There are two different meanings for "scope" here.
On the one hand we have the Keystone token scope: this particular bug was regarding Keystone scope parameters (that is, project_id, domain_id, tenant_id, etc.).
On the other hand we have the OpenID Connect Scope. OpenID Connect scope should be specified with "os-openid-scope" option in the command line.
Probably, the naming inconsistency that you get comes from the switch from python-keystoneclient (the legacy) to keystoneauth. The previous plugin used "os-scope" whereas the new one uses "os-openid-scope". Moreover, there was a bug (https://bugs.launchpad.net/python-openstackclient/+bug/1594272) that made impossible to specify an scope due to a naming error. Can you confirm that this is your case?
Hi Joshua.
I think that there is a bit of mess here :-(
There are two different meanings for "scope" here.
On the one hand we have the Keystone token scope: this particular bug was regarding Keystone scope parameters (that is, project_id, domain_id, tenant_id, etc.).
On the other hand we have the OpenID Connect Scope. OpenID Connect scope should be specified with "os-openid-scope" option in the command line.
Probably, the naming inconsistency that you get comes from the switch from python- keystoneclient (the legacy) to keystoneauth. The previous plugin used "os-scope" whereas the new one uses "os-openid-scope". Moreover, there was a bug (https:/ /bugs.launchpad .net/python- openstackclient /+bug/1594272) that made impossible to specify an scope due to a naming error. Can you confirm that this is your case?