Allow default role to be configured for Keystone users

The default role is assigned to authenticated users for whom no role mapping applies.

Author: dhague

pkg/login/auth.go

@@ -43,6 +43,7 @@ func AuthenticateUser(query *LoginUserQuery) error {
 	if setting.KeystoneEnabled {
 		auther := NewKeystoneAuthenticator(setting.KeystoneURL,
 			setting.KeystoneDefaultDomain,
+			setting.KeystoneDefaultRole,
 			setting.KeystoneGlobalAdminRoles,
 			setting.KeystoneAdminRoles,
 			setting.KeystoneEditorRoles,

pkg/login/keystone.go

@@ -11,22 +11,23 @@ import (
 type keystoneAuther struct {
 	server      string
 	domainname  string
+	defaultrole string
 	roles       map[m.RoleType][]string
 	admin_roles []string
 
 	token        string
 	project_list map[string][]string
 }
 
-func NewKeystoneAuthenticator(server, domainname string, global_admin_roles, admin_roles, editor_roles,
+func NewKeystoneAuthenticator(server, domainname, default_role string, global_admin_roles, admin_roles, editor_roles,
 	read_editor_roles, viewer_roles []string) *keystoneAuther {
 	roles := map[m.RoleType][]string{
 		m.ROLE_ADMIN:            admin_roles,
 		m.ROLE_EDITOR:           editor_roles,
 		m.ROLE_READ_ONLY_EDITOR: read_editor_roles,
 		m.ROLE_VIEWER:           viewer_roles,
 	}
-	return &keystoneAuther{server: server, domainname: domainname, roles: roles, admin_roles: global_admin_roles}
+	return &keystoneAuther{server: server, domainname: domainname, defaultrole: default_role, roles: roles, admin_roles: global_admin_roles}
 }
 
 func (a *keystoneAuther) login(query *LoginUserQuery) error {
@@ -315,5 +316,5 @@ func (a *keystoneAuther) getRole(user_roles []string) m.RoleType {
 			}
 		}
 	}
-	return ""
+	return m.RoleType(a.defaultrole)
 }

pkg/setting/setting.go

@@ -130,13 +130,14 @@ var (
 	KeystoneEnabled          bool
 	KeystoneURL              string
 	KeystoneDefaultDomain    string
+	KeystoneDefaultRole      string
 	KeystoneViewerRoles      []string
 	KeystoneReadEditorRoles  []string
 	KeystoneEditorRoles      []string
 	KeystoneAdminRoles       []string
 	KeystoneGlobalAdminRoles []string
-  KeystoneVerifySSLCert    bool
-  KeystoneRootCAPEMFile    []string
+	KeystoneVerifySSLCert    bool
+	KeystoneRootCAPEMFile    string
 
 	// SMTP email settings
 	Smtp SmtpSettings
@@ -483,6 +484,7 @@ func NewConfigContext(args *CommandLineArgs) error {
 	KeystoneEnabled = keystone.Key("enabled").MustBool(false)
 	KeystoneURL = keystone.Key("auth_url").String()
 	KeystoneDefaultDomain = keystone.Key("default_domain").String()
+	KeystoneDefaultRole = keystone.Key("default_role").String()
 	KeystoneViewerRoles = strings.Split(keystone.Key("viewer_roles").String(), ",")
 	KeystoneReadEditorRoles = strings.Split(keystone.Key("read_editor_roles").String(), ",")
 	KeystoneEditorRoles = strings.Split(keystone.Key("editor_roles").String(), ",")