Added enforcement to private-public network demo
Issue: # Change-Id: I0890d121843c9c4263ff8718764012c603c56b77
This commit is contained in:
parent
290a473e2a
commit
0440563ca9
|
@ -158,41 +158,37 @@ nova:owner-("vm1", "tim") :- delete_vm("vm1")
|
||||||
|
|
||||||
|
|
||||||
*********************************************************************
|
*********************************************************************
|
||||||
** Future Enforcement: Operations Policy
|
** Enforcement: Operations Policy
|
||||||
*********************************************************************
|
*********************************************************************
|
||||||
|
|
||||||
12) Execute an action-sequence: disconnect offending private network
|
12) Dictate conditions under which actions should automatically be executed: Enforcement policy.
|
||||||
|
|
||||||
r.execute('action1 action2 action3')
|
|
||||||
|
|
||||||
13) Dictate conditions under which actions should automatically be executed: Operations policy.
|
|
||||||
|
|
||||||
Informal policy:
|
Informal policy:
|
||||||
every time a VM has an error and that VM is connected to a private network not owned by someone in the same group as the VM owner, then execute 'disconnect_network'.
|
every time a VM has an error and that VM is connected to a private network not owned by someone in the same group as the VM owner, then execute 'disconnect_network'.
|
||||||
|
|
||||||
Formal policy:
|
Formal policy:
|
||||||
|
|
||||||
disconnect_network(vm1, net_private) :-
|
disconnect_network(vm, network) :-
|
||||||
error(vm1)
|
error(vm),
|
||||||
nova:virtual_machine(vm1)
|
nova:virtual_machine(vm),
|
||||||
nova:network(vm1, net_private)
|
nova:network(vm, network),
|
||||||
not neutron:public_network(net_private)
|
not neutron:public_network(network),
|
||||||
neutron:owner(net_private, martin)
|
neutron:owner(network, network_owner),
|
||||||
nova:owner(vm1, tim)
|
nova:owner(vm, vm_owner),
|
||||||
not same_group(martin, tim)
|
not same_group(network_owner, vm_owner)
|
||||||
|
|
||||||
r.load_file("../../examples/private_public_network.operations", target=r.OPERATION_POLICY)
|
--- Commands ------------------------------------
|
||||||
|
>>> r.load_file("../../examples/private_public_network.enforce", target=r.ENFORCEMENT_THEORY)
|
||||||
|
-------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
14) Create an error that the operations policy should automatically correct.
|
13) Create an error that the enforcement policy should automatically correct.
|
||||||
|
|
||||||
r.execute('connect_network("vm1", "net_private")')
|
--- Commands ------------------------------------
|
||||||
print r.select("error(x)")
|
>>> print r.select("error(x)")
|
||||||
error("vm3")
|
error("vm3")
|
||||||
|
>>> print r.logger.contents()
|
||||||
|
disconnect_network("vm1", "net_private")
|
||||||
15) Show log for auditing to see that we actually did connect the network and then disconnect it. Log should include explanation for why action was executed.
|
-------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue