Failed to create keystone client

When calling a heat action in my workflow, I got below error:

2016-10-17 16:54:49.781 DEBUG keystoneclient.auth.identity.v3.base [-] Making authentication request to http://127.0.0.1:5000/v3/auth/tokens from (pid=14317) get_auth_ref /usr/local/lib/python2.7/dist-packages/keystoneclient/auth/identity/v3/base.py:189
2016-10-17 16:54:49.951 DEBUG keystoneclient.session [-] Request returned failure status: 403 from (pid=14317) request /usr/local/lib/python2.7/dist-packages/keystoneclient/session.py:418
2016-10-17 16:54:49.970 WARNING mistral.actions.openstack.base [-] Traceback (most recent call last):
  File "/opt/stack/mistral/mistral/actions/openstack/base.py", line 127, in run
    myclient = self._get_client()
  File "/opt/stack/mistral/mistral/actions/openstack/base.py", line 92, in _get_client
    return self._create_client()
  File "/opt/stack/mistral/mistral/actions/openstack/actions.py", line 200, in _create_client
    heat_endpoint = keystone_utils.get_endpoint_for_project('heat')
  File "/opt/stack/mistral/mistral/utils/openstack/keystone.py", line 78, in get_endpoint_for_project
    service_catalog = obtain_service_catalog(ctx)
  File "/opt/stack/mistral/mistral/utils/openstack/keystone.py", line 139, in obtain_service_catalog
    response = client().tokens.get_token_data(
  File "/opt/stack/mistral/mistral/utils/openstack/keystone.py", line 38, in client
    auth_url=auth_url
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/v3/client.py", line 231, in __init__
    self.authenticate()
  File "/usr/local/lib/python2.7/dist-packages/positional/__init__.py", line 101, in inner
    return wrapped(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/httpclient.py", line 578, in authenticate
    resp = self.get_raw_token_from_identity_service(**kwargs)
  File "/usr/local/lib/python2.7/dist-packages/keystoneclient/v3/client.py", line 317, in get_raw_token_from_identity_service
    _('Authorization failed: %s') % e)
AuthorizationFailure: Authorization failed: You are not authorized to perform the requested action. (HTTP 403) (Request-ID: req-dc1bc57f-1a92-489b-8457-e733c299f5f6)

2016-10-17 16:54:49.972 ERROR mistral.engine.default_executor [-] Failed to run action [action_ex_id=f2032d04-9888-4277-ad3a-b212e50c89cd, action_cls='<class 'mistral.actions.action_factory.HeatAction'>', attributes='{u'client_method_name': u'resources.mark_unhealthy'}', params='{u'stack_id': u'befcad20-afd4-437e-9d1a-b5def12cf089', u'resource_name': u'hyxnkn7i52tn', u'mark_unhealthy': True, u'resource_status_reason': u'Marked by alarm'}']
 HeatAction.resources.mark_unhealthy failed: <class 'keystoneauth1.exceptions.auth.AuthorizationFailure'>: Cannot authorize API client.
2016-10-17 16:54:49.972 TRACE mistral.engine.default_executor Traceback (most recent call last):
2016-10-17 16:54:49.972 TRACE mistral.engine.default_executor File "/opt/stack/mistral/mistral/engine/default_executor.py", line 90, in run_action
2016-10-17 16:54:49.972 TRACE mistral.engine.default_executor result = action.run()
2016-10-17 16:54:49.972 TRACE mistral.engine.default_executor File "/opt/stack/mistral/mistral/actions/openstack/base.py", line 145, in run
2016-10-17 16:54:49.972 TRACE mistral.engine.default_executor (self.__class__.__name__, self.client_method_name, e_str)
2016-10-17 16:54:49.972 TRACE mistral.engine.default_executor ActionException: HeatAction.resources.mark_unhealthy failed: <class 'keystoneauth1.exceptions.auth.AuthorizationFailure'>: Cannot authorize API client.
2016-10-17 16:54:49.972 TRACE mistral.engine.default_executor

Obviously, mistral can't create the keystone client with current way.