This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
copper:use_cases [2015/05/05 21:22] Bryan Sullivan |
copper:use_cases [2015/05/05 21:24] Bryan Sullivan |
||
---|---|---|---|
Line 2: | Line 2: | ||
^ Policy ^ Description ^ Notes/Examples ^ | ^ Policy ^ Description ^ Notes/Examples ^ | ||
- | | Network Access Control | As a tenant, I need to be sure that the only private networks connected to my VMs are owned by me or someone from my group. | OpenStack Congress: <code>error :- nova:vm(vm), | + | | Network Access Control | As a tenant, I need to be sure that the only private networks connected to my VMs are owned by me or someone from my group. | OpenStack Congress: <code>error :- |
+ | nova:vm(vm), | ||
neutron:network(network), | neutron:network(network), | ||
nova:network(vm, network), | nova:network(vm, network), | ||
Line 10: | Line 11: | ||
-same-group(vm-own, net-own) | -same-group(vm-own, net-own) | ||
- | same-group(user1, user2) :- ldap:group(user1, g), ldap:group(user2, g) </code> | | + | same-group(user1, user2) :- |
- | | Storage Access Control | As a tenant, I need to be sure that the only VMs that can attach to my private storage resources are owned by me or someone from my group. | OpenStack Congress: <code>error :- nova:vm(vm), cinder:volumes(volume), | + | ldap:group(user1, g), |
+ | ldap:group(user2, g) </code> | | ||
+ | | Storage Access Control | As a tenant, I need to be sure that the only VMs that can attach to my private storage resources are owned by me or someone from my group. | OpenStack Congress: <code>error :- | ||
+ | nova:vm(vm), | ||
+ | cinder:volumes(volume), | ||
nova:volume(vm, volume), | nova:volume(vm, volume), | ||
nova:owner(vm, vm-own), | nova:owner(vm, vm-own), | ||
Line 17: | Line 22: | ||
-same-group(vm-own, vol-own) | -same-group(vm-own, vol-own) | ||
- | same-group(user1, user2) :- ldap:group(user1, g), ldap:group(user2, g) </code> | | + | same-group(user1, user2) :- |
+ | ldap:group(user1, g), | ||
+ | ldap:group(user2, g) </code> | | ||
| Resource Reclamation | As a service provider, I need to be informed of VMs that are under-utilized so that I can reclaim the VI resources. (example from [[http://ruleyourcloud.com/2015/03/12/scaling-up-congress.html|RuleYourCloud blog]]) | OpenStack Congress: <code> reclaim_server(vm) :- | | Resource Reclamation | As a service provider, I need to be informed of VMs that are under-utilized so that I can reclaim the VI resources. (example from [[http://ruleyourcloud.com/2015/03/12/scaling-up-congress.html|RuleYourCloud blog]]) | OpenStack Congress: <code> reclaim_server(vm) :- | ||
ceilometer:stats("cpu_util",vm, avg_cpu), | ceilometer:stats("cpu_util",vm, avg_cpu), |