From 6048b9c2f19de5719dfbd67bc4301241e332be72 Mon Sep 17 00:00:00 2001
From: Dave Wilde <dwilde@redhat.com>
Date: Fri, 13 Dec 2024 12:44:58 -0600
Subject: [PATCH] Update Federation Variable Names and Secrets

This updates the Federation variable names and secret keys to be more
descriptive and to match what the keystone-operator is expecting.
---
 Makefile                       | 4 ++--
 scripts/gen-input-kustomize.sh | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 64e28e0..44a2dd9 100644
--- a/Makefile
+++ b/Makefile
@@ -32,7 +32,7 @@ endif
 # encoded.  e.g. head --bytes=32 /dev/urandom | base64
 BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY ?= sEFmdFjDUqRM2VemYslV5yGNWjokioJXsg8Nrlc3drU=
 KEYSTONE_FEDERATION_CLIENT_SECRET ?= COX8bmlKAWn56XCGMrKQJj7dgHNAOl6f
-KEYSTONE_CRYPTO_PASSPHRASE ?= openstack
+KEYSTONE_FEDERATION_CRYPTO_PASSPHRASE ?= openstack
 
 # Allows overriding the cleanup command used in *_cleanup targets.
 # Useful in CI, to allow injectin kustomization in each operator CR directory
@@ -540,7 +540,7 @@ ${1}: export METADATA_SHARED_SECRET=${METADATA_SHARED_SECRET}
 ${1}: export HEAT_AUTH_ENCRYPTION_KEY=${HEAT_AUTH_ENCRYPTION_KEY}
 ${1}: export BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY=${BARBICAN_SIMPLE_CRYPTO_ENCRYPTION_KEY}
 ${1}: export KEYSTONE_FEDERATION_CLIENT_SECRET=${KEYSTONE_FEDERATION_CLIENT_SECRET}
-${1}: export KEYSTONE_CRYPTO_PASSPHRASE=${KEYSTONE_CRYPTO_PASSPHRASE}
+${1}: export KEYSTONE_FEDERATION_CRYPTO_PASSPHRASE=${KEYSTONE_FEDERATION_CRYPTO_PASSPHRASE}
 ${1}: export LIBVIRT_SECRET=${LIBVIRT_SECRET}
 ${1}: export STORAGE_CLASS=${STORAGE_CLASS}
 ${1}: export OUT=${OUT}
diff --git a/scripts/gen-input-kustomize.sh b/scripts/gen-input-kustomize.sh
index a4671d6..58c025f 100644
--- a/scripts/gen-input-kustomize.sh
+++ b/scripts/gen-input-kustomize.sh
@@ -44,8 +44,8 @@ if [ -z "$KEYSTONE_FEDERATION_CLIENT_SECRET" ]; then
     echo "Please set KEYSTONE_FEDERATION_CLIENT_SECRET"; exit 1
 fi
 
-if [ -z "$KEYSTONE_CRYPTO_PASSPHRASE" ]; then
-    echo "Please set KEYSTONE_CRYPTO_PASSPHRASE"; exit 1
+if [ -z "$KEYSTONE_FEDERATION_CRYPTO_PASSPHRASE" ]; then
+    echo "Please set KEYSTONE_FEDERATION_CRYPTO_PASSPHRASE"; exit 1
 fi
 
 if [ -z "$LIBVIRT_SECRET" ]; then
@@ -84,8 +84,8 @@ secretGenerator:
   - CinderPassword=${PASSWORD}
   - IronicPassword=${PASSWORD}
   - IronicInspectorPassword=${PASSWORD}
-  - KeystoneClientSecret=${KEYSTONE_FEDERATION_CLIENT_SECRET}
-  - KeystoneCryptoPassphrase=${KEYSTONE_CRYPTO_PASSPHRASE}
+  - KeystoneOIDCClientSecret=${KEYSTONE_FEDERATION_CLIENT_SECRET}
+  - KeystoneOIDCCryptoPassphrase=${KEYSTONE_FEDERATION_CRYPTO_PASSPHRASE}
   - OctaviaPassword=${PASSWORD}
   - OctaviaHeartbeatKey=${PASSWORD}
   - NovaPassword=${PASSWORD}