aboutsummaryrefslogtreecommitdiffstats
path: root/moon_gui/README.md
blob: ea46b079838991dfff5d79be151b4f1ecf0d07d1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# GUI for the Moon project
This directory contains all the code for the Moon project
It is designed to provide a running GUI of the Moon platform instance.

## Usage
- Prerequist
  - `sudo apt-get install nodejs nodejs-legacy`
  - `sudo npm install --global gulp-cli`
- Install all packages 
  - `cd  $MOON_HOME/moon_gui`
  - `sudo npm install`
- Run the GUI
  - `gulp webServerDelivery`
  - Open your web browser

## Configuration
- build the delivery package: `gulp delivery`
- launch the Web Server: `gulp webServerDelivery`

## Development
- during the development it is possible to use following commands: `gulp build`
- launch a Web Server: `gulp webServer`
- Gulp webServer will refresh the browser when a file related to the application changed
- it is possible to change some constants (API endpoints): `$MOON_HOME/moon_gui/static/app/moon.constants.js`

## CORS
The GUI need to connect itself to Keystone and Moon.
Opening CORS to the GUI WebServer is required.
- modify Keystone: `$MOON_HOME/tools/moon_keystone/run.sh`
- modify Moon: `$MOON_HOME/moon_interface/interface/http_server.py`
 
## Usage
After authentication, you will see 4 tabs: Project, Models, Policies, PDP:

* *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point)
* *Models*: configure templates of policies (for example RBAC or MLS)
* *Policies*: applied models or instantiated models ; 
on one policy, you map a authorisation model and set subject, objects and action that will
rely on that model
* *PDP*: Policy Decision Point, this is the link between Policies and Keystone Project

In the following paragraphs, we will add a new user in OpenStack and allow her to list 
all VM on the OpenStack platform.

First, add a new user and a new project in the OpenStack platform:

      openstack user create --password-prompt demo_user
      openstack project create demo
      DEMO_USER=$(openstack user list | grep demo_user | cut -d " " -f 2)
      DEMO_PROJECT=$(openstack project list | grep demo | cut -d " " -f 2)
      openstack role add --user $DEMO_USER --project $DEMO_PROJECT admin
      
You have to add the same user in the Moon interface:

1. go to the `Projects` tab in the Moon interface
1. go to the line corresponding to the new project and click to the `Map to a PDP` link
1. select in the combobox the MLS PDP and click `OK`
1. in the Moon interface, go to the `Policy` tab
1. go to the line corresponding to the MLS policy and click on the `actions->edit` button
1. scroll to the `Perimeters` line and click on the `show` link to show the perimeter configuration
1. go to the `Add a subject` line and click on `Add a new perimeter`
1. set the name of that subject to `demo_user` (*the name must be strictly identical*)
1. in the combobox named `Policy list` select the `MLS` policy and click on the `+` button
1. click on the yellow `Add Perimeter` button
1. go to the `Assignment` line and click on the `show` button
1. under the `Add a Assignments Subject` select the MLS policy, 
the new user (`demo_user`), the category `subject_category_level` 
1. in the `Select a Data` line, choose the `High` scope and click on the `+` link 
1. click on the yellow `Create Assignments` button 
1. if you go to the OpenStack platform, the `demo_user` is now allow to connect 
to the Nova component (test with `openstack server list` connected with the `demo_user`)
pan>(): def func(a): try: if issubclass(a[1], Base): return True except TypeError: pass return False subclses = filter(func, inspect.getmembers(models, inspect.isclass)) LOG.debug('Import models: %s', [a[1] for a in subclses]) Base.metadata.create_all(bind=engine) def app_wrapper(*args, **kwargs): init_db() return app(*args, **kwargs) def get_endpoint(url): ip = socket.gethostbyname(socket.gethostname()) return urljoin('http://{}:{}'.format(ip, consts.API_PORT), url) for u in urlpatterns: try: api.add_resource(get_resource(u.target), u.url, endpoint=get_endpoint(u.url)) except StopIteration: LOG.error('url resource not found: %s', u.url) if __name__ == '__main__': _init_logging() LOG.setLevel(logging.DEBUG) LOG.info('Starting server') init_db() app.run(host='0.0.0.0')