[openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

Prasad Vellanki prasad.vellanki at oneconvergence.com
Fri Aug 8 20:25:20 UTC 2014


GBP is about networking policy and hence limited to networking constructs.
It enhances the networking constructs. Since it follows more or less the
plugin model, it is not in one monolithic module but fans out to the policy
module and is done via  extension.


On Fri, Aug 8, 2014 at 12:45 PM, Armando M. <armamig at gmail.com> wrote:

> On 8 August 2014 10:56, Kevin Benton <blak111 at gmail.com> wrote:
>
>> There is an enforcement component to the group policy that allows you to
>> use the current APIs and it's the reason that group policy is integrated
>> into the neutron project. If someone uses the current APIs, the group
>> policy plugin will make sure they don't violate any policy constraints
>> before passing the request into the regular core/service plugins.
>>
>
> This is the statement that makes me trip over, and I don't understand why
> GBP and Neutron Core need to be 'integrated' together as they have. Policy
> decision points can be decentralized from the system under scrutiny, we
> don't need to have one giant monolithic system that does everything; it's
> an architectural decision that would make difficult to achieve
> composability and all the other good -ilities of software systems.
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140808/1598c7a6/attachment.html>


More information about the OpenStack-dev mailing list