OpenStack Identity (keystone)

Use object creation templates for creation of users, tenants, etc.

Registered by Ryan Lane on 2012-07-26

Rather than hardcoding the objectclasses and attributes that will be used for user, tenant, role, etc. creation, we should use templates, where keystone administrators could specify how they'd like the objects created. For instance, here's a YAML example for a user:

user_template:
  objectclasses:
    - inetorgperson
    - posixuser
    - top
  attributes:
    - uid: {{ id }}
    - cn: {{ name }}
    - sn: {{ id }}
    - uidNumber: {{ extension:posix:uidnumber }}
    - homeDirectory: /home/{{ id }}
    - accountShell: /bin/bash

Template files would be placed in /etc/keystone/templates. Required extended variables would need to be made known to clients in some way.

Blueprint information

Status:: Complete

Approver:: None

Priority:: Undefined

Drafter:: None

Direction:: Needs approval

Assignee:: None

Definition:: Obsolete

Series goal:: None

Implementation:: Unknown

Milestone target:: None

Completed by: Morgan Fainberg on 2014-10-20

Related branches

Related bugs

Sprints

Whiteboard

(morganfainberg): This type of optimization on how LDAP is handled can be repurposed once we know the direction of the LDAP backends (e.g. SSSD, split for read-only vs read-write). for now I'm going to mark this as obsolete.

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.