openstack/horizon
Code Issues Proposed changes
5984e34862
horizon/openstack_dashboard/settings.py

204 lines
6.3 KiB
Python
Raw Normal View History

Updated license headers
2011-07-03 21:10:53 -07:00
# vim: tabstop=4 shiftwidth=4 softtabstop=4
Updated Copyright dates to 2012. * fixes bug 916953 Change-Id: I44bdbb735fa1ac068c38997844591c8f256c62fb
2012-02-04 17:40:31 -06:00
# Copyright 2012 United States Government as represented by the
Updated license headers
2011-07-03 21:10:53 -07:00
# Administrator of the National Aeronautics and Space Administration.
# All Rights Reserved.
#
Updated Copyright dates to 2012. * fixes bug 916953 Change-Id: I44bdbb735fa1ac068c38997844591c8f256c62fb
2012-02-04 17:40:31 -06:00
# Copyright 2012 Nebula, Inc.
Updated license headers
2011-07-03 21:10:53 -07:00
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
Initial commit
2011-01-12 13:43:31 -08:00
import logging
import os
import sys
Adds transitional deprecation code for old dashboard names. This code allows users who upgrade from Folsom to Grizzly to continue using their old settings file until H. The code is in the settings file because it must be run prior to the modules listed in INSTALLED_APPS being loaded into the python path. Fixes bug 1071444. Change-Id: I7ac30b731be3cdc7513e3d6bc34d624963bbea9b
2012-11-20 20:33:09 -08:00
import warnings
Initial commit
2011-01-12 13:43:31 -08:00
Separate OpenStack exceptions from Horizon exceptions. Placing the OpenStack exception class definitions into their own module inside the openstack_dashboard project allows more flexibility for deployers and others who might wish to use the horizon module for non-OpenStack Django projects. The patch also contains two tiny cleanup items in the templatetag files. Change-Id: I8b250804ad07027d40d554ad1e7ee0b5af63d466
2012-08-05 12:52:21 -07:00
from openstack_dashboard import exceptions
Adds transitional deprecation code for old dashboard names. This code allows users who upgrade from Folsom to Grizzly to continue using their old settings file until H. The code is in the settings file because it must be run prior to the modules listed in INSTALLED_APPS being loaded into the python path. Fixes bug 1071444. Change-Id: I7ac30b731be3cdc7513e3d6bc34d624963bbea9b
2012-11-20 20:33:09 -08:00
warnings.formatwarning = lambda message, category, *args, **kwargs: \
'%s: %s' % (category.__name__, message)
Initial commit
2011-01-12 13:43:31 -08:00
ROOT_PATH = os.path.dirname(os.path.abspath(__file__))
Cleans up the settings files. Removes deprecated settings, makes sure os.path.abspath is always used consistently, and generally tidies up. Change-Id: Ib0e3ef454ac8c9ef74e987b6088df6c744a2ab44
2012-06-20 13:37:10 -07:00
BIN_DIR = os.path.abspath(os.path.join(ROOT_PATH, '..', 'bin'))
Initial commit
2011-01-12 13:43:31 -08:00
Unified horizon and openstack-dashboard environments. Buildout has been removed entirely, all dev installation is now done via the single tools/install_venv.py script. Django's manage.py script has also been updated to a newer version/convention; this allows for less python path mangling and makes things cleaner and more explicit. Note that, as such, it has been moved up a directory level. Change-Id: I62f9f06ee00568fc91e5ba7e1fd15d22ea849d1f
2012-01-04 14:46:40 -08:00
if ROOT_PATH not in sys.path:
sys.path.append(ROOT_PATH)
Initial commit
2011-01-12 13:43:31 -08:00
DEBUG = False
TEMPLATE_DEBUG = DEBUG
Auth refactor. Switch to using the self-contained django_openstack_auth package which is a proper django.contrib.auth pluggable backend. Notable functional improvements include: * Better overall security via use of standard Django auth code (well-vetted by security experts). * Token expiration checking. * User "enabled" attribute checking. * Support for full range of Django auth attributes such as is_anonymous, is_active, is_superuser, etc. * Improved hooks for RBAC/permission-based acess control. Regarding the RBAC/permission-based access control, this patch moves all "role" and "service"-oriented checks to permission checks. This will make transitioning to policy-driven checking much easier once that fully lands in OpenStack. Implements blueprint move-keystone-support-to-django-auth-backend Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
2012-04-13 21:46:04 -07:00
SITE_BRANDING = 'OpenStack Dashboard'
Initial commit
2011-01-12 13:43:31 -08:00
Login/Logout redirects with Django variables The login/logout url patterns now use the Django LOGIN_URL and LOGOUT_URL The default redirect url after a successful login now uses as default the Django LOGIN_REDIRECT_URL with possible override using HORIZON_CONFIG.user_home in settings file. There are 3 cases: * no user_home in settings.HORIZON_CONFIG - uses Django LOGIN_REDIRECT_URL * user_home = None in settings.HORIZON_CONFIG - will default to the primary dashboard(the current fall-back behavior) * user_home = 'something' - it will be used to determine the actual redirect url Fixes bug 980434 Patch Set 2: Restored the previous behavior - splash page('/') redirects to /nova or /syspanel, depending on the user, while /home/ will redirect to the 'user_home' setting (or LOGIN_REDIRECT_URL if user_home is not set). The same logic will be applied after user logs in. Change-Id: I28e25566199393382639da9ca2022d1850f25a94
2012-06-20 00:05:08 +03:00
LOGIN_URL = '/auth/login/'
LOGOUT_URL = '/auth/logout/'
