Currently you can only create a Keystone trust for Beaker by visiting the prefs page in the web UI. But there are some types of service accounts where the web UI cannot be used (for example our Jenkins which authenticates as a service principal using a keytab). We need a way to create Keystone trusts for those accounts using the CLI.
We could re-use the bkr update-prefs subcommand, although that feels a bit awkward since the trust id itself is not a preference (instead you supply username, password, and project name in order to obtain a new trust id). So I guess we are better off with a new subcommand: bkr update-keystone-trust --os-username=... --os-password=... --os-project-name=... Or maybe, bkr update-openstack-trust?
The update will simply use the PUT rest api endpoint and values will simply be overwritten with the ones provided by the user. Currently the API expects a username. I'll add an additional endpoint resolving to +self which will use the currently authenticated user.
Patch available: https://gerrit.beaker-project.org/#/c/5462/3
Beaker 24.0 has been released.