Merge "OpenID Connect certifiate file is optional" into stable/wallaby

Author: Zuul

ansible/roles/keystone/tasks/config-federation-oidc.yml

@@ -52,6 +52,7 @@
   with_items: "{{ keystone_identity_providers }}"
   when:
     - item.protocol == 'openid'
+    - item.certificate_file is defined
     - inventory_hostname in groups[keystone.group]
 
 - name: Copying OpenStack Identity Providers attribute mappings

doc/source/reference/shared-services/keystone-guide.rst

@@ -247,8 +247,8 @@ Identity provider's endpoint:
 certificate_file
 ****************
 
-Path to the Identity Provider certificate file, the file must be named as
-'certificate-key-id.pem'. E.g.
+Optional path to the Identity Provider certificate file.  If included,
+the file must be named as 'certificate-key-id.pem'. E.g.:
 
 .. code-block::