Fix admin_token issue in keystone-only.pp manifest

To fix bug #1582893 we have removed admin_token_auth middleware
from public/admin/v3 pipelines. It turns out that this change made
it impossible to use dockerctl check command in swarm tests, since
openstack util were unable to authorize itself using admin_token.

I have modified keystone-only.pp to temporary add admin_token_auth
middleware during puppet execution.

Change-Id: I00ad873cda454fcf062db3a383057ad12511922c
Closes-bug: #1602573

deployment/puppet/nailgun/examples/keystone-only.pp

@@ -33,6 +33,31 @@ case $production {
       refreshonly => false,
     }
 
+    Exec["add_admin_token_auth_middleware"] -> Keystone_tenant <||> -> Exec["remove_admin_token_auth_middleware"]
+    Exec["add_admin_token_auth_middleware"] -> Keystone_role <||> -> Exec["remove_admin_token_auth_middleware"]
+    Exec["add_admin_token_auth_middleware"] -> Keystone_user <||> -> Exec["remove_admin_token_auth_middleware"]
+    Exec["add_admin_token_auth_middleware"] -> Keystone_user_role <||> -> Exec["remove_admin_token_auth_middleware"]
+
+    # Get paste.ini source
+    $keystone_paste_ini = $::keystone::params::paste_config ? {
+      undef   => '/etc/keystone/keystone-paste.ini',
+      default => $::keystone::params::paste_config,
+    }
+
+    # Temporary add admin_token_auth middleware from public/admin/v3 pipelines
+    exec { 'add_admin_token_auth_middleware':
+      path    => ['/bin', '/usr/bin'],
+      command => "sed -i.dist 's/ token_auth / token_auth admin_token_auth /' ${keystone_paste_ini}",
+      unless  => "fgrep -q ' admin_token_auth' ${keystone_paste_ini}",
+    }
+
+    # Remove admin_token_auth middleware from public/admin/v3 pipelines
+    exec { 'remove_admin_token_auth_middleware':
+      path    => ['/bin', '/usr/bin'],
+      command => "mv ${keystone_paste_ini}.dist ${keystone_paste_ini}",
+      onlyif  => "test -f ${keystone_paste_ini}.dist",
+    }
+
     # Admin user
     keystone_tenant { 'admin':
       ensure  => present,