploy the PDP with here](/how-to/deploy/overview#pdp-deployments).

The Permit.io PDP (Which by default bundles together OPA, OPAL, and an API server) is available publicly from [Docker hub](https://hub.docker.com/r/permitio/pdp-v2).


You can set `PDP_ALLOW_METRICS_UNAUTHENTICATED` env var as `true` to allow access to the PDP metrics without authentication (can be used for monitoring tools like DataDog etc) - supported from version 0.2.27.


## Hosted/Managed cloud PDP option

While we recommend a local PDP for production deployments, a limited Cloud PDP option is available at `https://cloudpdp.api.permit.io` for evaluation and testing purposes.

:::note
The cloud PDP is intended for first evaluation and basic testing, and currently it is not supporting ABAC, ReBAC or large environments (environments with more than 1M data).
:::

### Hosted PDP in your region

If you require a hosted version in a specific region (e.g. to minimize network latency as much as possible), or with other specific specs reach out to us at [support@permit.io](mailto:support@permit.io), or in the [Slack community](https://io.permit.io/docs-to-slack).

## Powered by OPA+OPAL

Permit.io's PDP orchestration is powered by [OPAL](https://opal.ac) - an open source project - developed by the team at Permit.io and supported by a large community of developers and users.
Check out this talk with the primary authors of OPAL to learn more about the unique realtime architecture:

<iframe
width="560"
height="315"
src="https://www.youtube.com/embed/A5adHlkmdC0"
title="YouTube video player"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen
></iframe>

OPAL's built-in [separation of the data plane from the control plane](/concepts/control-plane-and-data-plane), enables Permit.io users to enjoy the benefits of a fully distributed PDP solution, without having to be dependant on the availability of the Permit.io cloud, or sharing any data with it.
6 changes: 6 additions & 0 deletions docs/concepts/pdp/_category_.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
{
"label": "Policy Decision Point (PDP)",
"position": 4,
"collapsible": true,
"collapsed": true
}
Loading

0 comments on commit 4c37227

Please sign in to comment.