The patch [1] enabled two feature flags for keystone. Turns out the "security_compliance" feature flag needs extra settings to proper work, see [2] for more details. To finally enable this setting, we need to create an additional job that will customize keystone.conf. The attached change in Gerrithub.io removes the "security_compliance" setting, than, fixing this issue. [1] https://github.com/redhat-openstack/python-tempestconf/commit/354bdb46facc2329fa57305c246de84be7a156b4 [2] https://review.openstack.org/#/c/377004/
python-tempestconf-1.1.1 contains the fixes for this bug.
This feature (password rules) is not expected to be default enabled by any of the puppet based installer (packstack, director), so python-tempestconf MUST not enable it by default. It is default disabled in python-tempest, python-tempestconf just started to override it without considering the consequences.
Verification: automated tests using new python-tempestconf-1.1.1-1.el7ost package passed, bug is fixed in this version of python-tempestconf
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1245