Rework nova service_user section
This patch overrides the service user data taken from identity
pillar by the data from service user pillar if specified.
Change-Id: Iaec201ae949c3dae44b1efc6b91a21623407b711
Related-Prod: PROD-27591
diff --git a/nova/files/ocata/nova-compute.conf.Debian b/nova/files/ocata/nova-compute.conf.Debian
index 38e3c3b..b417f8c 100644
--- a/nova/files/ocata/nova-compute.conf.Debian
+++ b/nova/files/ocata/nova-compute.conf.Debian
@@ -9056,19 +9056,19 @@
{%- if compute.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
auth_type = password
- {%- if compute.service_user is defined %}
- {%- set _data=compute.service_user %}
- {%- else %}
- {%- set _data=compute.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(compute.get('identity', {})) %}
+{%- do _data.update(compute.get('service_user', {})) %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': compute.cacert_file}) %}{% endif %}
user_domain_id = {{ _data.get('domain', 'default') }}
project_domain_id = {{ _data.get('domain', 'default') }}
project_name = {{ _data.get('tenant', 'service') }}
username = {{ _data.get('user', 'nova') }}
password = {{ _data.password }}
-auth_url={{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.host }}:5000
- {%- if compute.identity.get('protocol', 'http') == 'https' %}
-cafile={{ compute.identity.get('cacert_file', compute.cacert_file) }}
+auth_url={{ _data.get('protocol', 'http') }}://{{ _data.host }}:{{ _data.port }}
+ {%- if _data.get('protocol', 'http') == 'https' %}
+cafile={{ _data.cacert_file }}
{%- endif %}
{%- endif %}
diff --git a/nova/files/ocata/nova-controller.conf.Debian b/nova/files/ocata/nova-controller.conf.Debian
index f2f5044..b422d7a 100644
--- a/nova/files/ocata/nova-controller.conf.Debian
+++ b/nova/files/ocata/nova-controller.conf.Debian
@@ -9033,19 +9033,19 @@
{%- if controller.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
auth_type = password
- {%- if controller.service_user is defined %}
- {%- set _data=controller.service_user %}
- {%- else %}
- {%- set _data=controller.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(controller.get('identity', {})) %}
+{%- do _data.update(controller.get('service_user', {})) %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': controller.cacert_file}) %}{% endif %}
user_domain_id = {{ _data.get('domain', 'default') }}
project_domain_id = {{ _data.get('domain', 'default') }}
project_name = {{ _data.get('tenant', 'service') }}
username = {{ _data.get('user', 'nova') }}
password = {{ _data.password }}
-auth_url={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:5000
- {%- if controller.identity.get('protocol', 'http') == 'https' %}
-cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
+auth_url={{ _data.get('protocol', 'http') }}://{{ _data.host }}:{{ _data.port }}
+ {%- if _data.get('protocol', 'http') == 'https' %}
+cafile={{ _data.cacert_file }}
{%- endif %}
{%- endif %}
diff --git a/nova/files/pike/nova-compute.conf.Debian b/nova/files/pike/nova-compute.conf.Debian
index a5548bd..869f676 100644
--- a/nova/files/pike/nova-compute.conf.Debian
+++ b/nova/files/pike/nova-compute.conf.Debian
@@ -9259,19 +9259,19 @@
{%- if compute.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
auth_type = password
- {%- if compute.service_user is defined %}
- {%- set _data=compute.service_user %}
- {%- else %}
- {%- set _data=compute.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(compute.get('identity', {})) %}
+{%- do _data.update(compute.get('service_user', {})) %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': compute.cacert_file}) %}{% endif %}
user_domain_id = {{ _data.get('domain', 'default') }}
project_domain_id = {{ _data.get('domain', 'default') }}
project_name = {{ _data.get('tenant', 'service') }}
username = {{ _data.get('user', 'nova') }}
password = {{ _data.password }}
-auth_url={{ compute.identity.get('protocol', 'http') }}://{{ compute.identity.host }}:5000
- {%- if compute.identity.get('protocol', 'http') == 'https' %}
-cafile={{ compute.identity.get('cacert_file', compute.cacert_file) }}
+auth_url={{ _data.get('protocol', 'http') }}://{{ _data.host }}:{{ _data.port }}
+ {%- if _data.get('protocol', 'http') == 'https' %}
+cafile={{ _data.cacert_file }}
{%- endif %}
{%- endif %}
diff --git a/nova/files/pike/nova-controller.conf.Debian b/nova/files/pike/nova-controller.conf.Debian
index 74ff905..29a99c1 100644
--- a/nova/files/pike/nova-controller.conf.Debian
+++ b/nova/files/pike/nova-controller.conf.Debian
@@ -9247,19 +9247,19 @@
{%- if controller.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
auth_type = password
- {%- if controller.service_user is defined %}
- {%- set _data=controller.service_user %}
- {%- else %}
- {%- set _data=controller.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(controller.get('identity', {})) %}
+{%- do _data.update(controller.get('service_user', {})) %}
