From a28849ff7f714c6b5055687051a7ccea0a7a153f Mon Sep 17 00:00:00 2001
From: Martin Kopec <mkopec@redhat.com>
Date: Thu, 21 Jan 2021 14:06:21 +0000
Subject: [PATCH] Fix project/domain scope in dynamic_creds

Lately merged review [1] changed a nature of a condition
setting domain / project scope. Before identity_admin_domain_scope
was a trigger between domain and project scope, however after
[1] change got merged the domain scope is not set only when
identity_admin_domain_scope is true but also when domain_id or
domain_name of default_admin_creds are set.

identity_admin_domain_scope var should be the only var which decides
whether domain scope will be set or not - in other words, if it's
false it shouldn't matter whether domain_id/domain_name are set at all.

https: //review.opendev.org/c/openstack/tempest/+/686073
Change-Id: Ia6d31980d42861ba5d4f53f99ffd59d0bfed4dd9
---
 tempest/lib/common/dynamic_creds.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tempest/lib/common/dynamic_creds.py b/tempest/lib/common/dynamic_creds.py
index 0a2817b203..d9f4f4689a 100644
--- a/tempest/lib/common/dynamic_creds.py
+++ b/tempest/lib/common/dynamic_creds.py
@@ -144,9 +144,9 @@ class DynamicCredentialProvider(cred_provider.CredentialProvider):
             # need a different token scope for them.
             if self.default_admin_creds.system:
                 scope = 'system'
-            elif (self.default_admin_creds.domain_id or
-                    self.default_admin_creds.domain_name or
-                    self.identity_admin_domain_scope):
+            elif (self.identity_admin_domain_scope and
+                  (self.default_admin_creds.domain_id or
+                   self.default_admin_creds.domain_name)):
                 scope = 'domain'
             else:
                 scope = 'project'