From 15250435f69b6ca4ed024bb68d941243fa57bcde Mon Sep 17 00:00:00 2001
From: James Page <james.page@ubuntu.com>
Date: Wed, 3 Jul 2019 14:21:09 +0100
Subject: [PATCH] Ensure federated identity backend are TLS aware

When the certificates endpoint has completed TLS configuration
via Vault, ensure that any federated identity backends are
updated for the switch to TLS, other the generated SP data
incorrectly used http:// instead of https://

Closes-Bug: 1834442

Change-Id: Ie160095789f5c34bc3509ffce4a7c5c0ec430632
---
 hooks/keystone_hooks.py           | 1 +
 unit_tests/test_keystone_hooks.py | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hooks/keystone_hooks.py b/hooks/keystone_hooks.py
index 3cb6ac4a..46578cf5 100755
--- a/hooks/keystone_hooks.py
+++ b/hooks/keystone_hooks.py
@@ -824,6 +824,7 @@ def certs_changed(relation_id=None, unit=None):
         ensure_initial_admin(config)
     update_all_identity_relation_units()
     update_all_domain_backends()
+    update_all_fid_backends()
 
 
 def notify_middleware_with_release_version():
diff --git a/unit_tests/test_keystone_hooks.py b/unit_tests/test_keystone_hooks.py
index 78aaa2c6..b8f802e1 100644
--- a/unit_tests/test_keystone_hooks.py
+++ b/unit_tests/test_keystone_hooks.py
@@ -1003,6 +1003,7 @@ class KeystoneRelationTests(CharmTestCase):
             relation_id='rid:23',
             relation_settings={'cn': 'this-unit'})
 
+    @patch.object(hooks, 'update_all_fid_backends')
     @patch.object(hooks, 'config')
     @patch.object(hooks, 'update_all_domain_backends')
     @patch.object(hooks, 'update_all_identity_relation_units')
@@ -1017,7 +1018,8 @@ class KeystoneRelationTests(CharmTestCase):
                            is_elected_leader, is_unit_paused_set,
                            ensure_initial_admin,
                            update_all_identity_relation_units,
-                           update_all_domain_backends, config):
+                           update_all_domain_backends, config,
+                           update_all_fid_backends):
         is_db_initialised.return_value = True
         is_elected_leader.return_value = True
         is_unit_paused_set.return_value = False
@@ -1036,6 +1038,7 @@ class KeystoneRelationTests(CharmTestCase):
         ensure_initial_admin.assert_called_once_with(config)
         update_all_identity_relation_units.assert_called_once_with()
         update_all_domain_backends.assert_called_once_with()
+        update_all_fid_backends.assert_called_once_with()
 
         ensure_initial_admin.reset_mock()
         is_db_initialised.return_value = False