Skip to content

Commit c9068df

Browse files
cloudnullthe2hill
cloudnull
authored and
the2hill
committed
feat: add new image for keystone that supports rbac (#981)
This change implements a new keystone image that has deep support for role based access as defined by global auth. Signed-off-by: Kevin Carter <kevin.carter@rackspace.com> (cherry picked from commit 84977a9)
1 parent 24fdc6d commit c9068df

File tree

2 files changed

+5
-19
lines changed

2 files changed

+5
-19
lines changed

.original-images.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
"ghcr.io/rackerlabs/genestack/neutron-oslodb:2024.1-ubuntu_jammy-1739651767",
3333
"ghcr.io/rackerlabs/genestack/nova-efi:2024.1-ubuntu_jammy-1737928811",
3434
"ghcr.io/rackerlabs/genestack/octavia-ovn:2024.1-ubuntu_jammy-1737651745",
35-
"ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1747958291",
35+
"ghcr.io/rackerlabs/keystone-rxt:2024.1-ubuntu_jammy-1747061260",
3636
"ghcr.io/rackerlabs/keystone-rxt/shibd:1747958286",
3737
"ghcr.io/rackerlabs/skyline-rxt:master-ubuntu_jammy-1739967315",
3838
"docker.io/openstackhelm/ironic:2024.1-ubuntu_jammy",

etc/keystone/mapping.json

Lines changed: 4 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -29,20 +29,7 @@
2929
"project_tag": "{3}"
3030
}
3131
],
32-
"roles": [
33-
{
34-
"name": "member"
35-
},
36-
{
37-
"name": "load-balancer_member"
38-
},
39-
{
40-
"name": "heat_stack_user"
41-
},
42-
{
43-
"name": "creator"
44-
}
45-
]
32+
"roles": []
4633
}
4734
]
4835
}
@@ -63,10 +50,9 @@
6350
{
6451
"type": "RXT_orgPersonType",
6552
"any_one_of": [
66-
"admin",
67-
"default",
68-
"user-admin",
69-
"tenant-access"
53+
"creator",
54+
"member",
55+
"reader"
7056
]
7157
}
7258
]

0 commit comments

Comments
 (0)