Update user role assignments

Adds support for setting the system scope to user role assignments.
Also updates the domain assignment so it can be customised.

Note that the scope assignments follow the precedence of
project->domain->system [1]. As such, the previous default value of
domain was being ignored as we always set a project, so the removal of
the default domain in this patch has no effect on existing behaviour.

1. https://docs.ansible.com/ansible/latest/collections/openstack/cloud/role_assignment_module.html#parameter-system

Change-Id: Ie7fe78ab67b1bf8a19def25fef321de5c2d80aa9

ansible/roles/service-ks-register/tasks/main.yml

@@ -107,15 +107,16 @@
         module_args:
           user: "{{ item.user }}"
           role: "{{ item.role }}"
-          project: "{{ item.project }}"
-          domain: "{{ service_ks_register_domain }}"
+          project: "{{ item.project | default(omit) }}"
+          domain: "{{ item.domain | default(omit) }}"
+          system: "{{ item.system | default(omit) }}"
           region_name: "{{ service_ks_register_region_name }}"
           auth: "{{ service_ks_register_auth }}"
           interface: "{{ service_ks_register_interface }}"
           cacert: "{{ service_ks_cacert }}"
       with_items: "{{ service_ks_register_users + service_ks_register_user_roles }}"
       loop_control:
-        label: "{{ item.user }} -> {{ item.project }} -> {{ item.role }}"
+        label: "{{ item.user }} -> {{ item.project | default(item.domain) | default(item.system) }} -> {{ item.role }}"
       register: service_ks_register_result
       until: service_ks_register_result is success
       retries: "{{ service_ks_register_retries }}"

releasenotes/notes/update-user-role-assignments-c8e487445a6cadef.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    User role assignments can now customise domain and system scopes.