[openstack-dev] [neutron] [policy] Policy-group relationship
Mohammad Banikazemi
mb at us.ibm.com
Thu Dec 12 23:42:41 UTC 2013
Continuing the discussion we had earlier today during the Neutron Group
Policy weekly meeting [0], I would like to initiate a couple of email
threads and follow up on a couple of important issues we need to agree on
so we can move forward. In this email thread, I would like to discuss the
policy-group relationship.
I want to summarize the discussion we had during the meeting [1] and see if
we have reached an agreement:
There are two models for expressing the relationship between Groups and
Policies that were discussed:
1- Policies are defined for a source Group and a destination Group
2- Groups specify the Policies they "provide" and the Policies they
"consume"
As expressed during the IRC meeting, both models have strong support and we
decided to have a resource model that can be used to express both models.
The solution we came up with was rather simple:
Update the resource model (shown in the attribute tables and the taxonomy
in the google doc [2]) such that policy can refer to a "list" of source
Groups and a "list" of destination Groups.
This boils down to having two attributes namely, src_groups and
destination_groups (both list of uuid-str type) replacing the current
attributes src_group and dest_group, respectively.
This change simply allows the support for both models. For supporting model
1, specify a single source Group and a single destination Group. For model
2, specify the producers of a Policy in the source Group list and specify
the consumers of the Policy in the destination Group list.
If there is agreement, I will update the taxonomy and the attribute tables
in the doc.
Best,
Mohammad
[0] https://wiki.openstack.org/wiki/Meetings/Neutron_Group_Policy
[1]
http://eavesdrop.openstack.org/meetings/networking_policy/2013/networking_policy.2013-12-12-16.01.log.html
[2]
https://docs.google.com/document/d/1ZbOFxAoibZbJmDWx1oOrOsDcov6Cuom5aaBIrupCD9E/edit#heading=h.x1h06xqhlo1n
(Note the new additions are at the end of the document.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131212/bc80c390/attachment-0001.html>
More information about the OpenStack-dev
mailing list