++ openstack domain create --or-show --enable -f value -c id '--description=Service Domain for RegionOne/heat' heat
+ SERVICE_OS_DOMAIN_ID=0d09782410c349e7816c409402a2c14b
+ openstack domain show 0d09782410c349e7816c409402a2c14b
+-------------+-----------------------------------+
| Field       | Value                             |
+-------------+-----------------------------------+
| id          | 0d09782410c349e7816c409402a2c14b  |
| name        | heat                              |
| enabled     | True                              |
| description | Service Domain for RegionOne/heat |
| options     | {}                                |
+-------------+-----------------------------------+
++ openstack user create --or-show --enable -f value -c id --domain=0d09782410c349e7816c409402a2c14b --description 'Service User for RegionOne/heat' --password=JvGOAZmO1fCBmbO6hg7XjmY2i7X6y7hf heat-stack-user-RegionOne
+ SERVICE_OS_USERID=3e5359b757fb4981af9444a6d6a142dc
+ openstack user set --password=JvGOAZmO1fCBmbO6hg7XjmY2i7X6y7hf 3e5359b757fb4981af9444a6d6a142dc
+ openstack user show 3e5359b757fb4981af9444a6d6a142dc
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | None                             |
| domain_id           | 0d09782410c349e7816c409402a2c14b |
| email               | None                             |
| enabled             | True                             |
| id                  | 3e5359b757fb4981af9444a6d6a142dc |
| name                | heat-stack-user-RegionOne        |
| description         | Service User for RegionOne/heat  |
| password_expires_at | None                             |
| options             | {}                               |
+---------------------+----------------------------------+
++ openstack role show -f value -c id admin
+ SERVICE_OS_ROLE_ID=edaa54cd72a043df9b7970a6638adf75
+ openstack role add --domain=0d09782410c349e7816c409402a2c14b --user=3e5359b757fb4981af9444a6d6a142dc --user-domain=0d09782410c349e7816c409402a2c14b edaa54cd72a043df9b7970a6638adf75
+ openstack role assignment list --role=edaa54cd72a043df9b7970a6638adf75 --user-domain=0d09782410c349e7816c409402a2c14b --user=3e5359b757fb4981af9444a6d6a142dc
+----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+
| Role                             | User                             | Group | Project | Domain                           | System | Inherited |
+----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+
| edaa54cd72a043df9b7970a6638adf75 | 3e5359b757fb4981af9444a6d6a142dc |       |         | 0d09782410c349e7816c409402a2c14b |        | False     |
+----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+