Configure cinder service token

Glance is implementing new location APIs, for which, cinder needs
to pass service token to register a location in glance.
This is required in the case when glance is using cinder as a backend
and cinder tries to upload a volume in the optimized path.

We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will
configure the service user section in cinder.conf. By default, it
is set to False.

Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48

lib/cinder

@@ -88,6 +88,10 @@ CINDER_SERVICE_REPORT_INTERVAL=${CINDER_SERVICE_REPORT_INTERVAL:-120}
 # thin provisioning.
 CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-auto}
 
+# ``CINDER_USE_SERVICE_TOKEN`` is a mode where service token is passed along with
+# user token while communicating to external REST APIs like Glance.
+CINDER_USE_SERVICE_TOKEN=$(trueorfalse True CINDER_USE_SERVICE_TOKEN)
+
 # Default backends
 # The backend format is type:name where type is one of the supported backend
 # types (lvm, nfs, etc) and name is the identifier used in the Cinder
@@ -445,6 +449,10 @@ function configure_cinder {
         iniset $CINDER_CONF oslo_policy enforce_scope false
         iniset $CINDER_CONF oslo_policy enforce_new_defaults false
     fi
+
+    if [ "$CINDER_USE_SERVICE_TOKEN" == "True" ]; then
+        init_cinder_service_user_conf
+    fi
 }
 
 # create_cinder_accounts() - Set up common required cinder accounts
@@ -761,6 +769,12 @@ function configure_cinder_volume_upload {
     done
 }
 
+function init_cinder_service_user_conf {
+    configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user
+    iniset $CINDER_CONF service_user send_service_user_token True
+    iniset $CINDER_CONF service_user auth_strategy keystone
+}
+
 # Restore xtrace
 $_XTRACE_CINDER