Automatic merge from submit-queue (batch tested with PRs 51984, 51351, 51873, 51795, 51634)
Bug Fix - Adding an allowed address pair wipes port security groups
**What this PR does / why we need it**:
Fix for cloud routes enabled instances will have their security groups
removed when the allowed address pair is added to the instance's port.
Upstream bug report is in:
https://github.com/gophercloud/gophercloud/issues/509
Upstream bug fix is in:
https://github.com/gophercloud/gophercloud/pull/510
**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #
Fixes#51755
**Special notes for your reviewer**:
Just an fix in vendored code. minimal changes needed in OpenStack cloud provider
**Release note**:
```release-note
NONE
```
Kubernetes-commit: 9a8cb435b77085fa7d518c4428a02eae316b1003
Automatic merge from submit-queue (batch tested with PRs 50087, 39587, 50042, 50241, 49914)
plugin/pkg/client/auth: add openstack auth provider
This is an implementation of auth provider for OpenStack world, just like python-openstackclient, we read the environment variables of a list `OS_*`, and client will cache a token to interact with each components, we can do the same here, the client side can cache a token locally at the first time, and rotate automatically when it expires.
This requires an implementation of token authenticator at server side, refer:
1. [made by me] https://github.com/kubernetes/kubernetes/pull/25536, I can carry this on when it is fine to go.
2. [made by @kfox1111] https://github.com/kubernetes/kubernetes/pull/25391
The reason why I want to add this is due to the `client-side` nature, it will be confusing to implement it downstream, we would like to add this support here, and customers can get `kubectl` like they usually do(`brew install kubernetes-cli`), and it will just work.
When this is done, we can deprecate the password keystone authenticator as the following reasons:
1. as mentioned at some other places, the `domain` is another parameters which should be provided.
2. in case the user supplies `apikey` and `secrets`, we might want to fill the `UserInfo` with the real name which is not implemented for now.
cc @erictune @liggitt
```
add openstack auth provider
```
Kubernetes-commit: 59b8fa32f129be29f146bfd4888a5d1ab7e71ca5