# LOGIN_REDIRECT_URL can be used as an alternative for
# HORIZON_CONFIG.user_home, if user_home is not set.
# Do not set it to '/home/', as this will cause circular redirect loop
Initial commit
2011-01-12 13:43:31 -08:00
LOGIN_REDIRECT_URL = '/'
Refactored openstack-dashboard to use Django 1.3's contrib.staticfiles app as per current best-practices. This bumps the minimum required version of Django to 1.3 and introduces a backwards-incompatible change for any third-party code that relied on hard-coded paths to the media directory.
2011-08-29 17:41:35 -07:00
MEDIA_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'media'))
Initial commit
2011-01-12 13:43:31 -08:00
MEDIA_URL = '/media/'
Refactored openstack-dashboard to use Django 1.3's contrib.staticfiles app as per current best-practices. This bumps the minimum required version of Django to 1.3 and introduces a backwards-incompatible change for any third-party code that relied on hard-coded paths to the media directory.
2011-08-29 17:41:35 -07:00
STATIC_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'static'))
STATIC_URL = '/static/'
Initial commit
2011-01-12 13:43:31 -08:00
Unifies the project packaging into one set of modules. There are no longer two separate projects living inside the horizon repository. There is a single project now with a single setup.py, single README, etc. The openstack-dashboard/dashboard django project is now named "openstack_dashboard" and lives as an example project in the topmost horizon directory. The "horizon/horizon" directory has been bumped up a level and now is directly on the path when the root horizon directory is on your python path. Javascript media which the horizon module directly relies upon now ships in the horizon/static dir rather than openstack-dashboard/dashboard/static. All the corresponding setup, installation, build, and env scripts have been updated accordingly. Implements blueprint unified-packaging. Change-Id: Ieed8e3c777432cd046c3e0298869a9428756ab62
2012-02-28 23:27:46 -08:00
ROOT_URLCONF = 'openstack_dashboard.urls'
HORIZON_CONFIG = {
Renames legacy dashboards. The "Nova" dashboard is now "Project" and the "Syspanel" dashboard is now "Admin" to match the current real names of the dashboards which better match their purposes. Implements blueprint fix-legacy-dashboard-names Change-Id: I702aa0d54c4e3b0ac10db46e6d6ed32803919b7b
2012-10-03 14:29:24 -07:00
'dashboards': ('project', 'admin', 'settings',),
'default_dashboard': 'project',
Splits OpenStack Dashboard bits from framework app code. Moves everything OpenStack-specific (dashboards, apis, etc.) into the openstack_dashboard project, achieving a much cleaner separation between the project-specific code and the generic Horizon framework code. Change-Id: I7235b41d449b26c980668fc3eb4360b24508717b
2012-10-04 15:43:40 -07:00
'user_home': 'openstack_dashboard.views.get_user_home',
Adds an option for linking to external help docs. Change-Id: Iea9ab299078f8552f53ca747f48e30a0b049bd06
2012-08-02 16:39:52 -07:00
'ajax_queue_limit': 10,
Implement configurable auto-fade for alerts messages. The configuration takes what alert types would fade, the delay before it fades and the fade out duration. Fixes bug 1144820 Change-Id: I421ee52308613da72118a507ed8b8b574c176f68
2013-03-06 16:21:12 -08:00
'auto_fade_alerts': {
'delay': 3000,
'fade_duration': 1500,
'types': ['alert-success', 'alert-info']
},
Separate OpenStack exceptions from Horizon exceptions. Placing the OpenStack exception class definitions into their own module inside the openstack_dashboard project allows more flexibility for deployers and others who might wish to use the horizon module for non-OpenStack Django projects. The patch also contains two tiny cleanup items in the templatetag files. Change-Id: I8b250804ad07027d40d554ad1e7ee0b5af63d466
2012-08-05 12:52:21 -07:00
'help_url': "http://docs.openstack.org",
'exceptions': {'recoverable': exceptions.RECOVERABLE,
'not_found': exceptions.NOT_FOUND,
'unauthorized': exceptions.UNAUTHORIZED},
Unifies the project packaging into one set of modules. There are no longer two separate projects living inside the horizon repository. There is a single project now with a single setup.py, single README, etc. The openstack-dashboard/dashboard django project is now named "openstack_dashboard" and lives as an example project in the topmost horizon directory. The "horizon/horizon" directory has been bumped up a level and now is directly on the path when the root horizon directory is on your python path. Javascript media which the horizon module directly relies upon now ships in the horizon/static dir rather than openstack-dashboard/dashboard/static. All the corresponding setup, installation, build, and env scripts have been updated accordingly. Implements blueprint unified-packaging. Change-Id: Ieed8e3c777432cd046c3e0298869a9428756ab62
2012-02-28 23:27:46 -08:00
}
Initial commit
2011-01-12 13:43:31 -08:00
Implements ability to upload local image to glance. Change-Id: Icb53633bb1d5e1dd827f24d81ce908ed497b44f3 Implements: blueprint image-upload
