Abstract: A request is obtained that, if fulfilled, is operable to access a computing resource, with the request including an indication to evaluate the request in a verification mode while inhibiting fulfilment of the request. Responsive to the request, a policy applicable to the request is determined, decision data that is relevant to the policy is obtained, and the request is evaluated based at least in part on the policy and the decision data to produce an evaluation result. Further responsive to the request, fulfillment of the request is inhibited, a verification report is generated based at least in part on the evaluation result, and a notification is provided indicating that the verification report is generated.

Abstract: A request is obtained that, if fulfilled, is operable to access a computing resource, with the request including an indication to evaluate the request in a verification mode while inhibiting fulfilment of the request. Responsive to the request, a policy applicable to the request is determined, decision data that is relevant to the policy is obtained, and the request is evaluated based at least in part on the policy and the decision data to produce an evaluation result. Further responsive to the request, fulfillment of the request is inhibited, a verification report is generated based at least in part on the evaluation result, and a notification is provided indicating that the verification report is generated.

Abstract: A policy is incorporated into a first set of policies at least in part by generating a second set of policies corresponding to the policy. An index of the first set of policies is generated based at least in part on a policy element of a normal form. Based at least in part on the index, a subset of the first set of policies that is relevant to at least one of a plurality of policy enforcement components is identified and provided to at least one of the plurality of policy enforcement components of a virtual resource provider identified as relevant. A request subject to the policy is received, and the policy is enforced at least in part by evaluating the request with respect to the subset of the first set of policies.

Abstract: Object store management operations within compute-centric object stores are provided herein. An exemplary method may include transforming an object storage dump into an object store table by a table generator container, wherein the object storage dump includes at least objects within an object store that are marked for deletion, transmitting records for objects from the object store table to reducer containers, such that each reducer container receives object records for at least one object, the object records comprising all object records for the at least one object, generating a set of cleanup tasks by the reducer containers, and executing the cleanup tasks by a cleanup agents.

Abstract: Systems and methods for providing a compute-centric object store. An exemplary method may include receiving a request to perform a compute operation on at least a portion of an object store from a first user, the request identifying parameters of the compute operation, assigning virtual operating system containers to the objects of the object store from a pool of virtual operating system containers. The virtual operating system containers may perform the compute operation on the objects according to the identified parameters of the request. The method may also include clearing the virtual operating system containers and returning the virtual operating system containers to the pool.

Abstract: A policy is incorporated into a first set of policies at least in part by generating a second set of policies corresponding to the policy. An index of the first set of policies is generated based at least in part on a policy element of a normal form. Based at least in part on the index, a subset of the first set of policies that is relevant to at least one of a plurality of policy enforcement components is identified and provided to at least one of the plurality of policy enforcement components of a virtual resource provider identified as relevant. A request subject to the policy is received, and the policy is enforced at least in part by evaluating the request with respect to the subset of the first set of policies.

Abstract: User-specified policies may be efficiently implemented and enforced with a distributed set of policy enforcement components. User-specified policies may be transformed into a normal form. Sets of normal form policies may be optimized. The optimized policies may be indexed and/or divided and provided to the distributed set of policy enforcement components. The distributed policy enforcement may have a sandbox mode and/or verification mode enabling policy configuration verification. With appropriate authorization, substitute data may be used in verification mode to evaluate requests with respect to policies. Evaluation results, relevant policies, and decision data utilized during request evaluation may be collected, filtered and reported at a variety of levels of detail. Originating user-specified policies may be tracked during the policy normalization process to enable reference to user-specified policies in verification mode reports.

Abstract: User-specified policies may be efficiently implemented and enforced with a distributed set of policy enforcement components. User-specified policies may be transformed into a normal form. Sets of normal form policies may be optimized. The optimized policies may be indexed and/or divided and provided to the distributed set of policy enforcement components. The distributed policy enforcement may have a sandbox mode and/or verification mode enabling policy configuration verification. With appropriate authorization, substitute data may be used in verification mode to evaluate requests with respect to policies. Evaluation results, relevant policies, and decision data utilized during request evaluation may be collected, filtered and reported at a variety of levels of detail. Originating user-specified policies may be tracked during the policy normalization process to enable reference to user-specified policies in verification mode reports.

Abstract: Zone management of compute-based object stores is provided herein. An exemplary method may include assigning a virtual operating system container from the reserve zone pool to a task group, the task group including a set of tasks for a phase of a first request, and executing the set of tasks within the assigned virtual operating system container.

