[openstack-dev] [Congress] Reactive enforcement specs

Tim Hinrichs thinrichs at vmware.com
Thu Nov 20 16:50:05 UTC 2014

Hi all,

Recently there’s been quite a bit of interest in adding reactive enforcement to Congress: the ability to write policies that tell Congress to execute actions to correct policy violations.  We’re planning to add this feature in the next release.  I wrote a few specs that split this work into several bite-sized pieces (one was accidentally merged prematurely—it’s still up for discussion).

Let’s discuss these over Gerrit (the usual spec process).  We’re trying to finalize these specs by the middle of next week (a little behind the usual OpenStack schedule).  For those of you who haven’t left comments via Gerrit, you need to ...

1) log in to Gerrit using your Launchpad ID,
2) leave comments on specific lines in individual files by double-clicking the line you’d like to comment on,
3) click the Review button on the initial page
4) click the Publish Comments button.

Add triggers to policy engine (a programmatic interface useful for implementing reactive enforcement)

Add modal operators to policy language (how we might express reactive enforcement policies within Datalog)

Action-execution interface (how we might modify data-source drivers so they can execute actions)

Explicit reactive enforcement (pulling all the pieces together)

There are a number of additional specs generated since the summit.  Feel free to chime in on those too.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141120/5e65b86d/attachment.html>

More information about the OpenStack-dev mailing list