Fixed PROD-9967
Change-Id: Ia9f3d9308a73c3040427a2d48203242cd7043a53
diff --git a/README.rst b/README.rst
index ab5e74a..6d5a076 100644
--- a/README.rst
+++ b/README.rst
@@ -1,16 +1,16 @@
-=======
-Horizon
-=======
+===============
+Horizon Formula
+===============
-Horizon is the canonical implementation of OpenStack’s Dashboard, which provides a web based user interface to OpenStack services including Nova, Swift, Keystone, etc.
+Horizon is the canonical implementation of OpenStack’s Dashboard, which
+provides a web based user interface to OpenStack services including Nova,
+Swift, Keystone, etc.
-Sample pillars
+
+Sample Pillars
==============
-Packaged version of horizon
----------------------------
-
Simplest horizon setup
.. code-block:: yaml
@@ -46,6 +46,17 @@
default_dashboard: 'admin'
help_url: 'http://doc.domain.com'
+
+Horizon with enabled SSL security (when SSL is realised by proxy)
+
+.. code-block:: yaml
+
+ horizon:
+ server:
+ enabled: True
+ secure: True
+
+
Horizon package setup with SSL
.. code-block:: yaml
@@ -372,12 +383,14 @@
- saml2
- oidc
-Read more
-=========
+
+More Information
+================
* https://github.com/openstack/horizon
* http://dijks.wordpress.com/2012/07/06/how-to-change-screen-resolution-of-novnc-client-in-openstack-essex-dashboard-nova-horizon/
+
Documentation and Bugs
======================
diff --git a/horizon/files/horizon_settings/_ssl_settings.py b/horizon/files/horizon_settings/_ssl_settings.py
new file mode 100644
index 0000000..c5e03de
--- /dev/null
+++ b/horizon/files/horizon_settings/_ssl_settings.py
@@ -0,0 +1,11 @@
+
+{%- from "horizon/map.jinja" import server with context %}
+
+{%- if server.get('secure', True) %}
+
+USE_SSL = True
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SESSION_COOKIE_HTTPONLY = True
+
+{%- endif %}
\ No newline at end of file
diff --git a/horizon/files/local_settings/mitaka_settings.py b/horizon/files/local_settings/mitaka_settings.py
index 4578e05..9bc89cc 100644
--- a/horizon/files/local_settings/mitaka_settings.py
+++ b/horizon/files/local_settings/mitaka_settings.py
@@ -26,7 +26,8 @@
'angular_modules': [],
'js_files': [],
'js_spec_files': [],
- 'password_autocomplete': 'on'
+ 'disable_password_reveal': True,
+ 'password_autocomplete': 'off'
}
{%- if app.theme is defined or (app.plugin is defined and app.plugin.horizon_theme is defined) %}
{%- if app.theme is defined %}
@@ -64,3 +65,4 @@
{% include "horizon/files/horizon_settings/_neutron_settings.py" %}
{% include "horizon/files/horizon_settings/_heat_settings.py" %}
{% include "horizon/files/horizon_settings/_websso_settings.py" %}
+{% include "horizon/files/horizon_settings/_ssl_settings.py" %}
diff --git a/horizon/files/local_settings/newton_settings.py b/horizon/files/local_settings/newton_settings.py
new file mode 100644
index 0000000..9bc89cc
--- /dev/null
+++ b/horizon/files/local_settings/newton_settings.py
@@ -0,0 +1,68 @@
+import os
+from django.utils.translation import ugettext_lazy as _
+from openstack_dashboard import exceptions
+
+{%- from "horizon/map.jinja" import server with context %}
+
+{%- if server.app is defined %}
+{%- set app = salt['pillar.get']('horizon:server:app:'+app_name) %}
+{%- else %}
+{%- set app = salt['pillar.get']('horizon:server') %}
+{%- endif %}
+
+HORIZON_CONFIG = {
+ 'user_home': 'openstack_dashboard.views.get_user_home',
+ 'ajax_queue_limit': 10,
+ 'auto_fade_alerts': {
+ 'delay': 3000,
+ 'fade_duration': 1500,
+ 'types': ['alert-success', 'alert-info']
+ },
+ 'help_url': "http://docs.openstack.org",
+ 'exceptions': {'recoverable': exceptions.RECOVERABLE,
+ 'not_found': exceptions.NOT_FOUND,
+ 'unauthorized': exceptions.UNAUTHORIZED},
+ 'modal_backdrop': 'static',
+ 'angular_modules': [],
+ 'js_files': [],
+ 'js_spec_files': [],
+ 'disable_password_reveal': True,
+ 'password_autocomplete': 'off'
+}
+{%- if app.theme is defined or (app.plugin is defined and app.plugin.horizon_theme is defined) %}
+{%- if app.theme is defined %}
+CUSTOM_THEME_PATH = 'themes/{{ app.theme }}'
+{%- elif app.plugin.horizon_theme.theme_name is defined %}
+# Enable custom theme if it is present.
