OpenStack · Capability

OpenStack Identity (Keystone) API v3 — Roles

OpenStack Identity (Keystone) API v3 — Roles. 3 operations. Lead operation: List role assignments. Self-contained Naftiko capability covering one Openstack business surface.

Run with Naftiko OpenstackRoles

What You Can Do

GET
Listroleassignments — List role assignments
/v1/role-assignments
GET
Listroles — List roles
/v1/roles
POST
Createrole — Create role
/v1/roles

MCP Tools

list-role-assignments

List role assignments

read-only idempotent
list-roles

List roles

read-only idempotent
create-role

Create role

Capability Spec

keystone-roles.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: OpenStack Identity (Keystone) API v3 — Roles
  description: 'OpenStack Identity (Keystone) API v3 — Roles. 3 operations. Lead operation: List role assignments. Self-contained
    Naftiko capability covering one Openstack business surface.'
  tags:
  - Openstack
  - Roles
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    OPENSTACK_API_KEY: OPENSTACK_API_KEY
capability:
  consumes:
  - type: http
    namespace: keystone-roles
    baseUri: https://{keystone-host}:5000/v3
    description: OpenStack Identity (Keystone) API v3 — Roles business capability. Self-contained, no shared references.
    resources:
    - name: role_assignments
      path: /role_assignments
      operations:
      - name: listroleassignments
        method: GET
        description: List role assignments
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: scope.project.id
          in: query
          type: string
        - name: scope.domain.id
          in: query
          type: string
        - name: user.id
          in: query
          type: string
        - name: group.id
          in: query
          type: string
    - name: roles
      path: /roles
      operations:
      - name: listroles
        method: GET
        description: List roles
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createrole
        method: POST
        description: Create role
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: true
    authentication:
      type: apikey
      key: X-Auth-Token
      value: '{{env.OPENSTACK_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: keystone-roles-rest
    port: 8080
    description: REST adapter for OpenStack Identity (Keystone) API v3 — Roles. One Spectral-compliant resource per consumed
      operation, prefixed with /v1.
    resources:
    - path: /v1/role-assignments
      name: role-assignments
      description: REST surface for role_assignments.
      operations:
      - method: GET
        name: listroleassignments
        description: List role assignments
        call: keystone-roles.listroleassignments
        with:
          scope.project.id: rest.scope.project.id
          scope.domain.id: rest.scope.domain.id
          user.id: rest.user.id
          group.id: rest.group.id
        outputParameters:
        - type: object
          mapping: $.
    - path: /v1/roles
      name: roles
      description: REST surface for roles.
      operations:
      - method: GET
        name: listroles
        description: List roles
        call: keystone-roles.listroles
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: createrole
        description: Create role
        call: keystone-roles.createrole
        with:
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: keystone-roles-mcp
    port: 9090
    transport: http
    description: MCP adapter for OpenStack Identity (Keystone) API v3 — Roles. One tool per consumed operation, routed inline
      through this capability's consumes block.
    tools:
    - name: list-role-assignments
      description: List role assignments
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keystone-roles.listroleassignments
      with:
        scope.project.id: tools.scope.project.id
        scope.domain.id: tools.scope.domain.id
        user.id: tools.user.id
        group.id: tools.group.id
      outputParameters:
      - type: object
        mapping: $.
    - name: list-roles
      description: List roles
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: keystone-roles.listroles
      outputParameters:
      - type: object
        mapping: $.
    - name: create-role
      description: Create role
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: keystone-roles.createrole
      with:
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.