Set service_type in [keystone_authtoken] for access rule validation

[Deydra71]

Without service_type configured, keystonemiddleware cannot validate application credentials with custom access rules, causing HTTP 401 for end users.

Closes: OSPRH-22365

[gibizer]

Make sense. Thanks

[mrkisaolamb]

lgtm

[SeanMooney]

looking at https://redhat.atlassian.net/browse/OSPRH-22365 this does seam valid

im not sure that this is docuemented partically well upstream and that reminds me we aslo need to enable apllciation creditial in devstakc in the upstream ci.

but this is good to knwo that we shoudl be populating this to have the correct behaivor

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Deydra71, gibizer, mrkisaolamb, SeanMooney

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [SeanMooney,gibizer,mrkisaolamb]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Deydra71]

Hi! @SeanMooney @gibizer There's been a question raised in glance-operator to propagate service_type using templateParameters eg - [1]

[1] https://github.com/openstack-k8s-operators/glance-operator/blob/main/internal/glance/const.go#L36

In nova we would need to put it in every nove controller, correct? WDYT about hardcoding vs using the template parameter.

[centosinfra-prod-github-app]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://gateway-cloud-softwarefactory.apps.ocp.cloud.ci.centos.org/zuul/t/rdoproject.org/buildset/c57cb468e4d64988a6be8bd13b9a7686

✔️ openstack-meta-content-provider SUCCESS in 3h 45m 12s
✔️ nova-operator-kuttl SUCCESS in 54m 34s
❌ nova-operator-tempest-multinode RETRY_LIMIT in 20m 22s
❌ nova-operator-tempest-multinode-ceph FAILURE in 2h 38m 38s

[SeanMooney]

Hi! @SeanMooney @gibizer There's been a question raised in glance-operator to propagate service_type using templateParameters eg - [1]

[1] https://github.com/openstack-k8s-operators/glance-operator/blob/main/internal/glance/const.go#L36

In nova we would need to put it in every nove controller, correct? WDYT about hardcoding vs using the template parameter.

hardcoding it is the correct approch
service typs are not configurable they are dirfed by
https://opendev.org/openstack/service-types-authority/src/branch/master/service-types.yaml

and are quried to have specific value for cloud interoperatblity

so for nova nad placmeent this patch is good as is

we dont really need to pass it as a template parmater since its not something we will be changing so there is no need to add a constant in go and pass that in to the template rendering

[Deydra71]

recheck

[Deydra71]

/cherry-pick 18.0-fr6

[openshift-cherrypick-robot]

@Deydra71: new pull request created: #1140

Details

In response to this:

/cherry-pick 18.0-fr6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.