OpenStack: Allow user access to tanent projects

Get mgmt user data

MY_USER_ID=$(openstack user list -c ID -c Name -f value | grep <OS_USERNAME> | cut -d" " -f1)
echo ${MY_USER_ID}
 
# grep project ID by VM
openstack server show -c project_id -f value ${SERVER_ID}
 
# get projects
openstack project list --long | grep safyievOokEgavUtdytPeurmebKowEff
 
# get assignments
openstack role assignment list --user JekUvyeijHaDrithWianvestUtevLiUk --project e72c94c20b4d40e3b971bc510d536e87 --names
 
# get Domain name
openstack domain list | grep safyievOokEgavUtdytPeurmebKowEff

Search tanent data

# get user domain ID
openstack domain list | grep yrgsonova
 
# get user id
openstack user list --long  | grep 6dac5139fa41465e89766746cec640e4
 
# get project id
openstack project list --long | grep 6dac5139fa41465e89766746cec640e4
 
# get assignments
openstack role assignment list --user 0749e19d1af349509c7941fd2d60a358  --project odWejBicHajIvtakeytPiUsGeJajyood --names

Add user to tanent project

MY_USER_ID=x0a10xb0aafa4e8aax50caa04b0afxb0
CUSTOMER_PROJECT_ID=2435bbb1ec5d40b08254ce11382b178d
 
# list existing role
openstack role assignment list --user ${MY_USER_ID} --project ${CUSTOMER_PROJECT_ID} --names
 
# add roles
#domadmin
ROLES="
creator
heat_stack_owner
load-balancer_member
member
_member_
"
 
for ROLE in ${ROLES}; do
    openstack role add --user ${MY_USER_ID} --project ${CUSTOMER_PROJECT_ID} ${ROLE}
done

Remove user access to tanent projects

MY_USER_ID=x0a10xb0aafa4e8aax50caa04b0afxb0
CUSTOMER_PROJECT_ID=2435bbb1ec5d40b08254ce11382b178d
 
#domadmin
ROLES="
creator
heat_stack_owner
load-balancer_member
member
_member_
"
 
for ROLE in ${ROLES}; do
    openstack role remove --user ${MY_USER_ID} --project ${CUSTOMER_PROJECT_ID} ${ROLE}
done
 
openstack role assignment list --user ${MY_USER_ID} --project ${CUSTOMER_PROJECT_ID} --names

Links
https://docs.openstack.org/keystone/latest/admin/cli-manage-projects-users-and-roles.html