Bug 1041935

Summary: [RFE][keystone]: Use object creation templates for creation of users, tenants, etc.
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/keystone/+spec/ldap-object-templates
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_obsolete
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:06:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 20:09:50 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/keystone/+spec/ldap-object-templates.

Description:

Rather than hardcoding the objectclasses and attributes that will be used for user, tenant, role, etc. creation, we should use templates, where keystone administrators could specify how they'd like the objects created. For instance, here's a YAML example for a user:

user_template:
  objectclasses:
    - inetorgperson
    - posixuser
    - top
  attributes:
    - uid: {{ id }}
    - cn: {{ name }}
    - sn: {{ id }}
    - uidNumber: {{ extension:posix:uidnumber }}
    - homeDirectory: /home/{{ id }}
    - accountShell: /bin/bash

Template files would be placed in /etc/keystone/templates. Required extended variables would need to be made known to clients in some way.

Specification URL (additional information):

None