Monday, May 26, 2014

OpenStack Horizon Dashboard How to enable IdentityPanels group and Users Panel to Project Dashboard

1)
Horizon "Admin" Dashboard and "Identity" Panel Group
------------------------------------------------------

vim ./openstack_dashboard/dashboards/admin/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/dashboard.py

#Identity Panel group
class IdentityPanels(horizon.PanelGroup): 
    slug = "identity"
    name = _("Identity Panel")
    ##Panels of "Identity" Panel group.
    panels = ('domains', 'projects', 'users', 'groups', 'roles')


#Admin Dashboard
class Admin(horizon.Dashboard):
    name = _("Admin")
    slug = "admin"

    ##panel groups of "Admin" dashboard.
    panels = (SystemPanels, IdentityPanels)
    default_panel = 'overview'
    ##In havana we can't set multiple role here, only first one will takes.
    permissions = ('openstack.roles.admin',)

#Register "Admin" Dashboard
horizon.register(Admin)




2)
Horizon "Project" Dashboard
------------------------------------------------------

vim ./openstack_dashboard/dashboards/project/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/dashboard.py

#Dashboard
class Project(horizon.Dashboard):
    name = _("Project")
    slug = "project"

    ##Panel groups of "Project" dashboard.
    panels = (
        BasePanels,
        NetworkPanels,
        ObjectStorePanels,
        OrchestrationPanels,
        DatabasePanels,)
    default_panel = 'overview'
    supports_tenants = True


#Register "Project" Dashboard
horizon.register(Project)



3)
How to bring "Identity" panel group in "Project" dashboard.
-----------------------------------------------------------


vim ./openstack_dashboard/dashboards/project/dashboard.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/dashboard.py

##Add new "Identity" panel group
class IdentityPanels(horizon.PanelGroup):
    slug = "identity"
    name = _("Identity Panel")

    ##panels of "Identity" panel group
    panels = ('domains', 'projects', 'users', 'groups', 'roles')

##Include new "Identity" panel group in "Project" dashboard
class Project(horizon.Dashboard):
    name = _("Project")
    slug = "project"
    panels = (
        BasePanels,
        NetworkPanels,
        ObjectStorePanels,
        OrchestrationPanels,
        DatabasePanels,
        ##New "Identity" panel group.
        IdentityPanels)
    default_panel = 'overview'
    supports_tenants = True


#Register "Project" Dashboard
horizon.register(Project)

4)
Base classes of horizon.Dashboard, horizon.PanelGroup and horizon.Panel
------------------------------------------------------------------------

vim ./horizon/base.py
https://github.com/openstack/horizon/blob/master/horizon/base.py
 

class Dashboard(Registry, HorizonComponent):

5)
"Users" panel of "Identity" panel group.
How to enable/add "Users" panel in "Project" Dashboard.
---------------------------------------------------------

vim ./openstack_dashboard/dashboards/admin/users/panel.py
https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/users/panel.py

from openstack_dashboard.dashboards.admin import dashboard
from openstack_dashboard.dashboards.project import dashboard as project_dashboard

class Users(horizon.Panel):
    name = _("Users")
    slug = 'users'

    ##uncomment line "permissions = ('openstack.roles.admin',)",
    ##If we want to show this panel only for admin user.
    ##We can also set multiple roles, then that will work like "AND".
    #permissions = ('openstack.roles.admin',)

##Register "Users" panel to "Admin" Dashboard
dashboard.Admin.register(Users)
##Register "Users" panel to "Project" Dashboard
project_dashboard.Project.register(Users)




6)
Create new panel "ProjectUsers" for "Project" Dashboard
So we can apply separate permissions for that
---------------------------------------------------------


https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/admin/users/panel.py

import horizon

from openstack_dashboard.dashboards.admin import dashboard
from openstack_dashboard.dashboards.project import dashboard as project_dashboard

class Users(horizon.Panel):
    name = _("Users")
    slug = 'users'
    permissions = ('openstack.roles.admin',)


##New panel

class ProjectUsers(horizon.Panel):
    name = _("Users")
    slug = 'users'
    permissions = ('openstack.roles.tenantadmin1', 'openstack.roles.admin')


dashboard.Admin.register(Users)
project_dashboard.Project.register(ProjectUsers)


keystone CLI to assign multiple roles to a user
-------------------------------------------------


#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name tenantadmin1

##This command will create a new user and automatically add the role "_member_" to that user.
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-create --name saju5 --tenant 4da17230c6d24b7795d120943cbfd05c --pass saju5 --enabled true

##This command will add a particular role to user
#keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-role-add --user cf86e3655cc940c3ae0388a0e0a1b2dc --role ff198db3fd7b4c0ca4804e97f9d8ddb3 --tenant 4da17230c6d24b7795d120943cbfd05c

7)
Optional
---------

keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-create --name tenantadmin1

keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin role-list

keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin tenant-list

keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin tenant-create --name mytenant

##This command will create a new user and automatically add the role "_member_" to that user.
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-create --name saju5 --tenant 4da17230c6d24b7795d120943cbfd05c --pass saju5 --enabled true

##This command will add a particular role to user
keystone --os-username admin --os-password nova --os-auth-url http://localhost:5000/v2.0/ --os-tenant-name admin user-role-add --user cf86e3655cc940c3ae0388a0e0a1b2dc --role ff198db3fd7b4c0ca4804e97f9d8ddb3 --tenant 4da17230c6d24b7795d120943cbfd05c

8)
Optional
---------

$ vim /etc/keystone/policy.json
 "admin_required": [["role:admin"], ["is_admin:1"], ["role:tenantadmin1"]],


No comments:

Post a Comment