Use Keystone's default token format if not set
Devstack was setting its own default for Keystone's token format, so
when Keystone's default token format changed then devstack needed to
be updated. With this change, devstack will only override Keystone's
token format if KEYSTONE_TOKEN_FORMAT is set explicitly. PKI setup
is assumed to be needed unless the KEYSTONE_TOKEN_FORMAT is set to
UUID.
Change-Id: Idfa78e93abd80273dadcf37007a024bb6a783a48
diff --git a/lib/keystone b/lib/keystone
index f2513de..61f5cc0 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -56,7 +56,7 @@
# Select Keystone's token format
# Choose from 'UUID', 'PKI', or 'PKIZ'
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKIZ}
+KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
# Set Keystone interface configuration
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
@@ -202,10 +202,8 @@
iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
- if [[ "$KEYSTONE_TOKEN_FORMAT" = "UUID" ]]; then
- iniset $KEYSTONE_CONF token provider keystone.token.providers.uuid.Provider
- elif [[ "$KEYSTONE_TOKEN_FORMAT" = "PKI" ]]; then
- iniset $KEYSTONE_CONF token provider keystone.token.providers.pki.Provider
+ if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
+ iniset $KEYSTONE_CONF token provider keystone.token.providers.$KEYSTONE_TOKEN_FORMAT.Provider
fi
iniset $KEYSTONE_CONF database connection `database_connection_url keystone`
@@ -386,7 +384,7 @@
# Initialize keystone database
$KEYSTONE_DIR/bin/keystone-manage db_sync
- if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" || "$KEYSTONE_TOKEN_FORMAT" == "PKIZ" ]]; then
+ if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then
# Set up certificates
rm -rf $KEYSTONE_CONF_DIR/ssl
$KEYSTONE_DIR/bin/keystone-manage pki_setup