2013-01-29 04:35:18 -05:00
# Set to True to allow users to upload images to glance via Horizon server.
# When enabled, a file form field will appear on the create image form.
# See documentation for deployment considerations.
HORIZON_IMAGES_ALLOW_UPLOAD = True
Initial commit
2011-01-12 13:43:31 -08:00
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
Auth refactor. Switch to using the self-contained django_openstack_auth package which is a proper django.contrib.auth pluggable backend. Notable functional improvements include: * Better overall security via use of standard Django auth code (well-vetted by security experts). * Token expiration checking. * User "enabled" attribute checking. * Support for full range of Django auth attributes such as is_anonymous, is_active, is_superuser, etc. * Improved hooks for RBAC/permission-based acess control. Regarding the RBAC/permission-based access control, this patch moves all "role" and "service"-oriented checks to permission checks. This will make transitioning to policy-driven checking much easier once that fully lands in OpenStack. Implements blueprint move-keystone-support-to-django-auth-backend Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
2012-04-13 21:46:04 -07:00
'django.contrib.auth.middleware.AuthenticationMiddleware',
Initial commit
2011-01-12 13:43:31 -08:00
'django.contrib.messages.middleware.MessageMiddleware',
Re-architects the OpenStack Dashboard for modularity and extensibility. Implements blueprint extensible-architecture. Implements blueprint improve-dev-documentation. Implements blueprint gettext-everywhere. Implements blueprint sphinx-docs. Complete re-architecture of the dashboard to transform it from a standalone django-openstack app to a Horizon framework for building dashboards. See the docs for more information. Incidentally fixes the following bugs: Fixes bug 845868 -- no PEP8 violations. Fixes bug 766096 -- the dashboard can now be installed at any arbitrary URL. Fixes bug 879111 -- tenant id is now controlled solely by the tenant switcher, not the url (which was disregarded anyway) Fixes bug 794754 -- output of venv installation is considerably reduced. Due to the scale and scope of this patch I recommend reviewing it on github: https://github.com/gabrielhurley/horizon/tree/extensible_architecture Change-Id: I8e63f7ea235f904247df40c33cb66338d973df9e
2011-10-31 11:31:05 -07:00
'horizon.middleware.HorizonMiddleware',
Initial commit
2011-01-12 13:43:31 -08:00
'django.middleware.doc.XViewMiddleware',
Fixed language selection box
2011-06-03 14:23:25 +09:00
'django.middleware.locale.LocaleMiddleware',
Add X-FRAME_OPTIONS header to protect against Clickjacking Enables the django.middleware.clickjacking.XFrameOptionsMiddleware middleware class with the default X-Frame-Options header SAMEORIGIN. More details here: https://docs.djangoproject.com/en/dev/ref/clickjacking/ Change-Id: Ic06fdf0b79c9cd245c12ed1f4438af9a4b52ad03 Fixes: bug #1118327
2013-02-13 11:43:11 +02:00
'django.middleware.clickjacking.XFrameOptionsMiddleware',
Initial commit
2011-01-12 13:43:31 -08:00
)
TEMPLATE_CONTEXT_PROCESSORS = (
'django.core.context_processors.debug',
'django.core.context_processors.i18n',
'django.core.context_processors.request',
'django.core.context_processors.media',
Refactored openstack-dashboard to use Django 1.3's contrib.staticfiles app as per current best-practices. This bumps the minimum required version of Django to 1.3 and introduces a backwards-incompatible change for any third-party code that relied on hard-coded paths to the media directory.
