Force domain_password parameter to be defined

Having a default value for a password is not acceptable for security
purpose.  We should unset the default value so we make sure catalog fail
if no value is set.  It enforces our users to set a value and stop
opening a security problem.

Change-Id: I41b974f6ece39743bfc2ad922b2f0dad20aec469

manifests/keystone/domain.pp

@@ -14,7 +14,7 @@
 #   Keystone domain admin user email address. Defaults to 'heat_admin@localhost'.
 #
 # [*domain_password*]
-#   Keystone domain admin user password. Defaults to 'changeme'.
+#   (Required) Keystone domain admin user password.
 #
 # [*manage_domain*]
 #   Whether manage or not the domain creation.
@@ -31,10 +31,10 @@
 #   Defaults to 'true'.
 #
 class heat::keystone::domain (
+  $domain_password,
   $domain_name        = 'heat',
   $domain_admin       = 'heat_admin',
   $domain_admin_email = 'heat_admin@localhost',
-  $domain_password    = 'changeme',
   $manage_domain      = true,
   $manage_user        = true,
   $manage_role        = true,

releasenotes/notes/domain_password-b9e2e385ebf5d912.yaml

@@ -0,0 +1,5 @@
+---
+security:
+  - domain_password in heat::keystone::domain is now required and no default
+    value is provided.  It will make sure our users set the value so deployments
+    are more secure.