x/group-based-policy
Code Issues Proposed changes

Group Policy Plugin-2: Classifiers, Actions, and Rules

Browse Source 
(Patch series identifier: GP-PLG-2)

This patch includes the plugin and the policy driver framework to realize the
Policy Classifiers, Policy Actions, and Policy Rules resources.

In the context of the larger Group Policy Model, the Policy Rule resource
is referenced by Contracts, which be will introduced in a subsequent patch.

Gerrit Spec: https://review.openstack.org/#/c/89469
("classifiers" and "actions" resources in the above spec have been renamed to
"policy_classifiers" and "policy_actions")

Partially-implements: blueprint group-based-policy-abstraction

Change-Id: Ia7d4b379091a36152fde219918348fb2a41577a8
Author: Sumit Naiksatam <sumitnaiksatam@gmail.com>
Co-Authored-By: Bob Kukura <kukura@noironetworks.com>
Co-Authored-By: Stephen Wong <s3wong@midokura.com>
Co-Authored-By: Mohammad Banikazemi <mb@us.ibm.com>
Co-Authored-By: Mandeep Dhami <dhami@noironetworks.com>
This commit is contained in:
Sumit Naiksatam
2014-06-29 23:05:47 -07:00
parent 6098211478
commit 50b74fd22a
5 changed files with 609 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
gbp/neutron/services/grouppolicy/drivers/dummy_driver.py
View File

@@ -116,3 +116,75 @@ class NoopDriver(api.PolicyDriver):
@log.log
def delete_l3_policy_postcommit(self, context):
pass
@log.log
def create_policy_classifier_precommit(self, context):
pass
@log.log
def create_policy_classifier_postcommit(self, context):
pass
@log.log
def update_policy_classifier_precommit(self, context):
pass
@log.log
def update_policy_classifier_postcommit(self, context):
pass
@log.log
def delete_policy_classifier_precommit(self, context):
pass
@log.log
def delete_policy_classifier_postcommit(self, context):
pass
@log.log
def create_policy_action_precommit(self, context):
pass
@log.log
def create_policy_action_postcommit(self, context):
pass
@log.log
def update_policy_action_precommit(self, context):
pass
@log.log
def update_policy_action_postcommit(self, context):
pass
@log.log
def delete_policy_action_precommit(self, context):
pass
@log.log
def delete_policy_action_postcommit(self, context):
pass
@log.log
def create_policy_rule_precommit(self, context):
pass
@log.log
def create_policy_rule_postcommit(self, context):
pass
@log.log
def update_policy_rule_precommit(self, context):
pass
@log.log
def update_policy_rule_postcommit(self, context):
pass
@log.log
def delete_policy_rule_precommit(self, context):
pass
@log.log
def delete_policy_rule_postcommit(self, context):
pass

51
gbp/neutron/services/grouppolicy/group_policy_context.py
View File

@@ -116,3 +116,54 @@ class L3PolicyContext(GroupPolicyContext, api.L3PolicyContext):
routers = self._plugin._add_router_to_l3_policy(
self._plugin_context, self._l3_policy['id'], router_id)
self._l3_policy['routers'] = routers
class PolicyClassifierContext(GroupPolicyContext, api.PolicyClassifierContext):
def __init__(self, plugin, plugin_context, policy_classifier,
original_policy_classifier=None):
super(PolicyClassifierContext, self).__init__(plugin, plugin_context)
self._policy_classifier = policy_classifier
self._original_policy_classifier = original_policy_classifier
@property
def current(self):
return self._policy_classifier
@property
def original(self):
return self._original_policy_classifier
class PolicyActionContext(GroupPolicyContext, api.PolicyActionContext):
def __init__(self, plugin, plugin_context, policy_action,
original_policy_action=None):
super(PolicyActionContext, self).__init__(plugin, plugin_context)
self._policy_action = policy_action
self._original_policy_action = original_policy_action
@property
def current(self):
return self._policy_action
@property
def original(self):
return self._original_policy_action
class PolicyRuleContext(GroupPolicyContext, api.PolicyRuleContext):
def __init__(self, plugin, plugin_context, policy_rule,
original_policy_rule=None):
super(PolicyRuleContext, self).__init__(plugin, plugin_context)
self._policy_rule = policy_rule
self._original_policy_rule = original_policy_rule
@property
def current(self):
return self._policy_rule
@property
def original(self):
return self._original_policy_rule