2011-08-29 17:41:35 -07:00
'django.core.context_processors.static',
Initial commit
2011-01-12 13:43:31 -08:00
'django.contrib.messages.context_processors.messages',
Re-architects the OpenStack Dashboard for modularity and extensibility. Implements blueprint extensible-architecture. Implements blueprint improve-dev-documentation. Implements blueprint gettext-everywhere. Implements blueprint sphinx-docs. Complete re-architecture of the dashboard to transform it from a standalone django-openstack app to a Horizon framework for building dashboards. See the docs for more information. Incidentally fixes the following bugs: Fixes bug 845868 -- no PEP8 violations. Fixes bug 766096 -- the dashboard can now be installed at any arbitrary URL. Fixes bug 879111 -- tenant id is now controlled solely by the tenant switcher, not the url (which was disregarded anyway) Fixes bug 794754 -- output of venv installation is considerably reduced. Due to the scale and scope of this patch I recommend reviewing it on github: https://github.com/gabrielhurley/horizon/tree/extensible_architecture Change-Id: I8e63f7ea235f904247df40c33cb66338d973df9e
2011-10-31 11:31:05 -07:00
'horizon.context_processors.horizon',
Splits OpenStack Dashboard bits from framework app code. Moves everything OpenStack-specific (dashboards, apis, etc.) into the openstack_dashboard project, achieving a much cleaner separation between the project-specific code and the generic Horizon framework code. Change-Id: I7235b41d449b26c980668fc3eb4360b24508717b
2012-10-04 15:43:40 -07:00
'openstack_dashboard.context_processors.openstack',
Initial commit
2011-01-12 13:43:31 -08:00
)
TEMPLATE_LOADERS = (
Updated template loaders to the current class-based versions. The old values were deprecated as of Django 1.2 and will be removed in 1.4 Change-Id: Ie7611b4554fe2f31a2c38c3d5729d3d90c9e6afb
2011-12-22 19:01:46 -08:00
'django.template.loaders.filesystem.Loader',
Adds dash/panel app templates, mgmt commands, template loader. Implements blueprint scaffolding. Using custom management commands you can now create the majority of the boilerplate code for a new dashboard or panel from a set of basic templates with a single command. See the docs for more info. Additionally, in support of the new commands (and inherent codified directory structure) there's a new template loader included which can load templates from "templates" directories in any registered panel. Change-Id: I1df5eb152cb18694dc89d562799c8d3e8950ca6f
2012-04-26 19:22:51 -07:00
'django.template.loaders.app_directories.Loader',
'horizon.loaders.TemplateLoader'
Initial commit
2011-01-12 13:43:31 -08:00
)
TEMPLATE_DIRS = (
os.path.join(ROOT_PATH, 'templates'),
)
Updating Horizon to use LESS. This changes all of the Bootstrap CSS and Horizon CSS to use LESS. Horizon's specific CSS will be organized into separate files in another commit, as it is outside the scope of this BP. We are also now packing LESS 1.3.0 directly within Horizon. Implementation of Blueprint transition-to-lesscss Change-Id: Ie4be8b28ab3ce04ea21d7d5cd49c2ccb66bd8ade
2012-05-11 23:37:35 -07:00
STATICFILES_FINDERS = (
'compressor.finders.CompressorFinder',
'django.contrib.staticfiles.finders.AppDirectoriesFinder',
Refactored openstack-dashboard to use Django 1.3's contrib.staticfiles app as per current best-practices. This bumps the minimum required version of Django to 1.3 and introduces a backwards-incompatible change for any third-party code that relied on hard-coded paths to the media directory.
2011-08-29 17:41:35 -07:00
)
Cleans up the settings files. Removes deprecated settings, makes sure os.path.abspath is always used consistently, and generally tidies up. Change-Id: Ib0e3ef454ac8c9ef74e987b6088df6c744a2ab44
2012-06-20 13:37:10 -07:00
less_binary = os.path.join(BIN_DIR, 'less', 'lessc')
Updating Horizon to use LESS. This changes all of the Bootstrap CSS and Horizon CSS to use LESS. Horizon's specific CSS will be organized into separate files in another commit, as it is outside the scope of this BP. We are also now packing LESS 1.3.0 directly within Horizon. Implementation of Blueprint transition-to-lesscss Change-Id: Ie4be8b28ab3ce04ea21d7d5cd49c2ccb66bd8ade
2012-05-11 23:37:35 -07:00
COMPRESS_PRECOMPILERS = (
('text/less', (less_binary + ' {infile} {outfile}')),
)
COMPRESS_CSS_FILTERS = (
'compressor.filters.css_default.CssAbsoluteFilter',
)
COMPRESS_ENABLED = True
COMPRESS_OUTPUT_DIR = 'dashboard'
COMPRESS_CSS_HASHING_METHOD = 'hash'
Dependency Reconcilliation Fresh installs seem to have dependency issues, this fixes Horizon to explicitly state which parser to use, as django- compress incorrectly tries to use a compressor that is not installed on some fresh installs. Fixes bug #1010968 Change-Id: I62ac5fd43b846cf967077e0a3d1e16db5861223c
2012-06-11 14:20:32 -07:00
COMPRESS_PARSER = 'compressor.parser.HtmlParser'
Updating Horizon to use LESS. This changes all of the Bootstrap CSS and Horizon CSS to use LESS. Horizon's specific CSS will be organized into separate files in another commit, as it is outside the scope of this BP. We are also now packing LESS 1.3.0 directly within Horizon. Implementation of Blueprint transition-to-lesscss Change-Id: Ie4be8b28ab3ce04ea21d7d5cd49c2ccb66bd8ade
