vmware-nsx/etc
Roey Chen 2cfc1231dc Provider Security groups
This patch set introduces a new feature called provider-security-groups.
Provider security groups allow the provider to create a security group
that is automatically attached to a specific tenants ports. The one
important thing to note is that rules inside of a provider security
group are set to DENY where as a normal security group they are set
to ALLOW. Provider security groups allow the admin tenant to block specific
traffic for any tenant they like by creatng a provider group. To use this
feature the admin tenant must first create a provider security group
on behalf of the other tenant (i.e):

$ neutron security-group-create no-pokemon-go-access --provider=True \
	--tenant-id=<shall remain nameless>

Then, whenever the above tenant id creates a port they will see a an
additional field on the port "provider-security-groups" which will
contain the uuid of the provider security group. This user can then
query neutron to see which rules are in it that are blocking them.

NOTE: one needs to use the correct policy.json file from this repo
for neutron inorder to prevent the tenant from removing the group.

Co-Authored-By: Aaron Rosen <aaronorosen@gmail.com>

Change-Id: I57b130437327b0bbe5cc0068695f226b76b4e2ba
2016-08-02 13:34:37 +00:00
..
oslo-config-generator Automatically generate vmware-nsx configuration files 2016-04-13 07:24:06 +00:00
policy Fixed typo in policy rules 2016-07-08 14:54:28 +08:00
policy.json Provider Security groups 2016-08-02 13:34:37 +00:00
README.txt Automatically generate vmware-nsx configuration files 2016-04-13 07:24:06 +00:00

To generate the sample vmware-nsx configuration files, run the following
command from the top level of the vmware-nsx directory:

tox -e genconfig

If a 'tox' environment is unavailable, then you can run the following script
instead to generate the configuration files:

./tools/generate_config_file_samples.sh