VM-Operator/webpages/vm-operator/webgui.md

---
title: "VM-Operator: Web-GUI — Provides easy access to VM management"
layout: vm-operator
---

# The Web-GUI

The manager component provides a GUI via a web server. The web GUI is
implemented using components from the
[JGrapes WebConsole](https://jgrapes.org/WebConsole.html)
project. Configuration of the GUI therefore follows the conventions
of that framework.

The structure of the configuration information should be easy to 
understand from the examples provided. In general, configuration values
are applied to the individual components that make up an application.
The hierarchy of the components is reflected in the configuration
information because components are "addressed" by their position in
that hierarchy. (See
[the package description](latest-release/javadoc/org/jdrupes/vmoperator/manager/package-summary.html)
for information about the complete component structure.)

## Network access

By default, the service is made available at port 8080 of the manager 
pod. Of course, a kubernetes service and an ingress configuration must
be added as required by the environment. (See the 
[definition](https://github.com/mnlipp/VM-Operator/blob/main/deploy/vmop-service.yaml)
from the
[sample deployment](https://github.com/mnlipp/VM-Operator/tree/main/deploy)).

## User Access

Access to the web GUI is controlled by the login conlet. The framework
does not include sophisticated components for user management. Rather,
it assumes that an OIDC provider is responsible for user authentication
and role management.

```yaml
"/Manager":
  # "/GuiSocketServer":
  #   port: 8080
  "/GuiHttpServer":
    # This configures the GUI
    "/ConsoleWeblet":
      "/WebConsole":
        "/LoginConlet":
          # Starting with version 2.3.0 the preferred approach is to
          # configure an OIDC provider for user management and
          # authorization. See the text for details.
          oidcProviders: {}
          
          # Support for "local" users is provided as a fallback mechanism.
          # Note that up to Version 2.2.x "users" was an object with user names
          # as its properties. Starting with 2.3.0 it is a list as shown.
          users:
            - name: admin
              fullName: Administrator
              password: "Generate hash with bcrypt"
            - name: test
              fullName: Test Account
              password: "Generate hash with bcrypt"
              
        # Required for using OIDC, see the text for details.
        "/OidcClient":
          redirectUri: https://my.server.here/oauth/callback"
          
        # May be used for assigning roles to both local users and users from
        # the OIDC provider. Not needed if roles are managed by the OIDC provider.
        "/RoleConfigurator":
          rolesByUser:
            # User admin has role admin
            admin:
            - admin
            # Non-privileged users are users
            test:
            - user
            # All users have role other
            "*":
            - other
          replace: false
          
        # Manages the permissions for the roles.
        "/RoleConletFilter":
          conletTypesByRole:
            # Admins can use all conlets
            admin:
            - "*"
            # Users can use the viewer conlet
            user:
            - org.jdrupes.vmoperator.vmviewer.VmViewer
            # Others cannot use any conlet (except login conlet to log out)
            other:
            # Up to version 2.2.x
            # - org.jgrapes.webconlet.locallogin.LoginConlet
            # Starting with version 2.3.0
            - org.jgrapes.webconlet.oidclogin.LoginConlet
```

How local users can be configured should be obvious from the example.
The configuration of OIDC providers for user authentication (and 
optionally for role assignment) is explained in the documentation of the 
[login conlet](https://jgrapes.org/javadoc-webconsole/org/jgrapes/webconlet/oidclogin/LoginConlet.html).
Details about the `RoleConfigurator` and `RoleConletFilter` can also be found
in the documentation of the
[JGrapes WebConsole](https://jgrapes.org/WebConsole.html)
project.

The configuration above allows all users with role "admin" to use all
GUI components and users with role "user" to only use the viewer conlet,
i.e. the [User view](user-gui.html). The fallback role "other" allows
all users to use the login conlet to log out.

