Metadata-Version: 2.1
Name: neutron-policy-server
Version: 0.1.0
Summary: Advanced policy server for Neutron
Home-page: https://vexxhost.github.io/neutron-policy-server/
Author: VEXXHOST, Inc.
Author-email: support@vexxhost.com
License: UNKNOWN
Project-URL: Bug Tracker, https://github.com/vexxhost/neutron-policy-server/issues
Project-URL: Documentation, https://vexxhost.github.io/neutron-policy-server/
Project-URL: Source Code, https://github.com/vexxhost/neutron-policy-server
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: OpenStack
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: Implementation :: CPython
Requires-Python: >=3.8

=====================
Neutron Policy Server
=====================

This is a simple server which can be used to manage complex Neutron policies
which are not possible to be managed using the default Neutron ``policy.json``
file due to the lack of programmatic control.  It covers the following use
cases:

-------------------------------------------
Allowed Address Pairs for Provider Networks
-------------------------------------------

The default Neutron policy does not allow the use of allowed address pairs for
provider networks.  However, in a use case where you need to run a highly
available service on a provider network, you may need to use allowed address
pairs to allow multiple instances to share the same IP address.

This service intercepts the existing Neutron policy and allows the use of
allowed address pairs for provider networks under these circumstances:

- Users can modify an ``allowed_address_pairs`` attribute to their port if they
  own another port on the same network with the same MAC & IP address.
- Users cannot delete a port if another port on the same network has an
  ``allowed_address_pairs`` attribute with the same MAC & IP address.
- Users cannot modify the ``fixed_ips`` attribute of a port if another port on
  the same network has an ``allowed_address_pairs`` attribute with the IP.



