# openstack role add --user k8s-admin --user-domain k8s --project k8s --project-domain k8s k8s-admin-role
$ openstack role assignment list --project k8s
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| Role | User | Group | Project | Domain | System | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
| a6ab948d1f7947a98e2363f14af10fbb | e900b8934d11458b8eb9db21671c1b11 | | 07123041ee0544e0ab32e50dde780afd | | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+--------+-----------+
$ openstack role list |grep k8s
| a6ab948d1f7947a98e2363f14af10fbb | k8s-admin-role |
3, the user e900b8934d11458b8eb9db21671c1b11 (k8s-admin) is in the domain k8s
$ openstack user list --domain k8s
+----------------------------------+-----------+
| ID | Name |
+----------------------------------+-----------+
| e900b8934d11458b8eb9db21671c1b11 | k8s-admin |
+----------------------------------+-----------+
not in the default domain
$ openstack user list
+----------------------------------+----------+
| ID | Name |
+----------------------------------+----------+
| 3436fc62a232444597496d57e5f4b5fc | admin |
| 7413f0a568fb41409e93c3179c9f8a50 | demo |
| 2dcabd8e53e0424a8974c7948268868d | alt_demo |
+----------------------------------+----------+
I did some analysis according the data in https:/ /paste. openstack. org/show/ bnaAKV0YXlVn088 MvsFB/
1, 'users = api.keystone. user_list( self.request) ' gets the user admin(3436fc62a 232444597496d57 e5f4b5fc)
2, 'project_ users_roles = api.keystone. get_project_ users_roles( self.request, project= project_ id)' gets
defaultdict(<class 'list'>, {'e900b8934d114 58b8eb9db21671c 1b11': ['a6ab948d1f794 7a98e2363f14af1 0fbb']} )
# openstack role add --user k8s-admin --user-domain k8s --project k8s --project-domain k8s k8s-admin-role ------- ------- ------- ------- +------ ------- ------- ------- ------- +------ -+----- ------- ------- ------- ------- -+----- ---+--- -----+- ------- ---+ ------- ------- ------- ------- +------ ------- ------- ------- ------- +------ -+----- ------- ------- ------- ------- -+----- ---+--- -----+- ------- ---+ 98e2363f14af10f bb | e900b8934d11458 b8eb9db21671c1b 11 | | 07123041ee0544e 0ab32e50dde780a fd | | | False | ------- ------- ------- ------- +------ ------- ------- ------- ------- +------ -+----- ------- ------- ------- ------- -+----- ---+--- -----+- ------- ---+ 98e2363f14af10f bb | k8s-admin-role |
$ openstack role assignment list --project k8s
+------
| Role | User | Group | Project | Domain | System | Inherited |
+------
| a6ab948d1f7947a
+------
$ openstack role list |grep k8s
| a6ab948d1f7947a
3, the user e900b8934d11458 b8eb9db21671c1b 11 (k8s-admin) is in the domain k8s
$ openstack user list --domain k8s ------- ------- ------- ------- +------ -----+ ------- ------- ------- ------- +------ -----+ b8eb9db21671c1b 11 | k8s-admin | ------- ------- ------- ------- +------ -----+
+------
| ID | Name |
+------
| e900b8934d11458
+------
not in the default domain
$ openstack user list ------- ------- ------- ------- +------ ----+ ------- ------- ------- ------- +------ ----+ 597496d57e5f4b5 fc | admin | 09e93c3179c9f8a 50 | demo | a8974c794826886 8d | alt_demo | ------- ------- ------- ------- +------ ----+
+------
| ID | Name |
+------
| 3436fc62a232444
| 7413f0a568fb414
| 2dcabd8e53e0424
+------
$ env |grep OS_ openstack API_VERSION= 3 DOMAIN_ NAME=admin_ domain NAME=RegionOne /10.5.1. 174:5000/ v3 DOMAIN_ NAME=admin_ domain PROTOCOL= https TYPE=password NAME=admin
OS_PASSWORD=
OS_IDENTITY_
OS_USER_
OS_REGION_
OS_AUTH_URL=https:/
OS_PROJECT_
OS_AUTH_
OS_USERNAME=admin
OS_AUTH_
OS_PROJECT_