The old v2 parameters are not set anymore by puppet-sahara:
https://review.openstack.org/#/c/441223/
and trust (which means cluster operations) is broken.
Because puppet-sahara is used by TripleO and Packstack, we consider
this a critical issue.
We now switch to the "new" v3 parameters from keystone_authtoken, as
incentivized by that puppet-sahara change.
We no longer use the custom options admin_user_domain_name and
admin_project_domain_name, as [keystone_authtoken] can provide them.
Note 1: A workaround is needed to access some of the configs in
[keystone_authtoken], as they are considered private for
keystonemiddleware. In sahara-api, it would have been possible to
grab these configs with only a slight bit of magic, as sahara-api
is a keystonemiddleware-enabled WSGI application. However, with
sahara-engine it is not as straightforward, since keystonemiddleware
is not integrated there. Therefore, to access these private configs
we use a very sneaky workaround inspired by [0]. This should be
removed in Queens: we should add a separate, non-private
[clients_keystone] section in sahara.conf. That is the standard way to
grab service user credentials when excluded from access to
[keystone_authtoken]. Unfortunately we could not have done that in Pike
as it was too late to have a new puppet-sahara release.
Note 2: tools/get_auth_token.py was not changed as it probably
requires other changes to work with Identity v3.
[0] Ibbc738ee4c90392af47f1b6d69aee3c8dbbf3c17
Closes-Bug: #1709091
Co-Authored-By: Jeremy Freudberg <jeremyfreudberg@gmail.com>
Change-Id: I930e544b16f0871f5e8dc1a42aae34518ff25bcd