Fix cron keystone calls when token is available

When a token_id is present we get Failed to process cron trigger CronTrigger AuthorizationFailure: Authentication cannot be scoped to multiple targets. Pick one of: project, domain, trust or unscoped We have a test to do that if CONF.keystone_authtoken.auth_type is not None but a change was needed when it was none. Change-Id: I636873c0db4b3dbf66a0c5a856fee4dcb644ac3c Closes-bug: #1711069
2017-08-14 14:51:07 +01:00 · 2017-08-14 14:51:07 +01:00 · d08479ff0c
commit d08479ff0c
parent 3f62afd8fb
1 changed files with 7 additions and 1 deletions
--- a/mistral/utils/openstack/keystone.py
+++ b/mistral/utils/openstack/keystone.py
@ -96,11 +96,17 @@ def get_session_and_auth(context, **kwargs):
 def _admin_client(trust_id=None):
    if CONF.keystone_authtoken.auth_type is None:
        auth_url = CONF.keystone_authtoken.auth_uri
+        project_name = CONF.keystone_authtoken.admin_tenant_name
+
+        # You can't use trust and project together
+
+        if trust_id:
+            project_name = None

        cl = ks_client.Client(
            username=CONF.keystone_authtoken.admin_user,
            password=CONF.keystone_authtoken.admin_password,
-            project_name=CONF.keystone_authtoken.admin_tenant_name,
+            project_name=project_name,
            auth_url=auth_url,
            trust_id=trust_id
        )