@@ -856,6 +856,38 @@ function get_or_add_user_project_role {

     echo $user_role_id

 }

+# Gets or adds user role to domain

+# Usage: get_or_add_user_domain_role <role> <user> <domain>

+function get_or_add_user_domain_role {

+    local user_role_id

+    # Gets user role id

+    user_role_id=$(openstack role list \

+        --user $2 \

+        --os-url=$KEYSTONE_SERVICE_URI_V3 \

+        --os-identity-api-version=3 \

+        --column "ID" \

+        --domain $3 \

+        --column "Name" \

+        | grep " $1 " | get_field 1)

+    if [[ -z "$user_role_id" ]]; then

+        # Adds role to user and get it

+        openstack role add $1 \

+            --user $2 \

+            --domain $3 \

+            --os-url=$KEYSTONE_SERVICE_URI_V3 \

+            --os-identity-api-version=3

+        user_role_id=$(openstack role list \

+            --user $2 \

+            --os-url=$KEYSTONE_SERVICE_URI_V3 \

+            --os-identity-api-version=3 \

+            --column "ID" \

+            --domain $3 \

+            --column "Name" \

+            | grep " $1 " | get_field 1)

+    fi

+    echo $user_role_id

+}

+

 # Gets or adds group role to project

 # Usage: get_or_add_group_project_role <role> <group> <project>

 function get_or_add_group_project_role {

@@ -351,6 +351,7 @@ function create_keystone_accounts {

     local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)

     local admin_role=$(get_or_create_role "admin")

     get_or_add_user_project_role $admin_role $admin_user $admin_tenant

+    get_or_add_user_domain_role $admin_role $admin_user default

     # Create service project/role

     get_or_create_project "$SERVICE_TENANT_NAME" default