From fc7deed9cd7877406561450def1227192d5e0425 Mon Sep 17 00:00:00 2001
From: Bartosz Bezak <bartosz@stackhpc.com>
Date: Tue, 3 Oct 2023 14:12:00 +0200
Subject: [PATCH] Default keystone user role changed to member

_member_ role is a long not used default keystone role,
for instance Horizon moved to use member role from yoga [1]

[1] https://docs.openstack.org/horizon/yoga/configuration/settings.html#openstack-keystone-default-role

Closes-Bug: #2038314
Change-Id: Idc9bce82c682e37c5bea10c93577091b85f3ad45
---
 ansible/group_vars/all.yml                                   | 2 +-
 ansible/library/kolla_toolbox.py                             | 2 +-
 .../notes/change-default-keystone-role-386974967adfed65.yaml | 5 +++++
 3 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/change-default-keystone-role-386974967adfed65.yaml

diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
index abe5ab66d0..1c1abe63a2 100644
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@@ -993,7 +993,7 @@ fernet_token_allow_expired_window: 172800
 # expiry and allow expired window, multiple active keys will be necessary.
 fernet_key_rotation_interval: "{{ fernet_token_expiry + fernet_token_allow_expired_window }}"
 
-keystone_default_user_role: "_member_"
+keystone_default_user_role: "member"
 
 # OpenStack authentication string. You should only need to override these if you
 # are changing the admin tenant/project or user.
diff --git a/ansible/library/kolla_toolbox.py b/ansible/library/kolla_toolbox.py
index 42c37194c7..388d678add 100644
--- a/ansible/library/kolla_toolbox.py
+++ b/ansible/library/kolla_toolbox.py
@@ -93,7 +93,7 @@ EXAMPLES = '''
         container_engine: docker
         module_name: os_keystone_role
         module_args:
-          name: _member_
+          name: member
           auth: "{{ '{{ openstack_keystone_auth }}' }}"
         module_extra_vars:
           openstack_keystone_auth:
diff --git a/releasenotes/notes/change-default-keystone-role-386974967adfed65.yaml b/releasenotes/notes/change-default-keystone-role-386974967adfed65.yaml
new file mode 100644
index 0000000000..c19ccd6678
--- /dev/null
+++ b/releasenotes/notes/change-default-keystone-role-386974967adfed65.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    Default keystone user role has been changed from deprecated role
+    ``_member_`` to ``member`` role.