Unsetting the security_compliance flag

Turns out we need additional changes in "keystone.conf" file to make
it work properly and this should not be enabled by default.

Closes-bug: bz#1443133

Change-Id: Ibf0ea806f5c76a14372fa0c08cdef308245a6cbe

config_tempest/config_tempest.py

@@ -831,18 +831,12 @@ def configure_keystone_feature_flags(conf, services):
     supported_versions = services.get('identity', {}).get('versions', [])
     for version in supported_versions:
         major, minor = version.split('.')[:2]
-        # We are going to enable two feature flags that are available
-        # after version 3.6: one related to domain specific roles and
-        # another one related to the security compliance feature.
-        # For more information, see
-        # https://developer.openstack.org/api-ref/identity/v3
+        # Enable the domain specific roles feature flag. For more information,
+        # see https://developer.openstack.org/api-ref/identity/v3
         if major == 'v3' and int(minor) >= 6:
             conf.set('identity-feature-enabled',
                      'forbid_global_implied_dsr',
                      'True')
-            conf.set('identity-feature-enabled',
-                     'security_compliance',
-                     'True')
 
 
 def configure_boto(conf, services):

config_tempest/tests/test_config_tempest.py

@@ -320,9 +320,6 @@ class TestConfigTempest(BaseConfigTempestTest):
         self.assertEqual(
             self.conf.get('identity-feature-enabled',
                           'forbid_global_implied_dsr'), 'True')
-        self.assertEqual(
-            self.conf.get('identity-feature-enabled',
-                          'security_compliance'), 'True')
 
     def test_configure_boto(self):
         tool.configure_boto(self.conf, self.FAKE_SERVICES)