In order to implement this in keystone, we'd need a migration to add a new column to the role table. Right now only id, name, domain_id, and extras are persisted in the role table [0].
[0] https://github.com/openstack/keystone/blob/a43d5a6893a5753f8567206032e779930ddd4321/keystone/assignment/role_backends/sql.py#L196
In order to implement this in keystone, we'd need a migration to add a new column to the role table. Right now only id, name, domain_id, and extras are persisted in the role table [0].
[0] https:/ /github. com/openstack/ keystone/ blob/a43d5a6893 a5753f856720603 2e779930ddd4321 /keystone/ assignment/ role_backends/ sql.py# L196