Configuring groups in Keystone
If you wish to organize users by their roles, you can create a user group using Keystone groups. Groups are owned by a domain. In this example, we will create one group, reader_group, and set a cloud_admin role to it. We will also add two users to it, reader and reader1. We will also verify that the users belong to the group, as well as remove one of the users afterwards.
Getting ready
Ensure that you are logged on to a correctly configured OpenStack client and can access the OpenStack environment as a user with admin privileges.
Refer to Chapter 2, The OpenStack Client, for details of setting up your environment to use OpenStack command-line client.
How to do it…
In order to create groups and assign users to them, we will need to execute the following steps:
Start by creating a group:
openstack group create --domain bookstore --description "Bookstore reader group" reader_group
List existing groups:
openstack group list
Add group to the role:
openstack role...
