Update keystone.conf to use new provider config

This change uses the [token] provider configuration rather than
the deprecated [signing] token_format to select between PKI and UUID
tokens.

Closes-Bug: #1273946
Change-Id: Ia03c2375326c14d4783df3c0774599c795b25cf2

attributes/default.rb

@@ -65,7 +65,7 @@ default['openstack']['identity']['users'] = {
 }
 
 # PKI signing. Corresponds to the [signing] section of keystone.conf
-# Note this section is only written if node['openstack']['auth']['straegy'] == 'pki'
+# Note this section is only written if node['openstack']['auth']['strategy'] == 'pki'
 default['openstack']['identity']['signing']['basedir'] = '/etc/keystone/ssl'
 default['openstack']['identity']['signing']['certfile'] = '/etc/keystone/ssl/certs/signing_cert.pem'
 default['openstack']['identity']['signing']['keyfile'] = '/etc/keystone/ssl/private/signing_key.pem'

templates/default/keystone.conf.erb

@@ -169,7 +169,7 @@ template_file = /etc/keystone/default_catalog.templates
 
 [token]
 driver = keystone.token.backends.<%= node["openstack"]["identity"]["token"]["backend"] %>.Token
-
+provider = keystone.token.providers.<%= node["openstack"]["auth"]["strategy"] %>.Provider
 # Amount of time a token should remain valid (in seconds)
 expiration = 86400
 
@@ -188,15 +188,12 @@ driver = keystone.contrib.ec2.backends.sql.Ec2
 
 [signing]
 <% if node["openstack"]["auth"]["strategy"] == "pki" -%>
-token_format = PKI
 certfile = <%= node["openstack"]["identity"]["signing"]["certfile"] %>
 keyfile = <%= node["openstack"]["identity"]["signing"]["keyfile"] %>
 ca_certs = <%= node["openstack"]["identity"]["signing"]["ca_certs"] %>
 key_size = <%= node["openstack"]["identity"]["signing"]["key_size"] %>
 valid_days = <%= node["openstack"]["identity"]["signing"]["valid_days"] %>
 ca_password = <%= node["openstack"]["identity"]["signing"]["ca_password"] %>
-<% else -%>
-token_format = UUID
 <% end -%>
 
 [auth]