Improvement for NewDelhi Release
- Andreas Geißler
Owned by Andreas Geißler
Current setup (Montreal) for the Keycloak setup (see ONAP on ServiceMesh (London)):
keycloak-init provides a realm with predefined users/roles https://git.onap.org/oom/tree/kubernetes/platform/components/keycloak-init
oauth2-proxy added to OOM deployment and configured as authentication provider (https://git.onap.org/oom/tree/kubernetes/platform/components/oauth2-proxy)
currently no "Authorization Policy" defined on Ingress to restrict access to API/UIs
Idea from Tata Consulting (see OOM Meeting Notes - 2024-02-14)
Generate Keycloak Realm with configurable:
Roles
Groups
Initial Users
Generate AuthorizationPolicies and AuthoritationRequest resources for Ingress APIs