diff --git a/.zuul.yaml b/.zuul.yaml
index b02bb766db..5cbc36a1cd 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -20,16 +20,16 @@
       - openstack/keystone-tempest-plugin
     vars:
       tox_envlist: all
-      tempest_test_regex: 'keystone_tempest_plugin'
+      tempest_test_regex: "keystone_tempest_plugin"
       devstack_localrc:
-        TEMPEST_PLUGINS: '/opt/stack/keystone-tempest-plugin'
+        TEMPEST_PLUGINS: "/opt/stack/keystone-tempest-plugin"
 
 - job:
     name: keystone-dsvm-py3-functional
     parent: keystone-dsvm-functional
     vars:
       devstack_localrc:
-        TEMPEST_PLUGINS: '/opt/stack/keystone-tempest-plugin'
+        TEMPEST_PLUGINS: "/opt/stack/keystone-tempest-plugin"
         USE_PYTHON3: True
 
 - job:
@@ -40,7 +40,7 @@
       Functional testing for a FIPS enabled Centos 9 system
     pre-run: playbooks/enable-fips.yaml
     vars:
-      nslookup_target: 'opendev.org'
+      nslookup_target: "opendev.org"
 
 - job:
     name: keystone-dsvm-py3-functional-federation-ubuntu-jammy
@@ -48,7 +48,7 @@
     nodeset: openstack-single-node-jammy
     vars:
       devstack_localrc:
-        TEMPEST_PLUGINS: '/opt/stack/keystone-tempest-plugin'
+        TEMPEST_PLUGINS: "/opt/stack/keystone-tempest-plugin"
         USE_PYTHON3: True
       devstack_services:
         keystone-saml2-federation: true
@@ -82,8 +82,8 @@
     parent: devstack-tempest
     vars:
       devstack_localrc:
-        KEYSTONE_CLEAR_LDAP: 'yes'
-        LDAP_PASSWORD: 'nomoresecret'
+        KEYSTONE_CLEAR_LDAP: "yes"
+        LDAP_PASSWORD: "nomoresecret"
         USE_PYTHON3: True
       devstack_services:
         ldap: true
@@ -135,9 +135,9 @@
     parent: keystone-dsvm-functional
     vars:
       devstack_localrc:
-        TEMPEST_PLUGINS: '/opt/stack/keystone-tempest-plugin'
+        TEMPEST_PLUGINS: "/opt/stack/keystone-tempest-plugin"
         USE_PYTHON3: True
-        OS_CACERT: '/opt/stack/data/ca_bundle.pem'
+        OS_CACERT: "/opt/stack/data/ca_bundle.pem"
       devstack_services:
         tls-proxy: true
         keystone-oidc-federation: true
diff --git a/keystone/common/policies/role.py b/keystone/common/policies/role.py
index 0dbd793e93..a5ebd2647f 100644
--- a/keystone/common/policies/role.py
+++ b/keystone/common/policies/role.py
@@ -85,7 +85,7 @@ role_policies = [
     policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'get_role',
         check_str=base.RULE_ADMIN_OR_SYSTEM_READER,
-        scope_types=['system', 'project'],
+        scope_types=['system', 'domain', 'project'],
         description='Show role details.',
         operations=[{'path': '/v3/roles/{role_id}',
                      'method': 'GET'},
@@ -95,7 +95,7 @@ role_policies = [
     policy.DocumentedRuleDefault(
         name=base.IDENTITY % 'list_roles',
         check_str=base.RULE_ADMIN_OR_SYSTEM_READER,
-        scope_types=['system', 'project'],
+        scope_types=['system', 'domain', 'project'],
         description='List roles.',
         operations=[{'path': '/v3/roles',
                      'method': 'GET'},