[openstack-dev] [Keystone] [Horizon] UI for Keystone dynamic policies editing
Ioram Schechtman Sette
iss at cin.ufpe.br
Tue Aug 4 12:15:41 UTC 2015
Hi All,
The correct link is:
https://openstack.invisionapp.com/share/9Z3RI8OD7#/screens
Regards,
Ioram
2015-08-04 11:42 GMT+01:00 David Chadwick <d.w.chadwick at kent.ac.uk>:
> Hi All
>
> Ioram has built a complete set of wireframe policy GUI screens for
> comment. He has uploaded them to InVision
>
> https://openstack.invisionapp.com/share/HQ3QN2123#/screens
>
> Please comment on these in InVision
>
> regards
>
> David
>
> On 03/08/2015 21:39, Lin Hua Cheng wrote:
> > Hi Timur,
> >
> > Thanks for bringing this up.
> >
> > I think we can borrow some concept from the Mistral Workbook Builder. I
> > like the ability to add items and seeing the preview on the right side.
> > We can re-use that part.
> >
> > The challenging part would be building a Rule expression builder that
> > supports the policy semantic [1] [2]. We should start with creating some
> > mockups. The builder will also be useful even if we don't land the
> > dynamic policy in L by adding support of loading local policy files for
> > editing and providing export functionality.
> >
> > I imagine there would be a pop-up that will allow user to build the
> > expression with support for:
> > 1. Building nested expression using AND OR and ()
> > 2. Auto-complete that lists:
> > - existing rule definition
> > - available context variable (like domain_id, user_id, target.token)
> >
> > Just throwing some ideas around.
> >
> > This is a good opportunity to engage the new UX project they might have
> > a better idea how the Expression Builder should look like. :)
> >
> > Thanks,
> > Lin
> >
> > [1]
> >
> https://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L18-L210
> > [2]
> >
> http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html
> >
> >
> > On Mon, Aug 3, 2015 at 5:10 AM, Timur Sufiev <tsufiev at mirantis.com
> > <mailto:tsufiev at mirantis.com>> wrote:
> >
> > Hello, folks!
> >
> > A word has come to me that on the recent Keystone mid-cycle summit
> > dynamic policies have been discussed - as well as the lack of means
> > to edit them in UX-friendly manner. I had my own share of editing
> > *_policy.json files inside openstack_dashboard/conf and can hardly
> > state it's easy. At least, when dynamic policies are fully supported
> > by all OpenStack services we will have no longer to edit the same
> > files on every controller node in case of HA installations. Still,
> > the problem of editing a single policy file remains. AFAIK, the
> > obscurity of policy rules' format had lead may deployers to the
> > copy-pasting existing rules with minimal changes - when they were
> > meant to a flexible tool for RBAC definitions.
> >
> > But I wouldn't write this letter, if I didn't have some kind of
> > solution to the task of editing the policies. During my work on
> > Merlin framework/Mistral Workbook Builder I've achieved some results
> > that might be useful for a Keystone community. More specifically,
> > visual structure and type of relations between Workbook entities
> > appeared to me to be similar to the entities of Keystone policies.
> > Understanding that some things are better seen in dynamic than in
> > static screenshots, I'm sharing the address of the VM where the
> > Workbook builder is deployed inside
> > Horizon: http://horizon-merlin.mirantis.com/horizon/project/
> > Credentials are demo/demo. Some features like saving the workbooks
> > to db or the rest OpenStack control plane are disabled for security
> > reasons, leaving only the Workbook Builder UI there.
> >
> > I'd like to start the discussion about the extent of reusing Merlin
> > UI elements for making a dynamic policies editor.
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > <
> http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> >
> >
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150804/20ddbd93/attachment.html>
More information about the OpenStack-dev
mailing list