239
gbp/neutron/services/grouppolicy/group_policy_driver_api.py
View File

@@ -194,6 +194,95 @@ class L3PolicyContext(object):
pass
@six.add_metaclass(abc.ABCMeta)
class PolicyClassifierContext(object):
"""Context passed to policy engine for policy_classifier resource changes.
An PolicyClassifierContext instance wraps an policy_classifier resource.
It provides helper methods for accessing other relevant information.
Results from expensive operations are cached for convenient access.
"""
@abc.abstractproperty
def current(self):
"""Return the current state of the policy_classifier.
Return the current state of the policy_classifier, as defined by
GroupPolicyPlugin.create_policy_classifier.
"""
pass
@abc.abstractproperty
def original(self):
"""Return the original state of the policy_classifier.
Return the original state of the policy_classifier, prior to a call to
update_policy_classifier. Method is only valid within calls to
update_policy_classifier_precommit and
update_policy_classifier_postcommit.
"""
pass
@six.add_metaclass(abc.ABCMeta)
class PolicyActionContext(object):
"""Context passed to policy engine for policy_action resource changes.
An PolicyActionContext instance wraps an policy_action resource.
It provides helper methods for accessing other relevant information.
Results from expensive operations are cached for convenient access.
"""
@abc.abstractproperty
def current(self):
"""Return the current state of the policy_action.
Return the current state of the policy_action, as defined by
GroupPolicyPlugin.create_policy_action.
"""
pass
@abc.abstractproperty
def original(self):
"""Return the original state of the policy_action.
Return the original state of the policy_action, prior to a call to
update_policy_action. Method is only valid within calls to
update_policy_action_precommit and update_policy_action_postcommit.
"""
pass
@six.add_metaclass(abc.ABCMeta)
class PolicyRuleContext(object):
"""Context passed to policy engine for policy_rule resource changes.
An PolicyRuleContext instance wraps an policy_rule resource.
It provides helper methods for accessing other relevant information.
Results from expensive operations are cached for convenient access.
"""
@abc.abstractproperty
def current(self):
"""Return the current state of the policy_rule.
Return the current state of the policy_rule, as defined by
GroupPolicyPlugin.create_policy_rule.
"""
pass
@abc.abstractproperty
def original(self):
"""Return the original state of the policy_rule.
Return the original state of the policy_rule, prior to a call to
update_policy_rule. Method is only valid within calls to
update_policy_rule_precommit and
update_policy_rule_postcommit.
"""
pass
@six.add_metaclass(abc.ABCMeta)
class PolicyDriver(object):
"""Define stable abstract interface for Group Policy drivers.
@@ -425,3 +514,153 @@ class PolicyDriver(object):
state of the l3_policy, prior to the call to delete it.
"""
pass
def create_policy_classifier_precommit(self, context):
"""Allocate resources for a new policy_classifier.
:param context: PolicyClassifierContext instance describing the new
policy_classifier.
"""
pass
def create_policy_classifier_postcommit(self, context):
"""Create a policy_classifier.
:param context: PolicyClassifierContext instance describing the new
policy_classifier.
"""
pass
def update_policy_classifier_precommit(self, context):
"""Update resources of a policy_classifier.
:param context: PolicyClassifierContext instance describing the new
state of the policy_classifier, as well as the original state prior
to the update_policy_classifier call.
"""
pass
def update_policy_classifier_postcommit(self, context):
"""Update a policy_classifier.
:param context: PolicyClassifierContext instance describing the new
state of the policy_classifier, as well as the original state prior
to the update_policy_classifier call.
"""
pass
def delete_policy_classifier_precommit(self, context):
"""Delete resources for a policy_classifier.
:param context: PolicyClassifierContext instance describing the current
state of the policy_classifier, prior to the call to delete it.
"""
pass
def delete_policy_classifier_postcommit(self, context):
"""Delete a policy_classifier.
:param context: PolicyClassifierContext instance describing the current
state of the policy_classifier, prior to the call to delete it.
"""
pass
def create_policy_action_precommit(self, context):
"""Allocate resources for a new policy_action.
:param context: PolicyActionContext instance describing the new
policy_action.
"""
pass
def create_policy_action_postcommit(self, context):
"""Create a policy_action.
:param context: PolicyActionContext instance describing the new
policy_action.
"""
pass
def update_policy_action_precommit(self, context):
"""Update resources of a policy_action.
:param context: PolicyActionContext instance describing the new
state of the policy_action, as well as the original state prior
to the update_policy_action call.
"""
pass
def update_policy_action_postcommit(self, context):
"""Update a policy_action.
:param context: PolicyActionContext instance describing the new
state of the policy_action, as well as the original state prior
to the update_policy_action call.
"""
pass
def delete_policy_action_precommit(self, context):
"""Delete resources for a policy_action.
:param context: PolicyActionContext instance describing the current
state of the policy_action, prior to the call to delete it.
"""
pass
def delete_policy_action_postcommit(self, context):
"""Delete a policy_action.
:param context: PolicyActionContext instance describing the current
state of the policy_action, prior to the call to delete it.
"""
pass
def create_policy_rule_precommit(self, context):
"""Allocate resources for a new policy_rule.
:param context: PolicyRuleContext instance describing the new
policy_rule.
"""
pass
def create_policy_rule_postcommit(self, context):
"""Create a policy_rule.
:param context: PolicyRuleContext instance describing the new
policy_rule.
"""
pass
def update_policy_rule_precommit(self, context):
"""Update resources of a policy_rule.
:param context: PolicyRuleContext instance describing the new
state of the policy_rule, as well as the original state prior
to the update_policy_rule call.
"""
pass
def update_policy_rule_postcommit(self, context):
"""Update a policy_rule.
:param context: PolicyRuleContext instance describing the new
state of the policy_rule, as well as the original state prior
to the update_policy_rule call.
"""
pass
def delete_policy_rule_precommit(self, context):
"""Delete resources for a policy_rule.
:param context: PolicyRuleContext instance describing the current
state of the policy_rule, prior to the call to delete it.
"""
pass
def delete_policy_rule_postcommit(self, context):
"""Delete a policy_rule.
:param context: PolicyRuleContext instance describing the current
state of the policy_rule, prior to the call to delete it.
"""
pass