+{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': controller.cacert_file}) %}{% endif %}
user_domain_id = {{ _data.get('domain', 'default') }}
project_domain_id = {{ _data.get('domain', 'default') }}
project_name = {{ _data.get('tenant', 'service') }}
username = {{ _data.get('user', 'nova') }}
password = {{ _data.password }}
-auth_url={{ controller.identity.get('protocol', 'http') }}://{{ controller.identity.host }}:5000
- {%- if controller.identity.get('protocol', 'http') == 'https' %}
-cafile={{ controller.identity.get('cacert_file', controller.cacert_file) }}
+auth_url={{ _data.get('protocol', 'http') }}://{{ _data.host }}:{{ _data.port }}
+ {%- if _data.get('protocol', 'http') == 'https' %}
+cafile={{ _data.cacert_file }}
{%- endif %}
{%- endif %}
diff --git a/nova/files/queens/nova-compute.conf.Debian b/nova/files/queens/nova-compute.conf.Debian
index a056170..ea48184 100644
--- a/nova/files/queens/nova-compute.conf.Debian
+++ b/nova/files/queens/nova-compute.conf.Debian
@@ -9182,13 +9182,12 @@
#send_service_user_token = false
{%- if compute.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
- {%- if compute.service_user is defined %}
- {%- set _data=compute.service_user %}
- {%- else %}
- {%- set _data=compute.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(compute.get('identity', {})) %}
+{%- do _data.update(compute.get('service_user', {})) %}
{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
-{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': compute.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_"+ _data.get('auth_type','password') +".conf" %}
{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs
diff --git a/nova/files/queens/nova-controller.conf.Debian b/nova/files/queens/nova-controller.conf.Debian
index e38313e..9dd16cc 100644
--- a/nova/files/queens/nova-controller.conf.Debian
+++ b/nova/files/queens/nova-controller.conf.Debian
@@ -8903,13 +8903,12 @@
#send_service_user_token = false
{%- if controller.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
- {%- if controller.service_user is defined %}
- {%- set _data=controller.service_user %}
- {%- else %}
- {%- set _data=controller.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(controller.get('identity', {})) %}
+{%- do _data.update(controller.get('service_user', {})) %}
{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
-{%- include "oslo_templates/files/queens/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': controller.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/queens/keystoneauth/_type_"+ _data.get('auth_type','password') +".conf" %}
{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs
diff --git a/nova/files/rocky/nova-compute.conf.Debian b/nova/files/rocky/nova-compute.conf.Debian
index 4621588..2565618 100644
--- a/nova/files/rocky/nova-compute.conf.Debian
+++ b/nova/files/rocky/nova-compute.conf.Debian
@@ -8514,13 +8514,12 @@
#send_service_user_token = false
{%- if compute.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
- {%- if compute.service_user is defined %}
- {%- set _data=compute.service_user %}
- {%- else %}
- {%- set _data=compute.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(compute.get('identity', {})) %}
+{%- do _data.update(compute.get('service_user', {})) %}
{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
-{%- include "oslo_templates/files/" ~ compute.version ~ "/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': compute.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/" ~ compute.version ~ "/keystoneauth/_type_"+ _data.get('auth_type','password') +".conf" %}
{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs connections.
diff --git a/nova/files/rocky/nova-controller.conf.Debian b/nova/files/rocky/nova-controller.conf.Debian
index bbb411f..f5d9789 100644
--- a/nova/files/rocky/nova-controller.conf.Debian
+++ b/nova/files/rocky/nova-controller.conf.Debian
@@ -8234,13 +8234,12 @@
#send_service_user_token = false
{%- if controller.get('service_user', {}).get('enabled', True) %}
send_service_user_token = True
- {%- if controller.service_user is defined %}
- {%- set _data=controller.service_user %}
- {%- else %}
- {%- set _data=controller.identity %}
- {%- endif %}
+{%- set _data = {} %}
+{%- do _data.update(controller.get('identity', {})) %}
+{%- do _data.update(controller.get('service_user', {})) %}
{%- if not _data.port == '5000' %}{% do _data.update({'port': '5000'}) %}{% endif %}
-{%- include "oslo_templates/files/" ~ controller.version ~ "/keystoneauth/_type_" + auth_type + ".conf" %}
+{%- if 'cacert_file' not in _data.keys() %}{% do _data.update({'cacert_file': controller.cacert_file}) %}{% endif %}
+{%- include "oslo_templates/files/" ~ controller.version ~ "/keystoneauth/_type_"+ _data.get('auth_type','password') +".conf" %}
{%- else %}
# PEM encoded Certificate Authority to use when verifying HTTPs connections.