1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
# GUI for the Moon project
This directory contains all the code for the Moon project
It is designed to provide a running GUI of the Moon platform instance.
## Usage
- Prerequist
- `sudo apt-get install nodejs nodejs-legacy`
- `sudo npm install --global gulp-cli`
- Install all packages
- `cd $MOON_HOME/moon_gui`
- `sudo npm install`
- Run the GUI
- `gulp webServerDelivery`
- Open your web browser
## Configuration
- build the delivery package: `gulp delivery`
- launch the Web Server: `gulp webServerDelivery`
## Development
- during the development it is possible to use following commands: `gulp build`
- launch a Web Server: `gulp webServer`
- Gulp webServer will refresh the browser when a file related to the application changed
- it is possible to change some constants (API endpoints): `$MOON_HOME/moon_gui/static/app/moon.constants.js`
## CORS
The GUI need to connect itself to Keystone and Moon.
Opening CORS to the GUI WebServer is required.
- modify Keystone: `$MOON_HOME/tools/moon_keystone/run.sh`
- modify Moon: `$MOON_HOME/moon_interface/interface/http_server.py`
## Usage
After authentication, you will see 4 tabs: Project, Models, Policies, PDP:
* *Projects*: configure mapping between Keystone projects and PDP (Policy Decision Point)
* *Models*: configure templates of policies (for example RBAC or MLS)
* *Policies*: applied models or instantiated models ;
on one policy, you map a authorisation model and set subject, objects and action that will
rely on that model
* *PDP*: Policy Decision Point, this is the link between Policies and Keystone Project
In the following paragraphs, we will add a new user in OpenStack and allow her to list
all VM on the OpenStack platform.
First, add a new user and a new project in the OpenStack platform:
openstack user create --password-prompt demo_user
openstack project create demo
DEMO_USER=$(openstack user list | grep demo_user | cut -d " " -f 2)
DEMO_PROJECT=$(openstack project list | grep demo | cut -d " " -f 2)
openstack role add --user $DEMO_USER --project $DEMO_PROJECT admin
You have to add the same user in the Moon interface:
1. go to the `Projects` tab in the Moon interface
1. go to the line corresponding to the new project and click to the `Map to a PDP` link
1. select in the combobox the MLS PDP and click `OK`
1. in the Moon interface, go to the `Policy` tab
1. go to the line corresponding to the MLS policy and click on the `actions->edit` button
1. scroll to the `Perimeters` line and click on the `show` link to show the perimeter configuration
1. go to the `Add a subject` line and click on `Add a new perimeter`
1. set the name of that subject to `demo_user` (*the name must be strictly identical*)
1. in the combobox named `Policy list` select the `MLS` policy and click on the `+` button
1. click on the yellow `Add Perimeter` button
1. go to the `Assignment` line and click on the `show` button
1. under the `Add a Assignments Subject` select the MLS policy,
the new user (`demo_user`), the category `subject_category_level`
1. in the `Select a Data` line, choose the `High` scope and click on the `+` link
1. click on the yellow `Create Assignments` button
1. if you go to the OpenStack platform, the `demo_user` is now allow to connect
to the Nova component (test with `openstack server list` connected with the `demo_user`)
|
