From 7326ffbe6b01c8f08e7f5f37e78c72b0008ac615 Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Mon, 29 Aug 2016 21:13:49 +0000
Subject: [PATCH] Allow upgrade to create fernet keys for credentials

With the addition of encrypted credentials, keystone needs the ability to read
encryption keys from a repository in order to create credentials. This commit
makes it so that when keystone is upgraded from Mitaka to Newton, we run
`keystone-manage credential_setup` to ensure a directory exists on the system.

Depends-On: Ib06c86a17e585f43bfa8aedf3d5e89d3163cc9da
Change-Id: Id3e8922adc154cfec5f7a36613e22eb0b49eeffe
partially-implements: credential-encryption
---
 .../10_keystone/from-mitaka/upgrade-keystone     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 projects/10_keystone/from-mitaka/upgrade-keystone

diff --git a/projects/10_keystone/from-mitaka/upgrade-keystone b/projects/10_keystone/from-mitaka/upgrade-keystone
new file mode 100644
index 00000000..d56eee69
--- /dev/null
+++ b/projects/10_keystone/from-mitaka/upgrade-keystone
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+# ``upgrade-keystone``
+
+function configure_keystone_upgrade {
+    local xtrace
+    xtrace=$(set +o | grep xtrace)
+    set -o xtrace
+
+    # Run `keysetone-manage credential_setup` to ensure keystone has a fernet
+    # key repository to encrypt and decrypt credentials.
+    $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF credential_setup
+
+    # reset to previous state
+    $xtrace
+}