🚀 Python IPAM - Features & Roadmap¶

Version: 1.1.0 Last Updated: 2025-12-28

📊 Project Status Overview¶

Category	Completed	Planned	Total
Core Features	9	3	12
API Integration	2	0	2
UI/UX	6	2	8
Data Management	4	5	9
Testing	6	1	7
Security	0	2	2

✅ Completed Features¶

Core IPAM Functionality¶

[IPAM-001] ✅ Network Management
Priority: Critical | Category: Core
Description: Create, view, and manage IP networks with CIDR notation
Acceptance Criteria:
- ✅ Add networks with CIDR validation
- ✅ Automatic broadcast address calculation
- ✅ VLAN ID support
- ✅ Location and description fields
- ✅ Network utilization statistics
[IPAM-002] ✅ Host Management
Priority: Critical | Category: Core
Description: Manage individual IP addresses and hosts
Acceptance Criteria:
- ✅ Add hosts with IP validation
- ✅ Hostname and MAC address tracking
- ✅ Status management (active/inactive/reserved)
- ✅ Assignment tracking (is_assigned)
- ✅ Discovery metadata (last_seen, discovery_source)
- ✅ Auto-network detection for hosts
- ✅ Host-to-network relationships
- ✅ DHCP range management per network

Data Management¶

[IPAM-003] ✅ Extensible Export System
Priority: High | Category: Data Management
Description: Plugin-based export system supporting multiple formats
Acceptance Criteria:
- ✅ CSV export for networks and hosts
- ✅ JSON export format
- ✅ Abstract base class for exporters
- ✅ Factory pattern for format selection
- ✅ Legacy route compatibility
[IPAM-004] ✅ Extensible Import System
Priority: High | Category: Data Management
Description: Plugin-based import system with validation
Acceptance Criteria:
- ✅ CSV import with validation
- ✅ Error handling and reporting
- ✅ Duplicate detection and skipping
- ✅ Abstract base class for importers
- ✅ Format auto-detection by extension
[IPAM-017] ✅ Data Backup & Restore
Priority: Medium | Category: Data Management
Description: Backup and restore utilities with verification
Acceptance Criteria:
- ✅ Scheduled backups via CLI (cron-friendly)
- ✅ One-click restore from backup
- ✅ Backup verification and integrity checks
- ✅ Database migration utilities via Flask-Migrate

UI/UX¶

[IPAM-005] ✅ Responsive Web Interface
Priority: High | Category: UI/UX
Description: Modern Bootstrap 5 interface with DataTables
Acceptance Criteria:
- ✅ Bootstrap 5 responsive design
- ✅ DataTables for sorting/filtering
- ✅ Navigation with dropdown menus
- ✅ Flash message system
- ✅ Mobile-friendly interface
[IPAM-006] ✅ Dashboard with Statistics
Priority: Medium | Category: UI/UX
Description: Overview dashboard with network utilization
Acceptance Criteria:
- ✅ Network and host count cards
- ✅ Utilization progress bars
- ✅ Recent networks/hosts tables
- ✅ Visual status indicators

Development & Testing¶

[IPAM-007] ✅ Comprehensive Test Suite
Priority: High | Category: Testing
Description: Unit and integration tests with coverage
Acceptance Criteria:
- ✅ Model tests for Network/Host
- ✅ Route tests for all endpoints
- ✅ Form validation tests
- ✅ Export/Import functionality tests
- ✅ Test fixtures and factories
[IPAM-008] ✅ Code Quality Standards
Priority: High | Category: Development
Description: Google Style Guide compliance and tooling
Acceptance Criteria:
- ✅ Black formatting (80 char limit)
- ✅ Google-style imports and structure
- ✅ Pylint compliance
- ✅ Git hooks and standards

