[openstack-dev] [Keystone] [Horizon] UI for Keystone dynamic policies editing
David Chadwick
d.w.chadwick at kent.ac.uk
Tue Aug 4 10:42:04 UTC 2015
Hi All
Ioram has built a complete set of wireframe policy GUI screens for
comment. He has uploaded them to InVision
https://openstack.invisionapp.com/share/HQ3QN2123#/screens
Please comment on these in InVision
regards
David
On 03/08/2015 21:39, Lin Hua Cheng wrote:
> Hi Timur,
>
> Thanks for bringing this up.
>
> I think we can borrow some concept from the Mistral Workbook Builder. I
> like the ability to add items and seeing the preview on the right side.
> We can re-use that part.
>
> The challenging part would be building a Rule expression builder that
> supports the policy semantic [1] [2]. We should start with creating some
> mockups. The builder will also be useful even if we don't land the
> dynamic policy in L by adding support of loading local policy files for
> editing and providing export functionality.
>
> I imagine there would be a pop-up that will allow user to build the
> expression with support for:
> 1. Building nested expression using AND OR and ()
> 2. Auto-complete that lists:
> - existing rule definition
> - available context variable (like domain_id, user_id, target.token)
>
> Just throwing some ideas around.
>
> This is a good opportunity to engage the new UX project they might have
> a better idea how the Expression Builder should look like. :)
>
> Thanks,
> Lin
>
> [1]
> https://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L18-L210
> [2]
> http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html
>
>
> On Mon, Aug 3, 2015 at 5:10 AM, Timur Sufiev <tsufiev at mirantis.com
> <mailto:tsufiev at mirantis.com>> wrote:
>
> Hello, folks!
>
> A word has come to me that on the recent Keystone mid-cycle summit
> dynamic policies have been discussed - as well as the lack of means
> to edit them in UX-friendly manner. I had my own share of editing
> *_policy.json files inside openstack_dashboard/conf and can hardly
> state it's easy. At least, when dynamic policies are fully supported
> by all OpenStack services we will have no longer to edit the same
> files on every controller node in case of HA installations. Still,
> the problem of editing a single policy file remains. AFAIK, the
> obscurity of policy rules' format had lead may deployers to the
> copy-pasting existing rules with minimal changes - when they were
> meant to a flexible tool for RBAC definitions.
>
> But I wouldn't write this letter, if I didn't have some kind of
> solution to the task of editing the policies. During my work on
> Merlin framework/Mistral Workbook Builder I've achieved some results
> that might be useful for a Keystone community. More specifically,
> visual structure and type of relations between Workbook entities
> appeared to me to be similar to the entities of Keystone policies.
> Understanding that some things are better seen in dynamic than in
> static screenshots, I'm sharing the address of the VM where the
> Workbook builder is deployed inside
> Horizon: http://horizon-merlin.mirantis.com/horizon/project/
> Credentials are demo/demo. Some features like saving the workbooks
> to db or the rest OpenStack control plane are disabled for security
> reasons, leaving only the Workbook Builder UI there.
>
> I'd like to start the discussion about the extent of reusing Merlin
> UI elements for making a dynamic policies editor.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
More information about the OpenStack-dev
mailing list