Skip to content

Hosted Private Cloud / Bare Metal Pod - adding snc_iam_manage guide#9331

Merged
benchbzh merged 6 commits intodevelopfrom
feat/bmpod-iam-docs
Apr 28, 2026
Merged

Hosted Private Cloud / Bare Metal Pod - adding snc_iam_manage guide#9331
benchbzh merged 6 commits intodevelopfrom
feat/bmpod-iam-docs

Conversation

@gaudic-ovh
Copy link
Copy Markdown
Contributor

@gaudic-ovh gaudic-ovh commented Apr 28, 2026

What type of Pull Request is this?

  • New guide(s)

Description

New guide explaining how to manage IAM (Identity and Access Management)
on the Bare Metal Pod SecNumCloud platform via Keycloak.

Covers:

  • Centralized authentication architecture (Keycloak as single entry point for Dashboard, Horizon and OpenStack APIs)
  • Role hierarchy: default access vs pod_operator role (assigned initially by OVHcloud)
  • Access matrix per integrated application
  • OpenStack project attribute configuration on users and groups (including group inheritance)
  • Step-by-step service account setup in Keycloak for API access
  • Python script using the Keycloak evaluate-scopes API to audit effective OpenStack permissions across all active users

Mandatory information

The translations in this Pull Request have been done using:

  • OVHcloud integrated translation LLM

  • Systran

  • Other tool (Claude AI)

  • This Pull Request didn't require any translation.

  • This Pull Request can be merged as soon as possible.

  • This Pull Request content should be replicated for the US OVHcloud documentation: NO

@gaudic-ovh
Add IAM rights management guide for Bare Metal Pod SecNumCloud
197b95c 
New documentation guide explaining how to manage user access rights
on the Bare Metal Pod SecNumCloud platform via Keycloak, covering:
- Centralized authentication architecture (Keycloak as single entry point)
- Role hierarchy (default access vs pod_operator)
- OpenStack project attribute configuration (user & group level)
- Step-by-step service account setup for the Keycloak API
- Python script using Keycloak evaluate-scopes API to get a consolidated
  view of effective OpenStack permissions across all active users

Available in French (fr-fr) and English (en-gb).
@gaudic-ovh
FR/EN - Update - index
640334f 
Add IAM rights management guide entry for Bare Metal Pod SecNumCloud
nate-42
nate-42 reviewed Apr 28, 2026
View reviewed changes
Comment thread pages/hosted_private_cloud/baremetal_pod/snc_iam_manage/guide.en-gb.md Outdated
@gaudic-ovh
FR/EN - Update - snc_iam_manage
5f8a4b9 
Remove admin OpenStack role: highest assignable role is member
benchbzh
benchbzh reviewed Apr 28, 2026
View reviewed changes
Comment thread pages/hosted_private_cloud/baremetal_pod/snc_iam_manage/guide.en-gb.md Outdated
@benchbzh benchbzh self-assigned this Apr 28, 2026
@benchbzh benchbzh added Guide creation The Pull Request contains at least 1 new guide (meta.yaml and index edition needed) Offer: Hosted Private Cloud The PR documents Hosted Private Cloud products: VMware, Nutanix, SAP, OPCP, Bare Metal Pod labels Apr 28, 2026
@benchbzh benchbzh changed the title FR/EN - Add - snc_iam_manage Hosted Private Cloud / Bare Metal Pod - adding snc_iam_manage guide Apr 28, 2026
@benchbzh benchbzh merged commit 226dafb into develop Apr 28, 2026
1 check passed
@benchbzh benchbzh deleted the feat/bmpod-iam-docs branch April 28, 2026 13:12
@benchbzh
Copy link
Copy Markdown
Collaborator

benchbzh commented Apr 28, 2026

Thank you for your contribution @gaudic-ovh!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benchbzh benchbzh benchbzh approved these changes

+1 more reviewer

@nate-42 nate-42 nate-42 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@benchbzh benchbzh

Labels

Guide creation The Pull Request contains at least 1 new guide (meta.yaml and index edition needed) Offer: Hosted Private Cloud The PR documents Hosted Private Cloud products: VMware, Nutanix, SAP, OPCP, Bare Metal Pod

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gaudic-ovh @benchbzh @nate-42