Comment 2 for bug 1716344

With an additional dependency to "keystoneclient", we are able to get ride of the problem. This requires a small code modification of the class "nova/api/openstack/identity.py":

from keystoneauth1 import session
from keystoneclient.v3 import client
from keystoneclient import exceptions as ks_exc
from oslo_log import log as logging
import webob

from nova.i18n import _

LOG = logging.getLogger(__name__)

def verify_project_id(context, project_id):
    """verify that a project_id exists.

    This attempts to verify that a project id exists. If it does not,
    an HTTPBadRequest is emitted.

    """
    auth = context.get_auth_plugin()
    sess = session.Session(auth=auth)
    keystone = client.Client(session=sess)
    try:
        project = keystone.projects.get(project_id)
    except ks_exc.ClientException as e:
        if e.http_status == 404:
            raise webob.exc.HTTPBadRequest(
                explanation=_("Project ID %s is not a valid project.") %
                project_id)
        elif e.http_status == 403:
            # we don't have enough permission to verify this, so default
            # to "it's ok".
            LOG.info(
                "Insufficient permissions for user %(user)s to verify "
                "existence of project_id %(pid)s",
                {"user": context.user_id, "pid": project_id})
        else:
            LOG.warning(
                "Unexpected response from keystone trying to "
                "verify project_id %(pid)s - resp: %(code)s %(content)s",
                {"pid": project_id,
                 "code": resp.status_code,
                 "content": resp.content})
            # realize we did something wrong, but move on with a warning

Any comments?