From f7f63b7ba9b1b4d9a0d9ead067579a8c5956b618 Mon Sep 17 00:00:00 2001 From: Sumit Naiksatam Date: Mon, 13 Oct 2014 02:31:23 -0700 Subject: [PATCH] Add ServicePolicy and update PolicyLabels New resource ServicePolicy is being added to model the resource that are used for allocating resources (like IP addresses) that are used by the service chain. Also renaming PolicyLabels to PolicyTags and adding values attribute. Change-Id: Ifa2d758a14f166a1b85be5ae5c1c6a075c9e0d3b --- specs/juno/group-based-policy-abstraction.rst | 110 ++++++++++++++---- 1 file changed, 85 insertions(+), 25 deletions(-) diff --git a/specs/juno/group-based-policy-abstraction.rst b/specs/juno/group-based-policy-abstraction.rst index c163da4..c68668b 100644 --- a/specs/juno/group-based-policy-abstraction.rst +++ b/specs/juno/group-based-policy-abstraction.rst @@ -112,13 +112,16 @@ Contract. **Selector:** A Contract Scope can define additional constraints around choosing the matching provider or consumer EPGs for a Contract via a Selector. -**Policy Labels:** These are labels contained within a namespace hierarchy and +**Policy Tags:** These are labels contained within a namespace hierarchy and used to define Capability and Role tags used in Filters. -**Bridge Domain:** Used to define a L2 boundary and impose additional +**L2 Policy:** Used to define a L2 boundary and impose additional constraints (such as no broadcast) within that L2 boundary. -**Routing Domain:** Used to define a non-overlapping IP address space. +**L3 Policy:** Used to define a non-overlapping IP address space. + +**Network Service Policy:** Used to define policies that are used for assigning +resources in an EPG to be consumed by network services. Here is an example of how a three tier application would look like: @@ -249,6 +252,7 @@ All objects have the following common attributes: Endpoint * epg_id - UUID of the EndpointGroup (EPG) that this Endpoint (EP) belongs to + * policy_tags - a list of PolicyTag uuids EndpointGroup * endpoints - list of endpoint uuids @@ -264,22 +268,26 @@ Contract ContractProvidingScope * contract_id - uuid of the Contract that is being provided by the EPG * selectors - list of Selectors uuids - * capabilites - list of PolicyLabel uuids + * capabilites - list of PolicyTag uuids * providing_epg - EndpointGroup uuid ContractConsumingScope * contract_id - uuid of the Contract that is being consumed by the EPG * selectors - list of Selectors uuids - * roles - list of PolicyLabels + * roles - list of PolicyTags * consuming_epg - EndpointGroup uuid Selector * scope - enum: GLOBAL, TENANT, EPG * value - None for GLOBAL, or uuid of tenant/EPG -PolicyLabel +PolicyTag * namespace - string, a namespace identifier for policy labels * name - string, not optional + * values - list of PolicyValue uuids + +PolicyValue + * value - String PolicyRule * filter - uuid of Filter @@ -287,8 +295,8 @@ PolicyRule * actions - list of Action uuids Filter - * provider_capablilities - list of PolicyLabel uuids - * consumer_roles - list of PolicyLabel uuids + * provider_capablilities - list of PolicyTag uuids + * consumer_roles - list of PolicyTag uuids Classifier * protocol - enum: TCP, IP, ICMP @@ -298,10 +306,7 @@ Classifier Action * type - enum: ALLOW, REDIRECT, QOS, LOG, MARK, COPY * value - uuid of a resource that performs the action, for example in the - case of REDIRECT, its the uuid of the ServiceWrapper - -ServiceWrapper - * neutron_service - uuid of service or service_chain + case of REDIRECT, its the uuid of the Service Chain L2Policy * endpoint_groups - list of EndpointGroup uuids @@ -320,6 +325,28 @@ creating L3Policy a default ip_pool and default_subnet_prefix_length are created. If a user creates an EPG, a subnet will be pulled from ip_pool using default_subnet_prefix_length. +NetworkServicePolicy + * endpoint_groups - list of EndpointGroup uuids + * network_service_params - list of ServiceArgument uuids + +NetworkServiceParams + * type - String, enum, ip_single, ip_pool, string + * name - String, e.g. vip + * value - String, e.g. self_subnet or external_subnet when the type is + ip_single or ip_pool; a string value when the type is string + The type and value are validated, the name is treated as a literal. + The name of the param is chosen by the service chain implementation, + and as such is validated by the service chain provider. + The supported types are: ip_single, ip_pool, string. + The supported values are: self_subnet and external_subnet, + but the values are not validated when