++ openstack domain create --or-show --enable -f value -c id '--description=Service Domain for RegionOne/heat' heat + SERVICE_OS_DOMAIN_ID=2edf0de35d7e426fa351276b14bd8c1c + openstack domain show 2edf0de35d7e426fa351276b14bd8c1c +-------------+-----------------------------------+ | Field | Value | +-------------+-----------------------------------+ | id | 2edf0de35d7e426fa351276b14bd8c1c | | name | heat | | enabled | True | | description | Service Domain for RegionOne/heat | | options | {} | +-------------+-----------------------------------+ ++ openstack user create --or-show --enable -f value -c id --domain=2edf0de35d7e426fa351276b14bd8c1c --description 'Service User for RegionOne/heat' --password=ahTCy1xzqc124uDbBj0vOZWrO9QPGaVl heat-stack-user-RegionOne + SERVICE_OS_USERID=1acae05801ce47f289f1a09b6ab8f355 + openstack user set --password=ahTCy1xzqc124uDbBj0vOZWrO9QPGaVl 1acae05801ce47f289f1a09b6ab8f355 + openstack user show 1acae05801ce47f289f1a09b6ab8f355 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | default_project_id | None | | domain_id | 2edf0de35d7e426fa351276b14bd8c1c | | email | None | | enabled | True | | id | 1acae05801ce47f289f1a09b6ab8f355 | | name | heat-stack-user-RegionOne | | description | Service User for RegionOne/heat | | password_expires_at | None | | options | {} | +---------------------+----------------------------------+ ++ openstack role show -f value -c id admin + SERVICE_OS_ROLE_ID=09ca0ad4609d4b2aa87b5202be6f8efd + openstack role add --domain=2edf0de35d7e426fa351276b14bd8c1c --user=1acae05801ce47f289f1a09b6ab8f355 --user-domain=2edf0de35d7e426fa351276b14bd8c1c 09ca0ad4609d4b2aa87b5202be6f8efd + openstack role assignment list --role=09ca0ad4609d4b2aa87b5202be6f8efd --user-domain=2edf0de35d7e426fa351276b14bd8c1c --user=1acae05801ce47f289f1a09b6ab8f355 +----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+ | Role | User | Group | Project | Domain | System | Inherited | +----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+ | 09ca0ad4609d4b2aa87b5202be6f8efd | 1acae05801ce47f289f1a09b6ab8f355 | | | 2edf0de35d7e426fa351276b14bd8c1c | | False | +----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+