From 8ecfce008212f983408e2656f5620f572f6df7c2 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Tue, 7 Nov 2023 16:03:55 +0100 Subject: [PATCH] Set the default domain for the role_assignment From time to time it might happen in deployments, that some project will create a service user in their domains. When this happens and domain is not supplied for the role_assignment module fails with multiple users with the same name exist. However, domain param is used not only for lookups but also for scoped assignments [1]. When project is not supplied, domain scope will be assigned. And when domain is not defined, then system scope will be applied. But since all projects (except keystone) have reverted their system_scope efforts, we can safely set default for the domain to workaround potential issues with lookups. [1] https://docs.ansible.com/ansible/latest/collections/openstack/cloud/role_assignment_module.html#parameter-domain Change-Id: Ia406d101632806d18495380d8911468ea14bc502 --- roles/service_setup/tasks/setup_roles.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/service_setup/tasks/setup_roles.yml b/roles/service_setup/tasks/setup_roles.yml index ecba4381..749c06f4 100644 --- a/roles/service_setup/tasks/setup_roles.yml +++ b/roles/service_setup/tasks/setup_roles.yml @@ -36,7 +36,7 @@ user: "{{ user.name }}" role: "{{ role }}" project: "{{ user.project | default(_service_project_name) }}" - domain: "{{ user.domain | default(omit) }}" + domain: "{{ user.domain | default('default') }}" endpoint_type: admin validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" register: add_service