🔄 In Progress¶

No features currently in progress

✅ Recently Completed¶

Core Features Enhancement¶

[IPAM-020] ✅ Network Names and Domains
Priority: Medium | Category: Core
Status: Complete
Description: Add name and domain fields to networks for better organization
Acceptance Criteria:
- ✅ Add name field to Network model (optional, user-friendly identifier)
- ✅ Add domain field to Network model (optional, DNS domain for network)
- ✅ Update network forms to include new fields
- ✅ Update network displays and tables
- ✅ Database migration for existing networks
Technical Implementation:
- Added name and domain VARCHAR(100) columns to networks table
- Updated NetworkForm with new optional fields
- Enhanced all network templates and API responses
- Backward compatible with existing networks
[IPAM-021] ✅ Host CNAME Support
Priority: Medium | Category: Core
Status: Complete
Description: Add CNAME alias support for hosts with export integration
Acceptance Criteria:
- ✅ Add cname field to Host model (optional, DNS alias)
- ✅ Update host forms and displays
- ✅ Extend DNSmasq exporter with cname=CNAME,HOSTNAME entries
- ✅ Update all templates to show CNAME field
- ✅ CNAME statistics in DNSmasq export
Technical Features:
- Added cname VARCHAR(255) column to hosts table
- Updated HostForm and all host templates
- Enhanced DNSmasq exporter with separate CNAME section
- CNAME aliases work with all DNSmasq modes (DNS/DHCP/Combined)
- Export format: cname=ALIAS,HOSTNAME
[IPAM-022] ✅ Form Field Validation Indicators
Priority: Low | Category: UI/UX
Status: Complete
Description: Visual indicators for mandatory vs optional form fields
Acceptance Criteria:
- ✅ Add asterisk (*) to required field labels
- ✅ Helpful form-text for all fields (required/optional)
- ✅ Consistent styling across all forms
- ✅ Clear visual distinction between mandatory and optional fields
UI Improvements:
- Red asterisk (*) for required fields (Network Address, CIDR, IP Address)
- Form-text descriptions for all fields
- Consistent Bootstrap styling throughout forms

CRUD Operations¶

[IPAM-019] ✅ Edit and Delete Functionality for Networks and Hosts
Priority: High | Category: Core
Status: Complete
Description: Full CRUD operations with edit forms and safe deletion
Acceptance Criteria:
- ✅ Edit network form with validation and error handling
- ✅ Edit host form with network auto-detection and manual assignment
- ✅ Delete network with host-dependency protection
- ✅ Delete host with confirmation dialog
- ✅ Action buttons integrated into DataTables
- ✅ JavaScript confirmation dialogs for deletions
- ✅ Flash messages for success/error feedback
- ✅ Form pre-population with existing data
Routes Added:
- GET/POST /edit_network/<id> - Edit network form
- GET/POST /edit_host/<id> - Edit host form
- POST /delete_network/<id> - Delete network (with host check)
- POST /delete_host/<id> - Delete host
Technical Features:
- Network deletion blocked if hosts are assigned
- Host IP validation and network auto-detection
- CSRF protection for all forms
- Bootstrap form styling with validation feedback
- JavaScript confirmation with host count display

Export/Import System¶

[IPAM-018] ✅ DNSmasq Host Export with Multiple Modes
Priority: Medium | Category: Export
Status: Complete
Description: Export hosts in DNSmasq configuration format with configurable modes
Acceptance Criteria:
- ✅ DNS Mode: Only host-record=hostname,IP entries for DNS server use
- ✅ DHCP Mode: Only dhcp-host=MAC,IP,hostname entries for DHCP server use
- ✅ Combined Mode: Both DNS and DHCP entries for full DNSmasq setup
- ✅ Separate active and reserved hosts in all modes
- ✅ Include mode-specific statistics and comments
- ✅ Skip inactive hosts and hosts without hostnames
- ✅ Skip hosts without MAC addresses in DHCP-only mode
Export Routes:
- /export/hosts/dnsmasq - Combined mode (default)
- /export/hosts/dnsmasq-dns - DNS-only mode
- /export/hosts/dnsmasq-dhcp - DHCP-only mode
Technical Notes:
- DNS Mode: All hosts get host-record=hostname,IP (ignores MAC)
- DHCP Mode: Only hosts with MAC get dhcp-host=MAC,IP,hostname
- Combined Mode: MAC hosts get dhcp-host, non-MAC hosts get host-record
- File extension: .conf
- MIME type: text/plain
- Configurable via DNSmasqExporter constructor

Testing¶

[IPAM-009] ✅ Export/Import Test Coverage
Priority: High | Category: Testing
Status: Complete
Description: Complete test coverage for new export/import system
Acceptance Criteria:
- ✅ CSV exporter/importer tests
- ✅ JSON exporter/importer tests
- ✅ Route integration tests
- ✅ Error handling edge cases
- ✅ Performance tests for large datasets
Completed: Added comprehensive edge case tests, performance tests, and JSON import functionality

