262 lines
7.3 KiB
Python
Raw Normal View History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os
Pre-populate the Angular template cache and allow template overrides This patch populates the Angular template cache from Django. This eliminates the need for Angular to do an http get for every HTML fragment. In addition, now that we are filling the template cache, this patch introduces the logic needed to override any Angular template HTML from the current theme. How it works: A new template tag is created called "template_cache_preloads". This tag is used in _scripts.html to generate a list of text/javascript script tags, each one containing an Angular "run" method that loads a template contents into the Angular template cache. The first time any Horizon page is loaded after server start, the template cache preloads are computed for the current theme. The output of this tag is cached for 30 days in Django using the "cache" tag. Further, that cached result is wrapped in a "compress js" tag to collapse the individual <script> tags into 1 block of javascript, and compress like all other javascript Horizon serves to the client. Finally, when using offline compression, the compressor evaluates the nodelist (HTML content) of _scripts.html, notices the compress tag and builds the template cache preloads for each possible theme. Later, at runtime, when the preloads are generated for the current theme, the compressor gets the result from the Django cache, and hashes the contents to determine which manifest file to serve to the client. Since the preloads generated at run-time are identical to those generated off-line, the compressor hash matches an existing manifest which is served to the client. Notice that even though the template cache pre-loads are generated off-line...the template_cache_preloads tag will be executed once every 30 days anyway. However, since the result matches the off-line compression, the existing manifest continues to be served to the client. Finally, this patch ALSO watches for 'post_compress' signals. If it detects that the angular template preloads have been re-compressed, it clears the old version from the Django cache. To test the template caching: - Run horizon - View page source - Notice the new <script type="text/javascript"> tags contained in the body (only visible if COMPRESS_ENABLED=False - Open the javascript inspector - Load launch instance - Notice there are no longer http calls to load each HTML fragment used by the Angular launch instance To test the override: - Set the DEFAULT_THEME='material' - Create /horizon/openstack_dashboard/themes/material/\ static/templates/framework/widgets/help-panel/help-panel.html - Set the content to <h1>TEST</h1> - Run Horizon and open launch instance. - The help content should contain "TEST" To test the new template tag: - set a breakpoint or print in angular.py:template_cache_preloads and observe when it is called during off-line or run-time use Co-Authored-By: Diana Whitten <hurgleburgler@gmail.com> Implements: blueprint angular-template-overrides Change-Id: I0e4e2623be58abbc68c6e02b2e9c5d7cdaba8e4d
2016-05-31 12:52:14 -06:00
from django.utils.translation import pgettext_lazy
from horizon.test.settings import * # noqa
from horizon.utils import secret_key
from openstack_dashboard import exceptions
from openstack_dashboard.static_settings import find_static_files # noqa
from openstack_dashboard.static_settings import get_staticfiles_dirs # noqa
from horizon.utils.escape import monkeypatch_escape
# this is used to protect from client XSS attacks, but it's worth
# enabling in our test setup to find any issues it might cause
monkeypatch_escape()
STATICFILES_DIRS = get_staticfiles_dirs()
TEST_DIR = os.path.dirname(os.path.abspath(__file__))
ROOT_PATH = os.path.abspath(os.path.join(TEST_DIR, ".."))
MEDIA_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'media'))
MEDIA_URL = '/media/'
STATIC_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'static'))
STATIC_URL = '/static/'
WEBROOT = '/'
SECRET_KEY = secret_key.generate_or_read_from_file(
os.path.join(TEST_DIR, '.secret_key_store'))
ROOT_URLCONF = 'openstack_dashboard.test.urls'
TEMPLATE_DIRS = (
os.path.join(TEST_DIR, 'templates'),
)
CUSTOM_THEME_PATH = 'themes/default'
Pre-populate the Angular template cache and allow template overrides This patch populates the Angular template cache from Django. This eliminates the need for Angular to do an http get for every HTML fragment. In addition, now that we are filling the template cache, this patch introduces the logic needed to override any Angular template HTML from the current theme. How it works: A new template tag is created called "template_cache_preloads". This tag is used in _scripts.html to generate a list of text/javascript script tags, each one containing an Angular "run" method that loads a template contents into the Angular template cache. The first time any Horizon page is loaded after server start, the template cache preloads are computed for the current theme. The output of this tag is cached for 30 days in Django using the "cache" tag. Further, that cached result is wrapped in a "compress js" tag to collapse the individual <script> tags into 1 block of javascript, and compress like all other javascript Horizon serves to the client. Finally, when using offline compression, the compressor evaluates the nodelist (HTML content) of _scripts.html, notices the compress tag and builds the template cache preloads for each possible theme. Later, at runtime, when the preloads are generated for the current theme, the compressor gets the result from the Django cache, and hashes the contents to determine which manifest file to serve to the client. Since the preloads generated at run-time are identical to those generated off-line, the compressor hash matches an existing manifest which is served to the client. Notice that even though the template cache pre-loads are generated off-line...the template_cache_preloads tag will be executed once every 