Comment 2 for bug 1457533

After some investigation, the create_user currently does not take in the role, so we can't call the user-role-add.
A user must have a role in order to do something within a project. Since all the cookbooks do the create_user action followed by the
grant_role action, it's seems reasonable that this case should work if the create_user did not specifically check for a user assigned to the given tenant/project. I will give that a try, but will need help in testing the edge cases like this. If this appears to be risky, it will have to wait until liberty.

You can only set the user's default project with the openstack cli, the keystone cli is deprecated and does not support this.