Revert "Configures Heat to use Trusts by default"

- This is managed by the puppet-heat module itself,
  (https://review.openstack.org/126940).

This reverts commit 581a79ed8507a8ffe4388a67060e0b32899d4f86.

Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>

Conflicts:
	packstack/plugins/heat_750.py
	packstack/puppet/templates/heat_trusts.pp
	packstack/puppet/templates/provision_demo.pp
	packstack/puppet/templates/provision_tempest.pp

Change-Id: I61b06f6f2d7de9cbf32061437abef9c5d7860531

docs/packstack.rst

@@ -434,9 +434,6 @@ Heat Config Parameters
 **CONFIG_HEAT_KS_PW**
     The password to use for the Heat to authenticate with Keystone.
 
-**CONFIG_HEAT_USING_TRUSTS**
-    Set to 'y' if you would like Packstack to install heat with trusts as deferred auth method.  If not, the stored password method will be used.
-
 **CONFIG_HEAT_CLOUDWATCH_INSTALL**
     Set to 'y' if you would like Packstack to install Heat CloudWatch API.
 

packstack/plugins/heat_750.py

@@ -86,21 +86,6 @@ def initConfig(controller):
          "NEED_CONFIRM": False,
          "CONDITION": False},
 
-        {"CMD_OPTION": "os-heat-using-trusts",
-         "USAGE": ("Set to 'y' if you would like Packstack to install Heat "
-                   "with trusts as deferred auth method. "
-                   "If not, the stored password method will be used."),
-         "PROMPT": "Should Packstack configure Heat to use trusts",
-         "OPTION_LIST": ["y", "n"],
-         "VALIDATORS": [validators.validate_options],
-         "DEFAULT_VALUE": "y",
-         "MASK_INPUT": False,
-         "LOOSE_VALIDATION": False,
-         "CONF_NAME": "CONFIG_HEAT_USING_TRUSTS",
-         "USE_DEFAULT": False,
-         "NEED_CONFIRM": False,
-         "CONDITION": False},
-
         {"CMD_OPTION": "os-heat-cfn-install",
          "USAGE": ("Set to 'y' if you would like Packstack to install Heat "
                    "CloudFormation API"),
@@ -192,8 +177,6 @@ def create_manifest(config, messages):
     manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate(get_mq(config, "heat"))
     manifestdata += getManifestTemplate("heat.pp")
-    if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
-        manifestdata += getManifestTemplate("heat_trusts.pp")
 
     fw_details = dict()
     key = "heat"
@@ -212,10 +195,6 @@ def create_manifest(config, messages):
 def create_keystone_manifest(config, messages):
     manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
     manifestdata = getManifestTemplate("keystone_heat.pp")
-
-    if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
-        manifestdata += getManifestTemplate("keystone_heat_trusts.pp")
-
     appendManifestFile(manifestfile, manifestdata)
 
 

packstack/plugins/provision_700.py

@@ -270,11 +270,6 @@ def marshall_conf_bool(conf, key):
         conf[key] = False
 
 
-def using_heat(config):
-    if config['CONFIG_HEAT_INSTALL'] != "y":
-        config['CONFIG_HEAT_USING_TRUSTS'] = "n"
-
-
 def using_neutron(config):
     # Using the neutron or nova api servers as the provisioning target
     # will suffice for the all-in-one case.
@@ -295,7 +290,6 @@ def using_neutron(config):
 
 def create_demo_manifest(config, messages):
     using_neutron(config)
-    using_heat(config)
     manifest_file = '%s_provision_demo.pp' % config['CONFIG_CONTROLLER_HOST']
     manifest_data = getManifestTemplate("provision_demo.pp")
     appendManifestFile(manifest_file, manifest_data)
@@ -316,7 +310,6 @@ def create_storage_manifest(config, messages):
 
 def create_tempest_manifest(config, messages):
     using_neutron(config)
-    using_heat(config)
     manifest_file = '%s_provision_tempest.pp' % \
                     config['CONFIG_CONTROLLER_HOST']
     manifest_data = getManifestTemplate("provision_tempest.pp")

packstack/puppet/templates/heat.pp

@@ -10,6 +10,12 @@ class { 'heat::engine':
   auth_encryption_key           => hiera('CONFIG_HEAT_AUTH_ENC_KEY'),
 }
 
+keystone_user_role { 'admin@admin':
+  ensure  => present,
+  roles   => ['admin', '_member_', 'heat_stack_owner'],
+  require => Class['heat::engine'],
+}
+
 class { 'heat::keystone::domain':
   auth_url          => "http://${heat_cfg_ctrl_host}:35357/v2.0",
   keystone_admin    => 'admin',

packstack/puppet/templates/heat_trusts.pp

@@ -1,11 +0,0 @@
-
-heat_config {
-  'DEFAULT/deferred_auth_method'   : value => 'trusts';
-  'DEFAULT/trusts_delegated_roles' : value => 'heat_stack_owner';
-}
-
-keystone_user_role { 'admin@admin':
-  ensure => present,
-  roles  => ['admin', '_member_', 'heat_stack_owner'],
-}
-

packstack/puppet/templates/keystone_heat_trusts.pp

@@ -1,4 +0,0 @@
-
-keystone_role { 'heat_stack_owner':
-  ensure => present,
-}

packstack/puppet/templates/provision_demo.pp

@@ -8,9 +8,6 @@
   $admin_password            = hiera('CONFIG_KEYSTONE_ADMIN_PW')
   $admin_tenant_name         = 'admin'
 
-  # Heat Using Trusts
-  $heat_using_trusts         = hiera('CONFIG_HEAT_USING_TRUSTS')
-
   ## Neutron
   $public_network_name       = 'public'
   $public_subnet_name        = 'public_subnet'
@@ -37,7 +34,7 @@
     password => $password,
   }
 
-  if $heat_using_trusts == 'y' {
+  if hiera('CONFIG_HEAT_INSTALL') == 'y' {
     keystone_user_role { "${username}@${tenant_name}":
       ensure => present,
       roles  => ['_member_', 'heat_stack_owner'],

packstack/puppet/templates/provision_tempest.pp

@@ -19,9 +19,6 @@ if $provision_tempest_user != '' {
   $admin_password            = hiera('CONFIG_KEYSTONE_ADMIN_PW')
   $admin_tenant_name         = 'admin'
 
-  # Heat Using Trusts
-  $heat_using_trusts         = hiera('CONFIG_HEAT_USING_TRUSTS')
-
   ## Glance
   $image_name                = 'cirros'
   $image_source              = hiera('CONFIG_PROVISION_TEMPEST_CIRROS_URL')
@@ -76,7 +73,7 @@ if $provision_tempest_user != '' {
     password => $password,
   }
 
-  if $heat_using_trusts == 'y' {
+  if hiera('CONFIG_HEAT_INSTALL') == 'y' {
     keystone_user_role { "${username}@${tenant_name}":
       ensure => present,
       roles  => ['_member_', 'heat_stack_owner'],