Group Based Policy

Download
heat_template_version: 2015-04-30

description: Group Based Policy - Provider - Consumer

resources:
    
  l3policy_test:
    type: OS::GroupBasedPolicy::L3Policy
    
    properties:
      name: l3policy_test
      ip_pool: 192.168.0.0/16
      subnet_prefix_length: 24
      shared: False
      external_segments:
        - external_segment_id: 8b7e3a37-ad97-417c-b5e8-5b7db96fea1a
          allocated_address: []  
  
  l2policy_test:
    type: OS::GroupBasedPolicy::L2Policy
    
    properties:
      l3_policy_id: { get_resource: l3policy_test}
      name: l2policy_test
      shared: False
  
  ssh_policy:
    type: OS::GroupBasedPolicy::PolicyRule
    
    properties:
      name: ssh_policy
      enabled: True
      policy_classifier_id: { get_resource: ssh }
      policy_actions: 
      - 71997a74-6a13-48db-9930-064e1282b800
      shared: False
  
  ssh:
    type: OS::GroupBasedPolicy::PolicyClassifier
    
    properties:
      name: ssh
      protocol: tcp
      port_range: 22
      direction: in
      shared: False
  
  contract1:
    type: OS::GroupBasedPolicy::PolicyRuleSet
    
    properties:
      name: contract1
      policy_rules: 
      - { get_resource: ssh_policy }
      shared: False
  
  contract_external:
    type: OS::GroupBasedPolicy::PolicyRuleSet
    
    properties:
      name: contract_external
      policy_rules: 
      - { get_resource: ssh_policy }
      shared: False
  
  group_provider:
    type: OS::GroupBasedPolicy::PolicyTargetGroup
    
    properties:
      name: group_provider
      shared: False
      l2_policy_id: { get_resource: l2policy_test }
      provided_policy_rule_sets:
        - policy_rule_set_id: { get_resource: contract1 }
          policy_rule_set_scope: local
        - policy_rule_set_id: { get_resource: contract_external }
          policy_rule_set_scope: local
  
  group_consumer:
    type: OS::GroupBasedPolicy::PolicyTargetGroup
    
    properties:
      name: group_consumer
      shared: False
      l2_policy_id: { get_resource: l2policy_test }
      consumed_policy_rule_sets:
        - policy_rule_set_id: { get_resource: contract1 }
          policy_rule_set_scope: local
  
  target_provider:
    type: OS::GroupBasedPolicy::PolicyTarget
    
    properties:
      name: target_provider
      policy_target_group_id: { get_resource: group_provider }
  
  target_consumer:
    type: OS::GroupBasedPolicy::PolicyTarget
    
    properties:
      name: target_consumer
      policy_target_group_id: { get_resource: group_consumer }
  
  vm_provider:
    type: OS::Nova::Server
    
    properties:
      name: vm_provider
      image: Debian 8
      flavor: m1.small
      networks:
        - port: { get_attr: [target_provider, port_id] }
  
  vm_consumer:
    type: OS::Nova::Server
    
    properties:
      name: vm_consumer
      image: Debian 8
      flavor: m1.small
      networks:
        - port: { get_attr: [target_consumer, port_id] }
  
  external_policy:
    type: OS::GroupBasedPolicy::ExternalPolicy
    
    properties:
      name: external_policy
      shared: False
      consumed_policy_rule_sets:
        - policy_rule_set_id: { get_resource: contract_external }
          policy_rule_set_scope: local
#      external_segments: 
# provide external segment id
#        - 8b7e3a37-ad97-417c-b5e8-5b7db96fea1a
  

Last modified: 2017-05-25