++ openstack domain create --or-show --enable -f value -c id '--description=Service Domain for RegionOne/heat' heat + SERVICE_OS_DOMAIN_ID=3f25f79ba6064cf4b3b078f58c63e2fb + openstack domain show 3f25f79ba6064cf4b3b078f58c63e2fb +-------------+-----------------------------------+ | Field | Value | +-------------+-----------------------------------+ | id | 3f25f79ba6064cf4b3b078f58c63e2fb | | name | heat | | enabled | True | | description | Service Domain for RegionOne/heat | | options | {} | +-------------+-----------------------------------+ ++ openstack user create --or-show --enable -f value -c id --domain=3f25f79ba6064cf4b3b078f58c63e2fb --description 'Service User for RegionOne/heat' --password=ypEtmuM2f08QhKgUskEUc3Kk0myiE7TW heat-stack-user-RegionOne + SERVICE_OS_USERID=235e1efa4ef14286817948784e0074ea + openstack user set --password=ypEtmuM2f08QhKgUskEUc3Kk0myiE7TW 235e1efa4ef14286817948784e0074ea + openstack user show 235e1efa4ef14286817948784e0074ea +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | default_project_id | None | | domain_id | 3f25f79ba6064cf4b3b078f58c63e2fb | | email | None | | enabled | True | | id | 235e1efa4ef14286817948784e0074ea | | name | heat-stack-user-RegionOne | | description | Service User for RegionOne/heat | | password_expires_at | None | | options | {} | +---------------------+----------------------------------+ ++ openstack role show -f value -c id admin + SERVICE_OS_ROLE_ID=803a22e6fcf7447c9560362c91342829 + openstack role add --domain=3f25f79ba6064cf4b3b078f58c63e2fb --user=235e1efa4ef14286817948784e0074ea --user-domain=3f25f79ba6064cf4b3b078f58c63e2fb 803a22e6fcf7447c9560362c91342829 + openstack role assignment list --role=803a22e6fcf7447c9560362c91342829 --user-domain=3f25f79ba6064cf4b3b078f58c63e2fb --user=235e1efa4ef14286817948784e0074ea +----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+ | Role | User | Group | Project | Domain | System | Inherited | +----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+ | 803a22e6fcf7447c9560362c91342829 | 235e1efa4ef14286817948784e0074ea | | | 3f25f79ba6064cf4b3b078f58c63e2fb | | False | +----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+