API & Integration¶

[IPAM-023] ✅ Comprehensive REST API with OpenAPI/Swagger
Priority: High | Category: API
Status: Complete
Description: Complete RESTful API for all IPAM operations with filtering, pagination, and interactive Swagger UI documentation
Acceptance Criteria:
- Network Operations:
- ✅ GET /api/v1/networks - List all networks (with filtering support)
- ✅ GET /api/v1/networks/{id} - Get specific network details
- ✅ POST /api/v1/networks - Create new network
- ✅ PUT /api/v1/networks/{id} - Update existing network
- ✅ DELETE /api/v1/networks/{id} - Delete network (with host check)
- ✅ GET /api/v1/networks/{id}/hosts - List hosts in specific network
- Host Operations:
- ✅ GET /api/v1/hosts - List all hosts (with filtering support)
- ✅ GET /api/v1/hosts/{id} - Get specific host details
- ✅ POST /api/v1/hosts - Create new host
- ✅ PUT /api/v1/hosts/{id} - Update existing host
- ✅ DELETE /api/v1/hosts/{id} - Delete host
- IP Management:
- ✅ GET /api/v1/ip/networks/{id}/next-ip - Get next available IP in network
- ✅ GET /api/v1/ip/networks/{id}/available-ips - List all available IPs
- ✅ GET /api/v1/ip/{ip_address} - Query IP address status/details
- Filtering & Search:
- ✅ Network filters: name, domain, vlan_id, location
- ✅ Host filters: hostname, cname, status, mac_address, network_id
- ✅ Pagination support: page, per_page
- Response Format:
- ✅ Consistent JSON responses with metadata
- ✅ Error handling with proper HTTP status codes
- ✅ Interactive Swagger UI at /api/v1/docs
Technical Implementation:
- Flask-RESTX for auto-documentation and Swagger UI
- Application Factory pattern for modular architecture
- SQLAlchemy models in dedicated ipam/models.py
- Comprehensive error handling with proper status codes
- Blueprint-based routing (ipam/api/ and ipam/web/)
Implementation Files:
- ipam/__init__.py - Application factory with db initialization
- ipam/extensions.py - Flask-SQLAlchemy extension
- ipam/models.py - Network and Host models
- ipam/config.py - Configuration with absolute database paths
- ipam/api/__init__.py - API blueprint and Swagger configuration
- ipam/api/models.py - Request/response serialization models
- ipam/api/networks.py - Network CRUD endpoints
- ipam/api/hosts.py - Host CRUD endpoints
- ipam/api/ip_management.py - IP allocation and query endpoints
- ipam/web/ - Web interface blueprint
- API.md - Complete API documentation
- tests/test_database.py - Database initialization tests
Completed: API fully operational at http://127.0.0.1:5000/api/v1 with Swagger UI at /api/v1/docs
Notes: API authentication and rate limiting are now supported.
[IPAM-014] ✅ REST API Expansion (Auth + Rate Limiting)
Priority: Medium | Category: API
Status: Complete
Description: Token authentication and rate limiting for all API endpoints
Acceptance Criteria:
- ✅ Token-based authentication via Authorization: Bearer or X-API-Key
- ✅ Swagger UI remains publicly accessible
- ✅ Configurable rate limit defaults and limiter backend
- ✅ Environment-driven configuration (API_TOKENS, API_RATE_LIMIT)
- ✅ Optional rate limiting toggle (RATELIMIT_ENABLED)

📋 Planned Features¶

Network Tools¶

[IPAM-010] 📅 Subnet Calculator
Priority: Medium | Category: Network Tools
Estimated Effort: Medium (2-3 days)
Description: Built-in subnet calculator and IP range tools
Acceptance Criteria:
- Calculate available subnets from larger networks
- Visual subnet splitting recommendations
- IP range conflict detection
- Subnet mask conversion tools
Technical Notes:
- Use ipaddress library for calculations
- Add JavaScript for real-time calculations
[IPAM-011] 📅 Network Scanner Integration
Priority: Medium | Category: Discovery
Estimated Effort: High (4-5 days)
Description: Scan network ranges for active hosts
Acceptance Criteria:
- Ping sweep functionality
- Port scanning for common services
- Auto-populate discovered hosts
- Scheduled scan capabilities
Dependencies: [IPAM-010] for subnet calculations
Technical Notes: Consider using python-nmap library

