From d1eb4178565f496950ed5cf3eaff2c1643c4d028 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotjagov Date: Tue, 4 Dec 2018 13:55:59 +0200 Subject: [PATCH] Adds ability to enable domain dropdown list on login page Since Pike it's possible to set domains dropdown on horizon login screen It might be usefull for private clouds, which allow users to see full list of domains, which are present in openstack. As a pros it simplifies login process for the customer, as they may select corresponding domain from dropdown menu instead of regular input. By default it is set to False, as this exposes list of domains for unathorized users, which may not be good thing for public clouds. Change-Id: I049489a552d99278c273feb6ae3cf5a4a7d4b8a1 --- defaults/main.yml | 4 ++++ templates/horizon_local_settings.py.j2 | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index df13f5c4..b871125f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -245,6 +245,10 @@ horizon_keystone_endpoint: "{{ keystone_service_internalurl }}" ## Horizon Multi-Domain Support # these variables should only be changed if horizon_keystone_endpoint is a Keystone v3 API endpoint horizon_keystone_multidomain_support: False +# It is strongly advised NOT to enable dropdown for public clouds, as advertising enabled domains +# to unauthenticated customers irresponsibly exposes private information. +horizon_keystone_multidomain_dropdown: False + horizon_keystone_default_domain: Default ### Set the cacert pem for Keystone if you'd like Horizon to verify it. diff --git a/templates/horizon_local_settings.py.j2 b/templates/horizon_local_settings.py.j2 index 56523d54..3c3360bf 100644 --- a/templates/horizon_local_settings.py.j2 +++ b/templates/horizon_local_settings.py.j2 @@ -76,7 +76,11 @@ OPENSTACK_API_VERSIONS = { # Set this to True if running on multi-domain model. When this is enabled, it # will require user to enter the Domain name in addition to username for login. -OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ horizon_keystone_multidomain_support }} +OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = {{ horizon_keystone_multidomain_support | bool }} + +{% if horizon_keystone_multidomain_support | bool %} +OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN = {{ horizon_keystone_multidomain_dropdown | bool }} +{% endif %} {% if not horizon_keystone_multidomain_support | bool %} # Overrides the default domain used when running on single-domain model