Open Stack

Hello, folks!

A word has come to me that on the recent Keystone mid-cycle summit dynamic
policies have been discussed - as well as the lack of means to edit them in
UX-friendly manner. I had my own share of editing *_policy.json files
inside openstack_dashboard/conf and can hardly state it's easy. At least,
when dynamic policies are fully supported by all OpenStack services we will
have no longer to edit the same files on every controller node in case of
HA installations. Still, the problem of editing a single policy file
remains. AFAIK, the obscurity of policy rules' format had lead may
deployers to the copy-pasting existing rules with minimal changes - when
they were meant to a flexible tool for RBAC definitions.

But I wouldn't write this letter, if I didn't have some kind of solution to
the task of editing the policies. During my work on Merlin
framework/Mistral Workbook Builder I've achieved some results that might be
useful for a Keystone community. More specifically, visual structure and
type of relations between Workbook entities appeared to me to be similar to
the entities of Keystone policies. Understanding that some things are
better seen in dynamic than in static screenshots, I'm sharing the address
of the VM where the Workbook builder is deployed inside Horizon:
http://horizon-merlin.mirantis.com/horizon/project/ Credentials are
demo/demo. Some features like saving the workbooks to db or the rest
OpenStack control plane are disabled for security reasons, leaving only the
Workbook Builder UI there.

I'd like to start the discussion about the extent of reusing Merlin UI
elements for making a dynamic policies editor.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150803/fc3290ee/attachment.html>