From 93a2e43b05eb9a2a6118867f585ec304bdbb978f Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Thu, 18 May 2023 16:53:20 +0200
Subject: [PATCH] Define service_user for nova services

In order to cover OSSA-2023-003, a requirement to define service_user
section for all nova services has been added by nova.

Change-Id: I81cd6431fec94f56b0ebd66c94e90c9623ba0e38
(cherry picked from commit 9c23b0c35993a5f5fb45f786f7e612eb20214fcd)
---
 templates/nova.conf.j2 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/templates/nova.conf.j2 b/templates/nova.conf.j2
index f8957a29..766616b7 100644
--- a/templates/nova.conf.j2
+++ b/templates/nova.conf.j2
@@ -181,6 +181,17 @@ insecure = {{ keystone_service_adminuri_insecure | bool }}
 [conductor]
 workers = {{ nova_conductor_workers | default(nova_api_threads) }}
 
+[service_user]
+send_service_user_token = {{ nova_service_token_roles_required | bool }}
+region_name = {{ nova_service_region }}
+auth_type = password
+username = {{ nova_service_user_name }}
+password = {{ nova_service_password }}
+project_name = {{ nova_service_project_name }}
+user_domain_id = {{ nova_service_user_domain_id }}
+project_domain_id = {{ nova_service_project_domain_id }}
+auth_url = {{ keystone_service_adminurl }}
+insecure = {{ keystone_service_adminuri_insecure | bool }}
 
 [keystone_authtoken]
 insecure = {{ keystone_service_internaluri_insecure | bool }}
@@ -288,6 +299,7 @@ disk_cachemodes = {{ nova_libvirt_disk_cachemodes }}
 {% if nova_barbican_enabled %}
 [barbican]
 auth_endpoint = {{ keystone_service_internaluri }}/v3
+send_service_user_token = {{ nova_service_token_roles_required | bool }}
 
 [key_manager]
 backend = barbican