4.8 KiB
Grouping of PTGs based on Application Characteristics
Launchpad blueprint:
https://blueprints.launchpad.net/group-based-policy/+spec/application-group
Problem description
A Policy Target Group (PTG) can be used to represent a specific tier of an Application (e.g. DB tier). However, there is no construct in GBP that corresponds to the application itself. Such a construct can help to abstract the properties of the application (across the PTGs) futher simplifying the intent specification and automated orchestration.
Proposed change
It is proposed to add a new resource Application Policy Group (APG) that will have a 1 to many relationship with PTGs. Each PTG will belong to exactly one APG. The APG does not have relationship (or constraints) with any other GBP resources.
Each tenant will have a default APG. If no APG is specified, a PTG will be placed in this default APG. The APG association of the PTG can be updated. APG will support the shared attribute and can have visibility beyond the project which owns it.
Data model impact
A new table for APG will be added:
class ApplicationPolicyGroup(models_v2.HasId, models_v2.HasTenant):
name = sa.Column(sa.String(255))
description = sa.Column(sa.String(255))
status = sa.Column(sa.String(length=16), nullable=True)
status_details = sa.Column(sa.String(length=4096), nullable=True)
policy_target_groups = orm.relationship(PolicyTargetGroup,
backref='application_policy_group')A new foreign key constraint will be added to the PolicyTargetGroup table:
application_policy_group_id = sa.Column(sa.String(36),
sa.ForeignKey('gp_application_policy_groups.id'),
nullable=True)REST API impact
A new resource application_policy_groups will be added:
APPLICATION_POLICY_GROUPS: {
'id': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid': None}, 'is_visible': True,
'primary_key': True},
'name': {'allow_post': True, 'allow_put': True,
'validate': {'type:gbp_resource_name': None},
'default': '', 'is_visible': True},
'description': {'allow_post': True, 'allow_put': True,
'validate': {'type:string': None},
'is_visible': True, 'default': ''},
'tenant_id': {'allow_post': True, 'allow_put': False,
'validate': {'type:string': None},
'required_by_policy': True, 'is_visible': True},
'status': {'allow_post': False, 'allow_put': False,
'is_visible': True},
'status_details': {'allow_post': False, 'allow_put': False,
'is_visible': True},
'policy_target_groups': {'allow_post': False, 'allow_put': False,
'validate': {'type:uuid_list': None},
'convert_to': attr.convert_none_to_empty_list,
'default': None, 'is_visible': True},
attr.SHARED: {'allow_post': True, 'allow_put': True,
'default': False, 'convert_to': attr.convert_to_boolean,
'is_visible': True, 'required_by_policy': True,
'enforce_policy': True},
},A new optional attribute "application_policy_group_id" is added to the policy_target_group resource:
'application_policy_group_id': {'allow_post': True, 'allow_put': True,
'validate': {'type:uuid_or_none': None},
'default': '', 'is_visible': True}The client will have to be updated, and CLI for APG will have to be provided.
Security impact
Notifications impact
Other end user impact
Performance impact
Other deployer impact
Developer impact
The policy driver interface will be updated to support CRUD operations for APG.
Community impact
Alternatives
Implementation
Assignee(s)
- Sumit Naiksatam (snaiksat)