+try:
+ from openstack_dashboard.enabled._99_horizon_theme import CUSTOM_THEME_PATH
+except ImportError:
+ pass
+{%- endif %}
+{%- endif %}
+
+INSTALLED_APPS = (
+ 'openstack_dashboard',
+ 'django.contrib.contenttypes',
+ 'django.contrib.auth',
+ 'django.contrib.sessions',
+ 'django.contrib.messages',
+ 'django.contrib.staticfiles',
+ 'django.contrib.humanize',
+ 'compressor',
+ 'horizon',
+ 'openstack_auth',
+ {%- if app.logging is defined %}
+ 'raven.contrib.django.raven_compat',
+ {%- endif %}
+)
+
+{% include "horizon/files/horizon_settings/_local_settings.py" %}
+{% include "horizon/files/horizon_settings/_horizon_settings.py" %}
+{% include "horizon/files/horizon_settings/_keystone_settings.py" %}
+{% include "horizon/files/horizon_settings/_nova_settings.py" %}
+{% include "horizon/files/horizon_settings/_glance_settings.py" %}
+{% include "horizon/files/horizon_settings/_neutron_settings.py" %}
+{% include "horizon/files/horizon_settings/_heat_settings.py" %}
+{% include "horizon/files/horizon_settings/_websso_settings.py" %}
+{% include "horizon/files/horizon_settings/_ssl_settings.py" %}
diff --git a/horizon/files/local_settings/ocata_settings.py b/horizon/files/local_settings/ocata_settings.py
new file mode 100644
index 0000000..9bc89cc
--- /dev/null
+++ b/horizon/files/local_settings/ocata_settings.py
@@ -0,0 +1,68 @@
+import os
+from django.utils.translation import ugettext_lazy as _
+from openstack_dashboard import exceptions
+
+{%- from "horizon/map.jinja" import server with context %}
+
+{%- if server.app is defined %}
+{%- set app = salt['pillar.get']('horizon:server:app:'+app_name) %}
+{%- else %}
+{%- set app = salt['pillar.get']('horizon:server') %}
+{%- endif %}
+
+HORIZON_CONFIG = {
+ 'user_home': 'openstack_dashboard.views.get_user_home',
+ 'ajax_queue_limit': 10,
+ 'auto_fade_alerts': {
+ 'delay': 3000,
+ 'fade_duration': 1500,
+ 'types': ['alert-success', 'alert-info']
+ },
+ 'help_url': "http://docs.openstack.org",
+ 'exceptions': {'recoverable': exceptions.RECOVERABLE,
+ 'not_found': exceptions.NOT_FOUND,
+ 'unauthorized': exceptions.UNAUTHORIZED},
+ 'modal_backdrop': 'static',
+ 'angular_modules': [],
+ 'js_files': [],
+ 'js_spec_files': [],
+ 'disable_password_reveal': True,
+ 'password_autocomplete': 'off'
+}
+{%- if app.theme is defined or (app.plugin is defined and app.plugin.horizon_theme is defined) %}
+{%- if app.theme is defined %}
+CUSTOM_THEME_PATH = 'themes/{{ app.theme }}'
+{%- elif app.plugin.horizon_theme.theme_name is defined %}
+# Enable custom theme if it is present.
+try:
+ from openstack_dashboard.enabled._99_horizon_theme import CUSTOM_THEME_PATH
+except ImportError:
+ pass
+{%- endif %}
+{%- endif %}
+
+INSTALLED_APPS = (
+ 'openstack_dashboard',
+ 'django.contrib.contenttypes',
+ 'django.contrib.auth',
+ 'django.contrib.sessions',
+ 'django.contrib.messages',
+ 'django.contrib.staticfiles',
+ 'django.contrib.humanize',
+ 'compressor',
+ 'horizon',
+ 'openstack_auth',
+ {%- if app.logging is defined %}
+ 'raven.contrib.django.raven_compat',
+ {%- endif %}
+)
+
+{% include "horizon/files/horizon_settings/_local_settings.py" %}
+{% include "horizon/files/horizon_settings/_horizon_settings.py" %}
+{% include "horizon/files/horizon_settings/_keystone_settings.py" %}
+{% include "horizon/files/horizon_settings/_nova_settings.py" %}
+{% include "horizon/files/horizon_settings/_glance_settings.py" %}
+{% include "horizon/files/horizon_settings/_neutron_settings.py" %}
+{% include "horizon/files/horizon_settings/_heat_settings.py" %}
+{% include "horizon/files/horizon_settings/_websso_settings.py" %}
+{% include "horizon/files/horizon_settings/_ssl_settings.py" %}
diff --git a/horizon/server/service.sls b/horizon/server/service.sls
index 86f0c21..c4af2ee 100644
--- a/horizon/server/service.sls
+++ b/horizon/server/service.sls
@@ -18,9 +18,9 @@
- name: {{ server.config }}
- source: salt://horizon/files/local_settings/{{ server.version }}_settings.py
- template: jinja
- - mode: 644
+ - mode: 640
- user: root
- - group: root
+ - group: horizon
- require:
- pkg: horizon_packages