Policy declarations for cloud management system

What is claimed is: 1 . A computer readable storage device comprising instructions that, when executed, cause a processor to at least: identify a proposed change to a state of a network; in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change; and when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change. 2 . The computer readable storage device of claim 1 , wherein, the action to be taken by the cloud service provider includes disconnecting a virtual machine from the network or changing group ownership of network entities. 3 . The computer readable storage device of claim 1 , wherein, the state of the network is determined based on a set of relational tables storing network state data, the set of relational tables including a first table storing data corresponding to logical networks, a second table storing data corresponding to virtual machines, and a third table storing data corresponding to storage networks, the network state data received from data sources, the data sources including cloud service management applications. 4 . The computer readable storage device of claim 3 , wherein, the instructions, when executed, cause the processor to: store a copy of the network state data in network state tables in temporary memory; change the network state tables corresponding to the proposed change; and detect within the copy of the network state data, a network state violation of a data source according to the policy that specifies a set of conditions for a set of network state entities received from at least two of the data sources, the set of conditions specified as an existence of a set of data tuples involving the set of network state entities in the set of relational tables stored in the temporary memory. 5 . The computer readable storage device of claim 3 , wherein the policy includes a first set of conditions that define a first network state that is in violation of policy when each of the first set of conditions is represented in the set of relational tables and a second set of conditions that define a second network state in which the proposed change is permitted when each of the second set of conditions is represented in the set of relational tables. 6 . The computer readable storage device of claim 5 , wherein, the query plan includes at least one event that causes evaluation of the policy and a set of database join operations representing the first set of conditions. 7 . The computer readable storage device of claim 3 , wherein the set of relational tables includes an additional table storing data received from both the first and second data sources, the additional table defined by the policy based on the data received from both the first and second data sources. 8 . A method to prevent policy violations, the method comprising: identifying, by executing an instruction with a processor, a proposed change to a state of a network; in response to identifying the proposed change, determining, by executing an instruction with the processor, whether the proposed change will cause the state of the network to violate a policy including a query plan describing characteristics to evaluate the proposed change; and when the proposed change will cause the state of the network to violate the policy, executing, by executing an instruction with the processor, an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change. 9 . The method of claim 8 , wherein, the action to be taken by the cloud service provider includes: disconnecting a virtual machine from the network or changing group ownership of network entities. 10 . The method of claim 8 , wherein, the state of the network is determined based on a set of relational tables storing network state data, the set of relational tables including a first table storing data corresponding to logical networks, a second table storing data corresponding to virtual machines, and a third table storing data corresponding to storage networks, the network state data received from data sources, the data sources including cloud service management applications. 11 . The method of claim 10 , further including storing, by executing an instruction with the processor, a copy of the network state data in network state tables in temporary memory; changing, by executing an instruction with the processor, the network state tables corresponding to the proposed change; and detecting, by executing an instruction with the processor, within the copy of the network state data, a network state violation of a data source according to the policy that specifies a set of conditions for a set of network state entities received from at least two of the data sources, the set of conditions specified as an existence of a set of data tuples involving the set of network state entities in the set of relational tables stored in the temporary memory. 12 . The method of claim 10 , wherein the policy includes a first set of conditions that define a first network state that is in violation of policy when each of the first set of conditions is represented in the set of relational tables and a second set of conditions that define a second network state in which the proposed change is permitted when each of the second set of conditions is represented in the set of relational tables. 13 . The method of claim 12 , wherein, the query plan includes at least one event that causes evaluation of the policy and a set of database join operations representing the first set of conditions. 14 . The method of claim 12 , wherein the set of relational tables includes an additional table storing data received from both the first and second data sources, the additional table defined by the policy based on the data received from both the first and second data sources. 15 . A system to prevent policy violations, the system comprising: a memory storing instructions; and a processor, coupled to the memory, to execute the instructions to: identify a proposed change to a state of a network; in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy including a query plan describing characteristics to evaluate the proposed change; and when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change. 16 . The system of claim 15 , wherein, the action to be taken by the cloud service provider includes disconnecting a virtual machine from the network or changing group ownership of network entities. 17 . The system of claim 15 , wherein, the state of the network is determined based on a set of relational tables storing network state data, the set of relational tables including a first table storing data corresponding to logical networks, a second table storing data corresponding to virtual machines, and a third table storing data