RETIRED, Generic Key Manager interface UI plugin for Horizon

Go to file

Ian Wienand ff824514c2 Replace openstack.org git:// URLs with https:// This is a mechanically generated change to replace openstack.org git:// URLs with https:// equivalents. This is in aid of a planned future move of the git hosting infrastructure to a self-hosted instance of gitea (https://gitea.io), which does not support the git wire protocol at this stage. This update should result in no functional change. For more information see the thread at http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html Change-Id: I2eabc4ea4132d72df2e146c811ccd33b77a314fa		2019-03-24 20:32:44 +00:00
castellan_ui	Add Passphrase Panel	2018-02-27 21:27:32 +00:00
devstack	Add devstack directory	2018-01-16 13:20:14 -05:00
doc	Avoid tox-install.sh	2018-05-30 11:36:04 -04:00
releasenotes	Remove setting of version/release from releasenotes	2017-11-16 20:07:04 +01:00
.gitignore	Delete unused files and clean up cookie cutter files	2017-12-12 11:27:39 -05:00
.gitreview	Added .gitreview	2017-07-11 08:03:45 +00:00
.zuul.yaml	import zuul job settings from project-config	2018-09-04 11:50:05 -04:00
CONTRIBUTING.rst	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
HACKING.rst	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
LICENSE	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
MANIFEST.in	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
README.rst	Update README	2018-06-15 13:18:03 -04:00
babel-django.cfg	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
babel-djangojs.cfg	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
manage.py	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
package.json	Replace openstack.org git:// URLs with https://	2019-03-24 20:32:44 +00:00
requirements.txt	Avoid tox-install.sh	2018-05-30 11:36:04 -04:00
setup.cfg	Delete unused files and clean up cookie cutter files	2017-12-12 11:27:39 -05:00
setup.py	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
test-requirements.txt	Avoid tox-install.sh	2018-05-30 11:36:04 -04:00
test-shim.js	Initial ui cookiecutter commit	2017-08-01 10:46:29 -04:00
tox.ini	Avoid tox-install.sh	2018-05-30 11:36:04 -04:00

README.rst

Castellan UI

Generic Key Manager UI Plugin for Horizon

Free software: Apache license
Source: http://git.openstack.org/cgit/openstack/castellan-ui
Bugs: http://bugs.launchpad.net/castellan-ui

Features

--------------------+------------------+---------------------------+---------------+-----------+--------------+ | | Import from file | Import using direct input | Download | Delete | Generate [1] | ====================+==================+===========================+===============+===========+==============+ | X.509 Certificates | supported [2] | supported [2] | supported [2] | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Private Keys | supported [2] | supported [2] | supported [2] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Public Keys | supported [2] | supported [2] | supported [2] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Symmetric Keys | supported [3] | supported [4] | supported [3] | supported | supported | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Opaque Data | supported [3] | supported [4] | supported [3] | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+ | Passphrases [5] | X | supported | X | supported | N/A | --------------------+------------------+---------------------------+---------------+-----------+--------------+

Key managers typically support generating keys only and do not generate other types of objects. Private and public keys will be generated as a key pair, and symmetric keys can be generated individually.
Supports Privacy-enhanced Electronic Mail (PEM) formatted objects.
Raw bytes represent the object.
Object bytes are represented using hex characters.
Because passphrases are typically not saved to files, passphrases are imported through a form on the web page and are not downloadable, only viewed through the web page.

Enabling in DevStack

Add this repo as an external repository into your local.conf file:

[[local|localrc]]
enable_plugin castellan-ui https://github.com/openstack/castellan-ui

Manual Installation

Begin by cloning the Horizon and Castellan UI repositories:

git clone https://github.com/openstack/horizon
git clone https://github.com/openstack/castellan-ui

Create a virtual environment and install Horizon dependencies:

cd horizon
virtualenv horizon_dev
. horizon_dev/bin/activate
pip install -r requirements.txt

Set up your local_settings.py file:

cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py

Open up the copied local_settings.py file in your preferred text editor. You will want to customize several settings:

OPENSTACK_HOST should be configured with the hostname of your OpenStack server. Verify that the OPENSTACK_KEYSTONE_URL and OPENSTACK_KEYSTONE_DEFAULT_ROLE settings are correct for your environment. (They should be correct unless you modified your OpenStack server to change them.)

Install Castellan UI with all dependencies in your virtual environment:

. horizon_dev/bin/activate
pip install -e ../castellan-ui/

And enable it in Horizon (use full paths instead of relative paths):

ln -s ../castellan-ui/castellan_ui/enabled/_90_project_key_manager_panelgroup.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_91_project_key_manager_x509_certificates_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_92_project_key_manager_private_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_93_project_key_manager_public_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_94_project_key_manager_symmetric_key_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_95_project_key_manager_opaque_data_panel.py openstack_dashboard/local/enabled
ln -s ../castellan-ui/castellan_ui/enabled/_96_project_key_manager_passphrase_panel.py openstack_dashboard/local/enabled

To run horizon with the newly enabled Castellan UI plugin run:

python manage.py runserver -- 0.0.0.0:8080

to have the application start on port 8080 and the horizon dashboard will be available in your browser at http://localhost:8080/

Troubleshooting Tips

If you are using Barbican plugin for Castellan, be sure to note that Barbican requires the 'admin' or 'creator' role be assigned to a user before the user can list or create key manager objects. The error message that appears if this is not the case is as follows:

Could not list objects: Key manager error: Forbidden: Secret(s) retrieval attempt not allowed - please review your user/project privileges

To add the appropriate role for a non-admin user, use the following command (as an admin) :

openstack role add --user <username> --project <project name> creator