2012-05-11 23:37:35 -07:00
Initial commit
2011-01-12 13:43:31 -08:00
INSTALLED_APPS = (
Unifies the project packaging into one set of modules. There are no longer two separate projects living inside the horizon repository. There is a single project now with a single setup.py, single README, etc. The openstack-dashboard/dashboard django project is now named "openstack_dashboard" and lives as an example project in the topmost horizon directory. The "horizon/horizon" directory has been bumped up a level and now is directly on the path when the root horizon directory is on your python path. Javascript media which the horizon module directly relies upon now ships in the horizon/static dir rather than openstack-dashboard/dashboard/static. All the corresponding setup, installation, build, and env scripts have been updated accordingly. Implements blueprint unified-packaging. Change-Id: Ieed8e3c777432cd046c3e0298869a9428756ab62
2012-02-28 23:27:46 -08:00
'openstack_dashboard',
Auth refactor. Switch to using the self-contained django_openstack_auth package which is a proper django.contrib.auth pluggable backend. Notable functional improvements include: * Better overall security via use of standard Django auth code (well-vetted by security experts). * Token expiration checking. * User "enabled" attribute checking. * Support for full range of Django auth attributes such as is_anonymous, is_active, is_superuser, etc. * Improved hooks for RBAC/permission-based acess control. Regarding the RBAC/permission-based access control, this patch moves all "role" and "service"-oriented checks to permission checks. This will make transitioning to policy-driven checking much easier once that fully lands in OpenStack. Implements blueprint move-keystone-support-to-django-auth-backend Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
2012-04-13 21:46:04 -07:00
'django.contrib.contenttypes',
'django.contrib.auth',
Initial commit
2011-01-12 13:43:31 -08:00
'django.contrib.sessions',
'django.contrib.messages',
Refactored openstack-dashboard to use Django 1.3's contrib.staticfiles app as per current best-practices. This bumps the minimum required version of Django to 1.3 and introduces a backwards-incompatible change for any third-party code that relied on hard-coded paths to the media directory.
2011-08-29 17:41:35 -07:00
'django.contrib.staticfiles',
Volume Progress Bar & Fixes For Quota When a volume creation exceed the allocation quota a vague error message was returned that offered the user no guidance as to what went wrong. This has been fixed. Fixes Bug #1012883 This change also abstracts the Quota javascript to allow it to be used anywhere on the site for any progress bars that are to be shown in the future. Implements blueprint progress-bar-javascript On top of this I have renamed all "can_haz" filters in the code, as they are really sort of embarassing. Lastly, I have added the ability to append JS events to the window load when a modal is loaded as a static page, OR when it is loaded as an AJAX modal. Change-Id: I4b0cefa160cafbbd07d4b0981f62febaed051871
2012-06-23 13:58:35 -07:00
'django.contrib.humanize',
Updating Horizon to use LESS. This changes all of the Bootstrap CSS and Horizon CSS to use LESS. Horizon's specific CSS will be organized into separate files in another commit, as it is outside the scope of this BP. We are also now packing LESS 1.3.0 directly within Horizon. Implementation of Blueprint transition-to-lesscss Change-Id: Ie4be8b28ab3ce04ea21d7d5cd49c2ccb66bd8ade
2012-05-11 23:37:35 -07:00
'compressor',
Re-architects the OpenStack Dashboard for modularity and extensibility. Implements blueprint extensible-architecture. Implements blueprint improve-dev-documentation. Implements blueprint gettext-everywhere. Implements blueprint sphinx-docs. Complete re-architecture of the dashboard to transform it from a standalone django-openstack app to a Horizon framework for building dashboards. See the docs for more information. Incidentally fixes the following bugs: Fixes bug 845868 -- no PEP8 violations. Fixes bug 766096 -- the dashboard can now be installed at any arbitrary URL. Fixes bug 879111 -- tenant id is now controlled solely by the tenant switcher, not the url (which was disregarded anyway) Fixes bug 794754 -- output of venv installation is considerably reduced. Due to the scale and scope of this patch I recommend reviewing it on github: https://github.com/gabrielhurley/horizon/tree/extensible_architecture Change-Id: I8e63f7ea235f904247df40c33cb66338d973df9e
2011-10-31 11:31:05 -07:00
'horizon',
Splits OpenStack Dashboard bits from framework app code. Moves everything OpenStack-specific (dashboards, apis, etc.) into the openstack_dashboard project, achieving a much cleaner separation between the project-specific code and the generic Horizon framework code. Change-Id: I7235b41d449b26c980668fc3eb4360b24508717b
2012-10-04 15:43:40 -07:00
'openstack_dashboard.dashboards.project',
'openstack_dashboard.dashboards.admin',
'openstack_dashboard.dashboards.settings',
