Use object creation templates for creation of users, tenants, etc.

Registered by Ryan Lane on 2012-07-26

Rather than hardcoding the objectclasses and attributes that will be used for user, tenant, role, etc. creation, we should use templates, where keystone administrators could specify how they'd like the objects created. For instance, here's a YAML example for a user:

user_template:
  objectclasses:
    - inetorgperson
    - posixuser
    - top
  attributes:
    - uid: {{ id }}
    - cn: {{ name }}
    - sn: {{ id }}
    - uidNumber: {{ extension:posix:uidnumber }}
    - homeDirectory: /home/{{ id }}
    - accountShell: /bin/bash

Template files would be placed in /etc/keystone/templates. Required extended variables would need to be made known to clients in some way.

Blueprint information

Status:
Complete
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Obsolete
Series goal:
None
Implementation:
Unknown
Milestone target:
None
Completed by
Morgan Fainberg on 2014-10-20

Related branches

Sprints

Whiteboard

(morganfainberg): This type of optimization on how LDAP is handled can be repurposed once we know the direction of the LDAP backends (e.g. SSSD, split for read-only vs read-write). for now I'm going to mark this as obsolete.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.