AIM Policy Driver - Part 1

This is the first, in what is expected to be a series patches (not
necessarily sequential), that implements a new GBP Policy Driver. This
new Policy Driver is meant to be used in conjunction with the new
APIC mechanism driver, and the ACI Integration Module (AIM) library
that are being developed in parallel. This new Policy Driver is being
called the AIM Mapping driver.

The are at least a couple of goals that are foremost in the design of
this driver -

(1) Transactional consistency - the driver performs all orchestration
operations in the pre-commit hook that is part of the same transaction
as that which is created by the GBP plugin in response to the API call.
Apart from the implementation in this new driver, some refactoring of
the local_api module was required to optionally avoid creating a new
transaction every time the driver orchestrated changes to other parts
of the policy model, and/or Neutron resources.

(2) Asynchronous behavior - the driver will not directly interact
with external backends. As stated before, it will interface with Neutron
and/or AIM, and appropriately populate the status of the GBP resources
using the status and status_details attributes available for each GBP
resource (this does not happen in this patch).

The AIM driver attempts to reuse as much of the existing implementation
as possible. Towards this end, some parts of the Implicit Policy, and
the Resource Mapping drivers have been refactored to allow the code to
be shared and reused. The AIM driver effectively reuses these two existing
policy drivers as libraries, but is self-sufficient and should be the
only one configured.

Wherever possible, an attempt is being made to implement the mapping to
the Neutron resources in a base class, which in future, can help to build
a replacement for the current Resource Mapping driver with the same
transactional consistency goal.

A new “ensure_tenant” hook is being added to the Policy Driver interface.
This allows each driver to perform the tenant related bookkeeping prior
to proceeding with any orchestration for a resource itself. The hook is
invoked from the GBP plugin for the create operation of each resource.
This invocation happens prior to the transaction that is started to
create the resource.

The APIC mechanism driver uses a name-mapper module to map GBP resource
names to qualified names that are used by the AIM library. This AIM
policy driver holds a reference to that same name-mapper module (and
subsequently the cache that it uses) to perform name mapping for the
GBP resources.

In addition to the UTs that test the new code, specific UTs have been
added for validating the transactional consistency by testing the
rollback of created/updated/deleted resources if a downstream
operation fails.

Change-Id: I945d700c1a5e670de48d9c0d22e456e2d45f78a8

setup.cfg

@@ -52,7 +52,9 @@ gbpservice.neutron.group_policy.policy_drivers =
     dummy = gbpservice.neutron.services.grouppolicy.drivers.dummy_driver:NoopDriver
     implicit_policy = gbpservice.neutron.services.grouppolicy.drivers.implicit_policy:ImplicitPolicyDriver
     resource_mapping = gbpservice.neutron.services.grouppolicy.drivers.resource_mapping:ResourceMappingDriver
+    neutron_resources = gbpservice.neutron.services.grouppolicy.drivers.neutron_resources:CommonNeutronBase
     chain_mapping = gbpservice.neutron.services.grouppolicy.drivers.chain_mapping:ChainMappingDriver
+    aim_mapping = gbpservice.neutron.services.grouppolicy.drivers.cisco.apic.aim_mapping:AIMMappingDriver
     apic = gbpservice.neutron.services.grouppolicy.drivers.cisco.apic.apic_mapping:ApicMappingDriver
     odl = gbpservice.neutron.services.grouppolicy.drivers.odl.odl_mapping:OdlMappingDriver
     oneconvergence_gbp_driver = gbpservice.neutron.services.grouppolicy.drivers.oneconvergence.nvsd_gbp_driver:NvsdGbpDriver