This change is the first step to support secure RBAC and allows usage
of system scope credentials for Keystone API request.
This change covers the following three items.
- assignment of system scope roles to system user
- credential parameters for authtoken middleware
- credential parameters for service token feature
Note that the credential parameters for authtoken middleware are
used in some providers, and these providers still require a project
scope credential. This will be fixed by the subsequent change.
Depends-on: https://review.opendev.org/804325
Change-Id: Ibd7afcb121b669cf533b077b926637b092e3df19
The service_user parameters are not managed directly but managed by
the keystone::resource::service_user resource type. Thus we should
avoid testing parameters directly otherwise any change in the resource
type can cause test failures.
Change-Id: Id2470a87fc08d3c8d52743333487f7fbf6cb7cbe
This patch introduces nova::keystone::service_user class
to configure parameters to enable service token feature
in Nova.
Depends-on: https://review.opendev.org/#/c/666467/
Change-Id: I0400fdbaf098121c0f5e380379b7cfb660963ddd
