Update README

Update the castellan-ui README with a
Features section and Troubleshooting
section.

Change-Id: I8939abfac71536eb277b97b0d998155c4501f4bd
This commit is contained in:
Kaitlin Farr 2018-04-19 16:08:22 -04:00 committed by Brianna Poulos
parent a17eb51430
commit c1ba5aa7af
1 changed files with 54 additions and 5 deletions

View File

@ -11,7 +11,31 @@ Generic Key Manager UI Plugin for Horizon
Features
--------
* TODO
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| | Import from file | Import using direct input | Download | Delete | Generate [1] |
====================+==================+===========================+===============+===========+==============+
| X.509 Certificates | supported [2] | supported [2] | supported [2] | supported | N/A |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Private Keys | supported [2] | supported [2] | supported [2] | supported | supported |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Public Keys | supported [2] | supported [2] | supported [2] | supported | supported |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Symmetric Keys | supported [3] | supported [4] | supported [3] | supported | supported |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Opaque Data | supported [3] | supported [4] | supported [3] | supported | N/A |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
| Passphrases [5] | X | supported | X | supported | N/A |
--------------------+------------------+---------------------------+---------------+-----------+--------------+
1. Key managers typically support generating keys only and do not generate
other types of objects. Private and public keys will be generated as a key
pair, and symmetric keys can be generated individually.
2. Supports Privacy-enhanced Electronic Mail (PEM) formatted objects.
3. Raw bytes represent the object.
4. Object bytes are represented using hex characters.
5. Because passphrases are typically not saved to files, passphrases are
imported through a form on the web page and are not downloadable, only
viewed through the web page.
Enabling in DevStack
--------------------
@ -32,7 +56,9 @@ Begin by cloning the Horizon and Castellan UI repositories::
Create a virtual environment and install Horizon dependencies::
cd horizon
python tools/install_venv.py
virtualenv horizon_dev
. horizon_dev/bin/activate
pip install -r requirements.txt
Set up your ``local_settings.py`` file::
@ -49,9 +75,10 @@ editor. You will want to customize several settings:
Install Castellan UI with all dependencies in your virtual environment::
tools/with_venv.sh pip install -e ../castellan-ui/
. horizon_dev/bin/activate
pip install -e ../castellan-ui/
And enable it in Horizon::
And enable it in Horizon (use full paths instead of relative paths)::
ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
@ -63,7 +90,29 @@ And enable it in Horizon::
To run horizon with the newly enabled Castellan UI plugin run::
./run_tests.sh --runserver 0.0.0.0:8080
python manage.py runserver -- 0.0.0.0:8080
to have the application start on port 8080 and the horizon dashboard will be
available in your browser at http://localhost:8080/
Troubleshooting Tips
--------------------
If you are using Barbican plugin for Castellan, be sure to note that Barbican
requires the 'admin' or 'creator' role be assigned to a user before the user
can list or create key manager objects. The error message that appears if this
is not the case is as follows::
Could not list objects: Key manager error: Forbidden: Secret(s) retrieval attempt not allowed - please review your user/project privileges
To add the appropriate role for a non-admin user, use the following command (as an admin) ::
openstack role add --user <username> --project <project name> creator
See Also
--------
* Castellan: https://github.com/openstack/castellan
* Barbican: https://github.com/openstack/barbican
* Vault: https://github.com/hashicorp/vault
* PyKMIP: https://github.com/OpenKMIP/PyKMIP