[openstack-dev] [Heat][Keystone] Native keystone resources in Heat
Zane Bitter
zbitter at redhat.com
Thu Jan 29 16:41:36 UTC 2015
I got a question today about creating keystone users/roles/tenants in
Heat templates. We currently support creating users via the
AWS::IAM::User resource, but we don't have a native equivalent.
IIUC keystone now allows you to add users to a domain that is otherwise
backed by a read-only backend (i.e. LDAP). If this means that it's now
possible to configure a cloud so that one need not be an admin to create
users then I think it would be a really useful thing to expose in Heat.
Does anyone know if that's the case?
I think roles and tenants are likely to remain admin-only, but we have
precedent for including resources like that in /contrib... this seems
like it would be comparably useful.
Thoughts?
cheers,
Zane.
More information about the OpenStack-dev
mailing list