The congress.policy_engines.agnostic Module

class congress.policy_engines.agnostic.DseRuntime(name)

Bases: congress.policy_engines.agnostic.Runtime, congress.dse2.data_service.DataService

execute_action(service_name, action, action_args)

Event handler for action execution.

Parameters:service_name – openstack service to perform the action on,

e.g. ‘nova’, ‘neutron’ :param action: action to perform on service, e.g. an API call :param action_args: positional-args and named-args in format:

{‘positional’: [‘p_arg1’, ‘p_arg2’], ‘named’: {‘name1’: ‘n_arg1’, ‘name2’: ‘n_arg2’}}.
extend_schema(service_name, schema)

Initialize table subscription.

Once policies have all been loaded, this function subscribes to all the necessary tables. See UPDATE_TABLE_SUBSCRIPTIONS as well.


handler for policy table subscription

when a previously non-subscribed table gains a subscriber, register a trigger for the tables and publish table results when there is updates.


Remove triggers when tables have no subscribers.

prepush_processor(data, dataindex, type=None)

Called before push.

Takes as input the DATA that the receiver needs and returns the payload for the message. If this is a regular publication message, make the payload just the delta; otherwise, make the payload the entire table.

process_policy_update(events, persistent=False)
pub_policy_result(table, olddata, newdata)

Callback for policy table triggers.

receive_data(publisher, table, data, is_snapshot=False)

Event handler for when a dataservice publishes data.

That data can either be the full table (as a list of tuples) or a delta (a list of Events).

receive_data_full(publisher, table, data)

Handler for when dataservice publishes full table.

receive_data_update(publisher, table, data)

Handler for when dataservice publishes a delta.

set_schema(name, schema, complete=False)
update_table_subscriptions(oldtables, newtables)

Update table subscription.

Change the subscriptions from OLDTABLES to NEWTABLES, ensuring to load all the appropriate services.

class congress.policy_engines.agnostic.DseRuntimeEndpoints(dse)

Bases: object

RPC endpoints exposed by DseRuntime.

delete_policy(context, name, disallow_dangling_refs=False)
execute_action(context, service_name, action, action_args)
get_row_data(context, table_id, source_id, trace=False)
get_status(context, source_id, params)
get_tablename(context, source_id, table_id)
get_tablenames(context, source_id)
initialize_datasource(context, name, schema)
persistent_create_policy(context, name=None, id_=None, abbr=None, kind=None, desc=None)
persistent_delete_policy(context, name_or_id)
persistent_delete_rule(context, id_, policy_name_or_id)
persistent_get_policy(context, id_)
persistent_get_rule(context, id_, policy_name)
persistent_get_rules(context, policy_name)
persistent_insert_rule(context, policy_name, str_rule, rule_name, comment)
simulate(context, query, theory, sequence, action_theory, delta=False, trace=False, as_list=False)
sync_one_policy(context, policy_name)
class congress.policy_engines.agnostic.ExecutionLogger

Bases: object

critical(msg, *args)
debug(msg, *args)
error(msg, *args)
info(msg, *args)
warn(msg, *args)
class congress.policy_engines.agnostic.ExperimentalRuntime

Bases: congress.policy_engines.agnostic.Runtime

access_control(action, support=”)

Event handler for making access_control request.

ACTION is an atom describing a proposed action instance. SUPPORT is any data that should be assumed true when posing the query. Returns True iff access is granted.


Event handler for execute:

Execute a sequence of ground actions in the real world.


Executes the list of ACTION instances one at a time.

For now, our execution is just logging.

explain(query, tablenames=None, find_all=False, target=None)

Event handler for explanations.

Given a ground query and a collection of tablenames that we want the explanation in terms of, return proof(s) that the query is true. If FIND_ALL is True, returns list; otherwise, returns single proof.

explain_obj(query, tablenames, find_all, theory)
explain_string(query_string, tablenames, find_all, theory)
explain_tuple(tuple, tablenames, find_all, theory)

Event handler for remediation.


Find a collection of action invocations

That if executed result in FORMULA becoming false.

remediate_tuple(tuple, theory)
class congress.policy_engines.agnostic.PolicySubData(trigger)

Bases: object

class congress.policy_engines.agnostic.Runtime

Bases: object

Runtime for the Congress policy language.

Only have one instantiation in practice, but using a class is natural and useful for testing.

ACTION_THEORY = ‘action’
DEFAULT_THEORY = ‘classification’

Add policy obj to runtime

arity(table, theory, modal=None)

Return number of columns for TABLE in THEORY.

TABLE can include the policy name. <policy>:<table> THEORY is the name of the theory we are asking. MODAL is the value of the modal, if any.


Checks if policy exists or not.

Parameters:policy_name – policy name
Returns:True, if policy exists
Raises:PolicyRuntimeException, if policy doesn’t exist.
construct_policy_obj(name, abbr=None, kind=None, id_=None, desc=None, owner=None)

Construct policy obj


Event handler for querying content().

create_policy(name, abbr=None, kind=None, id_=None, desc=None, owner=None)

Create a new policy and add it to the runtime.

ABBR is a shortened version of NAME that appears in traces. KIND is the name of the datastructure used to represent a policy.

delete(formula, target=None)

Event handler for arbitrary deletion (rules and facts).

delete_policy(name_or_id, disallow_dangling_refs=False)

Deletes policy with name NAME or throws KeyError or DanglingRefs.

find_subpolicy(required_tables, prohibited_tables, output_tables, target=None)

Return a subset of rules in @theory.

