Policy engine for cloud platform

We claim: 1. A method comprising: intercepting, by a response dispatcher of a policy engine running on one or more computers of a cloud computing environment, a response to a command, the response being sent by a cloud controller device of the cloud computing environment to a user device that issued the command; dispatching, by the response dispatcher, the response to a response rules engine corresponding to the command; executing, by the response rules engine, a set of one or more rules representing a response policy on how to deploy a web application in the cloud computing environment; and forwarding the response to the user device in response to determining that a result of execution of the set of one or more rules by the response rules engine indicates compliance of the response with the response policy. 2. The method of claim 1 , wherein the policy engine comprises a plurality of response rules engines, each of the response rules engines correspond to a respective command. 3. The method of claim 1 , wherein the command is a command for creating or managing a deployment of the web application in the cloud computing environment through the cloud controller device. 4. The method of claim 3 , wherein command relates to providing configuration information for the web application to a cloud controller in the cloud computing environment, deploying another web application in the cloud computing environment, starting a web application deployed in the cloud computing environment, or stopping a web application executing in the cloud computing environment. 5. The method of claim 1 , wherein each rule of the rules specifies at least one of a permitted accessible service of the web application or a computing resource consumption limitation on the web application. 6. A system comprising: one or more computers; and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising: intercepting, by a response dispatcher of a policy engine running on the one or more computers of a cloud computing environment, a response to a command, the response being sent by a cloud controller device of the cloud computing environment to a user device that issued the command; dispatching, by the response dispatcher, the response to a response rules engine corresponding to the command; executing, by the response rules engine, a set of one or more rules representing a response policy on how to deploy a web application in the cloud computing environment; and forwarding the response to the user device in response to determining that a result of execution of the set of one or more rules by the response rules engine indicates compliance of the response with the response policy. 7. The system of claim 6 , wherein the policy engine comprises a plurality of response rules engines, each of the response rules engines correspond to a respective command. 8. The system of claim 6 , wherein the command is a command for creating or managing a deployment of the web application in the cloud computing environment through the cloud controller device. 9. The system of claim 8 , wherein command relates to providing configuration information for the web application to a cloud controller in the cloud computing environment, deploying another web application in the cloud computing environment, starting a web application deployed in the cloud computing environment, or stopping a web application executing in the cloud computing environment. 10. The system of claim 6 , wherein each rule of the rules specifies at least one of a permitted accessible service of the web application or a computing resource consumption limitation on the web application. 11. A non-transitory computer storage device storing instructions that, when executed by one or more computers, cause the one or more computers to perform operations comprising: intercepting, by a response dispatcher of a policy engine running on the one or more computers of a cloud computing environment, a response to a command, the response being sent by a cloud controller device of the cloud computing environment to a user device that issued the command; dispatching, by the response dispatcher, the response to a response rules engine corresponding to the command; executing, by the response rules engine, a set of one or more rules representing a response policy on how to deploy a web application in the cloud computing environment; and forwarding the response to the user device in response to determining that a result of execution of the set of one or more rules by the response rules engine indicates compliance of the response with the response policy. 12. The non-transitory computer storage device of claim 11 , wherein the policy engine comprises a plurality of response rules engines, each of the response rules engines correspond to a respective command. 13. The non-transitory computer storage device of claim 11 , wherein the command is a command for creating or managing a deployment of the web application in the cloud computing environment through the cloud controller device. 14. The non-transitory computer storage device of claim 13 , wherein command relates to providing configuration information for the web application to a cloud controller in the cloud computing environment, deploying another web application in the cloud computing environment, starting a web application deployed in the cloud computing environment, or stopping a web application executing in the cloud computing environment. 15. The non-transitory computer storage device of claim 11 , wherein each rule of the rules specifies at least one of a permitted accessible service of the web application or a computing resource consumption limitation on the web application.