Application Credential support#812
Application Credential support#812openshift-merge-bot[bot] merged 1 commit intoopenstack-k8s-operators:mainfrom
Conversation
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
Deydra71
force-pushed
the
appcred-support
branch
from
c523b51 to
72a7594
Compare
Deydra71
force-pushed
the
appcred-support
branch
from
72a7594 to
9a85e7f
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
Deydra71
force-pushed
the
appcred-support
branch
from
9a85e7f to
64b4e37
Compare
Deydra71
force-pushed
the
appcred-support
branch
from
64b4e37 to
77f7cfe
Compare
Deydra71
force-pushed
the
appcred-support
branch
from
77f7cfe to
684db01
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
Deydra71
force-pushed
the
appcred-support
branch
from
684db01 to
29f6ba9
Compare
Deydra71
force-pushed
the
appcred-support
branch
from
29f6ba9 to
470bb65
Compare
|
Merge Failed. This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset. |
|
@Deydra71 @stuggi I have an additional though based on how we configure both swift and cinder backends for glance:
Using [1] https://github.com/openstack/glance_store/blob/master/glance_store/_drivers/cinder/store.py#L435 |
@fmount yeah, we need to add this support in cinder and swift store. Then based on those changes we need to populate them via glance-operator.
|
|
Also @Deydra71 because we deploy keystone in kuttl as a dependency, we should add this scenario to ensure some coverage. |
Deydra71
force-pushed
the
appcred-support
branch
from
470bb65 to
bde81dc
Compare
Deydra71
force-pushed
the
appcred-support
branch
from
bde81dc to
c67fc05
Compare
xek
force-pushed
the
appcred-support
branch
3 times, most recently
from
0114546 to
373d024
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/5050fa73d3b64876b3f22ac95cc6481b ❌ openstack-k8s-operators-content-provider FAILURE in 12m 12s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/0b93c8022a244477ac8ae9d3cb588a97 ❌ openstack-k8s-operators-content-provider FAILURE in 15m 31s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/02d157db4a98477b93064bb59b5a52ce ❌ openstack-k8s-operators-content-provider FAILURE in 12m 43s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/7c38d661c55d47f1a71f26a60686497e ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 48m 20s |
|
recheck |
xek
force-pushed
the
appcred-support
branch
3 times, most recently
from
0f68f98 to
d18bcb4
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/5810322e21a145f496b3131c7a9d892d ✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 14m 25s |
|
recheck |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/6476fac26fe74ed7816160502f21e74f ❌ openstack-k8s-operators-content-provider TIMED_OUT in 30m 59s |
Deydra71
force-pushed
the
appcred-support
branch
from
d18bcb4 to
3c08d96
Compare
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/88c1345458254fb693c37c3a7987a16c ❌ openstack-k8s-operators-content-provider FAILURE in 7m 05s |
Deydra71
force-pushed
the
appcred-support
branch
from
3c08d96 to
a15750f
Compare
Deydra71
force-pushed
the
appcred-support
branch
from
a15750f to
966c5c2
Compare
Co-authored-by: Veronika Fisarova <vfisarov@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
Deydra71
force-pushed
the
appcred-support
branch
from
966c5c2 to
4a87f6f
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Deydra71, fmount The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit de34ba4
into
openstack-k8s-operators:main
8 participants
Jira: OSPRH-16625
This PR adds end-to-end support for consuming Keystone ApplicationCredentials (AC) in the Glance operator, enabling Glance API pods to use AC-based authentication when available.
Reconcile:
API changes:
Adds an optional authentication field to the Glance API CR:
spec.auth.applicationCredentialSecret— name of the Secret that contains the Keystone Application Credential ID and Secret (AC_ID and AC_SECRET).Reconcile behavior:
Reads
spec.auth.applicationCredentialSecretAttempts to load AC_ID / AC_SECRET from the referenced Secret (via the Keystone helper).
If the secret is missing or incomplete, it falls back to password authentication (the AppCred auth is optional, not an error).
Once the AC Secret is ready with valid AC_ID and AC_SECRET fields, templates AC credentials into Glance configuration
Computes hash of Secret contents and stores in configVars to trigger rolling updates when credentials rotate
RBAC permissions:
Added read permissions for secrets resources to allow fetching AC secrets.
Jira: https://issues.redhat.com/browse/OSPRH-22958
Depends-On: openstack-k8s-operators/keystone-operator#567