naftiko: 1.0.0-alpha2 info: label: OpenStack Identity (Keystone) API v3 description: Keystone is the OpenStack Identity service that provides authentication, authorization, and a service catalog for an OpenStack cloud. Tokens issued by Keystone are required to call any other OpenStack service API. The v3 API exposes endpoints for tokens, users, groups, projects, domains, roles, role assignments, services, endpoints, and the service catalog. tags: - Openstack - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: openstack baseUri: https://keystone.example.com:5000/v3 description: OpenStack Identity (Keystone) API v3 HTTP API. authentication: type: apikey in: header name: X-Auth-Token value: '{{OPENSTACK_TOKEN}}' resources: - name: auth-tokens path: /auth/tokens operations: - name: issuetoken method: POST description: Issue an authentication token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: validatetoken method: GET description: Validate token inputParameters: - name: X-Subject-Token in: header type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: revoketoken method: DELETE description: Revoke token inputParameters: - name: X-Subject-Token in: header type: string required: true outputRawFormat: json outputParameters: - name: result type: object value: $. - name: users path: /users operations: - name: listusers method: GET description: List users outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createuser method: POST description: Create user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: users-user-id path: /users/{user_id} operations: - name: getuser method: GET description: Get user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateuser method: PATCH description: Update user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteuser method: DELETE description: Delete user outputRawFormat: json outputParameters: - name: result type: object value: $. - name: groups path: /groups operations: - name: listgroups method: GET description: List groups outputRawFormat: json outputParameters: - name: result type: object value: $. - name: creategroup method: POST description: Create group outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects path: /projects operations: - name: listprojects method: GET description: List projects outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createproject method: POST description: Create project outputRawFormat: json outputParameters: - name: result type: object value: $. - name: projects-project-id path: /projects/{project_id} operations: - name: getproject method: GET description: Get project outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateproject method: PATCH description: Update project outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteproject method: DELETE description: Delete project outputRawFormat: json outputParameters: - name: result type: object value: $. - name: domains path: /domains operations: - name: listdomains method: GET description: List domains outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createdomain method: POST description: Create domain outputRawFormat: json outputParameters: - name: result type: object value: $. - name: roles path: /roles operations: - name: listroles method: GET description: List roles outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createrole method: POST description: Create role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: role-assignments path: /role_assignments operations: - name: listroleassignments method: GET description: List role assignments inputParameters: - name: scope.project.id in: query type: string - name: scope.domain.id in: query type: string - name: user.id in: query type: string - name: group.id in: query type: string outputRawFormat: json outputParameters: - name: result type: object value: $. - name: services path: /services operations: - name: listservices method: GET description: List services in catalog outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createservice method: POST description: Create service outputRawFormat: json outputParameters: - name: result type: object value: $. - name: endpoints path: /endpoints operations: - name: listendpoints method: GET description: List service endpoints outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createendpoint method: POST description: Create endpoint outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: openstack-rest description: REST adapter for OpenStack Identity (Keystone) API v3. resources: - path: /auth/tokens name: issuetoken operations: - method: POST name: issuetoken description: Issue an authentication token call: openstack.issuetoken outputParameters: - type: object mapping: $. - path: /auth/tokens name: validatetoken operations: - method: GET name: validatetoken description: Validate token call: openstack.validatetoken outputParameters: - type: object mapping: $. - path: /auth/tokens name: revoketoken operations: - method: DELETE name: revoketoken description: Revoke token call: openstack.revoketoken outputParameters: - type: object mapping: $. - path: /users name: listusers operations: - method: GET name: listusers description: List users call: openstack.listusers outputParameters: - type: object mapping: $. - path: /users name: createuser operations: - method: POST name: createuser description: Create user call: openstack.createuser outputParameters: - type: object mapping: $. - path: /users/{user_id} name: getuser operations: - method: GET name: getuser description: Get user call: openstack.getuser outputParameters: - type: object mapping: $. - path: /users/{user_id} name: updateuser operations: - method: PATCH name: updateuser description: Update user call: openstack.updateuser outputParameters: - type: object mapping: $. - path: /users/{user_id} name: deleteuser operations: - method: DELETE name: deleteuser description: Delete user call: openstack.deleteuser outputParameters: - type: object mapping: $. - path: /groups name: listgroups operations: - method: GET name: listgroups description: List groups call: openstack.listgroups outputParameters: - type: object mapping: $. - path: /groups name: creategroup operations: - method: POST name: creategroup description: Create group call: openstack.creategroup outputParameters: - type: object mapping: $. - path: /projects name: listprojects operations: - method: GET name: listprojects description: List projects call: openstack.listprojects outputParameters: - type: object mapping: $. - path: /projects name: createproject operations: - method: POST name: createproject description: Create project call: openstack.createproject outputParameters: - type: object mapping: $. - path: /projects/{project_id} name: getproject operations: - method: GET name: getproject description: Get project call: openstack.getproject outputParameters: - type: object mapping: $. - path: /projects/{project_id} name: updateproject operations: - method: PATCH name: updateproject description: Update project call: openstack.updateproject outputParameters: - type: object mapping: $. - path: /projects/{project_id} name: deleteproject operations: - method: DELETE name: deleteproject description: Delete project call: openstack.deleteproject outputParameters: - type: object mapping: $. - path: /domains name: listdomains operations: - method: GET name: listdomains description: List domains call: openstack.listdomains outputParameters: - type: object mapping: $. - path: /domains name: createdomain operations: - method: POST name: createdomain description: Create domain call: openstack.createdomain outputParameters: - type: object mapping: $. - path: /roles name: listroles operations: - method: GET name: listroles description: List roles call: openstack.listroles outputParameters: - type: object mapping: $. - path: /roles name: createrole operations: - method: POST name: createrole description: Create role call: openstack.createrole outputParameters: - type: object mapping: $. - path: /role_assignments name: listroleassignments operations: - method: GET name: listroleassignments description: List role assignments call: openstack.listroleassignments outputParameters: - type: object mapping: $. - path: /services name: listservices operations: - method: GET name: listservices description: List services in catalog call: openstack.listservices outputParameters: - type: object mapping: $. - path: /services name: createservice operations: - method: POST name: createservice description: Create service call: openstack.createservice outputParameters: - type: object mapping: $. - path: /endpoints name: listendpoints operations: - method: GET name: listendpoints description: List service endpoints call: openstack.listendpoints outputParameters: - type: object mapping: $. - path: /endpoints name: createendpoint operations: - method: POST name: createendpoint description: Create endpoint call: openstack.createendpoint outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: openstack-mcp transport: http description: MCP adapter for OpenStack Identity (Keystone) API v3 for AI agent use. tools: - name: issuetoken description: Issue an authentication token hints: readOnly: false destructive: false idempotent: false call: openstack.issuetoken outputParameters: - type: object mapping: $. - name: validatetoken description: Validate token hints: readOnly: true destructive: false idempotent: true call: openstack.validatetoken outputParameters: - type: object mapping: $. - name: revoketoken description: Revoke token hints: readOnly: false destructive: true idempotent: true call: openstack.revoketoken outputParameters: - type: object mapping: $. - name: listusers description: List users hints: readOnly: true destructive: false idempotent: true call: openstack.listusers outputParameters: - type: object mapping: $. - name: createuser description: Create user hints: readOnly: false destructive: false idempotent: false call: openstack.createuser outputParameters: - type: object mapping: $. - name: getuser description: Get user hints: readOnly: true destructive: false idempotent: true call: openstack.getuser outputParameters: - type: object mapping: $. - name: updateuser description: Update user hints: readOnly: false destructive: false idempotent: false call: openstack.updateuser outputParameters: - type: object mapping: $. - name: deleteuser description: Delete user hints: readOnly: false destructive: true idempotent: true call: openstack.deleteuser outputParameters: - type: object mapping: $. - name: listgroups description: List groups hints: readOnly: true destructive: false idempotent: true call: openstack.listgroups outputParameters: - type: object mapping: $. - name: creategroup description: Create group hints: readOnly: false destructive: false idempotent: false call: openstack.creategroup outputParameters: - type: object mapping: $. - name: listprojects description: List projects hints: readOnly: true destructive: false idempotent: true call: openstack.listprojects outputParameters: - type: object mapping: $. - name: createproject description: Create project hints: readOnly: false destructive: false idempotent: false call: openstack.createproject outputParameters: - type: object mapping: $. - name: getproject description: Get project hints: readOnly: true destructive: false idempotent: true call: openstack.getproject outputParameters: - type: object mapping: $. - name: updateproject description: Update project hints: readOnly: false destructive: false idempotent: false call: openstack.updateproject outputParameters: - type: object mapping: $. - name: deleteproject description: Delete project hints: readOnly: false destructive: true idempotent: true call: openstack.deleteproject outputParameters: - type: object mapping: $. - name: listdomains description: List domains hints: readOnly: true destructive: false idempotent: true call: openstack.listdomains outputParameters: - type: object mapping: $. - name: createdomain description: Create domain hints: readOnly: false destructive: false idempotent: false call: openstack.createdomain outputParameters: - type: object mapping: $. - name: listroles description: List roles hints: readOnly: true destructive: false idempotent: true call: openstack.listroles outputParameters: - type: object mapping: $. - name: createrole description: Create role hints: readOnly: false destructive: false idempotent: false call: openstack.createrole outputParameters: - type: object mapping: $. - name: listroleassignments description: List role assignments hints: readOnly: true destructive: false idempotent: true call: openstack.listroleassignments with: scope.project.id: tools.scope.project.id scope.domain.id: tools.scope.domain.id user.id: tools.user.id group.id: tools.group.id inputParameters: - name: scope.project.id type: string description: scope.project.id - name: scope.domain.id type: string description: scope.domain.id - name: user.id type: string description: user.id - name: group.id type: string description: group.id outputParameters: - type: object mapping: $. - name: listservices description: List services in catalog hints: readOnly: true destructive: false idempotent: true call: openstack.listservices outputParameters: - type: object mapping: $. - name: createservice description: Create service hints: readOnly: false destructive: false idempotent: false call: openstack.createservice outputParameters: - type: object mapping: $. - name: listendpoints description: List service endpoints hints: readOnly: true destructive: false idempotent: true call: openstack.listendpoints outputParameters: - type: object mapping: $. - name: createendpoint description: Create endpoint hints: readOnly: false destructive: false idempotent: false call: openstack.createendpoint outputParameters: - type: object mapping: $. binds: - namespace: env keys: OPENSTACK_TOKEN: OPENSTACK_TOKEN