From 85576bbfd430a9f419fbd837dfa20a2ef687da94 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Wed, 26 Feb 2025 18:04:09 +0000 Subject: [PATCH] tools: Set user_domain_id in generated clouds.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If you specify a username, you also need to specify a domain that the user exists in. Failure to do so results in the following error: Expecting to find domain in user. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)␏ This was mostly being masked for us in python-openstackclient by this little helper in osc-lib [1], but we can't rely on that for openstacksdk (and shouldn't really rely on it elsewhere either). We also deprecate the '--os-identity-api-version' and '--os-volume-api-version' options and will remove them shortly: both services only have v3 APIs nowadays. [1] https://github.com/openstack/osc-lib/blob/3.2.0/osc_lib/cli/client_config.py#L136-L147 Change-Id: I5537b0a7d58efb8a325ed61bad358f677f7a3cdf Signed-off-by: Stephen Finucane --- lib/keystone | 2 +- tools/update_clouds_yaml.py | 31 +++++++++++++++++++++---------- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/lib/keystone b/lib/keystone index 76e2598ba3..8371045026 100644 --- a/lib/keystone +++ b/lib/keystone @@ -592,7 +592,7 @@ function bootstrap_keystone { # create_ldap_domain() - Create domain file and initialize domain with a user function create_ldap_domain { # Creates domain Users - openstack --os-identity-api-version=3 domain create --description "LDAP domain" Users + openstack domain create --description "LDAP domain" Users # Create domain file inside etc/keystone/domains KEYSTONE_LDAP_DOMAIN_FILE=$KEYSTONE_CONF_DIR/domains/keystone.Users.conf diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py index 74dcdb2a07..c0a54838cc 100755 --- a/tools/update_clouds_yaml.py +++ b/tools/update_clouds_yaml.py @@ -14,14 +14,14 @@ # Update the clouds.yaml file. - import argparse import os.path +import sys import yaml -class UpdateCloudsYaml(object): +class UpdateCloudsYaml: def __init__(self, args): if args.file: self._clouds_path = args.file @@ -32,6 +32,14 @@ class UpdateCloudsYaml(object): self._create_directory = True self._clouds = {} + if args.os_identity_api_version != '3': + print("ERROR: Only identity API v3 is supported") + sys.exit(1) + + if args.os_volume_api_version != '3': + print("ERROR: Only block storage API v3 is supported") + sys.exit(1) + self._cloud = args.os_cloud self._cloud_data = { 'region_name': args.os_region_name, @@ -40,20 +48,23 @@ class UpdateCloudsYaml(object): 'auth': { 'auth_url': args.os_auth_url, 'username': args.os_username, + 'user_domain_id': 'default', 'password': args.os_password, }, } + if args.os_project_name and args.os_system_scope: print( - "WARNING: os_project_name and os_system_scope were both" - " given. os_system_scope will take priority.") - if args.os_project_name and not args.os_system_scope: - self._cloud_data['auth']['project_name'] = args.os_project_name - if args.os_identity_api_version == '3' and not args.os_system_scope: - self._cloud_data['auth']['user_domain_id'] = 'default' - self._cloud_data['auth']['project_domain_id'] = 'default' - if args.os_system_scope: + "WARNING: os_project_name and os_system_scope were both " + "given. os_system_scope will take priority." + ) + + if args.os_system_scope: # system-scoped self._cloud_data['auth']['system_scope'] = args.os_system_scope + elif args.os_project_name: # project-scoped + self._cloud_data['auth']['project_name'] = args.os_project_name + self._cloud_data['auth']['project_domain_id'] = 'default' + if args.os_cacert: self._cloud_data['cacert'] = args.os_cacert