Fix the unintended .: rendering in doc
Change-Id: I5ef27b5036ba0767c73838f2c64513f217ea93c1
This commit is contained in:
parent
576e531e86
commit
518b242d60
|
@ -15,7 +15,9 @@ each row-column entry contains a string or a number.
|
|||
|
||||
For example, Neutron contains a mapping between IP addresses and the
|
||||
ports they are assigned to; neutron represents this state as the
|
||||
following table.::
|
||||
following table.
|
||||
|
||||
::
|
||||
|
||||
====================================== ==========
|
||||
ID IP
|
||||
|
|
|
@ -48,7 +48,9 @@ ID IP
|
|||
"73e31d4c-e89b-12d3-a456-426655440000" "10.0.0.3"
|
||||
====================================== ==========
|
||||
|
||||
This is the policy written in Congress's policy language.::
|
||||
This is the policy written in Congress's policy language.
|
||||
|
||||
::
|
||||
|
||||
error(port_id, ip1, ip2) :-
|
||||
port(port_id, ip1),
|
||||
|
@ -68,7 +70,9 @@ some tables from Neutron, others from Nova).
|
|||
|
||||
For example, if we have the following table schemas from Nova, Neutron, and
|
||||
ActiveDirectory, we could write a policy that says every network connected to a VM must
|
||||
either be public or owned by someone in the same group as the VM owner.::
|
||||
either be public or owned by someone in the same group as the VM owner.
|
||||
|
||||
::
|
||||
|
||||
error(vm, network) :-
|
||||
nova:virtual_machine(vm)
|
||||
|
@ -193,7 +197,9 @@ in *neutron:port_ip*. That happens because one of the ports in
|
|||
neutron:port_ip has been assigned 2 distinct IPs.
|
||||
|
||||
**AND operator** As a slightly more complex example, we could define a table
|
||||
*same_ip* that lists all the pairs of ports that are assigned the same IP.::
|
||||
*same_ip* that lists all the pairs of ports that are assigned the same IP.
|
||||
|
||||
::
|
||||
|
||||
same_ip(port1, port2) :- neutron:port_ip(port1, ip), neutron:port_ip(port2, ip)
|
||||
|
||||
|
@ -221,7 +227,9 @@ representing group membership information from two different services:
|
|||
Keystone and Active Directory. We can create a new table *group* that says a
|
||||
person is a member of a group if she is a member of that group either according
|
||||
to Keystone or according to Active Directory. In Datalog we create this table
|
||||
by writing two rules.::
|
||||
by writing two rules.
|
||||
|
||||
::
|
||||
|
||||
group(user, grp) :- ad:group(user, grp)
|
||||
group(user, grp) :- keystone:group(user, grp)
|
||||
|
|
|
@ -220,7 +220,9 @@ annotations::
|
|||
In our example, we know the contents of the *error* table is empty, but
|
||||
all of the tables used to construct *error* look reasonable. So we ask
|
||||
for a trace showing why the *error* table is empty. The trace is returned
|
||||
as a string and be quite large.::
|
||||
as a string and be quite large.
|
||||
|
||||
::
|
||||
|
||||
$ curl -X GET localhost:1789/v1/policies/<classification-id>/tables/error/rows?trace=true
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue