1)
Horizon "Admin" Dashboard and "Identity" Panel Group
------------------------------------------------------
vim ./openstack_dashboard/dashboards/admin/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/dashboard.py
#Identity Panel group
class IdentityPanels(horizon.PanelGroup):
slug = "identity"
name = _("Identity Panel")
##Panels of "Identity" Panel group.
panels = ('domains', 'projects', 'users', 'groups', 'roles')
#Admin Dashboard
class Admin(horizon.Dashboard):
name = _("Admin")
slug = "admin"
##panel groups of "Admin" dashboard.
panels = (SystemPanels, IdentityPanels)
default_panel = 'overview'
##In havana we can't set multiple role here, only first one will takes.
permissions = ('openstack.roles.admin',)
#Register "Admin" Dashboard
horizon.register(Admin)
2)
Horizon "Project" Dashboard
------------------------------------------------------
vim ./openstack_dashboard/dashboards/project/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/dashboard.py
#Dashboard
class Project(horizon.Dashboard):
name = _("Project")
slug = "project"
##Panel groups of "Project" dashboard.
panels = (
BasePanels,
NetworkPanels,
ObjectStorePanels,
OrchestrationPanels,
DatabasePanels,)
default_panel = 'overview'
supports_tenants = True
#Register "Project" Dashboard
horizon.register(Project)
3)
How to bring "Identity" panel group in "Project" dashboard.
-----------------------------------------------------------
vim ./openstack_dashboard/dashboards/project/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/dashboard.py
##Add new "Identity" panel group
class IdentityPanels(horizon.PanelGroup):
slug = "identity"
name = _("Identity Panel")
##panels of "Identity" panel group
panels = ('domains', 'projects', 'users', 'groups', 'roles')
##Include new "Identity" panel group in "Project" dashboard
class Project(horizon.Dashboard):
name = _("Project")
slug = "project"
panels = (
BasePanels,
NetworkPanels,
ObjectStorePanels,
OrchestrationPanels,
DatabasePanels,
##New "Identity" panel group.
IdentityPanels)
default_panel = 'overview'
supports_tenants = True
#Register "Project" Dashboard
horizon.register(Project)
4)
Base classes of horizon.Dashboard, horizon.PanelGroup and horizon.Panel
------------------------------------------------------------------------
vim ./horizon/base.py
https://github.com/openstack/horizon/blob/master/horizon/base.py
class Dashboard(Registry, HorizonComponent):
5)
"Users" panel of "Identity" panel group.
How to enable/add "Users" panel in "Project" Dashboard.
---------------------------------------------------------
vim ./openstack_dashboard/dashboards/admin/users/panel.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/users/panel.py
from openstack_dashboard.dashboards.admin import dashboard
from openstack_dashboard.dashboards.project import dashboard as project_dashboard
class Users(horizon.Panel):
name = _("Users")
slug = 'users'
##uncomment line "permissions = ('openstack.roles.admin',)",
##If we want to show this panel only for admin user.
##We can also set multiple roles, then that will work like "AND".
#permissions = ('openstack.roles.admin',)
##Register "Users" panel to "Admin" Dashboard
dashboard.Admin.register(Users)
##Register "Users" panel to "Project" Dashboard
project_dashboard.Project.register(Users)
6)
Create new panel "ProjectUsers" for "Project" Dashboard
So we can apply separate permissions for that
---------------------------------------------------------
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/users/panel.py
import horizon
from openstack_dashboard.dashboards.admin import dashboard
from openstack_dashboard.dashboards.project import dashboard as project_dashboard
class Users(horizon.Panel):
name = _("Users")
slug = 'users'
permissions = ('openstack.roles.admin',)
##New panel
class ProjectUsers(horizon.Panel):
name = _("Users")
slug = 'users'
permissions = ('openstack.roles.tenantadmin1', 'openstack.roles.admin')
dashboard.Admin.register(Users)
project_dashboard.Project.register(ProjectUsers)
keystone CLI to assign multiple roles to a user
-------------------------------------------------
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name tenantadmin1
##This command will create a new user and automatically add the role "_member_" to that user.
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-create --name saju5 --tenant 4da17230c6d24b7795d120943cbfd05c --pass saju5 --enabled true
##This command will add a particular role to user
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-role-add --user cf86e3655cc940c3ae0388a0e0a1b2dc --role ff198db3fd7b4c0ca4804e97f9d8ddb3 --tenant 4da17230c6d24b7795d120943cbfd05c
7)
Optional
---------
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name tenantadmin1
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin tenant-list
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin tenant-create --name mytenant
##This command will create a new user and automatically add the role "_member_" to that user.
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-create --name saju5 --tenant 4da17230c6d24b7795d120943cbfd05c --pass saju5 --enabled true
##This command will add a particular role to user
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-role-add --user cf86e3655cc940c3ae0388a0e0a1b2dc --role ff198db3fd7b4c0ca4804e97f9d8ddb3 --tenant 4da17230c6d24b7795d120943cbfd05c
8)
Optional
---------
$ vim /etc/keystone/policy.json
"admin_required": [["role:admin"], ["is_admin:1"], ["role:tenantadmin1"]],
Horizon "Admin" Dashboard and "Identity" Panel Group
------------------------------------------------------
vim ./openstack_dashboard/dashboards/admin/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/dashboard.py
#Identity Panel group
class IdentityPanels(horizon.PanelGroup):
slug = "identity"
name = _("Identity Panel")
##Panels of "Identity" Panel group.
panels = ('domains', 'projects', 'users', 'groups', 'roles')
#Admin Dashboard
class Admin(horizon.Dashboard):
name = _("Admin")
slug = "admin"
##panel groups of "Admin" dashboard.
panels = (SystemPanels, IdentityPanels)
default_panel = 'overview'
##In havana we can't set multiple role here, only first one will takes.
permissions = ('openstack.roles.admin',)
#Register "Admin" Dashboard
horizon.register(Admin)
2)
Horizon "Project" Dashboard
------------------------------------------------------
vim ./openstack_dashboard/dashboards/project/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/dashboard.py
#Dashboard
class Project(horizon.Dashboard):
name = _("Project")
slug = "project"
##Panel groups of "Project" dashboard.
panels = (
BasePanels,
NetworkPanels,
ObjectStorePanels,
OrchestrationPanels,
DatabasePanels,)
default_panel = 'overview'
supports_tenants = True
#Register "Project" Dashboard
horizon.register(Project)
3)
How to bring "Identity" panel group in "Project" dashboard.
-----------------------------------------------------------
vim ./openstack_dashboard/dashboards/project/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/dashboard.py
##Add new "Identity" panel group
class IdentityPanels(horizon.PanelGroup):
slug = "identity"
name = _("Identity Panel")
##panels of "Identity" panel group
panels = ('domains', 'projects', 'users', 'groups', 'roles')
##Include new "Identity" panel group in "Project" dashboard
class Project(horizon.Dashboard):
name = _("Project")
slug = "project"
panels = (
BasePanels,
NetworkPanels,
ObjectStorePanels,
OrchestrationPanels,
DatabasePanels,
##New "Identity" panel group.
IdentityPanels)
default_panel = 'overview'
supports_tenants = True
#Register "Project" Dashboard
horizon.register(Project)
4)
Base classes of horizon.Dashboard, horizon.PanelGroup and horizon.Panel
------------------------------------------------------------------------
vim ./horizon/base.py
https://github.com/openstack/horizon/blob/master/horizon/base.py
class Dashboard(Registry, HorizonComponent):
5)
"Users" panel of "Identity" panel group.
How to enable/add "Users" panel in "Project" Dashboard.
---------------------------------------------------------
vim ./openstack_dashboard/dashboards/admin/users/panel.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/users/panel.py
from openstack_dashboard.dashboards.admin import dashboard
from openstack_dashboard.dashboards.project import dashboard as project_dashboard
class Users(horizon.Panel):
name = _("Users")
slug = 'users'
##uncomment line "permissions = ('openstack.roles.admin',)",
##If we want to show this panel only for admin user.
##We can also set multiple roles, then that will work like "AND".
#permissions = ('openstack.roles.admin',)
##Register "Users" panel to "Admin" Dashboard
dashboard.Admin.register(Users)
##Register "Users" panel to "Project" Dashboard
project_dashboard.Project.register(Users)
6)
Create new panel "ProjectUsers" for "Project" Dashboard
So we can apply separate permissions for that
---------------------------------------------------------
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/users/panel.py
import horizon
from openstack_dashboard.dashboards.admin import dashboard
from openstack_dashboard.dashboards.project import dashboard as project_dashboard
class Users(horizon.Panel):
name = _("Users")
slug = 'users'
permissions = ('openstack.roles.admin',)
##New panel
class ProjectUsers(horizon.Panel):
name = _("Users")
slug = 'users'
permissions = ('openstack.roles.tenantadmin1', 'openstack.roles.admin')
dashboard.Admin.register(Users)
project_dashboard.Project.register(ProjectUsers)
keystone CLI to assign multiple roles to a user
-------------------------------------------------
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name tenantadmin1
##This command will create a new user and automatically add the role "_member_" to that user.
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-create --name saju5 --tenant 4da17230c6d24b7795d120943cbfd05c --pass saju5 --enabled true
##This command will add a particular role to user
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-role-add --user cf86e3655cc940c3ae0388a0e0a1b2dc --role ff198db3fd7b4c0ca4804e97f9d8ddb3 --tenant 4da17230c6d24b7795d120943cbfd05c
7)
Optional
---------
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name tenantadmin1
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin tenant-list
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin tenant-create --name mytenant
##This command will create a new user and automatically add the role "_member_" to that user.
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-create --name saju5 --tenant 4da17230c6d24b7795d120943cbfd05c --pass saju5 --enabled true
##This command will add a particular role to user
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-role-add --user cf86e3655cc940c3ae0388a0e0a1b2dc --role ff198db3fd7b4c0ca4804e97f9d8ddb3 --tenant 4da17230c6d24b7795d120943cbfd05c
8)
Optional
---------
$ vim /etc/keystone/policy.json
"admin_required": [["role:admin"], ["is_admin:1"], ["role:tenantadmin1"]],
No comments:
Post a Comment