| *** mhen_ is now known as mhen | 01:14 | |
| darmach | Hi everyone, I’m integrating Keystone with Google OIDC, and I can’t find anywhere in docs how can I do a Keystone mapping to put some string into users “description’. (“local”: [{ “user”: { “name”: “{0}“, ?????: “some_description” }}]). Can anyone advise on that? Tried local.user.description but this doesn’t seem to | 11:07 |
|---|---|---|
| darmach | work. | 11:07 |
| gtema | darmach - not sure what exactly you want. https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html describes you possibilities with the mapping of federated data | 11:15 |
| darmach | gtema I've been using that one aswell: https://docs.openstack.org/keystone/latest/admin/federation/mapping_combinations.html#mappings-examples | 11:39 |
| darmach | My point is, that beside one example showing that you can add "name" and "email" for the user (link to the section posted above), there is no other source-of-the-truth about what can be set for the "user". There is the "description" for each user in KeyStone - is it possible that you just can't set it with mappings? | 11:39 |
| darmach | The answer is probably in the code, I just wanted to pick brains of someone who is well versed in Keystone codebase :) | 11:41 |
| gtema | Mapping is not for pulling external info into keystone. Id/name/email/domain are the only things | 11:44 |
| gtema | https://opendev.org/openstack/keystone/src/branch/master/keystone/federation/utils.py#L91 | 11:44 |
| darmach | Would it be against the project team way if I'd like to give adding "description" there a try? Seem like a useful idea - if someone is integrating with Azure or Google, we're already mapping user, email, why not description? :) | 11:48 |
| gtema | why not password, why not ..... that is what is going to come next. Generally at the moment a different approach is being preferred and established of using backend plugins instead of regular federation mapping. This gives possibility for such driver to get all the necessary user data directly (not during an attempt to login) | 11:52 |
| darmach | Ah, it makes sense! Thanks gtema! | 11:53 |
| opendevreview | Markus Hentsch proposed openstack/keystone-tempest-plugin master: Update tests for new Domain Manager Persona https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/924222 | 16:09 |
| *** thuvh1 is now known as thuvh | 18:20 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!