1 files changed, 18 insertions, 18 deletions

diff --git a/openstackclient/api/auth.py b/openstackclient/api/auth.py
index b56035e4..0018e76e 100644
--- a/openstackclient/api/auth.py
+++ b/openstackclient/api/auth.py
@@ -128,12 +128,24 @@ def build_auth_params(auth_plugin_name, cmd_options):
     return (auth_plugin_loader, auth_params)
 
 
-def check_valid_auth_options(options, auth_plugin_name, required_scope=True):
-    """Perform basic option checking, provide helpful error messages.
-
-    :param required_scope: indicate whether a scoped token is required
-
-    """
+def check_valid_authorization_options(options, auth_plugin_name):
+    """Validate authorization options, and provide helpful error messages."""
+    if (options.auth.get('project_id') and not
+            options.auth.get('domain_id') and not
+            options.auth.get('domain_name') and not
+            options.auth.get('project_name') and not
+            options.auth.get('tenant_id') and not
+            options.auth.get('tenant_name')):
+        raise exc.CommandError(_(
+            'Missing parameter(s): '
+            'Set either a project or a domain scope, but not both. Set a '
+            'project scope with --os-project-name, OS_PROJECT_NAME, or '
+            'auth.project_name. Alternatively, set a domain scope with '
+            '--os-domain-name, OS_DOMAIN_NAME or auth.domain_name.'))
+
+
+def check_valid_authentication_options(options, auth_plugin_name):
+    """Validate authentication options, and provide helpful error messages."""
 
     msgs = []
     if auth_plugin_name.endswith('password'):
@@ -143,18 +155,6 @@ def check_valid_auth_options(options, auth_plugin_name, required_scope=True):
         if not options.auth.get('auth_url'):
             msgs.append(_('Set an authentication URL, with --os-auth-url,'
                           ' OS_AUTH_URL or auth.auth_url'))
-        if (required_scope and not
-                options.auth.get('project_id') and not
-                options.auth.get('domain_id') and not
-                options.auth.get('domain_name') and not
-                options.auth.get('project_name') and not
-                options.auth.get('tenant_id') and not
-                options.auth.get('tenant_name')):
-            msgs.append(_('Set a scope, such as a project or domain, set a '
-                          'project scope with --os-project-name, '
-                          'OS_PROJECT_NAME or auth.project_name, set a domain '
-                          'scope with --os-domain-name, OS_DOMAIN_NAME or '
-                          'auth.domain_name'))
     elif auth_plugin_name.endswith('token'):
         if not options.auth.get('token'):
             msgs.append(_('Set a token with --os-token, OS_TOKEN or '