Auth refactor. Switch to using the self-contained django_openstack_auth package which is a proper django.contrib.auth pluggable backend. Notable functional improvements include: * Better overall security via use of standard Django auth code (well-vetted by security experts). * Token expiration checking. * User "enabled" attribute checking. * Support for full range of Django auth attributes such as is_anonymous, is_active, is_superuser, etc. * Improved hooks for RBAC/permission-based acess control. Regarding the RBAC/permission-based access control, this patch moves all "role" and "service"-oriented checks to permission checks. This will make transitioning to policy-driven checking much easier once that fully lands in OpenStack. Implements blueprint move-keystone-support-to-django-auth-backend Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
2012-04-13 21:46:04 -07:00
'openstack_auth',
Initial commit
2011-01-12 13:43:31 -08:00
)
Auth refactor. Switch to using the self-contained django_openstack_auth package which is a proper django.contrib.auth pluggable backend. Notable functional improvements include: * Better overall security via use of standard Django auth code (well-vetted by security experts). * Token expiration checking. * User "enabled" attribute checking. * Support for full range of Django auth attributes such as is_anonymous, is_active, is_superuser, etc. * Improved hooks for RBAC/permission-based acess control. Regarding the RBAC/permission-based access control, this patch moves all "role" and "service"-oriented checks to permission checks. This will make transitioning to policy-driven checking much easier once that fully lands in OpenStack. Implements blueprint move-keystone-support-to-django-auth-backend Change-Id: I4f3112af797aff8c4c5e9930c6ca33a70e45589d
2012-04-13 21:46:04 -07:00
TEST_RUNNER = 'django_nose.NoseTestSuiteRunner'
AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend',)
Initial commit
2011-01-12 13:43:31 -08:00
MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
Revamp of testing machinery. * Uses Django 1.4 as minimum version for Folsom. * Switches to using Django 1.4's LiveServerTestCase instead of django-nose-selenium and cherrypy. * Moves django-nose to be a test dependency only. Fixes bug 801362. Change-Id: I5c8a145aba868acf355fe215307d7ce8835913f6
2012-04-11 14:04:08 -07:00
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_COOKIE_HTTPONLY = True
Initial commit
2011-01-12 13:43:31 -08:00
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
Revamp of testing machinery. * Uses Django 1.4 as minimum version for Folsom. * Switches to using Django 1.4's LiveServerTestCase instead of django-nose-selenium and cherrypy. * Moves django-nose to be a test dependency only. Fixes bug 801362. Change-Id: I5c8a145aba868acf355fe215307d7ce8835913f6
2012-04-11 14:04:08 -07:00
SESSION_COOKIE_SECURE = False
Implement Browser session timeout By default, Horizon just uses session, which expire, when the browser is closed. This implements additionally a session timeout. Change-Id: I140ee2ee37e092036a66d890d920423dfc493fba Fixes: bug 1118441
2013-06-20 12:52:37 +02:00
SESSION_TIMEOUT = 1800
Revamp of testing machinery. * Uses Django 1.4 as minimum version for Folsom. * Switches to using Django 1.4's LiveServerTestCase instead of django-nose-selenium and cherrypy. * Moves django-nose to be a test dependency only. Fixes bug 801362. Change-Id: I5c8a145aba868acf355fe215307d7ce8835913f6
2012-04-11 14:04:08 -07:00
Fixed language selection box
2011-06-03 14:23:25 +09:00
gettext_noop = lambda s: s
LANGUAGES = (
Final translations for Folsom. Also adds transifex client configuration and a shortcut in the run_tests script to compile the message files for Django's use. Fixes bug 1050807. Change-Id: Ic3d7b73d0b7ad0fcb5841a6ac90a2a21653d05be
2012-09-18 15:26:19 -07:00
('bg', gettext_noop('Bulgarian (Bulgaria)')),
('cs', gettext_noop('Czech')),
Fixed language selection box
2011-06-03 14:23:25 +09:00
('en', gettext_noop('English')),
('es', gettext_noop('Spanish')),
('fr', gettext_noop('French')),
Final translations for Folsom. Also adds transifex client configuration and a shortcut in the run_tests script to compile the message files for Django's use. Fixes bug 1050807. Change-Id: Ic3d7b73d0b7ad0fcb5841a6ac90a2a21653d05be
2012-09-18 15:26:19 -07:00
('it', gettext_noop('Italiano')),
Fixed language selection box
2011-06-03 14:23:25 +09:00
('ja', gettext_noop('Japanese')),
Final translations for Folsom. Also adds transifex client configuration and a shortcut in the run_tests script to compile the message files for Django's use. Fixes bug 1050807. Change-Id: Ic3d7b73d0b7ad0fcb5841a6ac90a2a21653d05be
2012-09-18 15:26:19 -07:00
('ko', gettext_noop('Korean (Korea)')),
('nl', gettext_noop('Dutch (Netherlands)')),
added Polish to language dropdown since there are localizations
2011-10-07 14:59:48 +09:00
('pl', gettext_noop('Polish')),
Final translations for Folsom. Also adds transifex client configuration and a shortcut in the run_tests script to compile the message files for Django's use. Fixes bug 1050807. Change-Id: Ic3d7b73d0b7ad0fcb5841a6ac90a2a21653d05be
2012-09-18 15:26:19 -07:00
