Use right PKI defaults

The common cookbook has been updated to make PKI the default token
provider in keystone. This patch updates the specs to match that.

The default PKI key size is double what the default value in the
cookbook is. This patch updates it.

Change-Id: Ic17c572f7aa67f88b8f6f2ed31968d043f1abb73
Partial-Bug: #1312927

attributes/default.rb

@@ -75,7 +75,7 @@ default['openstack']['identity']['signing']['basedir'] = '/etc/keystone/ssl'
 default['openstack']['identity']['signing']['certfile'] = '/etc/keystone/ssl/certs/signing_cert.pem'
 default['openstack']['identity']['signing']['keyfile'] = '/etc/keystone/ssl/private/signing_key.pem'
 default['openstack']['identity']['signing']['ca_certs'] = '/etc/keystone/ssl/certs/ca.pem'
-default['openstack']['identity']['signing']['key_size'] = '1024'
+default['openstack']['identity']['signing']['key_size'] = '2048'
 default['openstack']['identity']['signing']['valid_days'] = '3650'
 default['openstack']['identity']['signing']['ca_password'] = nil
 

spec/server_spec.rb

@@ -98,13 +98,13 @@ describe 'openstack-identity::server' do
       let(:ssl_dir) { '/etc/keystone/ssl' }
 
       describe 'without pki' do
+        before { node.set['openstack']['auth']['strategy'] = 'uuid' }
         it 'does not create' do
           expect(chef_run).not_to create_directory(ssl_dir)
         end
       end
 
       describe 'with pki' do
-        before { node.set['openstack']['auth']['strategy'] = 'pki' }
         let(:dir_resource) { chef_run.directory(ssl_dir) }
 
         it 'creates' do
@@ -135,6 +135,7 @@ describe 'openstack-identity::server' do
       let(:cmd) { 'keystone-manage pki_setup' }
 
       describe 'without pki' do
+        before { node.set['openstack']['auth']['strategy'] = 'uuid' }
         it 'does not execute' do
           expect(chef_run).to_not run_execute(cmd).with(
             user: 'keystone',
@@ -144,8 +145,6 @@ describe 'openstack-identity::server' do
       end
 
       describe 'with pki' do
-        before { node.set['openstack']['auth']['strategy'] = 'pki' }
-
         it 'executes' do
           ::FileTest.should_receive(:exists?)
             .with('/etc/keystone/ssl/private/signing_key.pem')
@@ -400,15 +399,13 @@ describe 'openstack-identity::server' do
           certfile: '/etc/keystone/ssl/certs/signing_cert.pem',
           keyfile: '/etc/keystone/ssl/private/signing_key.pem',
           ca_certs: '/etc/keystone/ssl/certs/ca.pem',
-          key_size: '1024',
+          key_size: '2048',
           valid_days: '3650',
           ca_password: nil
         }
 
         describe 'with pki' do
           it 'configures cert options' do
-            node.set['openstack']['auth']['strategy'] = 'pki'
-
             opts.each do |key, val|
               r = line_regexp("#{key} = #{val}")
               expect(chef_run).to render_file(path).with_content(r)
@@ -417,6 +414,7 @@ describe 'openstack-identity::server' do
         end
 
         describe 'without pki' do
+          before { node.set['openstack']['auth']['strategy'] = 'uuid' }
           it 'does not configure cert options' do
             opts.each do |key, val|
               expect(chef_run).not_to render_file(path).with_content(