diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2 index 65566e618e..e57ee251d9 100644 --- a/ansible/roles/keystone/templates/keystone.conf.j2 +++ b/ansible/roles/keystone/templates/keystone.conf.j2 @@ -82,7 +82,7 @@ connection_string = {{ osprofiler_backend_connection_string }} allowed_origin = {{ grafana_public_endpoint }} {% endif %} -{% if enable_keystone_federation %} +{% if enable_keystone_federation | bool %} [federation] {% for dashboard in keystone_trusted_dashboards %} trusted_dashboard = {{ dashboard }} diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2 index d4973a9ecf..705c338655 100644 --- a/ansible/roles/keystone/templates/keystone.json.j2 +++ b/ansible/roles/keystone/templates/keystone.json.j2 @@ -78,7 +78,7 @@ { "path": "/var/log/kolla/keystone/keystone.log", "owner": "keystone:keystone" - },{% if keystone_enable_federation_openid %} + },{% if keystone_enable_federation_openid | bool %} { "path": "{{ keystone_container_federation_oidc_metadata_folder }}", "owner": "{{ apache_user }}:{{ apache_user }}", diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 index a78266bd77..2e42f5a7d1 100644 --- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 +++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 @@ -62,7 +62,7 @@ LogLevel info SSLCertificateKeyFile /etc/keystone/certs/keystone-key.pem {% endif -%} -{% if keystone_enable_federation_openid %} +{% if keystone_enable_federation_openid | bool %} OIDCClaimPrefix "OIDC-" OIDCClaimDelimiter ";" OIDCResponseType "{{ keystone_federation_oidc_response_type }}" diff --git a/releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml b/releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml new file mode 100644 index 0000000000..601821bda7 --- /dev/null +++ b/releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + ``enable_keystone_federation`` and ``keystone_enable_federation_openid`` + have not been explicitly handled as bool in various templates in the + keystone role so far. + `LP#2036390 `__