++ openstack domain create --or-show --enable -f value -c id '--description=Service Domain for RegionOne/heat' heat
+ SERVICE_OS_DOMAIN_ID=0bbaadd0697a4197b2157de6f2809257
+ openstack domain show 0bbaadd0697a4197b2157de6f2809257
+-------------+-----------------------------------+
| Field       | Value                             |
+-------------+-----------------------------------+
| id          | 0bbaadd0697a4197b2157de6f2809257  |
| name        | heat                              |
| enabled     | True                              |
| description | Service Domain for RegionOne/heat |
| options     | {}                                |
+-------------+-----------------------------------+
++ openstack user create --or-show --enable -f value -c id --domain=0bbaadd0697a4197b2157de6f2809257 --description 'Service User for RegionOne/heat' --password=L0BNaMQ0DHWI2DM2h87Ufq8mSwzwIg0d heat-stack-user-RegionOne
+ SERVICE_OS_USERID=10aa242b73e04772a5284643082a2398
+ openstack user set --password=L0BNaMQ0DHWI2DM2h87Ufq8mSwzwIg0d 10aa242b73e04772a5284643082a2398
+ openstack user show 10aa242b73e04772a5284643082a2398
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | None                             |
| domain_id           | 0bbaadd0697a4197b2157de6f2809257 |
| email               | None                             |
| enabled             | True                             |
| id                  | 10aa242b73e04772a5284643082a2398 |
| name                | heat-stack-user-RegionOne        |
| description         | Service User for RegionOne/heat  |
| password_expires_at | None                             |
| options             | {}                               |
+---------------------+----------------------------------+
++ openstack role show -f value -c id admin
+ SERVICE_OS_ROLE_ID=05157832e85c4810a4e7e2d675a44d7c
+ openstack role add --domain=0bbaadd0697a4197b2157de6f2809257 --user=10aa242b73e04772a5284643082a2398 --user-domain=0bbaadd0697a4197b2157de6f2809257 05157832e85c4810a4e7e2d675a44d7c
+ openstack role assignment list --role=05157832e85c4810a4e7e2d675a44d7c --user-domain=0bbaadd0697a4197b2157de6f2809257 --user=10aa242b73e04772a5284643082a2398
+----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+
| Role                             | User                             | Group | Project | Domain                           | System | Inherited |
+----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+
| 05157832e85c4810a4e7e2d675a44d7c | 10aa242b73e04772a5284643082a2398 |       |         | 0bbaadd0697a4197b2157de6f2809257 |        | False     |
+----------------------------------+----------------------------------+-------+---------+----------------------------------+--------+-----------+