openstack 命令行管理七 - 角色管理 (备忘)



帮助

[root@station140 ~(keystone_admin)]# keystone help | grep role
    role-create         Create new role.
    role-delete         Delete role.
    role-get            Display role details.
    role-list           List all roles.
    user-role-add       Add role to user
    user-role-list      List roles granted to a user
    user-role-remove    Remove role from user
    bootstrap           Grants a new role to a new user on a new tenant, after

创建方法

[root@station140 ~(keystone_admin)]# keystone role-create --name vgroup
+----------+----------------------------------+
| Property |              Value               |
+----------+----------------------------------+
|    id    | 9ea4fb60241c4a12b3c89630cf3f087a |
|   name   |              vgroup              |
+----------+----------------------------------+

把用户添加到某个角色中方法

[root@station140 ~(keystone_admin)]# keystone user-role-add --user terry --role vgroup --tenant cloud

显示角色中的用户方法

[root@station140 ~(keystone_admin)]# keystone user-role-list --user terry --tenant cloud   <- 必须的参数
+----------------------------------+----------+----------------------------------+----------------------------------+
|                id                |   name   |             user_id              |            tenant_id             |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 8f6478593aa845b3b44eded4aade0f6f | 9467f30b8bba4770a06a687e4584636b |
| 9ea4fb60241c4a12b3c89630cf3f087a |  vgroup  | 8f6478593aa845b3b44eded4aade0f6f | 9467f30b8bba4770a06a687e4584636b |
+----------------------------------+----------+----------------------------------+----------------------------------+

移除角色中的某个用户

[root@station140 ~(keystone_admin)]# keystone user-role-remove --user terry --role vgroup --tenant cloud