Fix radosgw keystone authentication

Radosgw relies on shared secret token admin, passed via SERVICE_TOKEN
variable, but token admin was deprecated, and devstack doesn't
configure shared secret.

This change  switch on using service credentials instead, creates
'radosgw' service user with admin privileges and configure radosgw
with them.

Change-Id: I12d4ea4021b93be73358f0aa68a32879af8fda53

devstack/lib/ceph

@@ -408,7 +408,9 @@ function _configure_ceph_rgw {
         rgw print continue = false
         rgw frontends = civetweb port=${CEPH_RGW_PORT}
         rgw keystone url = http://${SERVICE_HOST}:35357
-        rgw keystone admin token = ${SERVICE_TOKEN}
+	rgw keystone admin user = radosgw
+	rgw keystone admin password = $SERVICE_PASSWORD
+	rgw keystone admin tenant = $SERVICE_PROJECT_NAME
         rgw keystone accepted roles = Member, _member_, admin
         rgw s3 auth use keystone = true
         nss db path = ${CEPH_DATA_DIR}/radosgw/ceph-radosgw.$(hostname)/nss
@@ -439,6 +441,9 @@ function configure_ceph_embedded_rgw {
     # Let keystone generate the certs, rgw needs these.
     keystone-manage pki_setup --rebuild
 
+    # Create radosgw service user with admin privileges
+    create_service_user "radosgw" "admin"
+
     # radosgw needs to access keystone's revocation list
     sudo mkdir -p ${CEPH_DATA_DIR}/radosgw/ceph-radosgw.$(hostname)/nss
     sudo openssl x509 -in /etc/keystone/ssl/certs/ca.pem -pubkey | \