If the user specifies a project_{name,id}, then we currently infer that
a domain_{name,id} is meant to be shorthand for user_domain_{name,id} and
project_domain_{name,id}. However, in other contexts, domain_id is a
perfectly valid value to pass to the auth plugins - such as when doing
domain-scoped activities.
The problem that was uncovered by the correction of argument precedence
is that we didn't pop the domain-id out of the root config dict, so if a
user set OS_DOMAIN_ID in the environment, we were happily setting the
user and project versions, but then leaving domain_id set as well. This
then meant that when we do the pass to pull valid arguments from the
root dict to the auth dict, we also pulled in domain_id - which led to
the error:
AuthorizationFailure: Authentication cannot be scoped to multiple
targets. Pick one of: project, domain, trust or unscoped
Popping the value from the root dict causes the things to work as
documented.
Change-Id: I6d208e5ec4115d2e72d30b2fedc90a81ea754d5a
a6840f69ff