openstack/openstack-ansible-plugins
Code Issues Proposed changes

Set the default domain for the role_assignment

Browse Source 
From time to time it might happen in deployments, that some project
will create a service user in their domains. When this happens and
domain is not supplied for the role_assignment module fails with
multiple users with the same name exist.

However, domain param is used not only for lookups but also for
scoped assignments [1]. When project is not supplied, domain scope
will be assigned. And when domain is not defined, then system scope
will be applied. But since all projects (except keystone) have reverted
their system_scope efforts, we can safely set default for the domain
to workaround potential issues with lookups.

[1] https://docs.ansible.com/ansible/latest/collections/openstack/cloud/role_assignment_module.html#parameter-domain

Change-Id: Ia406d101632806d18495380d8911468ea14bc502
This commit is contained in:
Dmitriy Rabotyagov 2023-11-07 16:03:55 +01:00
parent f685bc25b7
commit 8ecfce0082
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/service_setup/tasks/setup_roles.yml
View File

@ -36,7 +36,7 @@
user: "{{ user.name }}" user: "{{ user.name }}"
role: "{{ role }}" role: "{{ role }}"
project: "{{ user.project | default(_service_project_name) }}" project: "{{ user.project | default(_service_project_name) }}"
domain: "{{ user.domain | default(omit) }}" domain: "{{ user.domain | default('default') }}"
endpoint_type: admin endpoint_type: admin
validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}" validate_certs: "{{ not (_service_adminuri_insecure | default(True) | bool) }}"
register: add_service register: add_service