Add openrc_clouds_yml_file_default_scope variable

At present, if openrc_system_scope is enabled, the default
value in clouds.yaml is also modified. This can negatively
impact some OSA tasks like openstack_resources which mostly
require project scope.

This patch adds an extra variable which can be used to override
the clouds.yaml default. Additionally, project and system scoped
entries in clouds.yaml will always have a consistently-named entry
created so that these can be referenced externally.

Change-Id: Ibd53d8c8231e2b989841b590f4596e842b5aab82
This commit is contained in:
Andrew Bonney 2024-07-03 08:37:38 +01:00
parent 1b64a0c8e4
commit 8f528cc774
2 changed files with 21 additions and 2 deletions
defaults
templates

@ -51,5 +51,6 @@ openrc_clouds_yml_file_dest: "{{ openrc_openstack_client_config_dir_dest }}/clou
openrc_clouds_yml_file_owner: "{{ ansible_facts['user_id'] }}"
openrc_clouds_yml_file_group: "{{ ansible_facts['user_id'] }}"
openrc_clouds_yml_file_mode: "0600"
openrc_clouds_yml_file_default_scope: "{{ (openrc_system_scope | bool) | ternary('system', 'project') }}"
openrc_locale: "{{ ansible_facts.env.LANG | default('C.UTF-8') }}"

@ -3,7 +3,7 @@ clouds:
default:
auth:
auth_url: {{ openrc_os_auth_url }}
{% if openrc_system_scope | default(false) | bool %}
{% if openrc_clouds_yml_file_default_scope == 'system' %}
system_scope: all
{% else %}
project_name: {{ openrc_os_tenant_name }}
@ -24,7 +24,6 @@ clouds:
verify: false
insecure: true
{% endif %}
{% if openrc_system_scope | default(false) | bool %}
default_project_scope:
auth:
auth_url: {{ openrc_os_auth_url }}
@ -45,4 +44,23 @@ clouds:
verify: false
insecure: true
{% endif %}
{% if openrc_system_scope | bool %}
default_system_scope:
auth:
auth_url: {{ openrc_os_auth_url }}
system_scope: all
username: {{ openrc_os_username }}
password: {{ openrc_os_password }}
user_domain_name: {{ openrc_os_domain_name }}
region_name: {{ openrc_region_name }}
interface: {{ openrc_clouds_yml_interface }}
{% if openrc_os_auth_url.endswith('v2.0') %}
identity_api_version: "2.0"
{% else %}
identity_api_version: "3"
{% endif %}
{% if openrc_insecure | bool %}
verify: false
insecure: true
{% endif %}
{% endif %}