From d5d54b3ae27ff125f5f03c0b5fdb45d8af976f6a Mon Sep 17 00:00:00 2001
From: Shuicheng Lin <shuicheng.lin@intel.com>
Date: Thu, 24 Sep 2020 16:23:52 +0800
Subject: [PATCH] Use stx_admin account for flock service to communicate with
 openstack

admin account is used before, but if admin password is changed, flock
service cannot be notified and cannot get the new password, so flock
service like nfv-vim cannot fetch openstack vm info ever.
stx_admin account is created for this case. It is created by openstack
app when it is applied, and password is saved to keyring so flock
service could use it to communicate with openstack app.
helm is updated to use stx_admin account instead of admin account.

Partial-Bug: 1887755

Change-Id: I8b7ce7b60ccb3f0d0a595395b591565b24a590d5
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
---
 sysinv/sysinv/sysinv/sysinv/helm/common.py |  3 ++-
 sysinv/sysinv/sysinv/sysinv/helm/helm.py   | 15 +++++++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/sysinv/sysinv/sysinv/sysinv/helm/common.py b/sysinv/sysinv/sysinv/sysinv/helm/common.py
index ba046bf32d..2c0c8f986d 100644
--- a/sysinv/sysinv/sysinv/sysinv/helm/common.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/common.py
@@ -45,7 +45,8 @@ SERVICE_ADMIN = 'CGCS'
 # Users
 USER_ADMIN = 'admin'
 USER_TEST = 'test'
-USERS = [USER_ADMIN, USER_TEST]
+USER_STX_ADMIN = 'stx_admin'
+USERS = [USER_ADMIN, USER_TEST, USER_STX_ADMIN]
 
 # Passwords Formatting
 PASSWORD_FORMAT_IDENTITY = 'keystone-auth'
diff --git a/sysinv/sysinv/sysinv/sysinv/helm/helm.py b/sysinv/sysinv/sysinv/sysinv/helm/helm.py
index 768526542e..3ecedaa331 100644
--- a/sysinv/sysinv/sysinv/sysinv/helm/helm.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/helm.py
@@ -848,9 +848,20 @@ class HelmOperatorData(HelmOperator):
     @helm_context
     def get_keystone_auth_data(self):
         keystone_operator = self.chart_operators[self.HELM_CHART_KEYSTONE]
+
+        # use stx_admin account to communicate with openstack app
+        username = common.USER_STX_ADMIN
+        try:
+            password = keystone_operator.get_stx_admin_password()
+        except Exception:
+            # old version app doesn't support stx_admin account yet.
+            # fallback to admin account
+            username = keystone_operator.get_admin_user_name()
+            password = keystone_operator.get_admin_password()
+
         auth_data = {
             'admin_user_name':
-                keystone_operator.get_admin_user_name(),
+                username,
             'admin_project_name':
                 keystone_operator.get_admin_project_name(),
             'auth_host':
@@ -861,7 +872,7 @@ class HelmOperatorData(HelmOperator):
             'admin_project_domain':
                 keystone_operator.get_admin_project_domain(),
             'admin_password':
-                keystone_operator.get_admin_password(),
+                password,
         }
         return auth_data