Fix oidc scope misspelling in newer releases

A follow on from I8a1d7e8d31b43b70de062d5bbf2f648c71014af0. Remove ability to use incorrect spelling in future releases. Change-Id: If27c04ba5ce509a30fe2af2a56771cc1a12dbe9d
2021-07-21 08:55:54 +00:00 · 2021-07-21 08:55:54 +00:00 · 9a4fd9dcfc
parent 96b76aea88
commit 9a4fd9dcfc
2 changed files with 8 additions and 1 deletions
--- a/releasenotes/notes/os-keystone-oidc-scope-spelling-fix-3051b95adeb37901.yaml
+++ b/releasenotes/notes/os-keystone-oidc-scope-spelling-fix-3051b95adeb37901.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    For deployers using Keystone as an OIDC-based Service Provider there has
+    been a spelling fix for the OIDCScope setting. Please use
+    ``keystone_sp.trusted_idp_list.0.oidc_scope`` instead of
+    ``keystone_sp.trusted_idp_list.0.idc_scope``.
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@ -37,7 +37,7 @@ Listen {{ keystone_service_port }}
    {% if keystone_sp_apache_mod_auth_openidc -%}
    OIDCClaimPrefix "{{ keystone_sp.trusted_idp_list.0.oidc_claim_prefix | default('OIDC-') }}"
    OIDCResponseType "{{ keystone_sp.trusted_idp_list.0.oidc_resp_type | default('id_token') }}"
-    OIDCScope "{{ keystone_sp.trusted_idp_list.0.idc_scope | default(keystone_sp.trusted_idp_list.0.oidc_scope | default('openid email profile')) }}"
+    OIDCScope "{{ keystone_sp.trusted_idp_list.0.oidc_scope | default('openid email profile') }}"
    OIDCProviderMetadataURL {{ keystone_sp.trusted_idp_list.0.oidc_provider_metadata_url }}
    OIDCClientID {{ keystone_sp.trusted_idp_list.0.oidc_client_id }}
    OIDCClientSecret {{ keystone_sp.trusted_idp_list.0.oidc_client_secret }}