tools: Set user_domain_id in generated clouds.yaml
If you specify a username, you also need to specify a domain that the
user exists in. Failure to do so results in the following error:
Expecting to find domain in user. The server could not comply with the
request since it is either malformed or otherwise incorrect. The
client is assumed to be in error. (HTTP 400)␏
This was mostly being masked for us in python-openstackclient by this
little helper in osc-lib [1], but we can't rely on that for openstacksdk
(and shouldn't really rely on it elsewhere either).
We also deprecate the '--os-identity-api-version' and
'--os-volume-api-version' options and will remove them shortly: both
services only have v3 APIs nowadays.
[1] https://github.com/openstack/osc-lib/blob/3.2.0/osc_lib/cli/client_config.py#L136-L147
Change-Id: I5537b0a7d58efb8a325ed61bad358f677f7a3cdf
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
diff --git a/lib/keystone b/lib/keystone
index 76e2598..8371045 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -592,7 +592,7 @@
# create_ldap_domain() - Create domain file and initialize domain with a user
function create_ldap_domain {
# Creates domain Users
- openstack --os-identity-api-version=3 domain create --description "LDAP domain" Users
+ openstack domain create --description "LDAP domain" Users
# Create domain file inside etc/keystone/domains
KEYSTONE_LDAP_DOMAIN_FILE=$KEYSTONE_CONF_DIR/domains/keystone.Users.conf
diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py
index 74dcdb2..c0a5483 100755
--- a/tools/update_clouds_yaml.py
+++ b/tools/update_clouds_yaml.py
@@ -14,14 +14,14 @@
# Update the clouds.yaml file.
-
import argparse
import os.path
+import sys
import yaml
-class UpdateCloudsYaml(object):
+class UpdateCloudsYaml:
def __init__(self, args):
if args.file:
self._clouds_path = args.file
@@ -32,6 +32,14 @@
self._create_directory = True
self._clouds = {}
+ if args.os_identity_api_version != '3':
+ print("ERROR: Only identity API v3 is supported")
+ sys.exit(1)
+
+ if args.os_volume_api_version != '3':
+ print("ERROR: Only block storage API v3 is supported")
+ sys.exit(1)
+
self._cloud = args.os_cloud
self._cloud_data = {
'region_name': args.os_region_name,
@@ -40,20 +48,23 @@
'auth': {
'auth_url': args.os_auth_url,
'username': args.os_username,
+ 'user_domain_id': 'default',
'password': args.os_password,
},
}
+
if args.os_project_name and args.os_system_scope:
print(
- "WARNING: os_project_name and os_system_scope were both"
- " given. os_system_scope will take priority.")
- if args.os_project_name and not args.os_system_scope:
- self._cloud_data['auth']['project_name'] = args.os_project_name
- if args.os_identity_api_version == '3' and not args.os_system_scope:
- self._cloud_data['auth']['user_domain_id'] = 'default'
- self._cloud_data['auth']['project_domain_id'] = 'default'
- if args.os_system_scope:
+ "WARNING: os_project_name and os_system_scope were both "
+ "given. os_system_scope will take priority."
+ )
+
+ if args.os_system_scope: # system-scoped
self._cloud_data['auth']['system_scope'] = args.os_system_scope
+ elif args.os_project_name: # project-scoped
+ self._cloud_data['auth']['project_name'] = args.os_project_name
+ self._cloud_data['auth']['project_domain_id'] = 'default'
+
if args.os_cacert:
self._cloud_data['cacert'] = args.os_cacert