OpenStack Dashboard (Horizon)

Go to file

CristianFiorentino 1b0106e280 Introduces escaping in Horizon/Orchestration 1) Escape help_text a second time to avoid bootstrap tooltip XSS issue The "Description" parameter in a Heat template is used to populate a help_text tooltip in the dynamically generated Heat form. Bootstrap inserts this tooltip into the DOM using .html() which undoes any escaping we do in Django (it should be using .text()). This was fixed by forcing the help_text content to be escaped a second time. The issue itself is mitigated in bootstrap.js release 2.0.3 (ours is currently 2.0.1). 2) Properly escape untrusted Heat template 'outputs' The 'outputs' parameter in a Heat template was included in a Django template with HTML autoescaping turned off. Malicious HTML content could be included in a Heat template and would be rendered by Horizon when details about a created stack were displayed. This was fixed by not disabling autoescaping and explicitly escaping untrusted values in any strings that are later marked "safe" to render without further escaping. Change-Id: Icd9f9d9ca77068b12227d77469773a325c840001 Closes-Bug: #1289033 Co-Authored-By: Kieran Spear <kispear@gmail.com>		2014-04-09 00:04:39 +09:00
.tx	Import translations from Transifex for Icehouse	2014-04-07 16:32:34 +09:00
doc	Merge "Plugin-based panel group configuration"	2014-03-29 03:06:56 +00:00
horizon	Introduces escaping in Horizon/Orchestration	2014-04-09 00:04:39 +09:00
openstack_dashboard	Introduces escaping in Horizon/Orchestration	2014-04-09 00:04:39 +09:00
tools	Sort requirement files in alphabetical order	2014-03-03 10:00:37 +08:00
.gitignore	Updates .gitignore	2013-11-28 08:53:42 +00:00
.gitreview	Add .gitreview and rfc.sh.	2011-10-28 09:50:35 -04:00
.mailmap	Update my mailmap	2013-10-25 14:49:23 +08:00
.pylintrc	updating run_tests.sh to mimic other openstack projects, pep8, pylint, coverage	2011-08-31 14:41:36 -07:00
HACKING.rst	Remove #noqa from most common imports and add them to import_exceptions	2014-01-07 12:26:35 +01:00
LICENSE	Initial commit	2011-01-12 13:43:31 -08:00
Makefile	Unifies the project packaging into one set of modules.	2012-02-29 00:20:13 -08:00
manage.py	Gate on H102 Apache 2.0 license header not found for pep8	2013-11-19 13:55:04 -05:00
MANIFEST.in	Drop NodeJS dependency in favor of pure-python lesscpy	2013-08-16 09:31:08 +02:00
openstack-common.conf	Import install_venv from oslo	2013-11-13 03:34:42 +09:00
README.rst	Improve contributor documentation	2013-12-03 20:05:01 +01:00
requirements.txt	Updated from global requirements	2014-03-28 10:18:12 +08:00
run_tests.sh	Merge "Remove English compiled catalogs after compilemessages"	2014-03-27 20:15:36 +00:00
setup.cfg	Open Icehouse development	2013-10-02 12:08:56 -07:00
setup.py	Updated from global requirements	2013-10-01 16:13:10 +00:00
test-requirements.txt	Switch over to oslosphinx	2014-03-21 15:23:44 +01:00
tox.ini	Adding django 1.6 support	2014-03-10 23:09:58 -06:00

README.rst

Horizon (OpenStack Dashboard)

Horizon is a Django-based project aimed at providing a complete OpenStack Dashboard along with an extensible framework for building new dashboards from reusable components. The openstack_dashboard module is a reference implementation of a Django site that uses the horizon app to provide web-based interactions with the various OpenStack projects.

For release management:

https://launchpad.net/horizon

For blueprints and feature specifications:

https://blueprints.launchpad.net/horizon

For issue tracking:

https://bugs.launchpad.net/horizon

Getting Started

For local development, first create a virtualenv for the project. In the tools directory there is a script to create one for you:

$ python tools/install_venv.py

Alternatively, the run_tests.sh script will also install the environment for you and then run the full test suite to verify everything is installed and functioning correctly.

Now that the virtualenv is created, you need to configure your local environment. To do this, create a local_settings.py file in the openstack_dashboard/local/ directory. There is a local_settings.py.example file there that may be used as a template.

If all is well you should able to run the development server locally:

$ tools/with_venv.sh manage.py runserver

or, as a shortcut:

$ ./run_tests.sh --runserver

Setting Up OpenStack

The recommended tool for installing and configuring the core OpenStack components is Devstack. Refer to their documentation for getting Nova, Keystone, Glance, etc. up and running.

Note

The minimum required set of OpenStack services running includes the following:

Nova (compute, api, scheduler, network, and volume services)
Glance
Keystone

Optional support is provided for Swift.

Development

For development, start with the getting started instructions above. Once you have a working virtualenv and all the necessary packages, read on.

If dependencies are added to either horizon or openstack_dashboard, they should be added to requirements.txt.

The run_tests.sh script invokes tests and analyses on both of these components in its process, and it is what Jenkins uses to verify the stability of the project. If run before an environment is set up, it will ask if you wish to install one.

To run the unit tests:

$ ./run_tests.sh

Building Contributor Documentation

This documentation is written by contributors, for contributors.

The source is maintained in the doc/source folder using reStructuredText and built by Sphinx

Building Automatically:
```
$ ./run_tests.sh --docs
```

Building Manually:

$ export DJANGO_SETTINGS_MODULE=local.local_settings
$ python doc/generate_autodoc_index.py
$ sphinx-build -b html doc/source build/sphinx/html

Results are in the build/sphinx/html directory