commit 85576bbfd430a9f419fbd837dfa20a2ef687da94
author Stephen Finucane <stephenfin@redhat.com> Wed Feb 26 18:04:09 2025 +0000
committer Stephen Finucane <stephenfin@redhat.com> Thu Feb 27 13:23:17 2025 +0000
tree 1ecfa54c82536572ae8702c6f05cf1fbcb461d26
parent 01755f8bdf8c1f1b39ff93e982952692e18d5cb1

tools: Set user_domain_id in generated clouds.yaml

If you specify a username, you also need to specify a domain that the
user exists in. Failure to do so results in the following error:

  Expecting to find domain in user. The server could not comply with the
  request since it is either malformed or otherwise incorrect. The
  client is assumed to be in error. (HTTP 400)␏

This was mostly being masked for us in python-openstackclient by this
little helper in osc-lib [1], but we can't rely on that for openstacksdk
(and shouldn't really rely on it elsewhere either).

We also deprecate the '--os-identity-api-version' and
'--os-volume-api-version' options and will remove them shortly: both
services only have v3 APIs nowadays.

[1] https://github.com/openstack/osc-lib/blob/3.2.0/osc_lib/cli/client_config.py#L136-L147

Change-Id: I5537b0a7d58efb8a325ed61bad358f677f7a3cdf
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>

tools/update_clouds_yaml.py

diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py
index 74dcdb2..c0a5483 100755
--- a/tools/update_clouds_yaml.py
+++ b/tools/update_clouds_yaml.py
@@ -14,14 +14,14 @@
 
 # Update the clouds.yaml file.
 
-
 import argparse
 import os.path
+import sys
 
 import yaml
 
 
-class UpdateCloudsYaml(object):
+class UpdateCloudsYaml:
     def __init__(self, args):
         if args.file:
             self._clouds_path = args.file
@@ -32,6 +32,14 @@
             self._create_directory = True
         self._clouds = {}
 
+        if args.os_identity_api_version != '3':
+            print("ERROR: Only identity API v3 is supported")
+            sys.exit(1)
+
+        if args.os_volume_api_version != '3':
+            print("ERROR: Only block storage API v3 is supported")
+            sys.exit(1)
+
         self._cloud = args.os_cloud
         self._cloud_data = {
             'region_name': args.os_region_name,
@@ -40,20 +48,23 @@
             'auth': {
                 'auth_url': args.os_auth_url,
                 'username': args.os_username,
+                'user_domain_id': 'default',
                 'password': args.os_password,
             },
         }
+
         if args.os_project_name and args.os_system_scope:
             print(
-                "WARNING: os_project_name and os_system_scope were both"
-                " given. os_system_scope will take priority.")
-        if args.os_project_name and not args.os_system_scope:
-            self._cloud_data['auth']['project_name'] = args.os_project_name
-        if args.os_identity_api_version == '3' and not args.os_system_scope:
-            self._cloud_data['auth']['user_domain_id'] = 'default'
-            self._cloud_data['auth']['project_domain_id'] = 'default'
-        if args.os_system_scope:
+                "WARNING: os_project_name and os_system_scope were both "
+                "given. os_system_scope will take priority."
+            )
+
+        if args.os_system_scope:  # system-scoped
             self._cloud_data['auth']['system_scope'] = args.os_system_scope
+        elif args.os_project_name:  # project-scoped
+            self._cloud_data['auth']['project_name'] = args.os_project_name
+            self._cloud_data['auth']['project_domain_id'] = 'default'
+
         if args.os_cacert:
             self._cloud_data['cacert'] = args.os_cacert