On Mon, Nov 11, 2013 at 4:28 AM, Flavio Percoco <fla...@redhat.com> wrote:
> On 02/11/13 21:31 -0700, Tim Hinrichs wrote: > >> Hi OpenStackers, >> >> We've been working on an open policy framework for OpenStack that we're >> calling Congress. We've been talking with OpenStack users and several of >> our partners to understand the kinds of rules and regulations they envision >> enforcing with a policy-based management framework. Across the board they >> are interested in policies that span networking, compute, storage, etc. >> >> The idea behind Congress is to have a single policy engine that >> integrates any collection of external authentication and data stores and >> allows cloud administrators to write policies over those data stores in a >> rich, declarative language. The policy engine can either enforce the >> policy proactively (i.e. preventing policy violations before they occur) or >> reactively (identifying violations after they occur and taking corrective >> action) or a combination (proactively when possible and reactively when >> not). The policy engine can also interact with the administrator, >> explaining the causes of violations, computing potential remediation plans, >> and simulating action executions to understand what violations those >> actions might cause. >> >> While the project is still in the early stages, we have identified a >> grammar for the policy language, implemented a policy engine, and written a >> proof of concept integration for ActiveDirectory. We would love to get >> participation and feedback. >> >> > Have you guys looked into oslo-incubator/policy.py ? > > What's wrong with the grammar used there? > > Have you guys considered starting your work from there? > > Although you're planning to create a policy service, it may make sense > to be compliant with what OpenStack uses and maybe, you could maintain > the whole policy library at some point. > ++ I'm excited to see some new effort in this space (and sad that I wasn't aware of this ahead of the summit), but surprised by the apparent lack of integration with the existing oslo.policy engine, centralized policy storage in keystone (/v3/policies), etc. There's no reason why you couldn't replace all that, but a comparison with the existing policy infrastructure to indicate the advantages provided by congress (without making me read the source!) would be help this gain some traction within community. > > FF > > -- > @flaper87 > Flavio Percoco > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- -Dolph
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
