Ensure [openid] remote_id_attribute is purged

... so that an old value is not left.

Change-Id: Ife69c518416f523e2d8b8c07455e1f1d9d65defc

manifests/federation/openidc.pp

@@ -116,7 +116,7 @@
 # [*remote_id_attribute*]
 #  (Optional) Value to be used to obtain the entity ID of the Identity
 #  Provider from the environment.
-#  Defaults to undef.
+#  Defaults to $facts['os_service_default'].
 #
 # [*template_order*]
 #  This number indicates the order for the concat::fragment that will apply
@@ -153,7 +153,7 @@ class keystone::federation::openidc (
   $memcached_servers              = undef,
   $redis_server                   = undef,
   $redis_password                 = undef,
-  $remote_id_attribute            = undef,
+  $remote_id_attribute            = $facts['os_service_default'],
   $template_order                 = 331,
 ) {
 
@@ -212,13 +212,8 @@ class keystone::federation::openidc (
   }
 
   keystone_config {
-    'auth/methods': value => join(any2array($methods),',');
+    'auth/methods':               value => join(any2array($methods),',');
-  }
+    'openid/remote_id_attribute': value => $remote_id_attribute;
-
-  if $remote_id_attribute {
-    keystone_config {
-      'openid/remote_id_attribute': value => $remote_id_attribute;
-    }
   }
 
   concat::fragment { 'configure_openidc_keystone':

spec/classes/keystone_federation_openidc_spec.rb

@@ -63,6 +63,7 @@ describe 'keystone::federation::openidc' do
     context 'with only required parameters' do
       it 'should have basic params for openidc in Keystone configuration' do
         is_expected.to contain_keystone_config('auth/methods').with_value('password, token, openid')
+        is_expected.to contain_keystone_config('openid/remote_id_attribute').with_value('<SERVICE DEFAULT>')
       end
 
       it { is_expected.to contain_concat__fragment('configure_openidc_keystone').with({