From 2687df47979a63d84bb30a5baab1c00dcb4138a5 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Fri, 4 Oct 2024 11:04:02 +0900
Subject: [PATCH] Consistently configure authtoken options

Ensure www_authenticate_uri and auth_url are configured in all services
properly, and drop the redundant options.

Change-Id: I0ba2afe36bf8a0de3e1ffeb4c2cffb2ef8a1916b
---
 packstack/puppet/modules/packstack/manifests/aodh.pp      | 5 +++--
 packstack/puppet/modules/packstack/manifests/glance.pp    | 2 +-
 packstack/puppet/modules/packstack/manifests/gnocchi.pp   | 1 -
 .../puppet/modules/packstack/manifests/heat/rabbitmq.pp   | 2 +-
 packstack/puppet/modules/packstack/manifests/ironic.pp    | 3 ++-
 .../modules/packstack/manifests/keystone/placement.pp     | 2 --
 packstack/puppet/modules/packstack/manifests/magnum.pp    | 5 -----
 packstack/puppet/modules/packstack/manifests/manila.pp    | 3 ++-
 .../puppet/modules/packstack/manifests/neutron/api.pp     | 2 --
 packstack/puppet/modules/packstack/manifests/nova/api.pp  | 5 ++---
 .../modules/packstack/manifests/provision/bridge.pp       | 8 --------
 .../puppet/modules/packstack/manifests/swift/proxy.pp     | 4 +---
 packstack/puppet/modules/packstack/manifests/trove.pp     | 5 +++--
 13 files changed, 15 insertions(+), 32 deletions(-)

diff --git a/packstack/puppet/modules/packstack/manifests/aodh.pp b/packstack/puppet/modules/packstack/manifests/aodh.pp
index b56c996a2..12086dace 100644
--- a/packstack/puppet/modules/packstack/manifests/aodh.pp
+++ b/packstack/puppet/modules/packstack/manifests/aodh.pp
@@ -14,8 +14,9 @@ class packstack::aodh ()
     }
 
     class { 'aodh::keystone::authtoken':
-      password => lookup('CONFIG_AODH_KS_PW'),
-      auth_url => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
+      password             => lookup('CONFIG_AODH_KS_PW'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
     }
 
     class { 'aodh::api':
diff --git a/packstack/puppet/modules/packstack/manifests/glance.pp b/packstack/puppet/modules/packstack/manifests/glance.pp
index d4a07cb6c..39535ed4c 100644
--- a/packstack/puppet/modules/packstack/manifests/glance.pp
+++ b/packstack/puppet/modules/packstack/manifests/glance.pp
@@ -19,7 +19,7 @@ class packstack::glance ()
     }
 
     class { 'glance::api::authtoken':
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
       password             => lookup('CONFIG_GLANCE_KS_PW'),
     }
diff --git a/packstack/puppet/modules/packstack/manifests/gnocchi.pp b/packstack/puppet/modules/packstack/manifests/gnocchi.pp
index 6005dd120..48de381c6 100644
--- a/packstack/puppet/modules/packstack/manifests/gnocchi.pp
+++ b/packstack/puppet/modules/packstack/manifests/gnocchi.pp
@@ -28,7 +28,6 @@ class packstack::gnocchi ()
     class { 'gnocchi::keystone::authtoken':
       www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      auth_version         => lookup('CONFIG_KEYSTONE_API_VERSION'),
       password             => lookup('CONFIG_GNOCCHI_KS_PW')
     }
 
diff --git a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp
index 91f11f629..17bdeed0f 100644
--- a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp
+++ b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp
@@ -35,7 +35,7 @@ class packstack::heat::rabbitmq ()
     }
     class { 'heat::keystone::authtoken':
       password             => lookup('CONFIG_HEAT_KS_PW'),
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
     }
 
diff --git a/packstack/puppet/modules/packstack/manifests/ironic.pp b/packstack/puppet/modules/packstack/manifests/ironic.pp
index f4e4bd5d7..49af33165 100644
--- a/packstack/puppet/modules/packstack/manifests/ironic.pp
+++ b/packstack/puppet/modules/packstack/manifests/ironic.pp
@@ -3,7 +3,8 @@ class packstack::ironic ()
     create_resources(packstack::firewall, lookup('FIREWALL_IRONIC_API_RULES', undef, undef, {}))
 
     class { 'ironic::api::authtoken':
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
       password             => lookup('CONFIG_IRONIC_KS_PW'),
     }
 
diff --git a/packstack/puppet/modules/packstack/manifests/keystone/placement.pp b/packstack/puppet/modules/packstack/manifests/keystone/placement.pp
index 99356d61b..06f1a30df 100644
--- a/packstack/puppet/modules/packstack/manifests/keystone/placement.pp
+++ b/packstack/puppet/modules/packstack/manifests/keystone/placement.pp
@@ -7,8 +7,6 @@ class packstack::keystone::placement ()
 
