Deny action support for contracts #326
Conversation
tbachman
requested review from
ansao-aci,
sayalinaval,
sbagalur and
tanyatukade
There was a problem hiding this comment.
Overall, a really good patch! One minor comment on the DB migration. My only other concern with this is that we've tested the upgrade path. I'd like to see the equivalent GBP patch before deciding to merge this. I'd also prefer to see the successful upgrade of a setup with this change and the corresponding GBP change (i.e. hot-patch and run the migrations, then verify operation).
| direction = sa.Column(sa.Enum('bi', 'in', 'out'), primary_key=True) | ||
|
|
||
|
|
||
| class ContractSubject(Base): |
There was a problem hiding this comment.
I realize that I suggested doing what you implemented, but I'm reconsidering that - now I'm thinking that any data migrations should be handled by the AIM consumer. They would be responsible for updating the resources to remove the elements from the lists (in, out, and bi) and populating the new resource defined by AIM.
Six new AIM resources are introduced as children of ContractSubject, which replaces filters and graph fields. Action field is added to filter to subject relation resources for the user to configure deny from AIM
| @@ -0,0 +1,159 @@ | |||
| # Copyright (c) 2017 Cisco Systems | |||
| # All Rights Reserved. | |||
| @@ -0,0 +1,205 @@ | |||
| # Copyright (c) 2018 Cisco Systems | |||
A new AIM resource ContractSubjectRsFilter is introduced as a child of
ContractSubject, which replaces bifilter, infilter and outfilter fields
Direction field in the resource will control the in,out and bi types, and
action to store permit/deny