From b2a515d52d37832317e63b3942157f8b1f1689b4 Mon Sep 17 00:00:00 2001
From: Vladimir Kozhukalov <kozhukalov@gmail.com>
Date: Wed, 29 Oct 2025 13:34:43 -0500
Subject: [PATCH] [keystone] Use keystone native wsgi script

Change-Id: I6c18c67c2a3d868352a5a80aac2ab99dcfd09c8f
Signed-off-by: Vladimir Kozhukalov <kozhukalov@gmail.com>
---
 keystone/templates/bin/_keystone-api.sh.tpl        | 10 ++++------
 keystone/templates/bin/_wsgi.py.tpl                |  5 -----
 keystone/templates/configmap-bin.yaml              |  2 --
 keystone/templates/deployment-api.yaml             |  4 ----
 releasenotes/notes/keystone-dab27a4eeaab96d1.yaml  |  7 +++++++
 values_overrides/keystone/2024.1-ubuntu_jammy.yaml |  2 --
 values_overrides/keystone/2024.2-ubuntu_jammy.yaml |  2 --
 values_overrides/keystone/2025.1-ubuntu_jammy.yaml |  2 --
 values_overrides/keystone/2025.1-ubuntu_noble.yaml |  2 --
 9 files changed, 11 insertions(+), 25 deletions(-)
 delete mode 100644 keystone/templates/bin/_wsgi.py.tpl
 create mode 100644 releasenotes/notes/keystone-dab27a4eeaab96d1.yaml

diff --git a/keystone/templates/bin/_keystone-api.sh.tpl b/keystone/templates/bin/_keystone-api.sh.tpl
index afa0275651..9aa11c463e 100644
--- a/keystone/templates/bin/_keystone-api.sh.tpl
+++ b/keystone/templates/bin/_keystone-api.sh.tpl
@@ -22,15 +22,13 @@ function start () {
 
   for KEYSTONE_WSGI_SCRIPT in keystone-wsgi-public; do
     script_path="$(type -p ${KEYSTONE_WSGI_SCRIPT} || true)"
-    if [[ -n "$script_path" ]]; then
-        cp -a "$script_path" /var/www/cgi-bin/keystone/
+    if [[ -z "$script_path" ]]; then
+        # In 2025.2 the keystone-wsgi-public script was removed.
+        script_path=$(python3 -c "import sysconfig; print(sysconfig.get_paths()['purelib'])")/keystone/wsgi/api.py
     fi
+    cp -a "$script_path" /var/www/cgi-bin/keystone/wsgi.py
   done
 
-  # In 2025.2 the keystone-wsgi-public script was removed.
-  # We have to use the wsgi module directly.
-  cp -a /tmp/wsgi.py /var/www/cgi-bin/keystone/
-
   {{- if .Values.conf.software.apache2.a2enmod }}
     {{- range .Values.conf.software.apache2.a2enmod }}
   a2enmod {{ . }}
diff --git a/keystone/templates/bin/_wsgi.py.tpl b/keystone/templates/bin/_wsgi.py.tpl
deleted file mode 100644
index f69d0ccdab..0000000000
--- a/keystone/templates/bin/_wsgi.py.tpl
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/var/lib/openstack/bin/python3
-
-from keystone.server.wsgi import initialize_public_application
-
-application = initialize_public_application()
diff --git a/keystone/templates/configmap-bin.yaml b/keystone/templates/configmap-bin.yaml
index a5908450e3..45512d3ec5 100644
--- a/keystone/templates/configmap-bin.yaml
+++ b/keystone/templates/configmap-bin.yaml
@@ -43,8 +43,6 @@ data:
 {{- include "helm-toolkit.scripts.db_drop" . | indent 4 }}
   keystone-api.sh: |
 {{ tuple "bin/_keystone-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  wsgi.py: |
-{{ tuple "bin/_wsgi.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   endpoint-update.py: |
 {{ tuple "bin/_endpoint-update.py.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   fernet-manage.py: |
diff --git a/keystone/templates/deployment-api.yaml b/keystone/templates/deployment-api.yaml
index 976f3e035d..8d8a1292ac 100644
--- a/keystone/templates/deployment-api.yaml
+++ b/keystone/templates/deployment-api.yaml
@@ -141,10 +141,6 @@ spec:
               mountPath: /tmp/keystone-api.sh
               subPath: keystone-api.sh
               readOnly: true
-            - name: keystone-bin
-              mountPath: /tmp/wsgi.py
-              subPath: wsgi.py
-              readOnly: true
 {{- if .Values.endpoints.ldap.auth.client.tls.ca }}
             - name: keystone-ldap-tls
               mountPath: /etc/keystone/ldap/tls.ca
diff --git a/releasenotes/notes/keystone-dab27a4eeaab96d1.yaml b/releasenotes/notes/keystone-dab27a4eeaab96d1.yaml
new file mode 100644
index 0000000000..3d4f249bf0
--- /dev/null
+++ b/releasenotes/notes/keystone-dab27a4eeaab96d1.yaml
@@ -0,0 +1,7 @@
+---
+keystone:
+  - |
+    Use Keystone native wsgi script keystone/wsgi/api.py
+    instead of the wsgi wrapper script provided by the
+    keystone chart.
+...
diff --git a/values_overrides/keystone/2024.1-ubuntu_jammy.yaml b/values_overrides/keystone/2024.1-ubuntu_jammy.yaml
index 761e78e4ca..0c2942b860 100644
--- a/values_overrides/keystone/2024.1-ubuntu_jammy.yaml
+++ b/values_overrides/keystone/2024.1-ubuntu_jammy.yaml
@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2024.1-ubuntu_jammy"
     ks_user: "quay.io/airshipit/heat:2024.1-ubuntu_jammy"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...
diff --git a/values_overrides/keystone/2024.2-ubuntu_jammy.yaml b/values_overrides/keystone/2024.2-ubuntu_jammy.yaml
index 85509beb40..9310032dd9 100644
--- a/values_overrides/keystone/2024.2-ubuntu_jammy.yaml
+++ b/values_overrides/keystone/2024.2-ubuntu_jammy.yaml
@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2024.2-ubuntu_jammy"
     ks_user: "quay.io/airshipit/heat:2024.2-ubuntu_jammy"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...
diff --git a/values_overrides/keystone/2025.1-ubuntu_jammy.yaml b/values_overrides/keystone/2025.1-ubuntu_jammy.yaml
index eeab6b79b8..9ca8cf1e46 100644
--- a/values_overrides/keystone/2025.1-ubuntu_jammy.yaml
+++ b/values_overrides/keystone/2025.1-ubuntu_jammy.yaml
@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_jammy"
     ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_jammy"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...
diff --git a/values_overrides/keystone/2025.1-ubuntu_noble.yaml b/values_overrides/keystone/2025.1-ubuntu_noble.yaml
index d3edd3dbc0..a9a271c0cc 100644
--- a/values_overrides/keystone/2025.1-ubuntu_noble.yaml
+++ b/values_overrides/keystone/2025.1-ubuntu_noble.yaml
@@ -13,6 +13,4 @@ images:
     keystone_fernet_rotate: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
     keystone_fernet_setup: "quay.io/airshipit/keystone:2025.1-ubuntu_noble"
     ks_user: "quay.io/airshipit/heat:2025.1-ubuntu_noble"
-conf:
-  wsgi_script_name: keystone-wsgi-public
 ...