[Feature Request] Make RBAC usable with tls authentication on LXD
Closed this issue · 1 comments
To limit user access based on tls certificates a command or flag is needed to assign a role to a client certificate.
Adding a trust certificate currently works like this
lxc config trust add <cert>
A flag would suffice to set a role, like:
lxc config trust add <cert> --role user
lxc config trust add <cert> --role admin
If a cert would be added twice, the last rule setting should get preference.
Additionally a default role setting should be set in the core settings, like
core.trust_default_role: 'readonly'
Hi,
We won't be doing this as that would require LXD itself to become aware of roles which is what an RBAC service is for.
What we do have planned though is for restricting a certificate to a project and to prevent such a user to have full admin access, effectively similar to an operator role.