On 02/11/13 21:31 -0700, Tim Hinrichs wrote:
Hi OpenStackers,
We've been working on an open policy framework for OpenStack that we're calling
Congress. We've been talking with OpenStack users and several of our partners
to understand the kinds of rules and regulations they envision enforcing with a
policy-based management framework. Across the board they are interested in
policies that span networking, compute, storage, etc.
The idea behind Congress is to have a single policy engine that integrates any
collection of external authentication and data stores and allows cloud
administrators to write policies over those data stores in a rich, declarative
language. The policy engine can either enforce the policy proactively (i.e.
preventing policy violations before they occur) or reactively (identifying
violations after they occur and taking corrective action) or a combination
(proactively when possible and reactively when not). The policy engine can
also interact with the administrator, explaining the causes of violations,
computing potential remediation plans, and simulating action executions to
understand what violations those actions might cause.
While the project is still in the early stages, we have identified a grammar
for the policy language, implemented a policy engine, and written a proof of
concept integration for ActiveDirectory. We would love to get participation
and feedback.
Have you guys looked into oslo-incubator/policy.py ?
What's wrong with the grammar used there?
Have you guys considered starting your work from there?
Although you're planning to create a policy service, it may make sense
to be compliant with what OpenStack uses and maybe, you could maintain
the whole policy library at some point.
FF
--
@flaper87
Flavio Percoco
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
