Don't set project_domain if not project scoped

The code to expand domain_{name,id} to {user,project}_domain_{name,id}
is flawed in that it sets a project_domain_{name,id} even if a
project_{name,id} is not set. There is a valid use case for not having
a project_{name,id} - specifically getting a domain-scoped token.

In the case where we do not set a project, check for that and don't make
further assumptions that the domain input needs to be "fixed".

Closes-Bug: #1535676
Change-Id: I825fe4bc375687208bb176bb5990c23fe87c8f9d

os_client_config/config.py

@@ -480,6 +480,11 @@ class OpenStackConfig(object):
         cloud = self._handle_domain_id(cloud)
         return cloud
 
+    def _project_scoped(self, cloud):
+        return ('project_id' in cloud or 'project_name' in cloud
+                or 'project_id' in cloud['auth']
+                or 'project_name' in cloud['auth'])
+
     def _handle_domain_id(self, cloud):
         # Allow people to just specify domain once if it's the same
         mappings = {
@@ -487,6 +492,10 @@ class OpenStackConfig(object):
             'domain_name': ('user_domain_name', 'project_domain_name'),
         }
         for target_key, possible_values in mappings.items():
+            if not self._project_scoped(cloud):
+                if target_key in cloud and target_key not in cloud['auth']:
+                    cloud['auth'][target_key] = cloud.pop(target_key)
+                continue
             for key in possible_values:
                 if target_key in cloud['auth'] and key not in cloud['auth']:
                     cloud['auth'][key] = cloud['auth'][target_key]

os_client_config/tests/base.py

@@ -73,6 +73,7 @@ USER_CONF = {
             'auth': {
                 'username': 'testuser',
                 'password': 'testpass',
+                'domain_id': 'awesome-domain',
                 'project_id': 12345,
                 'auth_url': 'http://example.com/v2',
             },
@@ -128,6 +129,14 @@ USER_CONF = {
                 'password': 'testpass',
             },
         },
+        '_test-cloud-domain-scoped_': {
+            'auth': {
+                'auth_url': 'http://example.com/v2',
+                'username': 'testuser',
+                'password': 'testpass',
+                'domain-id': '12345',
+            },
+        },
     },
     'ansible': {
         'expand-hostvars': False,

os_client_config/tests/test_config.py

@@ -103,6 +103,22 @@ class TestConfig(base.TestCase):
         self.assertNotIn('domain_id', cc.auth)
         self.assertNotIn('domain-id', cc.auth)
 
+    def test_get_one_cloud_domain_scoped(self):
+        c = config.OpenStackConfig(config_files=[self.cloud_yaml],
+                                   vendor_files=[self.vendor_yaml])
+        cc = c.get_one_cloud('_test-cloud-domain-scoped_')
+        self.assertEqual('12345', cc.auth['domain_id'])
+        self.assertNotIn('user_domain_id', cc.auth)
+        self.assertNotIn('project_domain_id', cc.auth)
+
+    def test_get_one_cloud_infer_user_domain(self):
+        c = config.OpenStackConfig(config_files=[self.cloud_yaml],
+                                   vendor_files=[self.vendor_yaml])
+        cc = c.get_one_cloud('_test-cloud-int-project_')
+        self.assertEqual('awesome-domain', cc.auth['user_domain_id'])
+        self.assertEqual('awesome-domain', cc.auth['project_domain_id'])
+        self.assertNotIn('domain_id', cc.auth)
+
     def test_get_one_cloud_with_hyphenated_project_id(self):
         c = config.OpenStackConfig(config_files=[self.cloud_yaml],
                                    vendor_files=[self.vendor_yaml])
@@ -183,6 +199,7 @@ class TestConfig(base.TestCase):
                                    secure_files=[self.no_yaml])
         self.assertEqual(
             ['_test-cloud-domain-id_',
+             '_test-cloud-domain-scoped_',
              '_test-cloud-int-project_',
              '_test-cloud_',
              '_test-cloud_no_region',