Generic Key Manager interface UI plugin for Horizon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
OpenDev Sysadmins 2f96f99338 OpenDev Migration Patch 6 days ago
castellan_ui Add Passphrase Panel 1 year ago
devstack Add devstack directory 1 year ago
doc Avoid tox-install.sh 11 months ago
releasenotes Remove setting of version/release from releasenotes 1 year ago
.gitignore Delete unused files and clean up cookie cutter files 1 year ago
.gitreview OpenDev Migration Patch 6 days ago
.zuul.yaml import zuul job settings from project-config 7 months ago
CONTRIBUTING.rst Initial ui cookiecutter commit 1 year ago
HACKING.rst Initial ui cookiecutter commit 1 year ago
LICENSE Initial ui cookiecutter commit 1 year ago
MANIFEST.in Initial ui cookiecutter commit 1 year ago
README.rst Update README 10 months ago
babel-django.cfg Initial ui cookiecutter commit 1 year ago
babel-djangojs.cfg Initial ui cookiecutter commit 1 year ago
manage.py Initial ui cookiecutter commit 1 year ago
package.json Replace openstack.org git:// URLs with https:// 1 month ago
requirements.txt Avoid tox-install.sh 11 months ago
setup.cfg Delete unused files and clean up cookie cutter files 1 year ago
setup.py Initial ui cookiecutter commit 1 year ago
test-requirements.txt Avoid tox-install.sh 11 months ago
test-shim.js Initial ui cookiecutter commit 1 year ago
tox.ini Avoid tox-install.sh 11 months ago

README.rst

Castellan UI

Generic Key Manager UI Plugin for Horizon

Features

--------------------+------------------+---------------------------+---------------+-----------+--------------+ | | Import from file | Import using direct input | Download | Delete | Generate [1] | ====================+==================+===========================+===============+===========+==============+ | X.509 Certificates | supported [2] | supported [2] | supported [2] | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Private Keys | supported [2] | supported [2] | supported [2] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Public Keys | supported [2] | supported [2] | supported [2] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Symmetric Keys | supported [3] | supported [4] | supported [3] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Opaque Data | supported [3] | supported [4] | supported [3] | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Passphrases [5] | X | supported | X | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+

  1. Key managers typically support generating keys only and do not generate other types of objects. Private and public keys will be generated as a key pair, and symmetric keys can be generated individually.
  2. Supports Privacy-enhanced Electronic Mail (PEM) formatted objects.
  3. Raw bytes represent the object.
  4. Object bytes are represented using hex characters.
  5. Because passphrases are typically not saved to files, passphrases are imported through a form on the web page and are not downloadable, only viewed through the web page.

Enabling in DevStack

Add this repo as an external repository into your local.conf file:

[[local|localrc]]
enable_plugin castellan-ui https://github.com/openstack/castellan-ui

Manual Installation

Begin by cloning the Horizon and Castellan UI repositories:

git clone https://github.com/openstack/horizon
git clone https://github.com/openstack/castellan-ui

Create a virtual environment and install Horizon dependencies:

cd horizon
virtualenv horizon_dev
. horizon_dev/bin/activate
pip install -r requirements.txt

Set up your local_settings.py file:

cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py

Open up the copied local_settings.py file in your preferred text editor. You will want to customize several settings:

  • OPENSTACK_HOST should be configured with the hostname of your OpenStack server. Verify that the OPENSTACK_KEYSTONE_URL and OPENSTACK_KEYSTONE_DEFAULT_ROLE settings are correct for your environment. (They should be correct unless you modified your OpenStack server to change them.)

Install Castellan UI with all dependencies in your virtual environment:

. horizon_dev/bin/activate
pip install -e ../castellan-ui/

And enable it in Horizon (use full paths instead of relative paths):

ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_92_project_key_manager_private_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_93_project_key_manager_public_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_94_project_key_manager_symmetric_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_95_project_key_manager_opaque_data_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_96_project_key_manager_passphrase_panel.py openstack_dashboard/local/enabled

To run horizon with the newly enabled Castellan UI plugin run:

python manage.py runserver -- 0.0.0.0:8080

to have the application start on port 8080 and the horizon dashboard will be available in your browser at http://localhost:8080/

Troubleshooting Tips

If you are using Barbican plugin for Castellan, be sure to note that Barbican requires the 'admin' or 'creator' role be assigned to a user before the user can list or create key manager objects. The error message that appears if this is not the case is as follows:

Could not list objects: Key manager error: Forbidden: Secret(s) retrieval attempt not allowed - please review your user/project privileges

To add the appropriate role for a non-admin user, use the following command (as an admin) :

openstack role add --user <username> --project <project name> creator

See Also