package albatross

  1. Overview
  2. Docs

A tree data structure including policies and dynamic usage.

Considering delegation of resources to someone, and further delegation to others - using a process which is not controlled by the authority - requires runtime tracking of these delegations and the actual usage:

If Alice may create 2 virtual machines, and she delegates the same capability further to both Bob and Charlie, the authority must still enforce that Alice, Bob, and Charlie are able to run 2 virtual machines in total, rather than 2 each.

type t = private {
  1. policies : Vmm_core.Policy.t Vmm_trie.t;
  2. block_devices : (int * bool) Vmm_trie.t;
  3. unikernels : Vmm_core.Unikernel.t Vmm_trie.t;
}

The type of the resource tree.

val empty : t

empty is the empty tree.

val find_vm : t -> Vmm_core.Name.t -> Vmm_core.Unikernel.t option

find_vm t id is either Some vm or None.

val find_policy : t -> Vmm_core.Name.t -> Vmm_core.Policy.t option

find_policy t Name.t is either Some policy or None.

val find_block : t -> Vmm_core.Name.t -> (int * bool) option

find_block t Name.t is either Some (size, active) or None.

val check_vm : t -> Vmm_core.Name.t -> Vmm_core.Unikernel.config -> (unit, [> `Msg of string ]) Stdlib.result

check_vm t Name.t vm checks whether vm under Name.t in t would be allowed under the current policies.

val insert_vm : t -> Vmm_core.Name.t -> Vmm_core.Unikernel.t -> t

insert_vm t Name.t vm inserts vm under Name.t in t, and returns the new t. The caller has to ensure (using check_vm) that a VM with the same name does not yet exist, and the block device is not in use.

  • raises Invalid_argument

    if block device is already in use, or VM already exists.

val insert_policy : t -> Vmm_core.Name.t -> Vmm_core.Policy.t -> (t, [> `Msg of string ]) Stdlib.result

insert_policy t Name.t policy inserts policy under Name.t in t, and returns the new t or an error.

val check_block : t -> Vmm_core.Name.t -> int -> (unit, [> `Msg of string ]) Stdlib.result

check_block t Name.t size checks whether size under Name.t in t would be allowed under the current policies.

val insert_block : t -> Vmm_core.Name.t -> int -> (t, [> `Msg of string ]) Stdlib.result

insert_block t Name.t size inserts size under Name.t in t, and returns the new t or an error.

val remove_vm : t -> Vmm_core.Name.t -> (t, [> `Msg of string ]) Stdlib.result

remove_vm t Name.t removes vm Name.t from t.

val remove_policy : t -> Vmm_core.Name.t -> (t, [> `Msg of string ]) Stdlib.result

remove_policy t Name.t removes policy Name.t from t.

val remove_block : t -> Vmm_core.Name.t -> (t, [> `Msg of string ]) Stdlib.result

remove_block t Name.t removes block Name.t from t.

val pp : t Fmt.t

pp is a pretty printer for t.

OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct