Import FWaaS policy file from Horizon
This import covers FWaaS v1 only. Change-Id: Iec579212ef0cc16b9de3d5cb54399f77f4888dff
This commit is contained in:
parent
0158596aea
commit
2ca7971f90
|
@ -24,6 +24,38 @@ function configure_neutron_fwaas_dashboard {
|
|||
(cd $FWAAS_DASHBOARD_DIR/neutron_fwaas_dashboard; \
|
||||
DJANGO_SETTINGS_MODULE=openstack_dashboard.settings ../manage.py compilemessages)
|
||||
fi
|
||||
# Add policy file for FWaaS
|
||||
_set_policy_file $DEST/horizon/openstack_dashboard/local/local_settings.py \
|
||||
neutron-fwaas $FWAAS_DASHBOARD_DIR/etc/neutron-fwaas-policy.json
|
||||
}
|
||||
|
||||
function _ensure_policy_file {
|
||||
local file=$1
|
||||
|
||||
# Look for POLICY_FILES dict.
|
||||
start=$(grep -nE '^\s*POLICY_FILES\s*=\s*' $file | cut -d : -f 1)
|
||||
if [ ! -n "$start" ]; then
|
||||
# If POLICY_FILES is not found, define it.
|
||||
cat <<EOF >> $file
|
||||
POLICY_FILES = {
|
||||
'identity': 'keystone_policy.json',
|
||||
'compute': 'nova_policy.json',
|
||||
'volume': 'cinder_policy.json',
|
||||
'image': 'glance_policy.json',
|
||||
'orchestration': 'heat_policy.json',
|
||||
'network': 'neutron_policy.json',
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
}
|
||||
|
||||
function _set_policy_file {
|
||||
local file=$1
|
||||
local policy_name=$2
|
||||
local policy_file=$3
|
||||
|
||||
_ensure_policy_file $file
|
||||
echo "POLICY_FILES['$policy_name'] = '$policy_file'" >> $file
|
||||
}
|
||||
|
||||
# check for service enabled
|
||||
|
|
|
@ -60,6 +60,24 @@ Enable the horizon plugin.
|
|||
<https://docs.openstack.org/developer/horizon/install/settings.html#pluggable-settings>`__
|
||||
in the horizon documentation.
|
||||
|
||||
Configure the policy file for Neutron FWaaS dashboard
|
||||
in OpenStack Dashboard ``local_settings.py``.
|
||||
``<fwaas-dashboard-config-dir>`` is a directory which contains
|
||||
configurations for Neutron FWaaS dashboard and the locaiton varies
|
||||
across distributions or deployments.
|
||||
|
||||
.. code-block:: python
|
||||
|
||||
POLICY_FILES['neutron-fwaas'] = '<fwaas-dashboard-config-dir>/etc/neutron-fwaas-policy.json'
|
||||
|
||||
.. note::
|
||||
|
||||
If you do not configure ``POLICY_FILES`` in your ``local_settings.py``,
|
||||
you also need to define the default ``POLICY_FILES`` in
|
||||
``local_settings.py``. If you use the example ``local_settings.py`` file
|
||||
from horizon, what you need is to uncomment ``POLICY_FILES`` (which contains
|
||||
the default values).
|
||||
|
||||
Compile the message catalogs of Neutron VPNaaS dashboard.
|
||||
|
||||
.. code-block:: console
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
{
|
||||
"context_is_admin": "role:admin",
|
||||
"owner": "tenant_id:%(tenant_id)s",
|
||||
"admin_or_owner": "rule:context_is_admin or rule:owner",
|
||||
"admin_only": "rule:context_is_admin",
|
||||
"shared_firewalls": "field:firewalls:shared=True",
|
||||
"shared_firewall_policies": "field:firewall_policies:shared=True",
|
||||
"default": "rule:admin_or_owner",
|
||||
|
||||
"create_firewall": "",
|
||||
"get_firewall": "rule:admin_or_owner",
|
||||
"create_firewall:shared": "rule:admin_only",
|
||||
"get_firewall:shared": "rule:admin_only",
|
||||
"update_firewall": "rule:admin_or_owner",
|
||||
"update_firewall:shared": "rule:admin_only",
|
||||
"delete_firewall": "rule:admin_or_owner",
|
||||
|
||||
"create_firewall_policy": "",
|
||||
"get_firewall_policy": "rule:admin_or_owner or rule:shared_firewall_policies",
|
||||
"create_firewall_policy:shared": "rule:admin_or_owner",
|
||||
"update_firewall_policy": "rule:admin_or_owner",
|
||||
"delete_firewall_policy": "rule:admin_or_owner",
|
||||
|
||||
"insert_rule": "rule:admin_or_owner",
|
||||
"remove_rule": "rule:admin_or_owner",
|
||||
|
||||
"create_firewall_rule": "",
|
||||
"get_firewall_rule": "rule:admin_or_owner or rule:shared_firewalls",
|
||||
"update_firewall_rule": "rule:admin_or_owner",
|
||||
"delete_firewall_rule": "rule:admin_or_owner"
|
||||
}
|
|
@ -36,7 +36,7 @@ class AddRuleLink(tables.LinkAction):
|
|||
url = "horizon:project:firewalls:addrule"
|
||||
classes = ("ajax-modal",)
|
||||
icon = "plus"
|
||||
policy_rules = (("network", "create_firewall_rule"),)
|
||||
policy_rules = (("neutron-fwaas", "create_firewall_rule"),)
|
||||
|
||||
|
||||
class AddPolicyLink(tables.LinkAction):
|
||||
|
@ -45,7 +45,7 @@ class AddPolicyLink(tables.LinkAction):
|
|||
url = "horizon:project:firewalls:addpolicy"
|
||||
classes = ("ajax-modal", "btn-addpolicy",)
|
||||
icon = "plus"
|
||||
policy_rules = (("network", "create_firewall_policy"),)
|
||||
policy_rules = (("neutron-fwaas", "create_firewall_policy"),)
|
||||
|
||||
|
||||
class AddFirewallLink(tables.LinkAction):
|
||||
|
@ -54,12 +54,12 @@ class AddFirewallLink(tables.LinkAction):
|
|||
url = "horizon:project:firewalls:addfirewall"
|
||||
classes = ("ajax-modal",)
|
||||
icon = "plus"
|
||||
policy_rules = (("network", "create_firewall"),)
|
||||
policy_rules = (("neutron-fwaas", "create_firewall"),)
|
||||
|
||||
|
||||
class DeleteRuleLink(policy.PolicyTargetMixin, tables.DeleteAction):
|
||||
name = "deleterule"
|
||||
policy_rules = (("network", "delete_firewall_rule"),)
|
||||
policy_rules = (("neutron-fwaas", "delete_firewall_rule"),)
|
||||
|
||||
@staticmethod
|
||||
def action_present(count):
|
||||
|
@ -91,7 +91,7 @@ class DeleteRuleLink(policy.PolicyTargetMixin, tables.DeleteAction):
|
|||
|
||||
class DeletePolicyLink(policy.PolicyTargetMixin, tables.DeleteAction):
|
||||
name = "deletepolicy"
|
||||
policy_rules = (("network", "delete_firewall_policy"),)
|
||||
policy_rules = (("neutron-fwaas", "delete_firewall_policy"),)
|
||||
|
||||
@staticmethod
|
||||
def action_present(count):
|
||||
|
@ -119,7 +119,7 @@ class DeletePolicyLink(policy.PolicyTargetMixin, tables.DeleteAction):
|
|||
class DeleteFirewallLink(policy.PolicyTargetMixin,
|
||||
tables.DeleteAction):
|
||||
name = "deletefirewall"
|
||||
policy_rules = (("network", "delete_firewall"),)
|
||||
policy_rules = (("neutron-fwaas", "delete_firewall"),)
|
||||
|
||||
@staticmethod
|
||||
def action_present(count):
|
||||
|
@ -148,7 +148,7 @@ class UpdateRuleLink(policy.PolicyTargetMixin, tables.LinkAction):
|
|||
name = "updaterule"
|
||||
verbose_name = _("Edit Rule")
|
||||
classes = ("ajax-modal", "btn-update",)
|
||||
policy_rules = (("network", "update_firewall_rule"),)
|
||||
policy_rules = (("neutron-fwaas", "update_firewall_rule"),)
|
||||
|
||||
def get_link_url(self, rule):
|
||||
base_url = reverse("horizon:project:firewalls:updaterule",
|
||||
|
@ -160,7 +160,7 @@ class UpdatePolicyLink(policy.PolicyTargetMixin, tables.LinkAction):
|
|||
name = "updatepolicy"
|
||||
verbose_name = _("Edit Policy")
|
||||
classes = ("ajax-modal", "btn-update",)
|
||||
policy_rules = (("network", "update_firewall_policy"),)
|
||||
policy_rules = (("neutron-fwaas", "update_firewall_policy"),)
|
||||
|
||||
def get_link_url(self, policy):
|
||||
base_url = reverse("horizon:project:firewalls:updatepolicy",
|
||||
|
@ -172,7 +172,7 @@ class UpdateFirewallLink(policy.PolicyTargetMixin, tables.LinkAction):
|
|||
name = "updatefirewall"
|
||||
verbose_name = _("Edit Firewall")
|
||||
classes = ("ajax-modal", "btn-update",)
|
||||
policy_rules = (("network", "update_firewall"),)
|
||||
policy_rules = (("neutron-fwaas", "update_firewall"),)
|
||||
|
||||
def get_link_url(self, firewall):
|
||||
base_url = reverse("horizon:project:firewalls:updatefirewall",
|
||||
|
@ -192,8 +192,8 @@ class InsertRuleToPolicyLink(policy.PolicyTargetMixin,
|
|||
name = "insertrule"
|
||||
verbose_name = _("Insert Rule")
|
||||
classes = ("ajax-modal", "btn-update",)
|
||||
policy_rules = (("network", "get_firewall_policy"),
|
||||
("network", "insert_rule"),)
|
||||
policy_rules = (("neutron-fwaas", "get_firewall_policy"),
|
||||
("neutron-fwaas", "insert_rule"),)
|
||||
|
||||
def get_link_url(self, policy):
|
||||
base_url = reverse("horizon:project:firewalls:insertrule",
|
||||
|
@ -206,8 +206,8 @@ class RemoveRuleFromPolicyLink(policy.PolicyTargetMixin,
|
|||
name = "removerule"
|
||||
verbose_name = _("Remove Rule")
|
||||
classes = ("ajax-modal",)
|
||||
policy_rules = (("network", "get_firewall_policy"),
|
||||
("network", "remove_rule"),)
|
||||
policy_rules = (("neutron-fwaas", "get_firewall_policy"),
|
||||
("neutron-fwaas", "remove_rule"),)
|
||||
action_type = "danger"
|
||||
|
||||
def get_link_url(self, policy):
|
||||
|
@ -226,8 +226,8 @@ class AddRouterToFirewallLink(policy.PolicyTargetMixin,
|
|||
name = "addrouter"
|
||||
verbose_name = _("Add Router")
|
||||
classes = ("ajax-modal", "btn-update",)
|
||||
policy_rules = (("network", "get_firewall"),
|
||||
("network", "add_router"),)
|
||||
policy_rules = (("neutron-fwaas", "get_firewall"),
|
||||
("neutron-fwaas", "add_router"),)
|
||||
|
||||
def get_link_url(self, firewall):
|
||||
base_url = reverse("horizon:project:firewalls:addrouter",
|
||||
|
@ -249,8 +249,8 @@ class RemoveRouterFromFirewallLink(policy.PolicyTargetMixin,
|
|||
name = "removerouter"
|
||||
verbose_name = _("Remove Router")
|
||||
classes = ("ajax-modal", "btn-update",)
|
||||
policy_rules = (("network", "get_firewall"),
|
||||
("network", "remove_router"),)
|
||||
policy_rules = (("neutron-fwaas", "get_firewall"),
|
||||
("neutron-fwaas", "remove_router"),)
|
||||
|
||||
def get_link_url(self, firewall):
|
||||
base_url = reverse("horizon:project:firewalls:removerouter",
|
||||
|
|
Loading…
Reference in New Issue