From c9a4b36e52857c133871790ca2ac26818d3191b0 Mon Sep 17 00:00:00 2001
From: Christian Berendt <berendt@osism.tech>
Date: Sun, 17 Sep 2023 21:44:38 +0200
Subject: [PATCH] keystone: ensure bool for two parameters

* keystone_enable_federation_openid
* enable_keystone_federation

Closes-Bug: #2036390

Change-Id: Ieef1dce006c339643ad4fa544218c6482c2ad32c
---
 ansible/roles/keystone/templates/keystone.conf.j2      | 2 +-
 ansible/roles/keystone/templates/keystone.json.j2      | 2 +-
 ansible/roles/keystone/templates/wsgi-keystone.conf.j2 | 2 +-
 releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml   | 7 +++++++
 4 files changed, 10 insertions(+), 3 deletions(-)
 create mode 100644 releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml

diff --git a/ansible/roles/keystone/templates/keystone.conf.j2 b/ansible/roles/keystone/templates/keystone.conf.j2
index 65566e618..e57ee251d 100644
--- a/ansible/roles/keystone/templates/keystone.conf.j2
+++ b/ansible/roles/keystone/templates/keystone.conf.j2
@@ -82,7 +82,7 @@ connection_string = {{ osprofiler_backend_connection_string }}
 allowed_origin = {{ grafana_public_endpoint }}
 {% endif %}
 
-{% if enable_keystone_federation %}
+{% if enable_keystone_federation | bool %}
 [federation]
 {% for dashboard in keystone_trusted_dashboards %}
 trusted_dashboard = {{ dashboard }}
diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2
index d4973a9ec..705c33865 100644
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -78,7 +78,7 @@
         {
             "path": "/var/log/kolla/keystone/keystone.log",
             "owner": "keystone:keystone"
-        },{% if keystone_enable_federation_openid %}
+        },{% if keystone_enable_federation_openid | bool %}
         {
             "path": "{{ keystone_container_federation_oidc_metadata_folder }}",
             "owner": "{{ apache_user }}:{{ apache_user }}",
diff --git a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2 b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
index a78266bd7..2e42f5a7d 100644
--- a/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
+++ b/ansible/roles/keystone/templates/wsgi-keystone.conf.j2
@@ -62,7 +62,7 @@ LogLevel info
     SSLCertificateKeyFile /etc/keystone/certs/keystone-key.pem
 {% endif -%}
 
-{% if keystone_enable_federation_openid %}
+{% if keystone_enable_federation_openid | bool %}
     OIDCClaimPrefix "OIDC-"
     OIDCClaimDelimiter ";"
     OIDCResponseType "{{ keystone_federation_oidc_response_type }}"
diff --git a/releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml b/releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml
new file mode 100644
index 000000000..601821bda
--- /dev/null
+++ b/releasenotes/notes/bug-2036390-d087c5bfd504c9f3.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    ``enable_keystone_federation`` and ``keystone_enable_federation_openid``
+    have not been explicitly handled as bool in various templates in the
+    keystone role so far.
+    `LP#2036390 <https://bugs.launchpad.net/kolla-ansible/+bug/2036390>`__
-- 
GitLab