Revert "Support users without projects in keystone library"

In the os_keystone role, the 'Ensure Keystone user to Admin role' this patch causes 'keystoneclient.exceptions.ValidationError: Specify either a domain or project, not both'. This reverts commit 2e1492a127923a79ef3189433c4134df98c22502. Change-Id: I8784d4213e297fd78477b54b21c47f4c5223bb1e
2016-05-11 13:02:21 +00:00 · 2016-05-11 13:02:21 +00:00 · f975da26ce
commit f975da26ce
parent 2e1492a127
1 changed files with 8 additions and 10 deletions
--- a/library/keystone
+++ b/library/keystone
@ -368,8 +368,7 @@ COMMAND_MAP = {
            'user_name',
            'project_name',
            'tenant_name',
-            'role_name',
-            'domain_name'
+            'role_name'
        ]
    },
    'ensure_group_role': {
@ -733,7 +732,7 @@ class ManageKeystone(object):

        domain = self._get_domain_from_vars(variables_dict)
        project = self._get_project(name=project_name)
-        if project is None and project_name is not None:
+        if project is None:
            self.failure(
                error='project [ %s ] was not found.' % project_name,
                rc=2,
@ -820,7 +819,7 @@ class ManageKeystone(object):
            user = None

        project = self._get_project(name=project_name)
-        if project is None and project_name is not None:
+        if project is None:
            self.failure(
                error='project [ %s ] was not found.' % project_name,
                rc=2,
@ -868,11 +867,10 @@ class ManageKeystone(object):

        return self._facts(facts={'id': role.id})

-    def _get_user_roles(self, name, user, project, domain):
+    def _get_user_roles(self, name, user, project):
        role_list = self.keystone.roles.list(
            user=user,
-            project=project,
-            domain=domain
+            project=project
        )
        for entry in role_list:
            if entry.name == name:
@ -910,15 +908,15 @@ class ManageKeystone(object):
        )

        user_role = self._get_user_roles(
-            name=role_name, user=user, project=project, domain=domain
+            name=role_name, user=user, project=project
        )

        if user_role is None:
            self.keystone.roles.grant(
-                user=user, role=role, project=project, domain=domain
+                user=user, role=role, project=project
            )
            user_role = self._get_user_roles(
-                name=role_name, user=user, project=project, domain=domain
+                name=role_name, user=user, project=project
            )

        return self._facts(facts={'id': user_role.id})