From 9a4fd9dcfc41a9d427e77f3219b5279cca07e7a4 Mon Sep 17 00:00:00 2001
From: Georgina <georgina.shippey@bbc.co.uk>
Date: Wed, 21 Jul 2021 08:55:54 +0000
Subject: [PATCH] Fix oidc scope misspelling in newer releases

A follow on from I8a1d7e8d31b43b70de062d5bbf2f648c71014af0.
Remove ability to use incorrect spelling in future releases.

Change-Id: If27c04ba5ce509a30fe2af2a56771cc1a12dbe9d
---
 ...-keystone-oidc-scope-spelling-fix-3051b95adeb37901.yaml | 7 +++++++
 templates/keystone-httpd.conf.j2                           | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/os-keystone-oidc-scope-spelling-fix-3051b95adeb37901.yaml

diff --git a/releasenotes/notes/os-keystone-oidc-scope-spelling-fix-3051b95adeb37901.yaml b/releasenotes/notes/os-keystone-oidc-scope-spelling-fix-3051b95adeb37901.yaml
new file mode 100644
index 00000000..398b56fc
--- /dev/null
+++ b/releasenotes/notes/os-keystone-oidc-scope-spelling-fix-3051b95adeb37901.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    For deployers using Keystone as an OIDC-based Service Provider there has
+    been a spelling fix for the OIDCScope setting. Please use
+    ``keystone_sp.trusted_idp_list.0.oidc_scope`` instead of
+    ``keystone_sp.trusted_idp_list.0.idc_scope``.
diff --git a/templates/keystone-httpd.conf.j2 b/templates/keystone-httpd.conf.j2
index 066ec58e..75f65e29 100644
--- a/templates/keystone-httpd.conf.j2
+++ b/templates/keystone-httpd.conf.j2
@@ -37,7 +37,7 @@ Listen {{ keystone_service_port }}
     {% if keystone_sp_apache_mod_auth_openidc -%}
     OIDCClaimPrefix "{{ keystone_sp.trusted_idp_list.0.oidc_claim_prefix | default('OIDC-') }}"
     OIDCResponseType "{{ keystone_sp.trusted_idp_list.0.oidc_resp_type | default('id_token') }}"
-    OIDCScope "{{ keystone_sp.trusted_idp_list.0.idc_scope | default(keystone_sp.trusted_idp_list.0.oidc_scope | default('openid email profile')) }}"
+    OIDCScope "{{ keystone_sp.trusted_idp_list.0.oidc_scope | default('openid email profile') }}"
     OIDCProviderMetadataURL {{ keystone_sp.trusted_idp_list.0.oidc_provider_metadata_url }}
     OIDCClientID {{ keystone_sp.trusted_idp_list.0.oidc_client_id }}
     OIDCClientSecret {{ keystone_sp.trusted_idp_list.0.oidc_client_secret }}