From 9db6f8cc090752b7fdf1cae29f4cf337789a1e93 Mon Sep 17 00:00:00 2001
From: Tobias Urdin <tobias.urdin@binero.se>
Date: Tue, 20 Nov 2018 20:39:24 +0100
Subject: [PATCH] Change default member role to member

A (long) time ago keystone-bootstrap changed the
default member role that is created to member from
the legacy _member_ role.

This changes the default value in horizon to conform
with what is the actual default when bootstrapping
keystone.

Deployments that might still be using _member_ should
set this explicitly.

Change-Id: I8c18b585c71817ec7c5450c425e2ec7bc9a83f18
---
 manifests/init.pp                                    |  4 ++--
 ...hange-keystone-default-role-fe630805edb631f4.yaml | 12 ++++++++++++
 spec/classes/horizon_init_spec.rb                    |  2 +-
 templates/local_settings.py.erb                      |  2 +-
 4 files changed, 16 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/change-keystone-default-role-fe630805edb631f4.yaml

diff --git a/manifests/init.pp b/manifests/init.pp
index a3c6826b..fc1bf908 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -62,7 +62,7 @@
 #    (optional) Full url of keystone public endpoint. (Defaults to 'http://127.0.0.1:5000')
 #
 #  [*keystone_default_role*]
-#    (optional) Default Keystone role for new users. Defaults to '_member_'.
+#    (optional) Default Keystone role for new users. Defaults to 'member'.
 #
 #  [*django_debug*]
 #    (optional) Enable or disable Django debugging. Defaults to 'False'.
@@ -466,7 +466,7 @@ class horizon(
   $manage_memcache_package             = true,
   $horizon_app_links                   = false,
   $keystone_url                        = 'http://127.0.0.1:5000',
-  $keystone_default_role               = '_member_',
+  $keystone_default_role               = 'member',
   $django_debug                        = 'False',
   $site_branding                       = undef,
   $openstack_endpoint_type             = undef,
diff --git a/releasenotes/notes/change-keystone-default-role-fe630805edb631f4.yaml b/releasenotes/notes/change-keystone-default-role-fe630805edb631f4.yaml
new file mode 100644
index 00000000..977d5922
--- /dev/null
+++ b/releasenotes/notes/change-keystone-default-role-fe630805edb631f4.yaml
@@ -0,0 +1,12 @@
+features:
+  - |
+    The default keystone role horizon::keystone_default_role is changed from
+    _member_ to member to conform with what keystone-bootstrap creates.
+    This sets the OPENSTACK_KEYSTONE_DEFAULT_ROLE configuration option in
+    local_settings.
+upgrade:
+  - |
+    The default keystone role horizon::keystone_default_role is changed from
+    _member_ to member. This sets the OPENSTACK_KEYSTONE_DEFAULT_ROLE config
+    option in local_settings, if you still require or use the _member_ role
+    as default you need to set this explicitly.
diff --git a/spec/classes/horizon_init_spec.rb b/spec/classes/horizon_init_spec.rb
index faabc60f..1566d666 100644
--- a/spec/classes/horizon_init_spec.rb
+++ b/spec/classes/horizon_init_spec.rb
@@ -64,7 +64,7 @@ describe 'horizon' do
           'HORIZON_CONFIG["images_panel"] = "legacy"',
           "SECRET_KEY = 'elj1IWiLoWHgcyYxFVLj7cM5rGOOxWl0'",
           'OPENSTACK_KEYSTONE_URL = "http://127.0.0.1:5000"',
-          'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"',
+          'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"',
           "    'can_set_mount_point': True,",
           "    'can_set_password': False,",
           "    'enable_distributed_router': False,",
diff --git a/templates/local_settings.py.erb b/templates/local_settings.py.erb
index 713193e3..ee73f3b1 100644
--- a/templates/local_settings.py.erb
+++ b/templates/local_settings.py.erb
@@ -270,7 +270,7 @@ AVAILABLE_REGIONS = [
 
 #OPENSTACK_HOST = "127.0.0.1"
 #OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
-#OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
+#OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
 OPENSTACK_KEYSTONE_URL = "<%= @keystone_url %>"
 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "<%= @keystone_default_role %>"