Bug 2044582

Summary: [RFE] Support for prepopulating federated users in keystone
Product: Red Hat OpenStack Reporter: Cristian Muresanu <cmuresan>
Component: openstack-keystoneAssignee: Dave Wilde <dwilde>
Status: CLOSED DUPLICATE QA Contact: Jeremy Agee <jagee>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 16.2 (Train)CC: cmuresan, dwilde, ggrasza, hrybacki, knikolla, oblaut
Target Milestone: zstreamKeywords: FutureFeature, Triaged
Target Release: ---Flags: ifrangs: needinfo? (dwilde)
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-17 17:54:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Cristian Muresanu 2022-01-24 19:14:20 UTC 
Description of problem:

We need the ability to prepopulate federated (ie OIDC) users in keystone in order to automate project and user setup in OpenStack from our allocation system (coldfront: https://github.com/ubccr/coldfront). This requires the following patches from keystone to be backported:

https://review.opendev.org/c/openstack/keystone/+/448755
https://specs.openstack.org/openstack/keystone-specs/specs/keystone/ussuri/support-federated-attr.html

We've tested locally by hand that these work with OpenStack 16.2.1 with limited testing.

Our project and user allocation system cannot completely configure a project and users without users first logging in which creates a complicated work flow for onboarding new users to the system.
Comment 4 Dave Wilde 2022-03-17 17:54:05 UTC 

*** This bug has been marked as a duplicate of bug 1590932 ***