From 9c23b0c35993a5f5fb45f786f7e612eb20214fcd Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Thu, 18 May 2023 16:53:20 +0200
Subject: [PATCH] Define service_user for nova services

In order to cover OSSA-2023-003, a requirement to define service_user
section for all nova services has been added by nova.

Change-Id: I81cd6431fec94f56b0ebd66c94e90c9623ba0e38
---
 templates/nova.conf.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2
index 8dc3a8ae..270b149f 100644
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@@ -178,6 +178,8 @@ insecure = {{ keystone_service_adminuri_insecure | bool }}
 [conductor]
 workers = {{ nova_conductor_workers | default(nova_api_threads) }}
 
+[service_user]
+send_service_user_token = {{ nova_service_token_roles_required | bool }}
 
 [keystone_authtoken]
 insecure = {{ keystone_service_internaluri_insecure | bool }}
@@ -285,6 +287,7 @@ disk_cachemodes = {{ nova_libvirt_disk_cachemodes }}
 {% if nova_barbican_enabled %}
 [barbican]
 auth_endpoint = {{ keystone_service_internaluri }}/v3
+send_service_user_token = {{ nova_service_token_roles_required | bool }}
 
 [key_manager]
 backend = barbican