From 922930415fcdd4d5751a5536b2dfa35bbcc7b84a Mon Sep 17 00:00:00 2001
From: Ricardo Rocha <rocha.porto@gmail.com>
Date: Thu, 15 Jul 2021 17:00:24 +0200
Subject: [PATCH] Document error with osc and OS_TOKEN

---
 README.md | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 198d10e..89fec1d 100644
--- a/README.md
+++ b/README.md
@@ -94,16 +94,12 @@ sops support meaning it will be able to decrypt the values when deploying.
 
 ### Setup
 
-First install the sops client (we need our custom build for now to get barbican support):
+Get the sops client (we need our custom build for now to get barbican support):
 ```bash
 wget https://gitlab.cern.ch/cloud/sops/-/jobs/8834328/artifacts/raw/sops?inline=false
 ```
 
-Then make sure you have your OpenStack environment setup. If you're relying on
-kerberos authentication, you'll need to fetch a token first:
-```bash
-export OS_TOKEN=$(openstack token issue -c id -f value)
-```
+Then make sure you have your OpenStack environment setup.
 
 **Important**: The environment above must match the project owning the Kubernetes cluster where Flux is being deployed
 
@@ -118,6 +114,17 @@ $ export KEY="$(openssl rand -base64 32)\n$(openssl rand -base64 12)"
 $ openstack secret store -s symmetric -p "$(echo -e $KEY)" -n gitops-getting-started
 ```
 
+If you see an error like the one below, unset the `OS_TOKEN` in your
+environment to run `openstack secret`:
+```
+__init__() got an unexpected keyword argument 'token'
+```
+
+If you're relying on kerberos authentication, from here on you'll need to fetch a token first:
+```bash
+export OS_TOKEN=$(openstack token issue -c id -f value)
+```
+
 Check the secret href of the generated secret and pass that to sops:
 ```bash
 sops --barbican https://openstack.cern.ch:9311/v1/secrets/SOMEID \
-- 
GitLab