Manage user roles through the MOSK management API¶

You can manage IAM user role bindings through the MOSK management API. For the API reference of the IAM custom resources, see IAM resources. You can also manage user roles using the MOSK management console.

Note

User management for the Mirantis OpenStack for Kubernetes m:os roles is not yet available through API or web UI. Therefore, continue managing these roles using Keycloak.

You can use the following objects depending on the way you want the role to be assigned to the user:

IAMGlobalRoleBinding for global role bindings
Any IAM role can be used in IAMGlobalRoleBinding and will be applied globally, not limited to a specific project or cluster. For example, the global-admin role.
IAMRoleBinding for project role bindings
Any role except the global-admin one apply. For example, using the operator and user IAM roles in IAMRoleBinding of the example project corresponds to assigning of m:kaas:example@operator/user in Keycloak. You can also use these IAM roles in IAMGlobalRoleBinding. In this case, the roles corresponding to every project will be assigned to a user in Keycloak.
IAMClusterRoleBinding for cluster role bindings
Only the cluster-admin and stacklight-admin roles apply to IAMClusterRoleBinding. Creation of such objects corresponds to the assignment of m:k8s:namespace:cluster@cluster-admin/stacklight-admin in Keycloak. You can also bind these roles to either IAMGlobalRoleBinding or IAMRoleBinding. In this case, the roles corresponding to all clusters and in all projects or one particular project will be assigned to a user.

This section describes available IAM roles with use cases and the MOSK management API IAM*RoleBinding mapping with Keycloak.

No results

An error occurred

Manage user roles through the MOSK management API¶