('pt', gettext_noop('Portuguese')),
('pt-br', gettext_noop('Portuguese (Brazil)')),
Fixed language selection box
2011-06-03 14:23:25 +09:00
('zh-cn', gettext_noop('Simplified Chinese')),
('zh-tw', gettext_noop('Traditional Chinese')),
)
LANGUAGE_CODE = 'en'
marked static strings in python code for Internationalization
2011-06-02 15:23:09 +09:00
USE_I18N = True
Make Horizon timezone-aware. This systematically replaces anyplace that deals with dates or times in Horizon with Django's timezone-aware machinery, and enables timezone support in settings. The assumption is that the server time should *always* be UTC. TO DO: Add a setting for allowing the user to change their preferred timezone display and add timezone indicators anywhere times are displayed to the user. Implements blueprint timezones. Also fixes bug 927974. Change-Id: I5e462ba86e64b97b46873a017f87f328acee1b1d
2012-06-21 19:33:42 -07:00
USE_L10N = True
USE_TZ = True
Initial commit
2011-01-12 13:43:31 -08:00
Re-architects the OpenStack Dashboard for modularity and extensibility. Implements blueprint extensible-architecture. Implements blueprint improve-dev-documentation. Implements blueprint gettext-everywhere. Implements blueprint sphinx-docs. Complete re-architecture of the dashboard to transform it from a standalone django-openstack app to a Horizon framework for building dashboards. See the docs for more information. Incidentally fixes the following bugs: Fixes bug 845868 -- no PEP8 violations. Fixes bug 766096 -- the dashboard can now be installed at any arbitrary URL. Fixes bug 879111 -- tenant id is now controlled solely by the tenant switcher, not the url (which was disregarded anyway) Fixes bug 794754 -- output of venv installation is considerably reduced. Due to the scale and scope of this patch I recommend reviewing it on github: https://github.com/gabrielhurley/horizon/tree/extensible_architecture Change-Id: I8e63f7ea235f904247df40c33cb66338d973df9e
2011-10-31 11:31:05 -07:00
OPENSTACK_KEYSTONE_DEFAULT_ROLE = 'Member'
Make sure Horizon is treating passwords securely. * Applies the sensitive_post_parameters and sensitive_variables decorators to functions that handle sensitive data. * Defines a custom Exception Filter class to provide some added security. * Adds notes on logging to the docs. Fixes bug 1004114 for Horizon. Change-Id: I13ac91d91e0ed2322cc61633b02455cfed39fdcd
2012-05-24 15:25:35 -07:00
DEFAULT_EXCEPTION_REPORTER_FILTER = 'horizon.exceptions.HorizonReporterFilter'
Adding RBAC policy system and checks for identity Adding file based RBAC engine for Horizon using copies of nova and keystone policy.json files Policy engine builds on top of oslo incubator policy.py, fileutils was also pulled from oslo incubator as a dependency of policy.py When Horizon runs and a policy check is made, a path and mapping of services to policy files is used to load the rules into the policy engine. Each check is mapped to a service type and validated. This extra level of mapping is required because the policy.json files may each contain a 'default' rule or unqualified (no service name include) rule. Additionally, maintaining separate policy.json files per service will allow easier syncing with the service projects. The engine allows for compound 'and' checks at this time. E.g., the way the Create User action is written, multiple APIs are called to read data (roles, projects) and more are required to update data (grants, user). Other workflows e.g., Edit Project, should have separate save actions per step as they are unrelated. Only the applicable policy checks to that step were added. The separating unrelated steps saves will should be future work. The underlying engine supports more rule types that are used in the underlying policy.json files. Policy checks were added for all actions on tables in the Identity Panel only. And the service policy files imported are limited in this commit to reduce scope of the change. Additionally, changes were made to the base action class to add support or setting policy rules and an overridable method for determining the policy check target. This reduces the need for redundant code in each action policy check. Note, the benefit Horizon has is that the underlying APIs will correct us if we get it wrong, so if a policy file is not found for a particular service, permission is assumed and the actual API call to the service will fail if the action isn't authorized for that user. Finally, adding documentation regarding policy enforcement. Implements: blueprint rbac Change-Id: I4a4a71163186b973229a0461b165c16936bc10e5
2013-08-16 17:28:46 -06:00
POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf")
# Map of local copy of service policy files
POLICY_FILES = {
'identity': 'keystone_policy.json',
'compute': 'nova_policy.json'
}
Initial commit
2011-01-12 13:43:31 -08:00
try:
