From 58d9927112ce0553265108580ca1087312d1627d Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <tkajinam@redhat.com>
Date: Sun, 18 Apr 2021 23:22:05 +0900
Subject: [PATCH] Drop ResellerAdmin role from ceilometer user

The ResellerAdmin role is no longer required because ceilometer doesn't
comminucate with Swift directly but only via Gnocchi.

Change-Id: I8111890a588b84f18ff34bc85794963b905cb844
---
 manifests/keystone/auth.pp                            | 11 -----------
 .../notes/reseller-admin-45b1cad10ec19b99.yaml        |  5 +++++
 spec/classes/ceilometer_keystone_auth_spec.rb         |  6 ++----
 3 files changed, 7 insertions(+), 15 deletions(-)
 create mode 100644 releasenotes/notes/reseller-admin-45b1cad10ec19b99.yaml

diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index 7e1adb0f..571256fb 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -125,16 +125,5 @@ class ceilometer::keystone::auth (
     password            => $password,
     email               => $email,
     tenant              => $tenant,
-    roles               => ['admin', 'ResellerAdmin'],
   }
-
-  if $configure_user_role {
-    if !defined(Keystone_role['ResellerAdmin']) {
-      keystone_role { 'ResellerAdmin':
-        ensure => present,
-      }
-    }
-    Keystone_role['ResellerAdmin'] -> Keystone_user_role["${auth_name}@${tenant}"]
-  }
-
 }
diff --git a/releasenotes/notes/reseller-admin-45b1cad10ec19b99.yaml b/releasenotes/notes/reseller-admin-45b1cad10ec19b99.yaml
new file mode 100644
index 00000000..3e1c9354
--- /dev/null
+++ b/releasenotes/notes/reseller-admin-45b1cad10ec19b99.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The ``ResellerAdmin`` role is no longer assigned to the ceilometer user
+    in Keystone.
diff --git a/spec/classes/ceilometer_keystone_auth_spec.rb b/spec/classes/ceilometer_keystone_auth_spec.rb
index 0063ebf0..ca8e63b3 100644
--- a/spec/classes/ceilometer_keystone_auth_spec.rb
+++ b/spec/classes/ceilometer_keystone_auth_spec.rb
@@ -32,8 +32,7 @@ describe 'ceilometer::keystone::auth' do
 
       it 'configures ceilometer user roles' do
         is_expected.to contain_keystone_user_role("#{default_params[:auth_name]}@#{default_params[:tenant]}").with(
-          :ensure  => 'present',
-          :roles   => ['admin','ResellerAdmin']
+          :ensure => 'present',
         )
       end
     end
@@ -59,8 +58,7 @@ describe 'ceilometer::keystone::auth' do
 
       it 'configures ceilometer user roles' do
         is_expected.to contain_keystone_user_role("#{params[:auth_name]}@#{params[:tenant]}").with(
-          :ensure  => 'present',
-          :roles   => ['admin','ResellerAdmin']
+          :ensure => 'present',
         )
       end
     end