Skip to content

Application Credential support #364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Deydra71 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Application Credential support #364

Deydra71 wants to merge 1 commit into from
+118 −7

Conversation

@Deydra71
Copy link
Contributor

@Deydra71 Deydra71 commented Nov 11, 2025
edited
Loading

Jira: OSPRH-16629

Adds the end-to-end support for consuming Keystone ApplicationCredentials (AC) in the Placement operator, enabling Placement pods to use AC-based authentication when available.

Depends-On: openstack-k8s-operators/keystone-operator#567

@openshift-ci openshift-ci bot requested review from auniyal61 and gibizer November 11, 2025 12:40
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 11, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Deydra71
Once this PR has been reviewed and has the lgtm label, please assign auniyal61 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Nov 25, 2025

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/keystone-operator for 567,560a7f552956fc9c80fece28fc7e7b01b59c2274

mrkisaolamb
mrkisaolamb reviewed Dec 5, 2025
View reviewed changes
Copy link
Contributor

@mrkisaolamb mrkisaolamb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than these small comments, everything looks good. So once we land the keystone-operator changes, we should be ready to go with this patch as well. I don't see any issues with the update/upgrade path. The only thing worth adding might be a kuttl test with the new secret

Makefile
DEFAULT_IMG ?= quay.io/openstack-k8s-operators/placement-operator:latest
IMG ?= $(DEFAULT_IMG)
# ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
ENVTEST_K8S_VERSION = 1.31
Copy link
Contributor

@mrkisaolamb mrkisaolamb Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why we downgrade this requirements?

Copy link
Contributor Author

@Deydra71 Deydra71 Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for catching this! Probably an old remnant of local testing..

test/functional/placementapi_controller_test.go
conf := configSecret.Data["placement.conf"]

Expect(conf).To(ContainSubstring("application_credential_id = test-ac-id"))
Expect(conf).To(ContainSubstring("application_credential_secret = test-ac-secret"))
Copy link
Contributor

@mrkisaolamb mrkisaolamb Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add also negative assert for username, password etc, also to be sure that we cover all changes in conf we should also assert auth_type

@Deydra71
Application Credential support
0cd688b 
Adds the end-to-end support for consuming Keystone ApplicationCredentials (AC) in the Placement operator, enabling Placement pod to use AC-based authentication when available.

Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 15, 2025

@Deydra71: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/placement-operator-build-deploy-kuttl 0cd688b link true /test placement-operator-build-deploy-kuttl

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrkisaolamb mrkisaolamb mrkisaolamb left review comments

@auniyal61 auniyal61 Awaiting requested review from auniyal61

@gibizer gibizer Awaiting requested review from gibizer

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Deydra71 @mrkisaolamb