Grouping of PTGs based on Application Characteristics

A Policy Target Group (PTG) can be used to represent a specific tier of an
Application (e.g. DB tier). However, there is no construct in GBP that
corresponds to the application itself. Such a construct can help to abstract
the properties of the application (across the PTGs) futher simplifying the
intent specification and automated orchestration.

It is proposed to add a new resource Application Policy Group (APG) that will
have a 1 to many relationship with PTGs. Each PTG will belong to exactly one
APG. The APG does not have relationship (or constraints) with any other GBP
resources.

Change-Id: I45fd722ccd000ff311b37088f0d96a8a3411eaaa
Defines: blueprint application-group
This commit is contained in:
Sumit Naiksatam 2016-07-07 16:27:03 -07:00
parent 6a51744761
commit 33ad8b1c55

View File

@ -0,0 +1,185 @@
..
This work is licensed under a Creative Commons Attribution 3.0 Unported
License.
http://creativecommons.org/licenses/by/3.0/legalcode
=====================================================
Grouping of PTGs based on Application Characteristics
=====================================================
Launchpad blueprint:
https://blueprints.launchpad.net/group-based-policy/+spec/application-group
Problem description
===================
A Policy Target Group (PTG) can be used to represent a specific tier of an
Application (e.g. DB tier). However, there is no construct in GBP that
corresponds to the application itself. Such a construct can help to abstract
the properties of the application (across the PTGs) futher simplifying the
intent specification and automated orchestration.
Proposed change
===============
It is proposed to add a new resource Application Policy Group (APG) that will
have a 1 to many relationship with PTGs. Each PTG will belong to exactly one
APG. The APG does not have relationship (or constraints) with any other GBP
resources.
Each tenant will have a default APG. If no APG is specified, a PTG will be
placed in this default APG. The APG association of the PTG can be updated.
APG will support the shared attribute and can have visibility beyond the
project which owns it.
Data model impact
-----------------
A new table for APG will be added:
::
class ApplicationPolicyGroup(models_v2.HasId, models_v2.HasTenant):
name = sa.Column(sa.String(255))
description = sa.Column(sa.String(255))
status = sa.Column(sa.String(length=16), nullable=True)
status_details = sa.Column(sa.String(length=4096), nullable=True)
policy_target_groups = orm.relationship(PolicyTargetGroup,
backref='application_policy_group')
A new foreign key constraint will be added to the PolicyTargetGroup table:
::
application_policy_group_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_application_policy_groups.id'),
nullable=True)
REST API impact
---------------
A new resource application_policy_groups will be added:
::
APPLICATION_POLICY_GROUPS: {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None}, 'is_visible': True,
'primary_key': True},
'name': {'allow_post': True, 'allow_put': True,
'validate': {'type:gbp_resource_name': None},
'default': '', 'is_visible': True},
'description': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': None},
'is_visible': True, 'default': ''},
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:string': None},
'required_by_policy': True, 'is_visible': True},
'status': {'allow_post': False, 'allow_put': False,
'is_visible': True},
'status_details': {'allow_post': False, 'allow_put': False,
'is_visible': True},
'policy_target_groups': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
attr.SHARED: {'allow_post': True, 'allow_put': True,
'default': False, 'convert_to': attr.convert_to_boolean,
'is_visible': True, 'required_by_policy': True,
'enforce_policy': True},
},
A new optional attribute "application_policy_group_id" is added to the
policy_target_group resource:
::
'application_policy_group_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'default': '', 'is_visible': True}
The client will have to be updated, and CLI for APG will have to be provided.
Security impact
---------------
Notifications impact
--------------------
Other end user impact
---------------------
Performance impact
------------------
Other deployer impact
---------------------
Developer impact
----------------
The policy driver interface will be updated to support CRUD operations for APG.
Community impact
----------------
Alternatives
------------
Implementation
==============
Assignee(s)
-----------
* Sumit Naiksatam (snaiksat)
Work items
----------
Dependencies
============
Testing
=======
Tempest tests
-------------
Functional tests
----------------
API tests
---------
Documentation impact
====================
User documentation
------------------
Developer documentation
-----------------------
References
==========