From dc486bc12fb63ecb5939f8d29dd9cf7a659847cd Mon Sep 17 00:00:00 2001
From: Steve Martinelli <s.martinelli@gmail.com>
Date: Thu, 8 Sep 2016 02:29:25 +0000
Subject: [PATCH] Switch fernet to be the default token provider

this is the first patch in a series to actually make fernet the default
token provider in keystone. the patches for grenade, release notes, and
actually switching the value in keystone all depend on this patch first.

reasons for switching over:

- fernet tokens are the recommended token provider
- the install guide for newton recommends deployers use fernet tokens [0]
- we previously attempted this switch but ran into timing issues [1],
  the timing issues have been resolved [2]

[0] http://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html
[1] 153db269705f37d4144ad3fcf26dc67269755d7d
[2] https://review.openstack.org/#/q/topic:make-fernet-default

Change-Id: I3b819ae8d2924f3bece03902e05d1a8c5e5923f1
---
 lib/keystone | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/keystone b/lib/keystone
index b2dfa833e3..fd92f31afb 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -88,7 +88,7 @@ KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
 
 # Select Keystone's token provider (and format)
 # Choose from 'uuid', 'pki', 'pkiz', or 'fernet'
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-}
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
 KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
 
 # Set Keystone interface configuration