Don't set project_domain if not project scoped

The code to expand domain_{name,id} to {user,project}_domain_{name,id} is flawed in that it sets a project_domain_{name,id} even if a project_{name,id} is not set. There is a valid use case for not having a project_{name,id} - specifically getting a domain-scoped token. In the case where we do not set a project, check for that and don't make further assumptions that the domain input needs to be "fixed". Closes-Bug: #1535676 Change-Id: I825fe4bc375687208bb176bb5990c23fe87c8f9d
author: Monty Taylor <mordred@inaugust.com> 2016-01-19 10:12:02 -0500
committer: Monty Taylor <mordred@inaugust.com> 2016-01-21 08:11:19 -0500
commit: a2db877b41fad494fe9daa09b5c77914638ac605 (patch)
tree: 89715c25c39a9b961d27cf2e8576026121c50cc5
parent: 2f1d184a8e6bed99d027b5ec9f8ee475e527cbdc (diff)
download: os-client-config-a2db877b41fad494fe9daa09b5c77914638ac605.tar.gz
3 files changed, 35 insertions, 0 deletions
diff --git a/os_client_config/config.py b/os_client_config/config.py
index 378cd3b..0444316 100644
--- a/os_client_config/config.py
+++ b/os_client_config/config.py
@@ -480,6 +480,11 @@ class OpenStackConfig(object):
         cloud = self._handle_domain_id(cloud)
         return cloud
 
+    def _project_scoped(self, cloud):
+        return ('project_id' in cloud or 'project_name' in cloud
+                or 'project_id' in cloud['auth']
+                or 'project_name' in cloud['auth'])
+
     def _handle_domain_id(self, cloud):
         # Allow people to just specify domain once if it's the same
         mappings = {
@@ -487,6 +492,10 @@ class OpenStackConfig(object):
             'domain_name': ('user_domain_name', 'project_domain_name'),
         }
         for target_key, possible_values in mappings.items():
+            if not self._project_scoped(cloud):
+                if target_key in cloud and target_key not in cloud['auth']:
+                    cloud['auth'][target_key] = cloud.pop(target_key)
+                continue
             for key in possible_values:
                 if target_key in cloud['auth'] and key not in cloud['auth']:
                     cloud['auth'][key] = cloud['auth'][target_key]
diff --git a/os_client_config/tests/base.py b/os_client_config/tests/base.py
index 3f00f6d..9b784b1 100644
--- a/os_client_config/tests/base.py
+++ b/os_client_config/tests/base.py
@@ -73,6 +73,7 @@ USER_CONF = {
             'auth': {
                 'username': 'testuser',
                 'password': 'testpass',
+                'domain_id': 'awesome-domain',
                 'project_id': 12345,
                 'auth_url': 'http://example.com/v2',
             },
@@ -128,6 +129,14 @@ USER_CONF = {
                 'password': 'testpass',
             },
         },
+        '_test-cloud-domain-scoped_': {
+            'auth': {
+                'auth_url': 'http://example.com/v2',
+                'username': 'testuser',
+                'password': 'testpass',
+                'domain-id': '12345',
+            },
+        },
     },
     'ansible': {
         'expand-hostvars': False,
diff --git a/os_client_config/tests/test_config.py b/os_client_config/tests/test_config.py
index 1a16bd8..73be114 100644
--- a/os_client_config/tests/test_config.py
+++ b/os_client_config/tests/test_config.py
@@ -103,6 +103,22 @@ class TestConfig(base.TestCase):
         self.assertNotIn('domain_id', cc.auth)
         self.assertNotIn('domain-id', cc.auth)
 
+    def test_get_one_cloud_domain_scoped(self):
+        c = config.OpenStackConfig(config_files=[self.cloud_yaml],
+                                   vendor_files=[self.vendor_yaml])
+        cc = c.get_one_cloud('_test-cloud-domain-scoped_')
+        self.assertEqual('12345', cc.auth['domain_id'])
+        self.assertNotIn('user_domain_id', cc.auth)
+        self.assertNotIn('project_domain_id', cc.auth)
+
+    def test_get_one_cloud_infer_user_domain(self):
+        c = config.OpenStackConfig(config_files=[self.cloud_yaml],
+                                   vendor_files=[self.vendor_yaml])
+        cc = c.get_one_cloud('_test-cloud-int-project_')
+        self.assertEqual('awesome-domain', cc.auth['user_domain_id'])
+        self.assertEqual('awesome-domain', cc.auth['project_domain_id'])
+        self.assertNotIn('domain_id', cc.auth)
+
     def test_get_one_cloud_with_hyphenated_project_id(self):
         c = config.OpenStackConfig(config_files=[self.cloud_yaml],
                                    vendor_files=[self.vendor_yaml])
@@ -183,6 +199,7 @@ class TestConfig(base.TestCase):
                                    secure_files=[self.no_yaml])
         self.assertEqual(
             ['_test-cloud-domain-id_',
+             '_test-cloud-domain-scoped_',
              '_test-cloud-int-project_',
              '_test-cloud_',
              '_test-cloud_no_region',
author	Monty Taylor <mordred@inaugust.com>	2016-01-19 10:12:02 -0500
committer	Monty Taylor <mordred@inaugust.com>	2016-01-21 08:11:19 -0500
commit	a2db877b41fad494fe9daa09b5c77914638ac605 (patch)
tree	89715c25c39a9b961d27cf2e8576026121c50cc5
parent	2f1d184a8e6bed99d027b5ec9f8ee475e527cbdc (diff)
download	os-client-config-a2db877b41fad494fe9daa09b5c77914638ac605.tar.gz