{% set keystone_dir = 'apache2/conf-enabled' if kolla_base_distro in ['ubuntu', 'debian'] else 'httpd/conf.d' %}
{% set apache_user = 'www-data' if kolla_base_distro in ['ubuntu', 'debian'] else 'apache' %}
{
    "command": "/usr/bin/keystone-startup.sh",
    "config_files": [
        {
            "source": "{{ container_config_directory }}/keystone-startup.sh",
            "dest": "/usr/bin/keystone-startup.sh",
            "owner": "root",
            "perm": "0755"
        },
        {
            "source": "{{ container_config_directory }}/keystone.conf",
            "dest": "/etc/keystone/keystone.conf",
            "owner": "keystone",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/keystone-paste.ini",
            "dest": "/etc/keystone/keystone-paste.ini",
            "owner": "keystone",
            "perm": "0600",
            "optional": true
        },
        {
            "source": "{{ container_config_directory }}/domains",
            "dest": "/etc/keystone/domains",
            "owner": "keystone",
            "perm": "0600",
            "optional": true
        }{% if keystone_policy_file is defined %},
        {
            "source": "{{ container_config_directory }}/{{ keystone_policy_file }}",
            "dest": "/etc/keystone/{{ keystone_policy_file }}",
            "owner": "keystone",
            "perm": "0600"
        }{% endif %},
        {
            "source": "{{ container_config_directory }}/wsgi-keystone.conf",
            "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
            "owner": "keystone",
            "perm": "0600"
        }{% if keystone_enable_tls_backend | bool %},
        {
            "source": "{{ container_config_directory }}/keystone-cert.pem",
            "dest": "/etc/keystone/certs/keystone-cert.pem",
            "owner": "keystone",
            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/keystone-key.pem",
            "dest": "/etc/keystone/certs/keystone-key.pem",
            "owner": "keystone",
            "perm": "0600"
        }{% endif %}
        {% if keystone_enable_federation_openid | bool %},
        {
            "source": "{{ container_config_directory }}/federation/oidc/metadata",
            "dest": "{{ keystone_container_federation_oidc_metadata_folder }}",
            "owner": "{{ apache_user }}:{{ apache_user }}",
            "perm": "0600",
            "merge": true
        },
        {
            "source": "{{ container_config_directory }}/federation/oidc/cert",
            "dest": "{{ keystone_container_federation_oidc_idp_certificate_folder }}",
            "owner": "{{ apache_user }}:{{ apache_user }}",
            "perm": "0600",
            "merge": true
        }
        {% endif %}
    ],
    "permissions": [
        {
            "path": "/var/log/kolla",
            "owner": "keystone:kolla"
        },
        {
            "path": "/var/log/kolla/keystone/keystone.log",
            "owner": "keystone:keystone"
        },{% if keystone_enable_federation_openid %}
        {
            "path": "{{ keystone_container_federation_oidc_metadata_folder }}",
            "owner": "{{ apache_user }}:{{ apache_user }}",
            "perm": "0700"
        },
        {
            "path": "{{ keystone_container_federation_oidc_idp_certificate_folder }}",
            "owner": "{{ apache_user }}:{{ apache_user }}",
            "perm": "0700"
        },{% endif %}
        {
            "path": "/etc/keystone/fernet-keys",
            "owner": "keystone:keystone",
            "perm": "0770"
        },
        {
            "path": "/etc/keystone/domains",
            "owner": "keystone:keystone",
            "perm": "0700"
        }
    ]
}