Data Management¶

[IPAM-024] 📅 IP Lease History
Priority: Medium | Category: Data Management
Estimated Effort: Medium (2-3 days)
Description: Track assignment and metadata changes for hosts and networks
Acceptance Criteria:
- Record create/update/delete events with timestamp and actor
- Persist history entries in a dedicated table
- UI for viewing history on host and network details
- API endpoints for history retrieval
- Export history entries in CSV/JSON
[IPAM-012] 📅 Advanced Import Formats
Priority: Low | Category: Data Management
Estimated Effort: Medium (2-3 days)
Description: Support for XML, Excel, and network tool exports
Acceptance Criteria:
- XML import/export
- Excel (.xlsx) support
- Nmap XML import
- Cisco/HP switch MAC table import
Dependencies: [IPAM-004] plugin system
[IPAM-013] 📅 Advanced Export with Filtering
Priority: High | Category: Data Management
Estimated Effort: Medium (2-3 days)
Description: Export all data or filtered subsets with advanced options
Acceptance Criteria:
- Complete Database Export: All networks, hosts, and relationships
- Filtered Network Export: By VLAN, location, IP range, utilization
- Filtered Host Export: By status, network, hostname pattern, date range
- Multiple Format Support: CSV, JSON, Excel for all export types
- Custom Field Selection: Choose which columns to include
- Export Templates: Save and reuse filter configurations
UI Features:
- Advanced filter interface with multiple criteria
- Export preview with row count estimation
- Progress indicator for large exports
- Download history and re-export capability

Technical Implementation:

# Export with advanced filtering
/export/networks?vlan_id=100&location=datacenter&format=csv
/export/hosts?status=active&network_id=5&format=json
/export/complete?include=networks,hosts,relationships&format=excel

# Filter examples
networks: VLAN ID, location, IP range, utilization %, description
hosts: status, network, hostname regex, IP range, last_seen date

UI Mockup:

[ Advanced Export ]

Export Type: [●] Networks [ ] Hosts [●] Complete Database

Filters:
┌─ Networks ─────────────────────────────────────────┐
│ VLAN ID: [100,200-300] Location: [datacenter*]     │
│ IP Range: [10.0.0.0/8] Utilization: [>80%]        │
└────────────────────────────────────────────────────┘

┌─ Hosts ────────────────────────────────────────────┐
│ Status: [☑active ☐inactive ☑reserved]             │
│ Hostname: [server*] Last Seen: [last 30 days]     │
└────────────────────────────────────────────────────┘

Format: [CSV ▼] Include: [☑IP ☑Hostname ☐MAC ☑Status]

Preview: ~1,247 networks, ~5,632 hosts
[Export] [Save as Template] [Load Template]

Dependencies: [IPAM-004] plugin system for format support
[IPAM-027] 📅 Custom Fields
Priority: Medium | Category: Data Management
Estimated Effort: Medium (2-3 days)
Description: User-defined fields for hosts and networks
Acceptance Criteria:
- Admin UI to define custom fields (string/int/bool/date)
- API support for reading and writing custom fields
- Export/import includes custom field values
- Validation for required fields and type constraints
[IPAM-017] 📅 Data Backup & Restore
Priority: Medium | Category: Data Management
Estimated Effort: Small (1-2 days)
Description: Automated backup and restore functionality
Acceptance Criteria:
- Scheduled database backups
- One-click restore from backup
- Complete database migration utilities
- Backup verification and integrity checks
[IPAM-016] 📅 Local User Management UI
Priority: Medium | Category: UI/Security
Estimated Effort: Small (1-2 days)
Description: Admin interface for local user management
Acceptance Criteria:
- User list with search and filtering
- Add/edit/disable user accounts
- Role assignment interface
- Password reset functionality
- User activity logging
Dependencies: [IPAM-015] hybrid authentication system
Technical Notes:
- Reuse existing Bootstrap/DataTables UI patterns
- Add password strength validation
- Implement user audit trail

Core Validation¶

[IPAM-026] 📅 IP Conflict Detection
Priority: Medium | Category: Core
Estimated Effort: Medium (2-3 days)
Description: Detect duplicate IPs and overlapping ranges
Acceptance Criteria:
- Detect duplicate IPs within a network
- Detect overlapping networks and DHCP range overlaps
- UI warnings on create/update
- API returns structured conflict errors
- Background validation for existing data

Security & Authentication¶

[IPAM-025] 📅 Role-Based Access Control
Priority: High | Category: Security
Estimated Effort: Medium (3-4 days)
Description: Fine-grained permissions across UI and API
Acceptance Criteria:
- Roles: ReadOnly, Editor, Admin, APIOnly
- Enforce permissions on UI routes and API endpoints
- Admin UI for role assignment
- Configurable default role for new users
- Audit log entries for role changes
[IPAM-015] 📅 Hybrid Authentication System
Priority: High | Category: Security
Estimated Effort: Medium (3-4 days)
Description: Support both local user management and OIDC via OAuth2 Proxy
Acceptance Criteria:
- Local Authentication: Built-in user registration, login, password reset
- OAuth2 Proxy Support: OIDC integration via reverse proxy
- Role-based Access Control: Admin, User, ReadOnly roles
- Configurable Auth Mode: Environment variable to switch between modes
- User Management UI: Admin interface for local users
- Session Management: Secure session handling for both modes
Technical Notes:
- Use Flask-Login for local authentication
- Header extraction for proxy-based auth
- Unified User model supporting both auth types
- Role inheritance from OIDC groups or local assignment