remove 'import *' usage (or mark is #noqa) This is talked in bug #1188533, and in current codes, there are several places here: horizon/forms/__init__.py:18:from django.forms import * mark '# noqa' openstack_dashboard/settings.py:182: from local.local_settings import * openstack_dashboard/test/settings.py:5:from horizon.test.settings import * mark '# noqa' openstack_dashboard/dashboards/project/instances/workflows/__init__.py:1:from create_instance import * openstack_dashboard/dashboards/project/instances/workflows/__init__.py:2:from update_instance import * openstack_dashboard/dashboards/project/instances/workflows/__init__.py:3:from resize_instance import * fix it openstack_dashboard/dashboards/project/images_and_snapshots/urls.py:21:from django.conf.urls.defaults import * fix it fixes bug # 1188533 Change-Id: Id671280903f8452a78f81f1240d92297de7a89a8
2013-07-24 16:27:01 +08:00
from local.local_settings import * # noqa
Unifies the project packaging into one set of modules. There are no longer two separate projects living inside the horizon repository. There is a single project now with a single setup.py, single README, etc. The openstack-dashboard/dashboard django project is now named "openstack_dashboard" and lives as an example project in the topmost horizon directory. The "horizon/horizon" directory has been bumped up a level and now is directly on the path when the root horizon directory is on your python path. Javascript media which the horizon module directly relies upon now ships in the horizon/static dir rather than openstack-dashboard/dashboard/static. All the corresponding setup, installation, build, and env scripts have been updated accordingly. Implements blueprint unified-packaging. Change-Id: Ieed8e3c777432cd046c3e0298869a9428756ab62
2012-02-28 23:27:46 -08:00
except ImportError:
logging.warning("No local_settings file found.")
Initial commit
2011-01-12 13:43:31 -08:00
Adding RBAC policy system and checks for identity Adding file based RBAC engine for Horizon using copies of nova and keystone policy.json files Policy engine builds on top of oslo incubator policy.py, fileutils was also pulled from oslo incubator as a dependency of policy.py When Horizon runs and a policy check is made, a path and mapping of services to policy files is used to load the rules into the policy engine. Each check is mapped to a service type and validated. This extra level of mapping is required because the policy.json files may each contain a 'default' rule or unqualified (no service name include) rule. Additionally, maintaining separate policy.json files per service will allow easier syncing with the service projects. The engine allows for compound 'and' checks at this time. E.g., the way the Create User action is written, multiple APIs are called to read data (roles, projects) and more are required to update data (grants, user). Other workflows e.g., Edit Project, should have separate save actions per step as they are unrelated. Only the applicable policy checks to that step were added. The separating unrelated steps saves will should be future work. The underlying engine supports more rule types that are used in the underlying policy.json files. Policy checks were added for all actions on tables in the Identity Panel only. And the service policy files imported are limited in this commit to reduce scope of the change. Additionally, changes were made to the base action class to add support or setting policy rules and an overridable method for determining the policy check target. This reduces the need for redundant code in each action policy check. Note, the benefit Horizon has is that the underlying APIs will correct us if we get it wrong, so if a policy file is not found for a particular service, permission is assumed and the actual API call to the service will fail if the action isn't authorized for that user. Finally, adding documentation regarding policy enforcement. Implements: blueprint rbac Change-Id: I4a4a71163186b973229a0461b165c16936bc10e5
2013-08-16 17:28:46 -06:00
from openstack_dashboard import policy
POLICY_CHECK_FUNCTION = policy.check
Extend offline-compression context When using offline compression, all context information needs to be available in order to generate matching compressor output. Change I84807f6ca0d9769d25b942c151c1a83501648a0a introduced references to HORIZON_CONFIG, so add it to the predefined list of context for offline compression as well. Change-Id: I44ee139626f0eac6fa34f9136926a1a626498039
2013-01-16 13:39:01 +01:00
# Add HORIZON_CONFIG to the context information for offline compression
COMPRESS_OFFLINE_CONTEXT = {
'STATIC_URL': STATIC_URL,
'HORIZON_CONFIG': HORIZON_CONFIG
}
Adds transitional deprecation code for old dashboard names. This code allows users who upgrade from Folsom to Grizzly to continue using their old settings file until H. The code is in the settings file because it must be run prior to the modules listed in INSTALLED_APPS being loaded into the python path. Fixes bug 1071444. Change-Id: I7ac30b731be3cdc7513e3d6bc34d624963bbea9b
2012-11-20 20:33:09 -08:00
Re-enable client logging. The log level setting got moved before the local conf import, thereby making it impossible to actually set the log level to debug. This moves it back to the correct ordering. Change-Id: I7b6c17350add058215c8dd3e3dd7351df64a544a
2013-02-05 16:04:10 -08:00
if DEBUG:
logging.basicConfig(level=logging.DEBUG)
Copy Permalink