@required_tables is the set of tablenames that a rule must depend on. @prohibited_tables is the set of tablenames that a rule must NOT depend on. @output_tables is the set of tablenames that all rules must support.


Return a list of the names of action tables.

get_row_data(table_id, source_id, trace=False)
get_status(source_id, params)
get_tablename(source_id, table_id)

Resolve NAME to the name of a proper policy (even if it is None).

Raises PolicyException there is no such policy.


Return (Runtime’s tracer, dict of tracers for each theory).

Useful so we can temporarily change tracing.

initialize_datasource(name, schema)

Initializes datasource by creating policy and setting schema.

initialize_tables(tablenames, facts, target=None)

Event handler for (re)initializing a collection of tables

@facts must be an iterable containing compile.Fact objects.

insert(formula, target=None)

Event handler for arbitrary insertion (rules and facts).

persistent_create_policy(name, id_=None, abbr=None, kind=None, desc=None)
persistent_delete_rule(id_, policy_name_or_id)
persistent_get_rule(id_, policy_name)

Return data for rule with id_ in policy_name.


Return data for all rules in policy_name.

persistent_insert_rule(policy_name, str_rule, rule_name, comment)
persistent_insert_rules(*args, **kwargs)

Insert and persists rule into policy_name.


Load policies from database.


Load all rules from the database.


Event handler for querying policy.


Returns list of policy names.

policy_object(name=None, id=None)

Return policy by given name. Raises KeyError if does not exist.


Return type of policy NAME. Throws KeyError if does not exist.

process_policy_update(events, persistent=False)
project(sequence, policy_theory, action_theory)

Apply the list of updates SEQUENCE.

Apply the list of updates SEQUENCE, where actions are described in ACTION_THEORY. Return an update sequence that will undo the projection.

SEQUENCE can include atom insert/deletes, rule insert/deletes, and action invocations. Projecting an action only simulates that action’s invocation using the action’s description; the results are therefore only an approximation of executing actions directly. Elements of SEQUENCE are just formulas applied to the given THEORY. They are NOT Event()s.

SEQUENCE is really a program in a mini-programming language–enabling results of one action to be passed to another. Hence, even ignoring actions, this functionality cannot be achieved by simply inserting/deleting.

project_updates(delta, theory)

Project atom/delta rule insertion/deletion.

Takes an atom/rule DELTA with update head table (i.e. ending in + or -) and inserts/deletes, respectively, that atom/rule into THEORY after stripping the +/-. Returns None if DELTA had no effect on the current state.

register_trigger(tablename, callback, policy=None, modal=None)

Register CALLBACK to run when table TABLENAME changes.

rename_policy(oldname, newname)

Renames policy OLDNAME to NEWNAME or raises KeyError.


If p+(args) and p-(args) are present, removes the p-(args).

select(query, target=None, trace=False)

Event handler for arbitrary queries.

Returns the set of all instantiated QUERY that are true.

set_schema(name, schema, complete=False)

Set the schema for module NAME to be SCHEMA.

simulate(query, theory, sequence, action_theory, delta=False, trace=False, as_list=False)

Event handler for simulation.

:param query is a string/object to query after :param theory is the policy to query :param sequence is a string/iter of updates to state/policy or actions :param action_theory is the policy that contains action descriptions :param delta indicates whether to return changes to query caused by

:param trace indicates whether to include a string description of the
implementation. When True causes the return value to be the tuple (result, trace).
:param as_list controls whether the result is forced to be a list of

Returns a list of instances of query. If query/sequence are strings the query instance list is a single string (unless as_list is True in which case the query instance list is a list of strings). If query/sequence are objects then the query instance list is a list of objects.

The computation of a query given an action sequence. That sequence can include updates to atoms, updates to rules, and action invocations. Returns a collection of Literals (as a string if the query and sequence are strings or as a Python collection otherwise). If delta is True, the return is a collection of Literals where each tablename ends with either + or - to indicate whether that fact was added or deleted. Example atom update: q+(1) or q-(1) Example rule update: p+(x) :- q(x) or p-(x) :- q(x) Example action invocation:

create_network(17), options:value(17, “name”, “net1”) :- true
table_contents_queries(tablename, policy, modal=None)

Return list of queries yielding contents of TABLENAME in POLICY.

table_log(table, msg, *args)
tablenames(body_only=False, include_builtin=False, theory_name=None, include_modal=True)

Return tablenames occurring in some theory.


Unregister CALLBACK for table TABLENAME.

update(sequence, target=None, persistent=False)

Event handler for applying an arbitrary sequence of insert/deletes.

If TARGET is supplied, it overrides the targets in SEQUENCE.

class congress.policy_engines.agnostic.Trigger(tablename, policy, callback, modal=None)

Bases: object

A chunk of code that should be run when a table’s contents changes.

class congress.policy_engines.agnostic.TriggerRegistry(dependency_graph)

Bases: object

A collection of triggers and algorithms to analyze that collection.

register_table(tablename, policy, callback, modal=None)

Register CALLBACK to run when TABLENAME changes.


Return the set of triggers that are relevant to the EVENTS.

Each EVENT may either be a compile.Event or a tablename.

classmethod triggers_by_table(triggers)

Return dictionary from tables to triggers.


Unregister trigger ID.


Inform registry of changes to the dependency graph.

Changes are accounted for in self.dependency_graph, but by giving the list of changes we can avoid recomputing all dependencies from scratch.

congress.policy_engines.agnostic.string_to_database(string, theories=None)