Dependency-aware rules engine for delivering managed package upgrades

What is claimed is: 1. A method implemented by a server system for pushing managed package upgrades, comprising: receiving, over a network, a package dependency graph from a first operating entity via a first API call that expresses relationships between a set of managed software packages; ingesting a subscriber set subscribed to the set of managed software packages via a second API call to a second operating entity that owns the managed software packages; constructing a per-subscriber dependency graph expressing relationships between the individual subscriber's delivery operations; and executing delivery of the set of managed software packages based on dependency order of the per-subscriber dependency graph, while applying rules including one or more of: push schedule rules that allow the first operating entity to specify time-based gates before which delivery is not to be attempted; and subscriber exclusion rules that allow the first operating entity to exclude specific subscribers and those subscribers who have old software product versions. 2. The method of claim 1 , wherein receiving, over the network, the package dependency graph from a first operating entity via the first API call further comprises: determining a hierarchical dependency order of delivery operations between the set of managed software packages from the package dependency graph. 3. The method of claim 2 , further comprising: receiving in the first API call an identifier (ID) of an operator of the first operating entity and a link to the package dependency graph. 4. The method of claim 1 , wherein executing delivery of the set of managed software packages further comprises installing the set of managed software packages in instances of the individual subscribers in a cloud platform. 5. The method of claim 1 , further comprising: making available through an API or a web interface statistics about a status of past and present delivery operations as well as a schedule of future delivery operations. 6. The method of claim 1 , further comprising: receiving an initial API call from an operator of the first operating entity to create an account and to preconfigure a set of user permissions, the preconfigured set of user permissions defining which operators are allowed to perform which actions on a dependency-aware rules engine implementing the method. 7. The method of claim 6 , further comprising: defining by the preconfigured set of user permissions which users can create a push cohort, view delivery operation results, and view individual subscribers. 8. The method of claim 6 , further comprising: receiving in the initial API call managed package permissions specifying individual packages that are allowed to be represented in the dependency graph or the individual packages that are not allowed to be represented in the dependency graph. 9. The method of claim 6 , wherein receiving the first API call further comprises: validating user permissions against the preconfigured set of user permissions stored in a database. 10. The method of claim 1 , wherein executing delivery of the set of managed software packages further comprises: sending requests to the first operating entity to deliver the managed software packages to the subscribers. 11. The method of claim 1 , further comprising implementing the method for pushing managed package upgrades in a push upgrade system comprising the server system that executes a dependency-aware rules engine that automatically manages and deploys the managed software packages and their upgrades to one or more cloud platforms. 12. A non-transitory machine-readable storage medium that provides instructions that, if executed by a processor, are configurable to cause said processor to perform operations comprising: receiving, over a network, a package dependency graph from a first operating entity via a first API call that expresses relationships between a set of managed software packages; ingesting a subscriber set subscribed to the set of managed software packages via a second API call to a second operating entity that owns the managed software packages; constructing a per-subscriber dependency graph expressing relationships between the individual subscriber's delivery operations; executing delivery of the set of managed software packages based on dependency order of the per-subscriber dependency graph, while applying rules including one or more of: push schedule rules that allow the first operating entity to specify time-based gates before which delivery is not to be attempted; and subscriber exclusion rules that allow the first operating entity to exclude specific subscribers and those subscribers who have old software product versions. 13. The non-transitory machine-readable storage medium of claim 12 , wherein instructions for receiving, over the network, the package dependency graph from a first operating entity via the first API call further comprise: determining a hierarchical dependency order of delivery operations between the set of managed software packages from the package dependency graph. 14. The non-transitory machine-readable storage medium of claim 13 , further comprising: receiving in the first API call an identifier (ID) of an operator of the first operating entity and a link to the package dependency graph. 15. The non-transitory machine-readable storage medium of claim 12 , wherein executing delivery of the set of managed software packages further comprises installing the set of managed software packages in instances of the individual subscribers in a cloud platform. 16. The non-transitory machine-readable storage medium of claim 12 , further comprising: making available through an API or a web interface statistics about a status of past and present delivery operations as well as a schedule of future delivery operations. 17. The non-transitory machine-readable storage medium of claim 12 , further comprising: receiving an initial API call from an operator of the first operating entity to create an account and to preconfigure a set of user permissions, the preconfigured set of user permissions defining which operators are allowed to perform which actions on a dependency-aware rules engine implementing the instructions. 18. The non-transitory machine-readable storage medium of claim 17 , further comprising: defining by the preconfigured set of user permissions which users can create a push cohort, view delivery operation results, and view individual subscribers. 19. The non-transitory machine-readable storage medium of claim 17 , further comprising: receiving in the initial API call managed package permissions specifying individual packages that are allowed to be represented in the dependency graph or the individual packages that are not allowed to be represented in the dependency graph. 20. The non-transitory machine-readable storage medium of claim 17 , wherein receiving the first API call further comprises: validating user permissions against the preconfigured set of user permissions stored in a database. 21. The non-transitory machine-readable storage medium of claim 12 , wherein executing delivery of the set of managed software packages further comprises: sending requests to the first operating entity to deliver the managed software packages to the subscribers. 22. The non-transitory machine-readable storage medium of claim 12 , further comprising implementing the instructions for pushing managed package upgrades in a push upgrade system comprising a server syste