the tpye is 'string'. + Valid combinations are: + ip_single, self_subnet: Allocate a single IP addr from epg subnet, + e.g. VIP (in the private network) + ip_single, external_subnet: Allocate a single floating-ip addr, + e.g. Public address for the VIP + ip_pool, external_subnet: Allocate a floating-ip for every EP in EPG + Objects to support Mapping to existing Neutron resources EndpointPortBinding (extends Endpoint) @@ -363,9 +390,10 @@ The following new resources are being introduced: CLASSIFIERS = 'classifiers' ACTIONS = 'actions' SELECTORS = 'selectors' - POLICY_LABELS = 'policy_labels' + POLICY_TAGS = 'policy_tags' L2_POLICIES = 'l2_policies' L3_POLICIES = 'l3_policies' + NETWORK_SERVICE_POLICIES = 'network_service_policies' RESOURCE_ATTRIBUTE_MAP = { ENDPOINTS: { @@ -402,9 +430,12 @@ The following new resources are being introduced: 'validate': {'type:uuid_list': None}, 'convert_to': attr.convert_none_to_empty_list, 'default': None, 'is_visible': True}, - 'bridge_domain_id': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_or_none': None}, - 'default': None, 'is_visible': True}, + 'l2_policy_id': {'allow_post': True, 'allow_put': True, + 'validate': {'type:uuid_or_none': None}, + 'default': None, 'is_visible': True}, + 'network_service_policy_id': {'allow_post': True, 'allow_put': True, + 'validate': {'type:uuid_or_none': None}, + 'default': None, 'is_visible': True}, 'provided_contract_scopes': {'allow_post': True, 'allow_put': True, 'validate': {'type:uuid_list': None}, 'convert_to': @@ -629,14 +660,11 @@ The following new resources are being introduced: 'validate': {'type:uuid_or_none': None}, 'is_visible': True}, }, - POLICY_LABELS: { + POLICY_TAGS: { 'id': {'allow_post': False, 'allow_put': False, 'validate': {'type:uuid': None}, 'is_visible': True, 'primary_key': True}, - 'name': {'allow_post': True, 'allow_put': True, - 'validate': {'type:string': None}, - 'default': '', 'is_visible': True}, 'description': {'allow_post': True, 'allow_put': True, 'validate': {'type:string': None}, 'is_visible': True, 'default': ''}, @@ -649,7 +677,12 @@ The following new resources are being introduced: 'is_visible': True, 'default': ''}, 'name': {'allow_post': True, 'allow_put': True, 'validate': {'type:string': None}, - 'is_visible': True, 'required': True}, + 'required': True, 'is_visible': True}, + 'values': {'allow_post': True, 'allow_put': True, + 'default': None, + 'validate': {'type:uuid_list': None}, + 'convert_to': attr.convert_none_to_empty_list, + 'is_visible': True}, }, L2_POLICIES: { 'id': {'allow_post': False, 'allow_put': False, @@ -668,10 +701,10 @@ The following new resources are being introduced: 'validate': {'type:uuid_list': None}, 'convert_to': attr.convert_none_to_empty_list, 'default': None, 'is_visible': True}, - 'routing_domain_id': {'allow_post': True, 'allow_put': True, - 'validate': {'type:uuid_or_none': None}, - 'default': None, 'is_visible': True, - 'required': True}, + 'l3_policy_id': {'allow_post': True, 'allow_put': True, + 'validate': {'type:uuid_or_none': None}, + 'default': None, 'is_visible': True, + 'required': True}, }, L3_POLICIES: { 'id': {'allow_post': False, 'allow_put': False, @@ -705,6 +738,33 @@ The following new resources are being introduced: 'convert_to': attr.convert_none_to_empty_list, 'default': None, 'is_visible': True}, }, + NETWORK_SERVICE_POLICIES: { + 'id': {'allow_post': False, 'allow_put': False, + 'validate': {'type:uuid': None}, 'is_visible': True, + 'primary_key': True}, + 'name': {'allow_post': True, 'allow_put': True, + 'validate': {'type:string': None}, + 'default': '', 'is_visible': True}, + 'description': {'allow_post': True, 'allow_put': True, + 'validate': {'type:string': None}, + 'is_visible': True, 'default': ''}, + 'tenant_id': {'allow_post': True, 'allow_put': False, + 'validate': {'type:string': None}, + 'required_by_policy': True, 'is_visible': True}, + 'endpoint_groups': {'allow_post': False, 'allow_put': False, + 'validate': {'type:uuid_list': None}, + 'convert_to': attr.convert_none_to_empty_list, + 'default': None, 'is_visible': True}, + # A valid network_svc_params list is: + # [{'type': , 'name': , 'value': + # }] + # e.g. [{'type': 'ip_single', 'name': 'vip', 'value': 'self_subnet'}] + 'network_service_params': {'allow_post': True, 'allow_put': True, + 'validate': {'type:list': None}, + 'convert_to': + attr.convert_none_to_empty_list, + 'default': None, 'is_visible': True}, + }, } The following defines the mapping to classical (existing) Neutron resources