Abstract: Versioning schemes for compute-centric object stores are provided herein. An exemplary method may include creating a metadata clone of a first object within an object store via a versioning scheme module, the metadata of the first object being stored in the object store on a first path, establishing a copy on write link between the first path and a second path for the first object via the versioning scheme module, and storing the cloned metadata on the second path via the versioning scheme module.

Abstract: Object store management operations within compute-centric object stores are provided herein. An exemplary method may include transforming an object storage dump into an object store table by a table generator container, wherein the object storage dump includes at least objects within an object store that are marked for deletion, transmitting records for objects from the object store table to reducer containers, such that each reducer container receives object records for at least one object, the object records comprising all object records for the at least one object, generating a set of cleanup tasks by the reducer containers, and executing the cleanup tasks by a cleanup agents.

Abstract: Object store management operations within compute-centric object stores are provided herein. An exemplary method may include transforming an object storage dump into an object store table by a table generator container, wherein the object storage dump includes at least objects within an object store that are marked for deletion, transmitting records for objects from the object store table to reducer containers, such that each reducer container receives object records for at least one object, the object records comprising all object records for the at least one object, generating a set of cleanup tasks by the reducer containers, and executing the cleanup tasks by a cleanup agents.

Abstract: Object store management operations within compute-centric object stores are provided herein. An exemplary method may include transforming an object storage dump into an object store table by a table generator container, wherein the object storage dump includes at least objects within an object store that are marked for deletion, transmitting records for objects from the object store table to reducer containers, such that each reducer container receives object records for at least one object, the object records comprising all object records for the at least one object, generating a set of cleanup tasks by the reducer containers, and executing the cleanup tasks by a cleanup agents.

Abstract: Object store management operations within compute-centric object stores are provided herein. An exemplary method may include transforming an object storage dump into an object store table by a table generator container, wherein the object storage dump includes at least objects within an object store that are marked for deletion, transmitting records for objects from the object store table to reducer containers, such that each reducer container receives object records for at least one object, the object records comprising all object records for the at least one object, generating a set of cleanup tasks by the reducer containers, and executing the cleanup tasks by a cleanup agents.

Abstract: Zone management of compute-based object stores is provided herein. An exemplary method may include assigning a virtual operating system container from the reserve zone pool to a task group, the task group including a set of tasks for a phase of a first request, and executing the set of tasks within the assigned virtual operating system container.

Abstract: Systems and methods for providing a compute-centric object store. An exemplary method may include receiving a request to perform a compute operation on at least a portion of an object store from a first user, the request identifying parameters of the compute operation, assigning virtual operating system containers to the objects of the object store from a pool of virtual operating system containers. The virtual operating system containers may perform the compute operation on the objects according to the identified parameters of the request. The method may also include clearing the virtual operating system containers and returning the virtual operating system containers to the pool.

Abstract: Object store management operations within compute-centric object stores are provided herein. An exemplary method may include transforming an object storage dump into an object store table by a table generator container, wherein the object storage dump includes at least objects within an object store that are marked for deletion, transmitting records for objects from the object store table to reducer containers, such that each reducer container receives object records for at least one object, the object records comprising all object records for the at least one object, generating a set of cleanup tasks by the reducer containers, and executing the cleanup tasks by a cleanup agents.

Abstract: Versioning schemes for compute-centric object stores are provided herein. An exemplary method may include creating a metadata clone of a first object within an object store via a versioning scheme module, the metadata of the first object being stored in the object store on a first path, establishing a copy on write link between the first path and a second path for the first object via the versioning scheme module, and storing the cloned metadata on the second path via the versioning scheme module.

Abstract: Instruction set architectures for compute-centric object stores. An exemplary method may include receiving a request from a user, the request identifying parameters of a compute operation that is to be executed against one or more objects in a distributed object store, generating a set of tasks from the request that comprise instructions for a daemon, locating the one or more objects within the distributed object store, the one or more objects being stored on a physical node. The method includes providing the set of tasks to a daemon, the daemon controlling execution of the compute operation by a virtual operating system container based upon the set of tasks, and storing an output of the virtual operating system container in the distributed object store.

Abstract: Instruction set architectures for compute-centric object stores. An exemplary method may include receiving a request from a user, the request identifying parameters of a compute operation that is to be executed against one or more objects in a distributed object store, generating a set of tasks from the request that comprise instructions for a daemon, locating the one or more objects within the distributed object store, the one or more objects being stored on a physical node. The method includes providing the set of tasks to a daemon, the daemon controlling execution of the compute operation by a virtual operating system container based upon the set of tasks, and storing an output of the virtual operating system container in the distributed object store.