30 days anyway. However, since the result matches the off-line compression, the existing manifest continues to be served to the client. Finally, this patch ALSO watches for 'post_compress' signals. If it detects that the angular template preloads have been re-compressed, it clears the old version from the Django cache. To test the template caching: - Run horizon - View page source - Notice the new <script type="text/javascript"> tags contained in the body (only visible if COMPRESS_ENABLED=False - Open the javascript inspector - Load launch instance - Notice there are no longer http calls to load each HTML fragment used by the Angular launch instance To test the override: - Set the DEFAULT_THEME='material' - Create /horizon/openstack_dashboard/themes/material/\ static/templates/framework/widgets/help-panel/help-panel.html - Set the content to <h1>TEST</h1> - Run Horizon and open launch instance. - The help content should contain "TEST" To test the new template tag: - set a breakpoint or print in angular.py:template_cache_preloads and observe when it is called during off-line or run-time use Co-Authored-By: Diana Whitten <hurgleburgler@gmail.com> Implements: blueprint angular-template-overrides Change-Id: I0e4e2623be58abbc68c6e02b2e9c5d7cdaba8e4d
2016-05-31 12:52:14 -06:00
# 'key', 'label', 'path'
AVAILABLE_THEMES = [
(
'default',
pgettext_lazy('Default style theme', 'Default'),
'themes/default'
), (
'material',
pgettext_lazy("Google's Material Design style theme", "Material"),
'themes/material'
),
]
# Theme Static Directory
THEME_COLLECTION_DIR = 'themes'
TEMPLATE_CONTEXT_PROCESSORS += (
'openstack_dashboard.context_processors.openstack',
)
COMPRESS_OFFLINE = False
INSTALLED_APPS = (
'django.contrib.contenttypes',
'django.contrib.auth',
'django.contrib.sessions',
'django.contrib.staticfiles',
'django.contrib.messages',
'django.contrib.humanize',
'django_nose',
'openstack_auth',
'compressor',
'horizon',
'openstack_dashboard',
)
AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend',)
SITE_BRANDING = 'OpenStack'
HORIZON_CONFIG = {
"password_validator": {
"regex": '^.{8,18}$',
"help_text": "Password must be between 8 and 18 characters."
},
'user_home': None,
'help_url': "http://docs.openstack.org",
'exceptions': {'recoverable': exceptions.RECOVERABLE,
'not_found': exceptions.NOT_FOUND,
'unauthorized': exceptions.UNAUTHORIZED},
'angular_modules': [],
'js_files': [],
'images_panel': 'legacy',
}
# Load the pluggable dashboard settings
import openstack_dashboard.enabled
from openstack_dashboard.utils import settings
INSTALLED_APPS = list(INSTALLED_APPS) # Make sure it's mutable
settings.update_dashboards(
[
openstack_dashboard.enabled,
],
HORIZON_CONFIG,
INSTALLED_APPS,
)
# Remove this when the legacy panel is removed, along with its tests and
# the stacks MappingsTests are updated with the new URL path.
HORIZON_CONFIG['swift_panel'] = 'legacy'
Pre-populate the Angular template cache and allow template overrides This patch populates the Angular template cache from Django. This eliminates the need for Angular to do an http get for every HTML fragment. In addition, now that we are filling the template cache, this patch introduces the logic needed to override any Angular template HTML from the current theme. How it works: A new template tag is created called "template_cache_preloads". This tag is used in _scripts.html to generate a list of text/javascript script tags, each one containing an Angular "run" method that loads a template contents into the Angular template cache. The first time any Horizon page is loaded after server start, the template cache preloads are computed for the current theme. The output of this tag is cached for 30 days in Django using the "cache" tag. Further, that cached result is wrapped in a "compress js" tag to collapse the individual <script> tags into 1 block of javascript, and compress like all other javascript Horizon serves to the client. Finally, when using offline compression, the compressor evaluates the nodelist (HTML content) of _scripts.html, notices the compress tag and builds the template cache preloads for each possible theme. Later, at runtime, when the preloads are generated for the current theme, the compressor gets the result from the Django cache, and hashes the contents to determine which manifest file to serve to the client. Since the preloads generated at run-time are identical to those generated off-line, the compressor hash matches an existing manifest which is served to the client. Notice that even though the template cache pre-loads are generated off-line...the template_cache_preloads tag will be executed once every 30 days anyway. However, since the result matches the off-line compression, the existing manifest continues to be served to the client. Finally, this patch ALSO watches for 'post_compress' signals. If it detects that the angular template preloads have been re-compressed, it clears the old version from the Django cache. To test the template caching: - Run horizon - View page source - Notice the new <script type="text/javascript"> tags contained in the body (only visible if COMPRESS_ENABLED=False - Open the javascript inspector - Load launch instance - Notice there are no longer http calls to load each HTML fragment used by the Angular launch instance To test the override: - Set the DEFAULT_THEME='material' - Create /horizon/openstack_dashboard/themes/material/\ static/templates/framework/widgets/help-panel/help-panel.html - Set the content to <h1>TEST</h1> - Run Horizon and open launch instance. - The help content should contain "TEST" To test the new template tag: - set a breakpoint or print in angular.py:template_cache_preloads and observe when it is called during off-line or run-time use Co-Authored-By: Diana Whitten <hurgleburgler@gmail.com> Implements: blueprint angular-template-overrides Change-Id: I0e4e2623be58abbc68c6e02b2e9c5d7cdaba8e4d
2016-05-31 12:52:14 -06:00
find_static_files(HORIZON_CONFIG, AVAILABLE_THEMES,
THEME_COLLECTION_DIR, ROOT_PATH)
