Horizon can now use a system scope token when performing admin operations. To enable that, a new setting, SYSTEM_SCOPE_SERVICES, has to list the OpenStack services for which this feature is to be enabled. When that setting is not empty, a new option, "system scope" will appear in the context switching menu, and the panels for the listed services will be moved into that context in the main menu.
Horizon no longer requires the keystone admin endpoint. keystone does not distinguish public and admin endpoints and there is no functional difference between public and admin endpoints. There is no need for a separate endpoint for keystone admin operations, but horizon required the keystone admin endpoint is configured previously. This requirement no longer exists. An endpoint specified by
OPENSTACK_ENDPOINT_TYPEsetting is used for the keystone admin operations. You can drop the admin endpoint for keystone (unless other services require it). [bug 1950659]