OpenStack | Groups
In OpenStack we can create groups of users with a common role or privilege across projects.
#Let's try to create a new user group by the name firstGroup in the domain 'firstDomain'
cumulus@server01:~$ openstack group create --domain firstDomain firstGroup
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | 3126fcd5e04149bbb4a367bbbe278c6e |
| id | 3a61bc2a12c545faa0e5e1bfcd5e9772 |
| name | firstGroup |
+-------------+----------------------------------+
to check the list of groups
cumulus@server01:~$ openstack group list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 3a61bc2a12c545faa0e5e1bfcd5e9772 | firstGroup |
+----------------------------------+------------+
#now let's add the user 'firstUser' in the group 'firstGroup' belonging to the domain 'firstDomain'
cumulus@server01:~$ openstack group add user --group-domain firstDomain firstGroup firstUser
#to verify if the user was added to the group properly
cumulus@server01:~$ openstack group contains user --group-domain firstDomain firstGroup firstUser
firstUser in group firstGroup
the text in blue refers to the output
let's assign a role, example user, to this newly created group
cumulus@server01:~$ openstack role add --project-domain firstDomain --project firstProject --group firstGroup user
cumulus@server01:~$ openstack role assignment list --group firstGroup --names
+------+------+------------------------+--------------------------+--------+-----------+
| Role | User | Group | Project| Domain | Inherited |
+------+------+------------------------+--------------------------+--------+-----------+
| user | | firstGroup@firstDomain | firstProject@firstDomain | | False |
+------+------+------------------------+--------------------------+--------+-----------+
cumulus@server01:~$
--end-of-post--