# Set to 'legacy' or 'direct' to allow users to upload images to glance via
# Horizon server. When enabled, a file form field will appear on the create
# image form. If set to 'off', there will be no file form field on the create
# image form. See documentation for deployment considerations.
HORIZON_IMAGES_UPLOAD_MODE = 'legacy'
AVAILABLE_REGIONS = [
('http://localhost:5000/v2.0', 'local'),
('http://remote:5000/v2.0', 'remote'),
]
OPENSTACK_API_VERSIONS = {
"identity": 3
}
OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'test_domain'
OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = True
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True
}
OPENSTACK_CINDER_FEATURES = {
'enable_backup': True,
}
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': False, # Enabled in specific tests only
# Parameters below (enable_lb, enable_firewall, enable_vpn)
# control if these panels are displayed or not,
# i.e. they only affect the navigation menu.
# These panels are registered even if enable_XXX is False,
# so we don't need to set them to True in most unit tests
# to avoid stubbing neutron extension check calls.
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'profile_support': None,
'enable_distributed_router': False,
# 'profile_support': 'cisco'
}
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': True,
}
OPENSTACK_IMAGE_BACKEND = {
'image_formats': [
('', 'Select format'),
('aki', 'AKI - Amazon Kernel Image'),
('ami', 'AMI - Amazon Machine Image'),
('ari', 'ARI - Amazon Ramdisk Image'),
('iso', 'ISO - Optical Disk Image'),
('qcow2', 'QCOW2 - QEMU Emulator'),
('raw', 'Raw'),
('vdi', 'VDI'),
('vhd', 'VHD'),
('vmdk', 'VMDK')
]
}
LOGGING['loggers'].update(
{
'openstack_dashboard': {
'handlers': ['test'],
'propagate': False,
},
'openstack_auth': {
'handlers': ['test'],
'propagate': False,
},
'novaclient': {
'handlers': ['test'],
'propagate': False,
},
'keystoneclient': {
'handlers': ['test'],
'propagate': False,
},
'glanceclient': {
'handlers': ['test'],
'propagate': False,
},
'neutronclient': {
'handlers': ['test'],
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
}
)
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': 'ALL TCP',
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
}
NOSE_ARGS = ['--nocapture',
'--nologcapture',
'--cover-package=openstack_dashboard',
'--cover-inclusive',
'--all-modules']
Adding RBAC policy system and checks for identity Adding file based RBAC engine for Horizon using copies of nova and keystone policy.json files Policy engine builds on top of oslo incubator policy.py, fileutils was also pulled from oslo incubator as a dependency of policy.py When Horizon runs and a policy check is made, a path and mapping of services to policy files is used to load the rules into the policy engine. Each check is mapped to a service type and validated. This extra level of mapping is required because the policy.json files may each contain a 'default' rule or unqualified (no service name include) rule. Additionally, maintaining separate policy.json files per service will allow easier syncing with the service projects. The engine allows for compound 'and' checks at this time. E.g., the way the Create User action is written, multiple APIs are called to read data (roles, projects) and more are required to update data (grants, user). Other workflows e.g., Edit Project, should have separate save actions per step as they are unrelated. Only the applicable policy checks to that step were added. The separating unrelated steps saves will should be future work. The underlying engine supports more rule types that are used in the underlying policy.json files. Policy checks were added for all actions on tables in the Identity Panel only. And the service policy files imported are limited in this commit to reduce scope of the change. Additionally, changes were made to the base action class to add support or setting policy rules and an overridable method for determining the policy check target. This reduces the need for redundant code in each action policy check. Note, the benefit Horizon has is that the underlying APIs will correct us if we get it wrong, so if a policy file is not found for a particular service, permission is assumed and the actual API call to the service will fail if the action isn't authorized for that user. Finally, adding documentation regarding policy enforcement. Implements: blueprint rbac Change-Id: I4a4a71163186b973229a0461b165c16936bc10e5
2013-08-16 17:28:46 -06:00
POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
POLICY_FILES = {
'identity': 'keystone_policy.json',
'compute': 'nova_policy.json'
}
# The openstack_auth.user.Token object isn't JSON-serializable ATM
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
REST_API_SETTING_1 = 'foo'
REST_API_SETTING_2 = 'bar'
REST_API_SECURITY = 'SECURITY'
REST_API_REQUIRED_SETTINGS = ['REST_API_SETTING_1']
REST_API_ADDITIONAL_SETTINGS = ['REST_API_SETTING_2']