Current setup (Montreal) for the Keycloak setup (see ONAP on ServiceMesh (London)):
- keycloak-init provides a realm with predefined users/roles https://git.onap.org/oom/tree/kubernetes/platform/components/keycloak-init
- oauth2-proxy added to OOM deployment and configured as authentication provider (https://git.onap.org/oom/tree/kubernetes/platform/components/oauth2-proxy)
- currently no "Authorization Policy" defined on Ingress to restrict access to API/UIs
Idea from Tata Consulting (see OOM Meeting Notes - 2024-02-14)
- Generate Keycloak Realm with configurable:
- Roles
- Groups
- Initial Users
- Generate AuthorizationPolicies and AuthoritationRequest resources for Ingress APIs