diff options
| author |   Georg Kunz <georg.kunz@ericsson.com> | 2016-08-11 10:04:39 +0200 |
|---|---|---|
| committer | Georg Kunz <georg.kunz@ericsson.com> | 2016-09-16 09:24:19 +0000 |
| commit | 39d5de2b814b2ec038da973b82ee62f11a266b96 (patch) | |
| tree | 8eb8ac2038d8db8d468c6389529b90e3076eab52 /docs/requirements/use_cases/programmable_provisioning.rst | |
| parent | be8fbafa73dd6f22fa6fadac1adb82ff47072516 (diff) | |
Global review of the NetReady requirements documentcolorado.1.0
This patchset enables a global review of the entire NetReady
requirements document. Changes to the document shall be pushed
as new patches to this patchset.
Change-Id: I7cc9290c9260aad5b687253b02d60efbc8a64bb2
Signed-off-by: Georg Kunz <georg.kunz@ericsson.com>
Diffstat (limited to 'docs/requirements/use_cases/programmable_provisioning.rst')
| -rw-r--r-- | docs/requirements/use_cases/programmable_provisioning.rst | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/docs/requirements/use_cases/programmable_provisioning.rst b/docs/requirements/use_cases/programmable_provisioning.rst new file mode 100644 index 0000000..963451d --- /dev/null +++ b/docs/requirements/use_cases/programmable_provisioning.rst @@ -0,0 +1,52 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +Programmable Provisioning of Provider Networks +---------------------------------------------- +Description +~~~~~~~~~~~ + +In a NFV environment the VNFMs (Virtual Network Function Manager) are consumers +of the OpenStack IaaS API. They are often deployed without administrative rights +on top of the NFVI platform. Furthermore, in the telco domain provider networks +are often used. However, when a provider network is created administrative +rights are needed what in the case of a VNFM without administrative rights +requires additional manual configuration work. It shall be possible to +configure provider networks without administrative rights. It should be +possible to assign the capability to create provider networks to any roles. + +The following figure (:numref:`api-users`) shows the possible users of an +OpenStack API and the relation of OpenStack and ETSI NFV components. Boxes with +solid line are the ETSI NFV components while the boxes with broken line are the +OpenStack components. + +.. figure:: images/api-users.png + :name: api-users + :width: 50% + +Derived Requirements +~~~~~~~~~~~~~~~~~~~~~ + - Authorize the possibility of provider network creation based on policy + - There should be a new entry in :code:`policy.json` which controls the provider network creation + - Default policy of this new entry should be :code:`rule:admin_or_owner`. + - This policy should be respected by the Neutron API + +Northbound API / Workflow ++++++++++++++++++++++++++ + - No changes in the API + +Data model objects +++++++++++++++++++ + - No changes in the data model + +Current implementation +~~~~~~~~~~~~~~~~~~~~~~ +Only admin users can manage provider networks [OS-NETWORKING-GUIDE-ML2]_. + +Potential implementation +~~~~~~~~~~~~~~~~~~~~~~~~ + - Policy engine shall be able to handle a new provider network creation and + modification related policy. + - When a provider network is created or modified neutron should check the + authority with the policy engine instead of requesting administrative + rights. |