* User menu links can be specified in the settings page
* Defaults to the standard Open RC links (bug and help links are
not modified in this patch)
* Url, name and icon can all be specified
Change-Id: I3cbcfbf06ede18d468d4c611ad6005cb74f1b284
Closes-Bug: 1736048
* topics/policy.rst and settings.rst both contain settings related
to policy engine. All settings are now defined in settings.rst.
* Add contents to maintain policy files. The process after switching
to policy-in-code is covered.
* Add subsections to "How to Utilize RBAC"
Change-Id: I912543ad6bef02e37ba4e2fec27dcdff61f89d23
The keystone API version 3 has become the default API version
for a long time and our CI already uses keystone v3 API only.
In addition, our documentation recommended to use the cached session,
so switching the default API version to 3 does not hit the limitation
on the maximum size of session data when using the cookie-based
sessions.
This is based on django_opensatck_auth review
https://review.openstack.org/#/c/158384/
Implements blueprint: default-keystone-api-3
Change-Id: I79e9fbd3567cc69468694dbf043fecf422347c7e
Based on cinder commit 55b2f349514fce1ffde5fd2244cfc26d7daad6a6
The new file was generated by oslopolicy-sample-generator.
nova uses policy-in-code now, so there is a lot of differences.
Sorted version diff is http://paste.openstack.org/show/628744/
Removed policies are:
backup:backup-export
consistencygroup:create
consistencygroup:create_cgsnapshot
consistencygroup:delete
consistencygroup:delete_cgsnapshot
consistencygroup:get
consistencygroup:get_all
consistencygroup:get_all_cgsnapshots
consistencygroup:get_cgsnapshot
consistencygroup:update
default
volume:get_volume_admin_metadata
volume_extension:replication:promote
volume_extension:replication:reenable
volume_extension:types_extra_specs
Horizon still uses consistency group panel, so the removed policies
related to consistency group are still required.
They are added as cinder_policy.d/consistencygroup.json.
Change-Id: I3292fae2b9d2b368954bfbaa19df391d3860bdfe
This patch adds create and import keypair actions into
Angularized key pair panel as global action.
Also, to load public key from file, this patch uses
load-edit directive.
To use load-edit directive from angular-schema-form,
i.e. from separated scope, this patch enables to configure
callback function to get content of textarea in load-edit.
Change-Id: Ie38bff8fba90de99095b589d70da45dcb202fa56
Imprements: blueprint ng-keypair
Needed-By: I3d6ae0b513120cf50c89b40234b602b816adfd48
Needed-By: I9200baa585c18095656d0459c649391b61b553a2
* Setting 'SHOW_V2_KEYSTONE_RC' added and will control whether
or not user's are able to see links for the V2 rc file on both
the API Access panel and the user menu.
Change-Id: I454fcf578dd8c4d2b9b52c3a9e5426b85e5298b5
According to bug 1737242, tox -e manage collectstatic/compress
can fail with a customized settings file (for example, a setting
which uses db backend for caching). After discussion with the bug
reporter, he develops a theme using a production settings file
and runs into a trouble. It looks better to use python manage.py
directly to avoid further confusion.
Change-Id: If34ba249745a110268cc99213cc404697b03495f
Closes-Bug: #1737242
Now instance panel is sending API calls to Neutron to get the addresses
info about network. It take some time until Nova network info cache is
synced when IP address operation like floating IP association is made
in Neutron. The API calls to Neutron exist from this reason.
However, it retrieves a full list of port, so it can potentially leads
to performance issues in large deployments. This commit adds a setting
flag to control whether API calls to Neutron is used or skipped in
the project instance table.
This commits drops a call of servers_update_addresses() in the admin
instance table. In the admin instance table there is no need to retrieve
IP addresses from neutron because the main purpose of the admin panel is
to see all instances and IP addresses in nova network info cache will be
synced soon.
Closes-Bug: #1722417
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: Ie16784eb6352f70ab644dc8b6ea03fc6a881d3f9
Orchestration tab in the admin info panel needs a discussion.
It seems not to be covered by heat-dashboard yet.
blueprint heat-dashboard-split-out
Change-Id: I56e6edb1f2ac72e2f42d0e9f3291308e67f24cad
The actions in Django roles panel have been implemented in the Angular
version so setting the Angular version as the default.
Change-Id: I1e01b2e93090255d82ef92e51b943b0a715d2e7e
Partially-Implements: blueprint ng-roles
This patch adds angular groups table.
To be added in subsequent patches:
- Actions
- filterFacets
- Integration to Searchlight
To Test
- set 'groups_panel': True in settings.py
- local_settings.py v3 enabled
Co-Authored-By: Cindy Lu <clu@us.ibm.com>
Co-Authored-By: Kenji Ishii <ken-ishii@sx.jp.nec.com>
Co-Authored-By: Shu Muto <shu-mutou@rf.jp.nec.com>
Change-Id: Ifcb3353762ae9d65b73981a4a8d6241273afd16a
Implements: blueprint ng-groups
This patch adds Angularized index view.
Actions and details view will be implemented in subsequent patches.
To use Angularized Key Pairs index view, copy following file:
openstack_dashboard/local/local_settings.d/
_11_toggle_angular_features.py.example
to:
_11_toggle_angular_features.py
and add following line into _11_toggle_angular_features.py:
ANGULAR_FEATURES.update({'key_pairs_panel': True})
Change-Id: Ie1bf555430f77fc6bc95deedb8328caa5a2287aa
Partial-Implements: blueprint ng-keypairs
This commit updates links affected by doc migration.
