copper:copper_work_items:congress
This page will capture information about OpenStack Congress. Some links:
- congress.readthedocs.org : seems to cover only Nova and Neutron.
Congress Policy Categories
| Policy Category | Example Congress Policy | Policy Expression |
|---|---|---|
| Classification (detect violations) | Every network connected to a VM must either be public or owned by someone in the same group as the VM's owner | error :- nova:vm(vm), neutron:network(network), nova:network(vm, network), -neutron:public(network), neutron:private(network), nova:owner(vm, vm-own), neutron:owner(network, net-own), -same-group(vm-own, net-own) same-group(user1, user2) :- ldap:group(user1, g), ldap:group(user2, g) |
| Execution (take actions) | Disconnect any networks that are not either public or owned by someone in the same group as the VM's owner | execute(disconnectNetwork(vm, network)) :- nova:vm(vm), neutron:network(network), nova:network(vm, network), -neutron:public(network), neutron:private(network), nova:owner(vm, vm-own), neutron:owner(network, net-own), -same-group(vm-own, net-own) |
| Access Control (who can do what and under what conditions) | A disconnectNetwork action may only be executed by the owner of the VM or an administrator | permit(disconnectNetwork(vm, network), user) :- nova:owner(vm, owner), -equal(user,owner), -ldap:group(user, “admin”) |
| Action Description (what actions are available) | disconnectNetwork(vm, network) | nova:network-(vm, network) :- disconnectNetwork(vm, network), nova:owner(vm, owner), username(owner) action(“disconnectNetwork”) |
Use Cases Enabled by Policy Type Combinations
| Combination | Use Case Description from Congress Design doc | Example Use Case |
|---|---|---|
| Proactive Enforcement (assess if an action results in a policy violation) | If another cloud service queries Congress to ask if a given action A is permitted for user U, Congress computes the effects of user U executing action A in the current state, temporarily applies those changes to the current state to compute the resulting state, and checks if the new state has any new violations. New violations indicate that user U ought not be allowed to execute action A. | A user should not be able to connect a new network to a VM if that would violate a generic policy about network connections and VM ownership. |
| Reactive Enforcement (take action in response to a violation) | When Congress learns of a change in the cloud’s state, it updates its list of policy violations. If any new violations arise because of the change, Congress identifies the rows in the cloud service tables that are the cause of the violation, searches for actions using the Action Description policy that when executed would eliminate the rows in the cloud service tables causing the violations, and chooses one to execute. | Disconnect networks that have been connected in violation of a generic policy about network connections and VM ownership. |
| Interactive Enforcement (present violations to a user for manual intervention) | We can build a dashboard that queries Congress for all the current policy violations and displays them to the user. The dashboard can allow the user to drill down into the violations to understand their causes by exploring the contents of each of the Classification policy’s tables and why the rows in those tuples belong there. The dashboard can query Congress to ask for the list of remediations for a given violation and then execute any sequence of actions that the user chooses. If the same violation occurs repeatedly, the user can tell Congress to execute a given remediation every time that violation occurs. | Build up a set of generic policies by interactively viewing/investigating violations and selecting actions to take in the future automatically. |
| Assistive Enforcement (obtain set of valid state data or action options) | Given a partial update to the state U, ask what values could be added to U to create a complete update without violating policy, e.g. when creating a VM, ask which networks can be connected to the VM if the owner of the VM is Alice. | Augment admin user interfaces e.g. highlight options that are available as valid options (will not result in a policy violation). |
copper/copper_work_items/congress.txt · Last modified: 2015/04/10 06:03 by Bryan Sullivan
Except where otherwise noted, content on this wiki is licensed under the following license: Creative Commons Attribution 4.0 International License