190
gbp/neutron/services/grouppolicy/plugin.py
View File

@@ -293,3 +293,193 @@ class GroupPolicyPlugin(group_policy_mapping_db.GroupPolicyMappingDbPlugin):
LOG.error(_("delete_l3_policy_postcommit "
" failed, deleting l3_policy '%s'"), l3_policy_id)
return True
@log.log
def create_policy_classifier(self, context, policy_classifier):
session = context.session
with session.begin(subtransactions=True):
result = super(
GroupPolicyPlugin, self).create_policy_classifier(
context, policy_classifier)
policy_context = p_context.PolicyClassifierContext(self, context,
result)
self.policy_driver_manager.create_policy_classifier_precommit(
policy_context)
try:
self.policy_driver_manager.create_policy_classifier_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_(
"policy_driver_manager.create_policy_classifier_postcommit"
" failed, deleting policy_classifier '%s'"), result['id'])
self.delete_policy_classifier(context, result['id'])
return result
@log.log
def update_policy_classifier(self, context, id, policy_classifier):
session = context.session
with session.begin(subtransactions=True):
original_policy_classifier = super(
GroupPolicyPlugin, self).get_policy_classifier(context, id)
updated_policy_classifier = super(
GroupPolicyPlugin, self).update_policy_classifier(
context, id, policy_classifier)
policy_context = p_context.PolicyClassifierContext(
self, context, updated_policy_classifier,
original_policy_classifier=original_policy_classifier)
self.policy_driver_manager.update_policy_classifier_precommit(
policy_context)
self.policy_driver_manager.update_policy_classifier_postcommit(
policy_context)
return updated_policy_classifier
@log.log
def delete_policy_classifier(self, context, id):
session = context.session
with session.begin(subtransactions=True):
policy_classifier = self.get_policy_classifier(context, id)
policy_context = p_context.PolicyClassifierContext(
self, context, policy_classifier)
self.policy_driver_manager.delete_policy_classifier_precommit(
policy_context)
super(GroupPolicyPlugin, self).delete_policy_classifier(
context, id)
try:
self.policy_driver_manager.delete_policy_classifier_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_(
"policy_driver_manager.delete_policy_classifier_postcommit"
" failed, deleting policy_classifier '%s'"), id)
@log.log
def create_policy_action(self, context, policy_action):
session = context.session
with session.begin(subtransactions=True):
result = super(GroupPolicyPlugin,
self).create_policy_action(context, policy_action)
policy_context = p_context.PolicyActionContext(self, context,
result)
self.policy_driver_manager.create_policy_action_precommit(
policy_context)
try:
self.policy_driver_manager.create_policy_action_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_(
"policy_driver_manager.create_policy_action_postcommit "
"failed, deleting policy_action '%s'"), result['id'])
self.delete_policy_action(context, result['id'])
return result
@log.log
def update_policy_action(self, context, id, policy_action):
session = context.session
with session.begin(subtransactions=True):
original_policy_action = super(
GroupPolicyPlugin, self).get_policy_action(context, id)
updated_policy_action = super(
GroupPolicyPlugin, self).update_policy_action(context, id,
policy_action)
policy_context = p_context.PolicyActionContext(
self, context, updated_policy_action,
original_policy_action=original_policy_action)
self.policy_driver_manager.update_policy_action_precommit(
policy_context)
self.policy_driver_manager.update_policy_action_postcommit(
policy_context)
return updated_policy_action
@log.log
def delete_policy_action(self, context, id):
session = context.session
with session.begin(subtransactions=True):
policy_action = self.get_policy_action(context, id)
policy_context = p_context.PolicyActionContext(self, context,
policy_action)
self.policy_driver_manager.delete_policy_action_precommit(
policy_context)
super(GroupPolicyPlugin, self).delete_policy_action(context, id)
try:
self.policy_driver_manager.delete_policy_action_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_(
"policy_driver_manager.delete_policy_action_postcommit "
"failed, deleting policy_action '%s'"), id)
@log.log
def create_policy_rule(self, context, policy_rule):
session = context.session
with session.begin(subtransactions=True):
result = super(
GroupPolicyPlugin, self).create_policy_rule(
context, policy_rule)
policy_context = p_context.PolicyRuleContext(self, context,
result)
self.policy_driver_manager.create_policy_rule_precommit(
policy_context)
try:
self.policy_driver_manager.create_policy_rule_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_(
"policy_driver_manager.create_policy_rule_postcommit"
" failed, deleting policy_rule '%s'"), result['id'])
self.delete_policy_rule(context, result['id'])
return result
@log.log
def update_policy_rule(self, context, id, policy_rule):
session = context.session
with session.begin(subtransactions=True):
original_policy_rule = super(
GroupPolicyPlugin, self).get_policy_rule(context, id)
updated_policy_rule = super(
GroupPolicyPlugin, self).update_policy_rule(
context, id, policy_rule)
policy_context = p_context.PolicyRuleContext(
self, context, updated_policy_rule,
original_policy_rule=original_policy_rule)
self.policy_driver_manager.update_policy_rule_precommit(
policy_context)
self.policy_driver_manager.update_policy_rule_postcommit(
policy_context)
return updated_policy_rule
@log.log
def delete_policy_rule(self, context, id):
session = context.session
with session.begin(subtransactions=True):
policy_rule = self.get_policy_rule(context, id)
policy_context = p_context.PolicyRuleContext(self, context,
policy_rule)
self.policy_driver_manager.delete_policy_rule_precommit(
policy_context)
super(GroupPolicyPlugin, self).delete_policy_rule(
context, id)
try:
self.policy_driver_manager.delete_policy_rule_postcommit(
policy_context)
except gp_exc.GroupPolicyDriverError:
with excutils.save_and_reraise_exception():
LOG.error(_(
"policy_driver_manager.delete_policy_rule_postcommit"
" failed, deleting policy_rule '%s'"), id)

