From 581f52dfc0b6dc70ba6e3598241c62ec6fd7c012 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Tue, 15 Aug 2023 15:27:36 +0900
Subject: [PATCH] Ensure [openid] remote_id_attribute is purged

... so that an old value is not left.

Change-Id: Ife69c518416f523e2d8b8c07455e1f1d9d65defc
---
 manifests/federation/openidc.pp                  | 13 ++++---------
 spec/classes/keystone_federation_openidc_spec.rb |  1 +
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/manifests/federation/openidc.pp b/manifests/federation/openidc.pp
index 6435fa22e..f8636ec71 100644
--- a/manifests/federation/openidc.pp
+++ b/manifests/federation/openidc.pp
@@ -116,7 +116,7 @@
 # [*remote_id_attribute*]
 #  (Optional) Value to be used to obtain the entity ID of the Identity
 #  Provider from the environment.
-#  Defaults to undef.
+#  Defaults to $facts['os_service_default'].
 #
 # [*template_order*]
 #  This number indicates the order for the concat::fragment that will apply
@@ -153,7 +153,7 @@ class keystone::federation::openidc (
   $memcached_servers              = undef,
   $redis_server                   = undef,
   $redis_password                 = undef,
-  $remote_id_attribute            = undef,
+  $remote_id_attribute            = $facts['os_service_default'],
   $template_order                 = 331,
 ) {
 
@@ -212,13 +212,8 @@ class keystone::federation::openidc (
   }
 
   keystone_config {
-    'auth/methods': value => join(any2array($methods),',');
-  }
-
-  if $remote_id_attribute {
-    keystone_config {
-      'openid/remote_id_attribute': value => $remote_id_attribute;
-    }
+    'auth/methods':               value => join(any2array($methods),',');
+    'openid/remote_id_attribute': value => $remote_id_attribute;
   }
 
   concat::fragment { 'configure_openidc_keystone':
diff --git a/spec/classes/keystone_federation_openidc_spec.rb b/spec/classes/keystone_federation_openidc_spec.rb
index f73765bb7..98cbb2c78 100644
--- a/spec/classes/keystone_federation_openidc_spec.rb
+++ b/spec/classes/keystone_federation_openidc_spec.rb
@@ -63,6 +63,7 @@ describe 'keystone::federation::openidc' do
     context 'with only required parameters' do
       it 'should have basic params for openidc in Keystone configuration' do
         is_expected.to contain_keystone_config('auth/methods').with_value('password, token, openid')
+        is_expected.to contain_keystone_config('openid/remote_id_attribute').with_value('<SERVICE DEFAULT>')
       end
 
       it { is_expected.to contain_concat__fragment('configure_openidc_keystone').with({