Deprecate support for member_role_id/name

... because these parameters were already removed from keystone by [1].

[1] c838d93c35fdacae5f5bd77a55c62978b8a0b138

Change-Id: Ib7642c957d51c59606ba033b86a6f989c034459e

manifests/init.pp

@@ -316,18 +316,6 @@
 #   qualification those resources goes into "Default" domain.  See README.
 #   Defaults to undef (will use built-in Keystone default)
 #
-# [*member_role_id*]
-#   (Optional) Similar to the member_role_name option, this represents the
-#   default role ID used to associate users with their default projects in the
-#   v2 API. This will be used as the explicit role where one is not specified
-#   by the v2 API.
-#   Defaults to $::os_service_default
-#
-# [*member_role_name*]
-#   (Optional) # This is the role name used in combination with the
-#   member_role_id option; see that option for more detail.
-#   Defaults to $::os_service_default
-#
 # [*policy_driver*]
 #   Policy backend driver. (string value)
 #   Defaults to $::os_service_default.
@@ -401,6 +389,18 @@
 #   (Optional) If set, use this value for max_overflow with sqlalchemy.
 #   Defaults to: undef
 #
+# [*member_role_id*]
+#   (Optional) Similar to the member_role_name option, this represents the
+#   default role ID used to associate users with their default projects in the
+#   v2 API. This will be used as the explicit role where one is not specified
+#   by the v2 API.
+#   Defaults to undef
+#
+# [*member_role_name*]
+#   (Optional) # This is the role name used in combination with the
+#   member_role_id option; see that option for more detail.
+#   Defaults to undef
+#
 # == Authors
 #
 #   Dan Bode dan@puppetlabs.com
@@ -464,8 +464,6 @@ class keystone(
   $credential_key_repository            = '/etc/keystone/credential-keys',
   $credential_keys                      = false,
   $default_domain                       = undef,
-  $member_role_id                       = $::os_service_default,
-  $member_role_name                     = $::os_service_default,
   $policy_driver                        = $::os_service_default,
   $using_domain_config                  = false,
   $domain_config_directory              = '/etc/keystone/domains',
@@ -483,6 +481,8 @@ class keystone(
   $database_retry_interval              = undef,
   $database_max_pool_size               = undef,
   $database_max_overflow                = undef,
+  $member_role_id                       = undef,
+  $member_role_name                     = undef,
 ) inherits keystone::params {
 
   include keystone::deps
@@ -540,6 +540,20 @@ removed in a future realse. Use keystone::db::database_max_pool_size instead')
 removed in a future realse. Use keystone::db::database_max_overflow instead')
   }
 
+  if $member_role_id != undef {
+    warning('The keystone::member_role_id parameter is deprecated and has no effect')
+  }
+
+  if $member_role_name != undef {
+    warning('The keystone::member_role_name parameter is deprecated and has no effect')
+  }
+
+  # TODO(tkajinam): Remove this when removing member_role_* parameters
+  keystone_config {
+    'DEFAULT/member_role_id':   ensure => absent;
+    'DEFAULT/member_role_name': ensure => absent;
+  }
+
   package { 'keystone':
     ensure => $package_ensure,
     name   => $::keystone::params::package_name,
@@ -557,11 +571,6 @@ removed in a future realse. Use keystone::db::database_max_overflow instead')
     purge  => $purge_config,
   }
 
-  keystone_config {
-    'DEFAULT/member_role_id':   value => $member_role_id;
-    'DEFAULT/member_role_name': value => $member_role_name;
-  }
-
   # Endpoint configuration
   keystone_config {
     'DEFAULT/public_endpoint': value => $public_endpoint;

releasenotes/notes/deprecate-member_role-e99b3344b50af47b.yaml

@@ -0,0 +1,6 @@
+---
+deprecations:
+  - |
+    The ``member_role_id`` parameter and the ``member_role_name`` parameter
+    of the ``keystone`` class have been deprecated and have no effect now.
+    These parameters will be removed in a future release.

spec/classes/keystone_init_spec.rb

@@ -32,8 +32,6 @@ describe 'keystone' do
 
       it 'should set the default values' do
         is_expected.to contain_resources('keystone_config').with({ :purge => false })
-        is_expected.to contain_keystone_config('DEFAULT/member_role_id').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_keystone_config('DEFAULT/member_role_name').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('<SERVICE DEFAULT>')
         is_expected.to contain_keystone_config('token/expiration').with_value(3600)
         is_expected.to contain_keystone_config('identity/password_hash_algorithm').with_value('<SERVICE DEFAULT>')
@@ -107,8 +105,6 @@ describe 'keystone' do
       let :params do
         {
           :purge_config                 => true,
-          :member_role_id               => 'someid',
-          :member_role_name             => 'member',
           :public_endpoint              => 'http://127.0.0.1:5000',
           :token_expiration             => 7200,
           :password_hash_algorithm      => 'bcrypt',
@@ -128,8 +124,6 @@ describe 'keystone' do
 
       it 'should set the overridden values' do
         is_expected.to contain_resources('keystone_config').with({ :purge => true })
-        is_expected.to contain_keystone_config('DEFAULT/member_role_id').with_value('someid')
-        is_expected.to contain_keystone_config('DEFAULT/member_role_name').with_value('member')
         is_expected.to contain_keystone_config('DEFAULT/public_endpoint').with_value('http://127.0.0.1:5000')
         is_expected.to contain_keystone_config('token/expiration').with_value(7200)
         is_expected.to contain_keystone_config('identity/password_hash_algorithm').with_value('bcrypt')