[openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

Sumit Naiksatam sumitnaiksatam at gmail.com
Fri Aug 8 20:02:08 UTC 2014

On Fri, Aug 8, 2014 at 12:45 PM, Armando M. <armamig at gmail.com> wrote:
> On 8 August 2014 10:56, Kevin Benton <blak111 at gmail.com> wrote:
>> There is an enforcement component to the group policy that allows you to
>> use the current APIs and it's the reason that group policy is integrated
>> into the neutron project. If someone uses the current APIs, the group policy
>> plugin will make sure they don't violate any policy constraints before
>> passing the request into the regular core/service plugins.
> This is the statement that makes me trip over, and I don't understand why
> GBP and Neutron Core need to be 'integrated' together as they have. Policy
> decision points can be decentralized from the system under scrutiny, we
> don't need to have one giant monolithic system that does everything; it's an
> architectural decision that would make difficult to achieve composability
> and all the other good -ilities of software systems.

Adding the GBP extension to Neutron does not change the nature of the
software architecture of Neutron making it more or less monolithic. It
fulfills a gap that is currently present in the Neutron API, namely -
to complement the current imperative abstractions with a app
-developer/deployer friendly declarative abstraction [1]. To
reiterate, it has been proposed as an “extension”, and not a
replacement of the core abstractions or the way those are consumed. If
this is understood and interpreted correctly, I doubt that there
should be reason for concern.

[1] https://review.openstack.org/#/c/89469

> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list