From 1e1fce856dfafe60c477a8ba956eaa9fa160c6c4 Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Thu, 19 Jun 2014 16:55:45 -0500
Subject: [PATCH] Use Keystone's default token format if not set

Devstack was setting its own default for Keystone's token format, so
when Keystone's default token format changed then devstack needed to
be updated. With this change, devstack will only override Keystone's
token format if KEYSTONE_TOKEN_FORMAT is set explicitly. PKI setup
is assumed to be needed unless the KEYSTONE_TOKEN_FORMAT is set to
UUID.

Change-Id: Idfa78e93abd80273dadcf37007a024bb6a783a48
---
 lib/keystone | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index f2513de112..61f5cc016a 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -56,7 +56,7 @@ KEYSTONE_ASSIGNMENT_BACKEND=${KEYSTONE_ASSIGNMENT_BACKEND:-sql}
 
 # Select Keystone's token format
 # Choose from 'UUID', 'PKI', or 'PKIZ'
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKIZ}
+KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
 
 # Set Keystone interface configuration
 KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
@@ -202,10 +202,8 @@ function configure_keystone {
 
     iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN"
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" = "UUID" ]]; then
-        iniset $KEYSTONE_CONF token provider keystone.token.providers.uuid.Provider
-    elif [[ "$KEYSTONE_TOKEN_FORMAT" = "PKI" ]]; then
-        iniset $KEYSTONE_CONF token provider keystone.token.providers.pki.Provider
+    if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
+        iniset $KEYSTONE_CONF token provider keystone.token.providers.$KEYSTONE_TOKEN_FORMAT.Provider
     fi
 
     iniset $KEYSTONE_CONF database connection `database_connection_url keystone`
@@ -386,7 +384,7 @@ function init_keystone {
     # Initialize keystone database
     $KEYSTONE_DIR/bin/keystone-manage db_sync
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" || "$KEYSTONE_TOKEN_FORMAT" == "PKIZ" ]]; then
+    if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then
         # Set up certificates
         rm -rf $KEYSTONE_CONF_DIR/ssl
         $KEYSTONE_DIR/bin/keystone-manage pki_setup