[openstack-dev] Fwd: FW: [Neutron] Group Based Policy and the way forward

Armando M. armamig at gmail.com
Fri Aug 8 22:42:43 UTC 2014


On 8 August 2014 14:55, Kevin Benton <blak111 at gmail.com> wrote:

> >This is the statement that makes me trip over,
>
> I don't know what that means. Does it mean that you are so incredibly
> shocked by the stupidity of that statement that you fall down? Or does it
> mean something else?
>

Why would you think that? I trip over the obstacle that prevents me from
understanding! If at all, I would blame my stupidity, not the one of the
statement :)


>
> >Policy decision points can be decentralized from the system under
> scrutiny,
>
> Unfortunately they can't in this case where some policy needs to be
> enforced between plugins. If we could refactor the communication between
> service and core plugins to use the API as well, then we probably could
> build this as a middleware.
>

Assumed I agreed they couldn't, which I find hard to believe, instead of
going after the better approach, we stick with the less optimal one?


>
> On Fri, Aug 8, 2014 at 1:45 PM, Armando M. <armamig at gmail.com> wrote:
>
>> On 8 August 2014 10:56, Kevin Benton <blak111 at gmail.com> wrote:
>>
>>> There is an enforcement component to the group policy that allows you to
>>> use the current APIs and it's the reason that group policy is integrated
>>> into the neutron project. If someone uses the current APIs, the group
>>> policy plugin will make sure they don't violate any policy constraints
>>> before passing the request into the regular core/service plugins.
>>>
>>
>> This is the statement that makes me trip over, and I don't understand why
>> GBP and Neutron Core need to be 'integrated' together as they have. Policy
>> decision points can be decentralized from the system under scrutiny, we
>> don't need to have one giant monolithic system that does everything; it's
>> an architectural decision that would make difficult to achieve
>> composability and all the other good -ilities of software systems.
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Kevin Benton
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140808/47edd6d8/attachment.html>


More information about the OpenStack-dev mailing list