Update devstack keystone_authtoken config to fit with keystone v3

Now murano can not auth when only using keystone v3,
this commit update the devstack config to fix with keystone v3.

Closes-bug: #1633394
Change-Id: Ie6a2ccdf6121b3badd403a1c08f1e91052e8c4dc

devstack/plugin.sh

@@ -184,14 +184,15 @@ function configure_murano {
     #-------------------------
 
     # Setup keystone_authtoken section
-    iniset $MURANO_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000"
-    iniset $MURANO_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
-    iniset $MURANO_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
-    iniset $MURANO_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
-    iniset $MURANO_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
-    iniset $MURANO_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
-    iniset $MURANO_CONF_FILE keystone_authtoken admin_user $MURANO_ADMIN_USER
-    iniset $MURANO_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD
+    iniset $MURANO_CONF_FILE keystone_authtoken auth_type password
+    iniset $MURANO_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI
+    iniset $MURANO_CONF_FILE keystone_authtoken username $MURANO_ADMIN_USER
+    iniset $MURANO_CONF_FILE keystone_authtoken password $SERVICE_PASSWORD
+    iniset $MURANO_CONF_FILE keystone_authtoken user_domain_name "$SERVICE_DOMAIN_NAME"
+    iniset $MURANO_CONF_FILE keystone_authtoken project_name $SERVICE_PROJECT_NAME
+    iniset $MURANO_CONF_FILE keystone_authtoken project_domain_name "$SERVICE_DOMAIN_NAME"
+    iniset $MURANO_CONF_FILE keystone_authtoken cafile $SSL_BUNDLE_FILE
+    iniset $MURANO_CONF_FILE keystone_authtoken auth_url $KEYSTONE_AUTH_URI
 
     configure_murano_rpc_backend
 
@@ -296,11 +297,11 @@ function configure_service_broker {
     iniset $MURANO_CFAPI_CONF_FILE database connection `database_connection_url murano_cfapi`
 
     # Setup keystone_authtoken section
+    iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
     iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken auth_uri "http://${KEYSTONE_AUTH_HOST}:5000"
     iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken auth_host $KEYSTONE_AUTH_HOST
     iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken auth_port $KEYSTONE_AUTH_PORT
     iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken auth_protocol $KEYSTONE_AUTH_PROTOCOL
-    iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken cafile $KEYSTONE_SSL_CA
     iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME
     iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken admin_user $MURANO_ADMIN_USER
     iniset $MURANO_CFAPI_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD

murano/cmd/test_runner.py

@@ -168,9 +168,9 @@ class MuranoTestRunner(object):
     def _validate_keystone_opts(self, args):
         ks_opts_to_config = {
             'auth_url': 'auth_uri',
-            'username': 'admin_user',
-            'password': 'admin_password',
-            'project_name': 'admin_tenant_name'}
+            'username': 'username',
+            'password': 'password',
+            'project_name': 'project_name'}
 
         ks_opts = {'auth_url': getattr(args, 'os_auth_url', None),
                    'username': getattr(args, 'os_username', None),

murano/common/auth_utils.py

@@ -34,14 +34,15 @@ def _get_keystone_auth(trust_id=None):
         kwargs = {
             'auth_url':
                 cfg.CONF[CFG_KEYSTONE_GROUP].auth_uri.replace('v2.0', 'v3'),
-            'username': cfg.CONF[CFG_KEYSTONE_GROUP].admin_user,
-            'password': cfg.CONF[CFG_KEYSTONE_GROUP].admin_password,
-            'user_domain_name': "Default"
+            'username': cfg.CONF[CFG_KEYSTONE_GROUP].username,
+            'password': cfg.CONF[CFG_KEYSTONE_GROUP].password,
+            'user_domain_name': cfg.CONF[CFG_KEYSTONE_GROUP].user_domain_name
         }
         if not trust_id:
             kwargs['project_name'] = \
-                cfg.CONF[CFG_KEYSTONE_GROUP].admin_tenant_name
-            kwargs['project_domain_name'] = "Default"
+                cfg.CONF[CFG_KEYSTONE_GROUP].project_name
+            kwargs['project_domain_name'] = \
+                cfg.CONF[CFG_KEYSTONE_GROUP].project_domain_name
         else:
             kwargs['trust_id'] = trust_id
         auth = identity.Password(**kwargs)