9 Commits

Author SHA1 Message Date
Akihiro MOTOKI
7a0581bb70 Import install_venv from oslo
The new version of install_venv_common evaluates requirements.txt
and test-requirements.txt at the same time and we avoid Django 1.6
is installed when evaluating django-nose dependencies.

Change-Id: I2ab7108b3615ac6c0525089b81b80e5c0a4793fc
Closes-Bug: #1250581
2013-11-13 03:34:42 +09:00
David Lyle
5984e34862 Adding RBAC policy system and checks for identity
Adding file based RBAC engine for Horizon using copies of nova and
keystone policy.json files

Policy engine builds on top of oslo incubator policy.py, fileutils
was also pulled from oslo incubator as a dependency of policy.py

When Horizon runs and a policy check is made, a path and mapping of
services to policy files is used to load the rules into the policy
engine.  Each check is mapped to a service type and validated.  This
extra level of mapping is required because the policy.json files
may each contain a 'default' rule or unqualified (no service name
include) rule.  Additionally, maintaining separate policy.json
files per service will allow easier syncing with the service
projects.

The engine allows for compound 'and' checks at this time.  E.g.,
the way the Create User action is written, multiple APIs are
called to read data (roles, projects) and more are required to
update data (grants, user).

Other workflows e.g., Edit Project,  should have separate save
actions per step as they are unrelated.  Only the applicable
policy checks to that step were added.  The separating unrelated
steps saves will should be future work.

The underlying engine supports more rule types that are used in the
underlying policy.json files.

Policy checks were added for all actions on tables in the Identity
Panel only.  And the service policy files imported are limited in
this commit to reduce scope of the change.

Additionally, changes were made to the base action class to add
support or setting policy rules and an overridable method for
determining the policy check target. This reduces the need for
redundant code in each action policy check.

Note, the benefit Horizon has is that the underlying APIs will
correct us if we get it wrong, so if a policy file is not found for
a particular service, permission is assumed and the actual API call
to the service will fail if the action isn't authorized for that user.

Finally, adding documentation regarding policy enforcement.

Implements: blueprint rbac

Change-Id: I4a4a71163186b973229a0461b165c16936bc10e5
2013-08-26 10:32:28 -06:00
Monty Taylor
e8b3360038 Sync install_venv_common from oslo
Change-Id: Iadcfa6d00b963a19ce15300b2293036cf0e8204b
2013-08-08 12:42:29 -03:00
Tomas Sedovic
c519f12729 Add openstack-common
We're going to use openstack-common to receive notifications and then
pass them via socket.io to the client.

Prerequisite for blueprint realtime-communication

Change-Id: Ic590f52f14d000d07be6ee9a8da3df976b58c302
Signed-off-by: Tomas Sedovic <tomas@sedovic.cz>
2013-07-11 10:59:56 +02:00
Monty Taylor
91e4715c14 Migrate to PBR for build tooling.
pbr is the library-ified version of the code that was in
openstack.common.setup and version. It builds on top of d2to1 to
provide declarative build configuration.

Change-Id: Ic264fa33e17fe5fdc71d8c53412495b069ab74a4
2013-04-27 11:56:07 -04:00
Monty Taylor
11867173ed Update to latest oslo-version.
In preparation for tag-based versions, update to latest oslo-version code.

Change-Id: I9f702f0304fdd5043326c95346b26bde06e20a1e
2013-02-04 11:28:25 +11:00
Gabriel Hurley
cb8e7c1f8f Splits OpenStack Dashboard bits from framework app code.
Moves everything OpenStack-specific (dashboards, apis, etc.)
into the openstack_dashboard project, achieving a much
cleaner separation between the project-specific code and
the generic Horizon framework code.

Change-Id: I7235b41d449b26c980668fc3eb4360b24508717b
2012-10-11 11:47:50 -07:00
Zhongyue Luo
da9ee69208 Horizon should use openstack.common.jsonutils
Implements blueprint use-common-jsonutils

1. Edit openstack-common.conf and import horizon/openstack/common/jsonutils.py
2. Remove json package imports and replace with jsonutils

Change-Id: I3b8e53f484eef8273fcb578474932f9d4e789881
2012-06-12 01:25:21 +08:00
Monty Taylor
c93e7c06fd Add ProjectTestingInterface to horizon.
Horizon is the last project that doesn't have support for the common
Project Testing Interface. This gets horizon up to speed with the
other bits, but shouldn't break any of the existing interfaces.

Change-Id: I464c3b10d9708a0b7b5ffd42c88cd3cf515ef6a7
2012-05-26 14:36:19 -07:00