Add region_name support to Placement API config

- Add region_name to [keystone_authtoken] section in placement.conf
- Update placementapi_controller.go to pass Region to templateParameters

This ensures proper region selection in multi-region deployments for
Keystone authentication.

Co-Authored-By: Cursor AI <cursor@cursor.com>

Author: 2 people

internal/controller/placementapi_controller.go

@@ -1370,6 +1370,7 @@ func (r *PlacementAPIReconciler) generateServiceConfigMaps(
 		"KeystonePublicURL":   keystonePublicURL,
 		"PlacementPassword":   string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]),
 		"log_file":            "/var/log/placement/placement-api.log",
+		"Region":              keystoneAPI.GetRegion(),
 		"DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf",
 			databaseAccount.Spec.UserName,
 			string(dbSecret.Data[mariadbv1.DatabasePasswordSelector]),

templates/placementapi/config/placement.conf

@@ -20,6 +20,9 @@ user_domain_name = Default
 project_name = service
 username = {{ .ServiceUser }}
 password = {{ .PlacementPassword }}
+{{ if (index . "Region") -}}
+region_name = {{ .Region }}
+{{ end -}}
 www_authenticate_uri = {{ .KeystonePublicURL }}
 auth_url = {{ .KeystoneInternalURL }}
 auth_type = password

test/functional/placementapi_controller_test.go

@@ -256,6 +256,16 @@ var _ = Describe("PlacementAPI controller", func() {
 				k8sClient.Delete, ctx, CreatePlacementAPISecret(namespace, SecretName))
 			keystoneAPIName := keystone.CreateKeystoneAPI(namespace)
 			keystoneAPI = keystone.GetKeystoneAPI(keystoneAPIName)
+			// Set region on KeystoneAPI to ensure GetRegion() returns a value
+			Eventually(func(g Gomega) {
+				ks := keystone.GetKeystoneAPI(keystoneAPIName)
+				ks.Spec.Region = "RegionOne"
+				g.Expect(k8sClient.Update(ctx, ks)).To(Succeed())
+				ks.Status.Region = "RegionOne"
+				g.Expect(k8sClient.Status().Update(ctx, ks)).To(Succeed())
+			}, timeout, interval).Should(Succeed())
+			// Refresh keystoneAPI after setting region
+			keystoneAPI = keystone.GetKeystoneAPI(keystoneAPIName)
 			DeferCleanup(keystone.DeleteKeystoneAPI, keystoneAPIName)
 		})
 
@@ -349,6 +359,28 @@ var _ = Describe("PlacementAPI controller", func() {
 				ContainSubstring("TimeOut 60"))
 		})
 
+		It("should set region_name in keystone_authtoken section", func() {
+			serviceSpec := corev1.ServiceSpec{Ports: []corev1.ServicePort{{Port: 3306}}}
+			DeferCleanup(
+				mariadb.DeleteDBService,
+				mariadb.CreateDBService(namespace, "openstack", serviceSpec),
+			)
+			mariadb.SimulateMariaDBDatabaseCompleted(names.MariaDBDatabaseName)
+			mariadb.SimulateMariaDBAccountCompleted(names.MariaDBAccount)
+
+			cm := th.GetSecret(names.ConfigMapName)
+			conf := string(cm.Data["placement.conf"])
+
+			// Verify region_name is set in [keystone_authtoken] section
+			// GetRegion() returns Status.Region, so check that
+			Expect(keystoneAPI.Status.Region).ToNot(BeEmpty(), "KeystoneAPI should have a region set in status")
+			// The region_name should appear in the [keystone_authtoken] section
+			// It's conditionally rendered, so check it appears between password and www_authenticate_uri
+			Expect(conf).Should(
+				MatchRegexp(fmt.Sprintf(
+					"password = .*\\nregion_name = %s\\n", keystoneAPI.Status.Region)))
+		})
+
 		It("creates service account, role and rolebindig", func() {
 			serviceSpec := corev1.ServiceSpec{Ports: []corev1.ServicePort{{Port: 3306}}}
 			DeferCleanup(