57
gbp/neutron/services/grouppolicy/policy_driver_manager.py
View File

@@ -203,3 +203,60 @@ class PolicyDriverManager(stevedore.named.NamedExtensionManager):
def delete_l3_policy_postcommit(self, context):
self._call_on_drivers("delete_l3_policy_postcommit", context,
continue_on_failure=True)
def create_policy_classifier_precommit(self, context):
self._call_on_drivers("create_policy_classifier_precommit", context)
def create_policy_classifier_postcommit(self, context):
self._call_on_drivers("create_policy_classifier_postcommit", context)
def update_policy_classifier_precommit(self, context):
self._call_on_drivers("update_policy_classifier_precommit", context)
def update_policy_classifier_postcommit(self, context):
self._call_on_drivers("update_policy_classifier_postcommit", context)
def delete_policy_classifier_precommit(self, context):
self._call_on_drivers("delete_policy_classifier_precommit", context)
def delete_policy_classifier_postcommit(self, context):
self._call_on_drivers("delete_policy_classifier_postcommit", context,
continue_on_failure=True)
def create_policy_action_precommit(self, context):
self._call_on_drivers("create_policy_action_precommit", context)
def create_policy_action_postcommit(self, context):
self._call_on_drivers("create_policy_action_postcommit", context)
def update_policy_action_precommit(self, context):
self._call_on_drivers("update_policy_action_precommit", context)
def update_policy_action_postcommit(self, context):
self._call_on_drivers("update_policy_action_postcommit", context)
def delete_policy_action_precommit(self, context):
self._call_on_drivers("delete_policy_action_precommit", context)
def delete_policy_action_postcommit(self, context):
self._call_on_drivers("delete_policy_action_postcommit", context,
continue_on_failure=True)
def create_policy_rule_precommit(self, context):
self._call_on_drivers("create_policy_rule_precommit", context)
def create_policy_rule_postcommit(self, context):
self._call_on_drivers("create_policy_rule_postcommit", context)
def update_policy_rule_precommit(self, context):
self._call_on_drivers("update_policy_rule_precommit", context)
def update_policy_rule_postcommit(self, context):
self._call_on_drivers("update_policy_rule_postcommit", context)
def delete_policy_rule_precommit(self, context):
self._call_on_drivers("delete_policy_rule_precommit", context)
def delete_policy_rule_postcommit(self, context):
self._call_on_drivers("delete_policy_rule_postcommit", context,
continue_on_failure=True)