Hi Timur, Thanks for bringing this up.
I think we can borrow some concept from the Mistral Workbook Builder. I like the ability to add items and seeing the preview on the right side. We can re-use that part. The challenging part would be building a Rule expression builder that supports the policy semantic [1] [2]. We should start with creating some mockups. The builder will also be useful even if we don't land the dynamic policy in L by adding support of loading local policy files for editing and providing export functionality. I imagine there would be a pop-up that will allow user to build the expression with support for: 1. Building nested expression using AND OR and () 2. Auto-complete that lists: - existing rule definition - available context variable (like domain_id, user_id, target.token) Just throwing some ideas around. This is a good opportunity to engage the new UX project they might have a better idea how the Expression Builder should look like. :) Thanks, Lin [1] https://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L18-L210 [2] http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html On Mon, Aug 3, 2015 at 5:10 AM, Timur Sufiev <tsuf...@mirantis.com> wrote: > Hello, folks! > > A word has come to me that on the recent Keystone mid-cycle summit dynamic > policies have been discussed - as well as the lack of means to edit them in > UX-friendly manner. I had my own share of editing *_policy.json files > inside openstack_dashboard/conf and can hardly state it's easy. At least, > when dynamic policies are fully supported by all OpenStack services we will > have no longer to edit the same files on every controller node in case of > HA installations. Still, the problem of editing a single policy file > remains. AFAIK, the obscurity of policy rules' format had lead may > deployers to the copy-pasting existing rules with minimal changes - when > they were meant to a flexible tool for RBAC definitions. > > But I wouldn't write this letter, if I didn't have some kind of solution > to the task of editing the policies. During my work on Merlin > framework/Mistral Workbook Builder I've achieved some results that might be > useful for a Keystone community. More specifically, visual structure and > type of relations between Workbook entities appeared to me to be similar to > the entities of Keystone policies. Understanding that some things are > better seen in dynamic than in static screenshots, I'm sharing the address > of the VM where the Workbook builder is deployed inside Horizon: > http://horizon-merlin.mirantis.com/horizon/project/ Credentials are > demo/demo. Some features like saving the workbooks to db or the rest > OpenStack control plane are disabled for security reasons, leaving only the > Workbook Builder UI there. > > I'd like to start the discussion about the extent of reusing Merlin UI > elements for making a dynamic policies editor. > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev