Skip to content

Application Credential support#610

Merged
openshift-merge-bot[bot] merged 1 commit intoopenstack-k8s-operators:mainfrom
afaranha:zdpr
Feb 5, 2026
Merged

Application Credential support#610
openshift-merge-bot[bot] merged 1 commit intoopenstack-k8s-operators:mainfrom
afaranha:zdpr

Conversation

@afaranha
Copy link

@afaranha afaranha commented Jan 14, 2026
edited by openshift-ci bot
Loading

Jira: OSPRH-20520

This PR adds end-to-end support for consuming Keystone ApplicationCredentials (AC) in the Heat operator, enabling Heat pods to use AC-based authentication when available.

API changes:

Adds an optional authentication field to the Heat CR:

spec.auth.applicationCredentialSecret — name of the Secret that contains the Keystone Application Credential ID and Secret (AC_ID and AC_SECRET).

Reconcile behavior:

Reads spec.auth.applicationCredentialSecret
Attempts to load AC_ID / AC_SECRET from the referenced Secret (via the Keystone helper). If the secret is missing or incomplete, it falls back to password authentication (the AppCred auth is optional, not an error).

Once the AC Secret is ready with valid AC_ID and AC_SECRET fields, templates AC credentials into Heat configuration

Computes hash of Secret contents and stores in configVars to trigger rolling updates when credentials rotate

Depends-On: openstack-k8s-operators/keystone-operator#567

@openshift-ci openshift-ci bot requested review from abays and rabi January 14, 2026 10:40
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 14, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/d17db98c48cf4b168dc923febc5a85fa

openstack-k8s-operators-content-provider FAILURE in 7m 17s
⚠️ heat-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 14, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/27fec0fb087b4313b44ea6ecd371cea9

openstack-k8s-operators-content-provider FAILURE in 6m 45s
⚠️ heat-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 14, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/cde2e04603834b228d365c71d968df3e

openstack-k8s-operators-content-provider FAILURE in 8m 38s
⚠️ heat-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@afaranha afaranha mentioned this pull request Jan 14, 2026
Closed
Deydra71
Deydra71 requested changes Jan 14, 2026
View reviewed changes
rabi
rabi reviewed Jan 15, 2026
View reviewed changes
rabi
rabi reviewed Jan 15, 2026
View reviewed changes
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 15, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/d361bd95bf444cae8e21987c4946ff2e

openstack-k8s-operators-content-provider FAILURE in 8m 27s
⚠️ heat-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@afaranha
Copy link
Author

afaranha commented Jan 19, 2026

/recheck

@xek
Copy link
Contributor

xek commented Jan 28, 2026

/retest

@rabi
Copy link
Contributor

rabi commented Jan 29, 2026

Please squash all 7 commits to a single one.

@xek xek force-pushed the zdpr branch 2 times, most recently from 3ec0025 to 9b39afc Compare January 29, 2026 14:29
@afaranha
Copy link
Author

afaranha commented Jan 29, 2026

/retest

@xek xek force-pushed the zdpr branch 2 times, most recently from e3ddd59 to 745eccc Compare January 29, 2026 15:30
@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Jan 29, 2026

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/heat-operator for 610,745eccc0796e1faae986c540d0a25dde519f46a6

@dmendiza
Copy link
Contributor

dmendiza commented Jan 29, 2026

/retest

rabi
rabi reviewed Jan 30, 2026
View reviewed changes
Copy link
Contributor

@rabi rabi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

few nits otherwise look good.

@xek
Copy link
Contributor

xek commented Jan 30, 2026

/retest

afaranha
afaranha commented Feb 4, 2026
View reviewed changes
Copy link
Author

@afaranha afaranha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Applied feedbacks

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Feb 4, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/53bf2dd43a6e4fc295d1ad278bf4dcb0

✔️ openstack-k8s-operators-content-provider SUCCESS in 40m 11s
heat-operator-tempest-multinode FAILURE in 20m 33s

rabi
rabi reviewed Feb 5, 2026
View reviewed changes
@fmount
Copy link
Contributor

fmount commented Feb 5, 2026

recheck

@xek @cursoragent @afaranha
Application Credential support
963f0e6 
Co-authored-by: Cursor <cursoragent@cursor.com>
@Deydra71 Deydra71 requested a review from rabi February 5, 2026 14:08
@lmiccini
Copy link
Contributor

lmiccini commented Feb 5, 2026

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 5, 2026
@fmount
Copy link
Contributor

fmount commented Feb 5, 2026

/approve
/lgtm

@lmiccini
Copy link
Contributor

lmiccini commented Feb 5, 2026

/approve

1 similar comment
@stuggi
Copy link
Contributor

stuggi commented Feb 5, 2026

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 5, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: afaranha, fmount, lmiccini, stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Feb 5, 2026
@openshift-merge-bot openshift-merge-bot bot merged commit 97ee6ba into openstack-k8s-operators:main Feb 5, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Deydra71 Deydra71 Deydra71 requested changes

@abays abays Awaiting requested review from abays

@rabi rabi Awaiting requested review from rabi

Assignees

@fmount fmount

@lmiccini lmiccini

@Deydra71 Deydra71

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@afaranha @xek @rabi @dmendiza @fmount @lmiccini @stuggi @Deydra71 @openshift-merge-robot