Note that other links are not touched in this commit.
Fixing other broken links or changing http to https
should be covered by a separate patch.
Also convert http links to docs.openstack.org to https per reviewer
request (though it is not directly related to doc-migration).
Note that this commit does not touch files under releasenotes/notes/.
If we touch release notes in older releases, reno will considers
it as a release note in the current release.
(Pike release notes are clean up in a separate patch.)
Change-Id: Iba9bd465ef08014a4972584cf4da6e7d77961119
If the user is allowed to create public images, the default visibility
option on the create image modal is public unless the setting
image_visibility is set to "private" on local_settings.py.
Closes-bug: #1699144
Change-Id: Ib1fc6c846ba3b7e2ee303749aca797b0e6707f37
Currently themes machinery works in such way that if we rely on
default theme in our branded theme, we have to include them both into
AVAILABLE_THEMES setting, otherwise default theme assets will be
unavailable and the branded theme assets compilation will fail. On
the other hand, mentioning them both leads to theme picker being
shown - which we would like to avoid (per marketing wish).
SELECTABLE_THEMES setting was added to allow limiting the user facing
themes by configuration.
Closes-bug: #1564543
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: Ic00a9201d2d352685b1089a37a25987b75d6636d
* This patch adds support for the virtio-forwarder VNIC type.
* The virtio-forwarder VNIC type has been added as another option for
setting the "binding:vnic_type" property on a port. This requests a
low-latency virtio port inside the instance, likely backed by hardware
acceleration.
* The documentation for OPENSTACK_NEUTRON_NETWORK/supported_vnic_types
has been updated to clarify the term "supported VNIC types".
Unfortunately, the VNIC binding happens at scheduling and error
reporting in core Nova and Neutron is not optimal in this case.
* Corresponding python-openstackclient change:
https://review.openstack.org/#/c/483532/
* Corresponding neutron-lib change:
https://review.openstack.org/#/c/483530/
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
Closes-Bug: 1705548
Depends-On: I28315fb12f62dc7d52d099c211086b2b81eca39a
Change-Id: I02dc3581de8f31c659e545e340cbdf6a1b2bb837
DEFAULT_SERVICE_REGIONS was recently added and documented in Django
OpenStack Auth. In preparation for adding DOA to Horizon, lets add this
to the Horizon doc.
Change-Id: Ic8a6c45eeec555cdb16068630ae693199e40d6f5
doc8 is a linter for documents and used in openstack-manuals.
It is better to enforce document linters for simple checking.
The current rules are really simple like:
- line length check (80 chars)
- new line at the end of file
Change-Id: I3810df521068ffc97e25a5fc56b72397bf9783bc
This commit is primarily a reorganisation fo our settings documentation.
The aim is to move away from the horizon / openstack_dashboard / django
distinction, which makes little sense to non-devs. This will be replaced
by a split between general horizon settings, service-specific settings,
and upstream Django settings. as well as organising the settings in
each section alphabetically. The aim is to promote discoverability of
settings for operators.
This patch also improves visiblity of deprecation, adds missing
tags (versionadded, seealso, deprecated, versionchanged), and
updates content where necessary. Some missing settings were added,
and many settings were also updated to reference other relevant
settings.
Change-Id: Idd496af7d4fe7d242772bb402d22c54c18f05d51
Implements: blueprint pike-docs-overhaul
At now, most django_openstack_auth (DOA) settings are documented
in the horizon documentation. It is better to have documentation
in a same place for better maintenance.
This commit drops openstack_auth specific settings from
the horizon configuration guide.
Also update the wrong name of openstack_auth setting in
local_settings.py. The correct name is TOKEN_DELETION_DISABLED.
Change-Id: Ia5518278c1bc70bb1b3faf44917094de56f344af
On clouds that use domain-specific Identity configuration[1], a user
must provide both their username and domain in order to log into
horizon. Without this patch, users must be aware of their domain's name
and enter it into a text box at login. This is sensible on public
clouds, because supplying potential domains to an unauthenticated user
exposes too much information about other customers and makes potential
attacks easier. On private clouds, however, it is a hinderance to
usability. For example, when migrating from a single-domain
configuration to a multi-domain configuration, users must now guess or
be informed of their domain in order to enter it in the text box. As
another example, when keystone domains are mapped to Active Directory
domains, the user may not be used to having to know their AD domains and
would prefer to select a likely one based on their geographical location
or department from a dropdown menu.
This patch adds the config file examples and documentation for new
config options, "OPENSTACK_KEYSTONE_DOMAIN_DROPDOWN" for enabling a
dropdown menu instead of a textbox when MULTIDOMAIN_SUPPORT is enabled,
and "OPENSTACK_KEYSTONE_DOMAIN_CHOICES" for providing domains to choose
from. The behavior changes corresponding to these new options are
implemented in django_openstack_auth in a corresponding patch.
[1] https://docs.openstack.org/developer/keystone/configuration.html#domain-specific-drivers
Change-Id: I71d64182524d1f54745d9e42347b3a605fa2a920
Depends-On: Ie0a7e36b9975342fab81ddebb87880608d3ef187
The new standard document structure suggests to have a dedicated dir
named configuration/. It will be linked from docs.o.o directly,
so it would be better to follow the guideline.
This commit moves the pages on settings and customization to
a new directory configuration/.
It also splits the pages into meaningful pieces.
Change-Id: I65a3b0b688c8abc176662f86a0dbbfa3b64c4101
