Comment 21 for bug 1298135

Reviewed: https://review.opendev.org/c/openstack/cinder/+/840289
Committed: https://opendev.org/openstack/cinder/commit/77c886ab18ba241eaa7418f1e0d095fe6639ae19
Submitter: "Zuul (22348)"
Branch: master

commit 77c886ab18ba241eaa7418f1e0d095fe6639ae19
Author: Tobias Urdin <email address hidden>
Date: Tue May 3 13:27:15 2022 +0000

    backup/swift: Add support sending service user token

    This adds support to the Swift backup driver to send
    a service user token in the X-Service-Token header when
    talking to Swift which will support long running processes
    to continue functioning when the user token is expired if
    the target supports it. [1] [2]

    In the patch I'm favoring passing the X-Service-Token from
    Cinder as a header instead of passing the service user credentials
    down to the python-swiftclient, it makes more sense to not hand
    it off. We already have a auth plugin for the service user which
    ensures that the token is always valid, an invalid token would
    disrupt the process and cause the long running process to fail.

    The new config option to enable the service auth in the Swift
    driver serves the purpose of not enabling the feature by default
    for deployments already enabling service user for Nova and Glance.

    I'm working on implementing the X-Service-Token support
    in Ceph RadosGW's Swift API implementation [3], OpenStack Swift
    already supports service token.

    [1] https://specs.openstack.org/openstack/keystone-specs/specs/keystonemiddleware/juno/service-tokens.html
    [2] https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html
    [3] https://github.com/ceph/ceph/pull/45395

    Related-Bug: #1298135
    Change-Id: I69a478dc18c18e6d67be83d61c9643afab72c118