diff --git a/specs/pike/implemented/keycloak.rst b/specs/pike/implemented/keycloak.rst new file mode 100644 index 0000000..b6dda07 --- /dev/null +++ b/specs/pike/implemented/keycloak.rst @@ -0,0 +1,124 @@ +.. + This work is licensed under a Creative Commons Attribution 3.0 Unported + License. + + http://creativecommons.org/licenses/by/3.0/legalcode + +================ +Keycloak support +================ + +launchpad blueprint: +https://blueprints.launchpad.net/vitrage/+spec/keycloak-support + +As part of an on going effort to make vitrage to be able to work also in a non +OpenStack environment (in addition to the default OpenStack environment). +We should be able to make vitrage work with a different authorization server +instead of keystone. An optional authorization server can be Keycloak which is +an open source Identity and Access Management solution aimed at modern +applications and services + + +Problem description +=================== + +Vitrage at the moment can only work in an OpenStack environment because it needs +Keystone for authorization. We should support other authorization such as Keycloak. + + + +Proposed change +=============== + +New auth_mode in api section in Vitrage config file:: + + [api] + auth_mode = keycloak + +New keycloak section with the auth_url in Vitrage config:: + + [keycloak] + auth_url = http://[keycloak server]:[keycloak port]/auth + +The Vitrage server will use a new middleware which will authenticate with the +Keycloak server once an api request is received. + +A new auth plugin will be added to the vitrage client which will get the token +from the Keycloak server and sent it with the api request. + +Alternatives +------------ + +None + +Data model impact +----------------- + +None + +REST API impact +--------------- +When using the client we should use the keycloak-plugin + +Versioning impact +----------------- + +None + +Other end user impact +--------------------- + +None + +Deployer impact +--------------- + +To use the Keycloak Authorization there is a need to define it in the +Vitrage config file. + +Developer impact +---------------- + +None + +Horizon impact +-------------- + +None + +Implementation +============== + +Assignee(s) +----------- + +Primary assignee: + eyalb1 + +Work Items +---------- + +- Create Keycloak plugin in client + +- Create Keycloak plugin in server + +Dependencies +============ + +None + +Testing +======= + +This blueprint requires unit tests. + +Documentation Impact +==================== + +The usage of the KeyCloak authorization will be documented + + +References +========== + +`keycloak-config.rst `_