Feature/keycloak oauth2 integration POC nova only#21
Open
Conversation
- Add KEYCLOAK_OAUTH2_FEATURE.md: overview of dual auth, install, config, Nova, tests - Update README: add Keycloak section under Nova, add keycloak.yaml.in to frep list Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add Keycloak deployment (keycloak.yaml.in) with MySQL backend - Add Keycloak MySQL database to mysql.yaml.in (db_name=keycloak, utf8mb3) - Update mariadb image to 11.8-noble Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add keycloak-bootstrap/ folder with bootstrap script (extracted from inline bash) - keycloak-bootstrap creates realm, clients, mappers, roles, users - Add files/keycloakrc.in template for Keycloak CLI configuration - Update k8s.tftpl to: - Deploy Keycloak with MySQL database - Install Java and Keycloak CLI - Create keycloakrc configuration file - Run keycloak-bootstrap after keystone-bootstrap - Add frep-keycloak alias Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Nova conf: auth_strategy keystone+oauth2, [ext_oauth2_auth] with Keycloak introspection - api-paste.ini: keystone+oauth2 pipeline with composite_auth middleware - Nova OAuth2 middleware (nova_oauth2_middleware.py): routes Bearer->OAuth2, X-Auth-Token->Keystone - Nova policy: nova-policy ConfigMap for role:nova:reboot on servers:reboot - nova.yaml.in: mount api-paste.ini, middleware, policy.d; set PYTHONPATH - config.yaml.sample: add keycloak_client_secret - .gitignore: add *.patch, *.img, *qcow2, .kube/ Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- tests/keycloak: CLI installation, connection, realm openstack (clients, users, roles) - tests/nova: create instance (Keystone demo), create instance (Keycloak demo-keycloak), reboot (Keycloak demo-reboot-only), keycloak-cannot-create - tests/README.md: test documentation and structure - run-all-tests.sh scripts for both keycloak and nova tests Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.