Skip to content

Appcred #599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
afaranha wants to merge 3 commits into from
Closed

Appcred #599

afaranha wants to merge 3 commits into from
+290 −4

Conversation

@afaranha
Copy link

@afaranha afaranha commented Nov 25, 2025

No description provided.

@afaranha
Add Application Credential support to heat-operator
e6da55b 
Implement AppCred support following patterns from barbican-operator:

Controllers (HeatAPI, HeatCfnAPI, HeatEngine):
- Add AC verification call in reconcileNormal using VerifyApplicationCredentialsForService
- Add acSecretFn watcher to trigger reconciliation when ac-heat-secret changes
- Register AC secret watcher in SetupWithManager

Configuration template (templates/heat/config/00-default.conf):
- Update [trustee] section with conditional AC/password authentication
- Update [keystone_authtoken] section with conditional AC/password authentication
- Use v3applicationcredential auth_type when AC secret exists

Template parameter generation (heat_controller.go):
- Check for ac-heat-secret in generateServiceSecrets
- Set UseApplicationCredentials, ACID, and ACSecret template parameters
- Fall back to password authentication if AC secret doesn't exist

Functional tests:
- Add test case for Heat with ApplicationCredential
- Verify config contains application_credential_id and application_credential_secret
- Verify auth_type=v3applicationcredential is used
@afaranha
Fix AppCred functional test assertion
69e0a5f 
The test was incorrectly checking that [trustee] section shouldn't exist.
The section should exist but use v3applicationcredential auth_type
instead of password auth_type.
@afaranha
Update AppCred
51b7318
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 25, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: afaranha
Once this PR has been reviewed and has the lgtm label, please assign abays for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot
Copy link
Contributor

openshift-merge-robot commented Nov 25, 2025

PR needs rebase.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 25, 2025

@afaranha: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/functional 51b7318 link true /test functional

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Nov 25, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/4248289017a64ac8aedff78937ca34b5

openstack-k8s-operators-content-provider FAILURE in 8m 56s
⚠️ heat-operator-tempest-multinode SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@afaranha afaranha closed this Nov 26, 2025
@afaranha
Copy link
Author

afaranha commented Nov 26, 2025

Closing in favor of #600

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frenzyfriday frenzyfriday Awaiting requested review from frenzyfriday

@olliewalsh olliewalsh Awaiting requested review from olliewalsh

Assignees

No one assigned

Labels

needs-rebase

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@afaranha @openshift-merge-robot