Roles

OpenStack services typically determine whether a user’s API request should be allowed using Role Based Access Control (RBAC). For OpenStack this means the service compares the roles that user has on the project (as indicated by the roles in the token), against the roles required for the API in question (as defined in the service’s policy file). A user obtains roles on a project by having these assigned to them via the Identity service API.

More information can be found in the official documentation.

In order to work with roles you have to create the service first.

Create

$identity = $openstack->identityV3();

$role = $identity->createRole([
    'name' => '{name}',
]);

List

$identity = $openstack->identityV3();

foreach ($identity->listRoles() as $role) {
    /** @var $role \OpenStack\Identity\v3\Models\Role */
}

List role assignments

$identity = $openstack->identityV3();

foreach ($identity->listRoleAssignments() as $assignment) {
    /** @var $assignment \OpenStack\Identity\v3\Models\Assignment */
}