## Views

The configuration of the components that provide the manager and 
users views is explained in the respective sections.
Move pages. 2024-06-20 20:41:33 +02:00			`---`
Fix syntax. 2024-07-09 17:19:15 +02:00			`title: "VM-Operator: Web-GUI — Provides easy access to VM management"`
Move pages. 2024-06-20 20:41:33 +02:00			`layout: vm-operator`
			`---`

			`# The Web-GUI`

			`The manager component provides a GUI via a web server. The web GUI is`
			`implemented using components from the`
			`[JGrapes WebConsole](https://jgrapes.org/WebConsole.html)`
			`project. Configuration of the GUI therefore follows the conventions`
			`of that framework.`

			`The structure of the configuration information should be easy to`
			`understand from the examples provided. In general, configuration values`
			`are applied to the individual components that make up an application.`
			`The hierarchy of the components is reflected in the configuration`
			`information because components are "addressed" by their position in`
			`that hierarchy. (See`
			`[the package description](latest-release/javadoc/org/jdrupes/vmoperator/manager/package-summary.html)`
			`for information about the complete component structure.)`

			`## Network access`

			`By default, the service is made available at port 8080 of the manager`
			`pod. Of course, a kubernetes service and an ingress configuration must`
			`be added as required by the environment. (See the`
			`[definition](https://github.com/mnlipp/VM-Operator/blob/main/deploy/vmop-service.yaml)`
			`from the`
			`[sample deployment](https://github.com/mnlipp/VM-Operator/tree/main/deploy)).`

			`## User Access`

			`Access to the web GUI is controlled by the login conlet. The framework`
			`does not include sophisticated components for user management. Rather,`
			`it assumes that an OIDC provider is responsible for user authentication`
			`and role management.`

			```yaml
			`"/Manager":`
			`# "/GuiSocketServer":`
			`# port: 8080`
			`"/GuiHttpServer":`
			`# This configures the GUI`
			`"/ConsoleWeblet":`
			`"/WebConsole":`
			`"/LoginConlet":`
			`# Starting with version 2.3.0 the preferred approach is to`
			`# configure an OIDC provider for user management and`
			`# authorization. See the text for details.`
			`oidcProviders: {}`

			`# Support for "local" users is provided as a fallback mechanism.`
			`# Note that up to Version 2.2.x "users" was an object with user names`
			`# as its properties. Starting with 2.3.0 it is a list as shown.`
			`users:`
			`- name: admin`
			`fullName: Administrator`
			`password: "Generate hash with bcrypt"`
			`- name: test`
			`fullName: Test Account`
			`password: "Generate hash with bcrypt"`

			`# Required for using OIDC, see the text for details.`
			`"/OidcClient":`
			`redirectUri: https://my.server.here/oauth/callback"`

			`# May be used for assigning roles to both local users and users from`
			`# the OIDC provider. Not needed if roles are managed by the OIDC provider.`
			`"/RoleConfigurator":`
			`rolesByUser:`
			`# User admin has role admin`
			`admin:`
			`- admin`
			`# Non-privileged users are users`
			`test:`
			`- user`
			`# All users have role other`
			`"*":`
			`- other`
			`replace: false`

			`# Manages the permissions for the roles.`
			`"/RoleConletFilter":`
			`conletTypesByRole:`
			`# Admins can use all conlets`
			`admin:`
			`- "*"`
			`# Users can use the viewer conlet`
			`user:`
			`- org.jdrupes.vmoperator.vmviewer.VmViewer`
			`# Others cannot use any conlet (except login conlet to log out)`
			`other:`
			`# Up to version 2.2.x`
			`# - org.jgrapes.webconlet.locallogin.LoginConlet`
			`# Starting with version 2.3.0`
			`- org.jgrapes.webconlet.oidclogin.LoginConlet`
			```

			`How local users can be configured should be obvious from the example.`
			`The configuration of OIDC providers for user authentication (and`
			`optionally for role assignment) is explained in the documentation of the`
			`[login conlet](https://jgrapes.org/javadoc-webconsole/org/jgrapes/webconlet/oidclogin/LoginConlet.html).`
			Details about the `RoleConfigurator` and `RoleConletFilter` can also be found
			`in the documentation of the`
			`[JGrapes WebConsole](https://jgrapes.org/WebConsole.html)`
			`project.`

			`The configuration above allows all users with role "admin" to use all`
			`GUI components and users with role "user" to only use the viewer conlet,`
			`i.e. the [User view](user-gui.html). The fallback role "other" allows`
			`all users to use the login conlet to log out.`

			`## Views`

			`The configuration of the components that provide the manager and`
			`users views is explained in the respective sections.`