Legend:
Library
Module
Module type
Parameter
Class
Class type
A tree data structure including policies and dynamic usage.
Considering delegation of resources to someone, and further delegation to others - using a process which is not controlled by the authority - requires runtime tracking of these delegations and the actual usage:
If Alice may create 2 virtual machines, and she delegates the same capability further to both Bob and Charlie, the authority must still enforce that Alice, Bob, and Charlie are able to run 2 virtual machines in total, rather than 2 each.
insert_vm t name vm inserts vm under name in t, and returns the new t. The caller has to ensure (using check_vm) that a VM with the same name does not yet exist, and the block device is not in use.
raisesInvalid_argument
if block device is already in use, or VM already exists.