Hi All Ioram has built a complete set of wireframe policy GUI screens for comment. He has uploaded them to InVision
https://openstack.invisionapp.com/share/HQ3QN2123#/screens Please comment on these in InVision regards David On 03/08/2015 21:39, Lin Hua Cheng wrote: > Hi Timur, > > Thanks for bringing this up. > > I think we can borrow some concept from the Mistral Workbook Builder. I > like the ability to add items and seeing the preview on the right side. > We can re-use that part. > > The challenging part would be building a Rule expression builder that > supports the policy semantic [1] [2]. We should start with creating some > mockups. The builder will also be useful even if we don't land the > dynamic policy in L by adding support of loading local policy files for > editing and providing export functionality. > > I imagine there would be a pop-up that will allow user to build the > expression with support for: > 1. Building nested expression using AND OR and () > 2. Auto-complete that lists: > - existing rule definition > - available context variable (like domain_id, user_id, target.token) > > Just throwing some ideas around. > > This is a good opportunity to engage the new UX project they might have > a better idea how the Expression Builder should look like. :) > > Thanks, > Lin > > [1] > https://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L18-L210 > [2] > http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html > > > On Mon, Aug 3, 2015 at 5:10 AM, Timur Sufiev <[email protected] > <mailto:[email protected]>> wrote: > > Hello, folks! > > A word has come to me that on the recent Keystone mid-cycle summit > dynamic policies have been discussed - as well as the lack of means > to edit them in UX-friendly manner. I had my own share of editing > *_policy.json files inside openstack_dashboard/conf and can hardly > state it's easy. At least, when dynamic policies are fully supported > by all OpenStack services we will have no longer to edit the same > files on every controller node in case of HA installations. Still, > the problem of editing a single policy file remains. AFAIK, the > obscurity of policy rules' format had lead may deployers to the > copy-pasting existing rules with minimal changes - when they were > meant to a flexible tool for RBAC definitions. > > But I wouldn't write this letter, if I didn't have some kind of > solution to the task of editing the policies. During my work on > Merlin framework/Mistral Workbook Builder I've achieved some results > that might be useful for a Keystone community. More specifically, > visual structure and type of relations between Workbook entities > appeared to me to be similar to the entities of Keystone policies. > Understanding that some things are better seen in dynamic than in > static screenshots, I'm sharing the address of the VM where the > Workbook builder is deployed inside > Horizon: http://horizon-merlin.mirantis.com/horizon/project/ > Credentials are demo/demo. Some features like saving the workbooks > to db or the rest OpenStack control plane are disabled for security > reasons, leaving only the Workbook Builder UI there. > > I'd like to start the discussion about the extent of reusing Merlin > UI elements for making a dynamic policies editor. > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > [email protected]?subject:unsubscribe > <http://[email protected]?subject:unsubscribe> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
