1- What is the difference between those roles: "_member_" admin, ResellerAdmin and heat_stack_user
2- Where can we create those roles?
A role is a personality that a user assumes to perform a specific set of operations. ( like an Admin or Reseller or just _member )
A role includes a set of rights and privileges. ( ???? and how to find out )
A user assumes that role inherits those rights and privileges.
https://docs.openstack.org/admin-guide/cli-manage-projects-users-and-roles.html
OS documentation and look for "role"
https://docs.openstack.org/admin-guide/index.html
Authorization Model in OpenStack (keystone API V2.0)
https://prosuncsedu.wordpress.com/2014/02/13/authorization-model-in-openstack/
root@super4:~# openstack role list
+----------------------------------+-----------------+
| ID | Name |
+----------------------------------+-----------------+
| 03be779481894d9196cb94ec77c17234 | admin |
| 0d7d26cab3914c01b3696d0fcf3426e3 | ResellerAdmin |
| 47f70b9bacd74ce6885c9dd9efa3b9da | heat_stack_user |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
+----------------------------------+-----------------+
root@super4:~# openstack role show admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 03be779481894d9196cb94ec77c17234 |
| name | admin |
+-----------+----------------------------------+
root@super4:~# keystone role-list
The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient. 'python-keystoneclient.', DeprecationWarning)
root@super4:~# openstack project list
+----------------------------------+---------------+
| ID | Name |
+----------------------------------+---------------+
| 485ff8c057ae4a53b914da69296457a4 | Demos |
| 50d2ba6cb2a14d9891f78e24cf15d7de | jlk1_project1 |
| 60852c1ffbf64f6d9ce86d8d5de57b92 | jlk1_project2 |
| ca67040c9d844f34ad9b9e4201efec32 | admin |
| f932845d91b946a798067894ed85e854 | services |
+----------------------------------+---------------+
root@super4:~# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 0731973cb55f49df8c3397f735aa7de6 | admin |
| 4d1804f5557c42bf8de7b8fbd7fc41a7 | cinder |
| e201e736c6ab42de8c914469af223867 | glance |
| 665ab51852bf4fc586561369126128e4 | nova |
| 87944d2bd60c41cfa3a57fc1d90deff4 | neutron |
| 245c8c0acfd84a9399f01a5aa976692b | ceilometer |
| 60ed1c74d3304e8cbbde8e2b1e2fba89 | heat |
| ca0a4547f6d54741bf59f5b04745a871 | heat-cfn |
| 73f66c46579d455db653efd45e00afb1 | billy |
| c7750616a52645348fb1dc7957e193dd | demo |
| 2bef986662e74e59a56cd02ac18dd02c | jlk1 |
| 8bec547be7ec4abeaa05d92b05a04faa | jlk2 |
+----------------------------------+------------+