Domains

A domain is a collection of users, groups, and projects. Each group and project is owned by exactly one domain.

More information can be found in the official documentation.

In order to work with domains you have to create the service first.

Create

$identity = $openstack->identityV3();

$domain = $identity->createDomain([
    'description' => '{description}',
    'enabled'     => true,
    'name'        => '{name}'
]);

Read

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');
$domain->retrieve();

Update

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

$domain->enabled = false;

$domain->update();

Delete

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');
$domain->delete();

List

$identity = $openstack->identityV3();

foreach ($identity->listDomains() as $domain) {
    /** @var $domain \OpenStack\Identity\v3\Models\Domain */
}

List roles for domain user

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

foreach ($domain->listUserRoles(['userId' => '{domainUserId}']) as $role) {
    /** @var $role \OpenStack\Identity\v3\Models\Role */
}

Grant role to domain user

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

$domain->grantUserRole([
    'userId' => '{domainUserId}',
    'roleId' => '{roleId}',
]);

Check role for domain user

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

$result = $domain->checkUserRole(['userId' => '{domainUserId}', 'roleId' => '{roleId}']);

if (true === $result) {
    // It exists!
}

Revoke role for domain user

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

$domain->revokeUserRole([
    'userId' => '{domainUserId}',
    'roleId' => '{roleId}',
]);

List roles for domain group

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

foreach ($domain->listGroupRoles(['groupId' => '{groupId}']) as $role) {
    /** @var $role \OpenStack\Identity\v3\Models\Role */
}

Grant role to domain group

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

$domain->grantGroupRole([
    'groupId' => '{groupId}',
    'roleId'  => '{roleId}',
]);

Check role for domain group

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

$result = $domain->checkGroupRole(['groupId' => '{groupId}', 'roleId' => '{roleId}']);

if (true === $result) {
    // It exists!
}

Revoke role for domain group

$identity = $openstack->identityV3();

$domain = $identity->getDomain('{domainId}');

$domain->revokeGroupRole([
    'groupId' => '{groupId}',
    'roleId'  => '{roleId}',
]);