From cef5e40e0c1479f12f78c9dab74dc3100b2f10f7 Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Thu, 25 Jun 2015 17:57:53 -0500
Subject: [PATCH] Support fernet token provider

Keystone added the "fernet" token provider in Kilo. This adds
support for it.

Change-Id: I6b7342ea67157a40edc8b9ba3d84d118e39d86ed
---
 lib/keystone | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index 7a949cf96f..99e31b48f9 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -313,6 +313,8 @@ function configure_keystone {
 
     iniset $KEYSTONE_CONF eventlet_server admin_workers "$API_WORKERS"
     # Public workers will use the server default, typically number of CPU.
+
+    iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
 }
 
 function configure_keystone_extensions {
@@ -476,11 +478,15 @@ function init_keystone {
         $KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}"
     done
 
-    if [[ "$KEYSTONE_TOKEN_FORMAT" != "uuid" ]]; then
+    if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then
         # Set up certificates
         rm -rf $KEYSTONE_CONF_DIR/ssl
         $KEYSTONE_BIN_DIR/keystone-manage pki_setup
     fi
+    if [[ "$KEYSTONE_TOKEN_FORMAT" == "fernet" ]]; then
+        rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
+        $KEYSTONE_BIN_DIR/keystone-manage fernet_setup
+    fi
 }
 
 # install_keystoneclient() - Collect source and prepare