Auth_url changes following auth_plugin in nova section

After the refact of nova authentication in neutron, it supports
three auth_plugin: password, v2password, v3password. Each
auth_plugin match a different auth_url. For example:
a) password
auth_plugin = password
auth_url = http://127.0.0.1:35357/
b) v2password
auth_plugin = v2password
auth_url = http://127.0.0.1:35357/v2.0
c) v3password
auth_plugin = v3password
auth_url = http://127.0.0.1:35357/v3

The auth_url should be set following the auth_plugin automatically.

Change-Id: Ia584a6c6a64fcaa92012c957da004ac029ca7db2
Closes-bug: #1459594
Closes-bug: #1461480

attributes/default.rb

@@ -223,7 +223,7 @@ default['openstack']['network']['rpc_response_timeout'] = 60
 
 # ======== Neutron Nova interactions ==========
 # Name of the plugin to load
-default['openstack']['network']['nova']['auth_plugin'] = 'password'
+default['openstack']['network']['nova']['auth_plugin'] = 'v2password'
 
 # CA file for novaclient to verify server certificates
 default['openstack']['network']['nova']['cafile'] = nil

recipes/default.rb

@@ -164,6 +164,17 @@ nova_version = node['openstack']['network']['nova']['url_version']
 nova_endpoint = uri_from_hash('scheme' => nova_endpoint.scheme.to_s, 'host' => nova_endpoint.host.to_s, 'port' => nova_endpoint.port.to_s, 'path' => nova_version)
 nova_admin_pass = get_password 'service', 'openstack-compute'
 
+# The auth_url in nova section follows auth_plugin
+nova_auth_url = nil
+case node['openstack']['network']['nova']['auth_plugin'].downcase
+when 'password'
+  nova_auth_url = identity_uri
+when 'v2password'
+  nova_auth_url = auth_uri_transform(identity_admin_endpoint.to_s, 'v2.0')
+when 'v3password'
+  nova_auth_url = auth_uri_transform(identity_admin_endpoint.to_s, 'v3.0')
+end
+
 if node['openstack']['network']['l3']['router_distributed'] == 'auto'
   if node['openstack']['network']['interface_driver'].split('.').last != 'OVSInterfaceDriver'
     node.set['openstack']['network']['l3']['router_distributed'] = 'false'
@@ -198,6 +209,7 @@ template '/etc/neutron/neutron.conf' do
     sql_connection: sql_connection,
     nova_endpoint: nova_endpoint,
     nova_admin_pass: nova_admin_pass,
+    nova_auth_url: nova_auth_url,
     router_distributed: router_distributed
   )
 

spec/default_spec.rb

@@ -666,7 +666,7 @@ describe 'openstack-network' do
         end
 
         it 'has default nova auth_plugin attribute' do
-          expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^auth_plugin = password/)
+          expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^auth_plugin = v2password/)
         end
 
         it 'does not set the sets admin_tenant_id' do
@@ -683,6 +683,7 @@ describe 'openstack-network' do
           [
             /^username = nova$/,
             /^user_domain_id = default$/,
+            /^tenant_name = service$/,
             /^project_name = service$/,
             /^project_domain_id = default$/
           ].each do |line|
@@ -699,10 +700,20 @@ describe 'openstack-network' do
           expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^password = nova-pass$/)
         end
 
-        it 'sets the nova auth_url attribute' do
+        it 'sets the nova auth_url attribute when auth_plugin is password' do
+          node.set['openstack']['network']['nova']['auth_plugin'] = 'password'
+          expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r{^auth_url = http://127.0.0.1:35357/$})
+        end
+
+        it 'sets the nova auth_url attribute when auth_plugin is v2password by default' do
           expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r{^auth_url = http://127.0.0.1:35357/v2.0$})
         end
 
+        it 'sets the nova auth_url attribute when auth_plugin is v3password' do
+          node.set['openstack']['network']['nova']['auth_plugin'] = 'v3password'
+          expect(chef_run).to render_config_file(file.name).with_section_content('nova', %r{^auth_url = http://127.0.0.1:35357/v3$})
+        end
+
         it 'has default nova api insecure' do
           expect(chef_run).to render_config_file(file.name).with_section_content('nova', /^insecure = false$/)
         end

templates/default/neutron.conf.erb

@@ -578,7 +578,7 @@ pool_timeout = <%= node['openstack']['db']['network']['pool_timeout'] %>
 auth_plugin = <%= node['openstack']['network']['nova']['auth_plugin'] %>
 
 # Authorization URL for connection to nova in admin context.
-auth_url = <%= @identity_admin_endpoint.to_s %>
+auth_url = <%= @nova_auth_url %>
 
 # Username for connection to nova in admin context
 username = <%= node["openstack"]["network"]["nova"]["admin_username"] %>
@@ -588,7 +588,9 @@ user_domain_id = <%= node["openstack"]["network"]["nova"]["user_domain_id"] %>
 # Password for connection to nova in admin context.
 password = <%= @nova_admin_pass %>
 
-# Project's domain name for project.
+# Project/tenant name. Keystone client v2 requires using tenant_name while v3 requires using project_name.
+# The value for both of them is the same. Adding both of them to handle both situations.
+tenant_name = <%= node["openstack"]["network"]["nova"]["project_name"] %>
 project_name = <%= node["openstack"]["network"]["nova"]["project_name"] %>
 
 # Project's domain ID for project.