     class { 'placement::keystone::authtoken':
       password             => lookup('CONFIG_NOVA_KS_PW'),
-      user_domain_name     => 'Default',
-      project_domain_name  => 'Default',
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
       www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
     }
diff --git a/packstack/puppet/modules/packstack/manifests/magnum.pp b/packstack/puppet/modules/packstack/manifests/magnum.pp
index 54d4b9975..f8fc9b7ea 100644
--- a/packstack/puppet/modules/packstack/manifests/magnum.pp
+++ b/packstack/puppet/modules/packstack/manifests/magnum.pp
@@ -12,12 +12,7 @@ class packstack::magnum ()
     class { 'magnum::keystone::authtoken':
       www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      auth_version         => 'v3',
-      username             => 'magnum',
       password             => lookup('CONFIG_MAGNUM_KS_PW'),
-      auth_type            => 'password',
-      memcached_servers    => "${magnum_host}:11211",
-      project_name         => 'services'
     }
 
     class { 'magnum::keystone::keystone_auth':
diff --git a/packstack/puppet/modules/packstack/manifests/manila.pp b/packstack/puppet/modules/packstack/manifests/manila.pp
index 8a9ab8c48..74c8f4982 100644
--- a/packstack/puppet/modules/packstack/manifests/manila.pp
+++ b/packstack/puppet/modules/packstack/manifests/manila.pp
@@ -10,7 +10,8 @@ class packstack::manila ()
 
     class { 'manila::keystone::authtoken':
       password             => lookup('CONFIG_MANILA_KS_PW'),
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
     }
 
     class { 'manila::api':
diff --git a/packstack/puppet/modules/packstack/manifests/neutron/api.pp b/packstack/puppet/modules/packstack/manifests/neutron/api.pp
index f89742ff5..b30821f77 100644
--- a/packstack/puppet/modules/packstack/manifests/neutron/api.pp
+++ b/packstack/puppet/modules/packstack/manifests/neutron/api.pp
@@ -11,11 +11,9 @@ class packstack::neutron::api ()
     $neutron_vpnaas_enabled  = str2bool(lookup('CONFIG_NEUTRON_VPNAAS'))
 
     class { 'neutron::keystone::authtoken':
-      username             => 'neutron',
       password             => $neutron_user_password,
       www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      project_name         => 'services',
     }
 
     class { 'neutron::db':
diff --git a/packstack/puppet/modules/packstack/manifests/nova/api.pp b/packstack/puppet/modules/packstack/manifests/nova/api.pp
index 029525a6c..e29637046 100644
--- a/packstack/puppet/modules/packstack/manifests/nova/api.pp
+++ b/packstack/puppet/modules/packstack/manifests/nova/api.pp
@@ -8,12 +8,11 @@ class packstack::nova::api ()
       # TO-DO(mmagr): Add IPv6 support when hostnames are used
     }
 
-    $www_authenticate_uri = lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS')
     $admin_password = lookup('CONFIG_NOVA_KS_PW')
 
     class { 'nova::keystone::authtoken':
       password             => $admin_password,
-      www_authenticate_uri => $www_authenticate_uri,
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
     }
 
@@ -62,7 +61,7 @@ class packstack::nova::api ()
     }
 
     class { 'nova::placement':
-      auth_url    => $www_authenticate_uri,
+      auth_url    => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
       password    => $admin_password,
       region_name => lookup('CONFIG_KEYSTONE_REGION'),
     }
diff --git a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp
index b26bb4071..9daa8ccc1 100644
--- a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp
+++ b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp
@@ -14,14 +14,6 @@ class packstack::provision::bridge ()
       $floating_range_br = lookup('CONFIG_PROVISION_TEMPEST_FLOATRANGE')
     }
 
-    class { 'neutron::keystone::authtoken':
-      username             => 'neutron',
-      password             => $neutron_user_password,
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
-      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
-      project_name         => 'services',
-    }
-
     if $provision_neutron_br and $setup_ovs_bridge {
       Neutron_config<||> -> Neutron_l3_ovs_bridge['demo_bridge']
       neutron_l3_ovs_bridge { 'demo_bridge':
diff --git a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp
index 681a00806..dd1202897 100644
--- a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp
+++ b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp
@@ -110,11 +110,9 @@ class packstack::swift::proxy ()
     }
 
     class { 'swift::proxy::authtoken':
-      username             => 'swift',
-      project_name         => 'services',
       password             => lookup('CONFIG_SWIFT_KS_PW'),
       # assume that the controller host is the swift api server
-      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
       auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
     }
 
diff --git a/packstack/puppet/modules/packstack/manifests/trove.pp b/packstack/puppet/modules/packstack/manifests/trove.pp
index baa7d8e67..cb8745674 100644
--- a/packstack/puppet/modules/packstack/manifests/trove.pp
+++ b/packstack/puppet/modules/packstack/manifests/trove.pp
@@ -9,8 +9,9 @@ class packstack::trove ()
     }
 
     class { 'trove::keystone::authtoken':
-      password => lookup('CONFIG_TROVE_KS_PW'),
-      auth_url => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      password             => lookup('CONFIG_TROVE_KS_PW'),
+      www_authenticate_uri => lookup('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'),
+      auth_url             => lookup('CONFIG_KEYSTONE_ADMIN_URL'),
     }
 
     class { 'trove::logging':