Authentication Modes:

Mode 1: Local Authentication (Default)

# .env
AUTH_MODE=local
SECRET_KEY=your-secret-key

Mode 2: OAuth2 Proxy

# docker-compose.auth.yml
services:
  oauth2-proxy:
    image: quay.io/oauth2-proxy/oauth2-proxy:latest
    ports: ["4180:4180"]
    environment:
      - OAUTH2_PROXY_UPSTREAM=http://ipam:5000
      - OAUTH2_PROXY_OIDC_ISSUER_URL=${OIDC_ISSUER}
      - OAUTH2_PROXY_CLIENT_ID=${OIDC_CLIENT_ID}
      - OAUTH2_PROXY_PASS_USER_HEADERS=true
  ipam:
    environment:
      - AUTH_MODE=proxy
      - AUTH_USER_HEADER=X-Forwarded-User

- Implementation Structure:

# auth/models.py
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    email = db.Column(db.String(120), unique=True, nullable=False)
    password_hash = db.Column(db.String(255))  # Only for local auth
    role = db.Column(db.String(20), default='user')  # admin/user/readonly
    auth_type = db.Column(db.String(10), default='local')  # local/proxy
    is_active = db.Column(db.Boolean, default=True)

# auth/manager.py
class AuthManager:
    def authenticate_user(self, request):
        if app.config['AUTH_MODE'] == 'proxy':
            return self._authenticate_proxy(request)
        else:
            return self._authenticate_local(request)

- Rationale: Maximum flexibility - simple setup for development/small deployments, enterprise-ready OIDC for larger organizations

🚫 Blocked/Deferred¶

Out of Scope¶

Multi-tenant Support: Not planned for current roadmap
Rationale: Single-tenant IPAM covers majority of use cases
Complexity: Would require significant architecture changes
Alternative: Deploy multiple IPAM instances for isolation

📈 Version History¶

v1.0.0 (Current)¶

✅ Core IPAM functionality
✅ Export/Import system with plugin architecture
✅ Responsive web interface
✅ Comprehensive test suite

v1.1.0 (Planned - Q4 2025)¶

📅 Advanced export with filtering and templates
📅 Network tools and calculator
📅 Enhanced import formats (Excel, XML)
📅 REST API expansion

v1.2.0 (Planned - Q1 2026)¶

📅 Hybrid authentication system (local + OIDC)
📅 User management interface
📅 Role-based access control
📅 IP lease history

v1.3.0 (Planned - Q2 2026)¶

📅 IP conflict detection
📅 Custom fields for hosts and networks

v2.0.0 (Planned - Q2 2026)¶

📅 Network discovery tools
📅 Advanced reporting and analytics
📅 Performance optimizations for large datasets

🎯 Current Sprint Goals¶

Sprint: Export/Import System Enhancement Duration: 2025-10-01 to 2025-10-05

Goals¶

✅ Complete plugin-based export/import system
✅ Achieve 95%+ test coverage for export/import features
✅ Add JSON import capability
✅ Performance optimization for large datasets

Success Metrics¶

✅ All export/import tests passing
✅ No regression in existing functionality
✅ Plugin system documented for future extensions
✅ JSON import/export functionality complete
✅ Comprehensive edge case and performance test coverage

💡 Feature Request Template¶

- id: "IPAM-XXX"
  title: "Feature Name"
  status: "pending"          # pending, in_progress, completed, blocked
  priority: "medium"         # low, medium, high, critical
  category: "category_name"  # core, ui, api, security, testing, etc.
  estimated_effort: "medium" # small (1-2d), medium (2-4d), high (4-7d)
  description: "Brief description of the feature"
  rationale: "Why this feature is needed"
  acceptance_criteria:
    - "Specific requirement 1"
    - "Specific requirement 2"
  technical_notes:
    - "Implementation considerations"
  dependencies: ["IPAM-XXX"]  # Other features this depends on
  assignee: "optional"

📞 Need a new feature? Create an issue using the template above or contact the development team.