magnum/etc/magnum
Feilong Wang d8df9d0c36 [fedora-atomic][k8s] Support default Keystone auth policy file
With the new config option `keystone_auth_default_policy`, cloud admin
can set a default keystone auth policy for k8s cluster when the
keystone auth is enabled. As a result, user can use their current
keystone user to access k8s cluster as long as they're assigned
correct roles, and they will get the pre-defined permissions
set by the cloud provider.

The default policy now is based on the v2 format recently introduced
in k8s-keystone-auth which is getting more useful now. For example,
in v1 it doesn't support a policy for user to access resources from
all namespaces but kube-system, but v2 can do that.

NOTE: Now we're using openstackmagnum dockerhub repo until CPO
team fixing their image release issue.

Task: 30069
Story: 1755770

Change-Id: I2425e957bd99edc92482b6f11ca0b1f91fe59ff6
2019-06-11 11:57:15 +12:00
..
README-magnum.conf.txt Add introduce doc how to generate magnum.conf.sample 2016-01-29 06:56:03 +00:00
api-paste.ini Integrate OSProfiler in Magnum 2017-01-24 07:43:31 +07:00
keystone_auth_default_policy.sample [fedora-atomic][k8s] Support default Keystone auth policy file 2019-06-11 11:57:15 +12:00
magnum-config-generator.conf Centralize config option: docker_registry section 2016-10-11 11:05:40 +07:00
magnum-policy-generator.conf Implement basic policy module in code 2017-10-19 08:33:58 +07:00