Add ability to authenticate to OpenStack with token or application credentials provided by third party #775
Description
In some environments, like in LEXIS project, Yorc must be able to allocate OpenStack compute resources on behalf of any user created on demand by a third party AAI (Authentication and Authorization Infrastructure), Yorc being just given an OpenStack token or Openstack application credentials, valid only for a given time defined by the third party AAI.
It should be possible to only rely on an OpenStack token, even in the case of application credentials as it is possible to generate an OpenStack token from OpenStack application credentials,
but there is currently a bug in OpenStack identity (keystone) tracked by https://bugs.launchpad.net/keystone/+bug/1878438 "error when using token get from application credential authentication".
When attempting to use such a token, this failure occurs in keystone:
ERROR keystone File "/openstack/venvs/keystone-21.2.2.dev1/lib/python3.6/site-packages/keystone/api/_shared/authentication.py", line 212, in authenticate_for_token
So, in addition to tokens for a future use, we should be able to directly use application credentials as well until https://bugs.launchpad.net/keystone/+bug/1878438 will be addressed.
The corresponding values having an ephemeral validity managed by a third party software, per user, are not to be stored in Yorc configuration.
They can be provided in the OpenStack node template metadata, and read/used by Yorc when it attempts to allocate/release the corresponding OpenStack resource.