Skip to content

[18.0-fr6] [federation] Add OIDC federation configuration on OSP17#4025

Closed
openshift-cherrypick-robot wants to merge 1 commit into
openstack-k8s-operators:18.0-fr6from
openshift-cherrypick-robot:cherry-pick-3840-to-18.0-fr6
Closed

[18.0-fr6] [federation] Add OIDC federation configuration on OSP17#4025
openshift-cherrypick-robot wants to merge 1 commit into
openstack-k8s-operators:18.0-fr6from
openshift-cherrypick-robot:cherry-pick-3840-to-18.0-fr6

Conversation

@openshift-cherrypick-robot

Copy link
Copy Markdown

This is an automated cherry-pick of #3840

/assign afaranha

…role tasks to configure OSP 17.1 for OIDC federation, enabling adoption testing with Keycloak as the identity provider.

Changes:
- Add federation-osp17-pre-deploy hook playbook that renders the
  Heat environment file and configures Keystone for OIDC
- Add run_osp17_oidc_setup.yml tasks to create the federation domain,
  identity provider, mapping, group, project and protocol on OSP 17.1
- Add enable-federation-openidc.yaml.j2 Heat template for OIDC params
- Refactor Keycloak operator deployment to use kubernetes.core.k8s
  instead of oc apply with a template file
- Make operator namespace configurable via
  cifmw_federation_operator_namespace variable
- Add passthrough Route for Keycloak and grant privileged SCC
- Conditionally include the OIDC env file in overcloud deploy

Jira: https://issues.redhat.com/browse/OSPRH-19960
Signed-off-by: Andre Aranha <afariasa@redhat.com>
Co-authored-by: Grzegorz Grasza <xek@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign fultonj for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tosky

tosky commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

ci-framework does not version specific branches.

There is an automated promotion mechanism which promotes the changes to "stable" branch after testing.

Closing.

@tosky tosky closed this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants