Application Credential support by Deydra71 · Pull Request #364 · openstack-k8s-operators/placement-operator

Deydra71 · 2025-11-11T12:40:28Z

Adds the end-to-end support for consuming Keystone ApplicationCredentials (AC) in the Placement operator, enabling Placement pods to use AC-based authentication when available.

API changes:

Adds an optional authentication field to the Placement CR:

spec.auth.applicationCredentialSecret — name of the Secret that contains the Keystone Application Credential ID and Secret (AC_ID and AC_SECRET).

Reconcile behavior:

Reads spec.auth.applicationCredentialSecret
Attempts to load AC_ID / AC_SECRET from the referenced Secret (via the Keystone helper).
If the secret is missing or incomplete, it falls back to password authentication (the AppCred auth is optional, not an error).

Once the AC Secret is ready with valid AC_ID and AC_SECRET fields, templates AC credentials into Placement service configuration
Computes hash of Secret contents and stores in configVars to trigger rolling updates when credentials rotate

Depends-On: openstack-k8s-operators/keystone-operator#567

softwarefactory-project-zuul · 2025-11-25T08:16:14Z

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/keystone-operator for 567,560a7f552956fc9c80fece28fc7e7b01b59c2274

mrkisaolamb

Other than these small comments, everything looks good. So once we land the keystone-operator changes, we should be ready to go with this patch as well. I don't see any issues with the update/upgrade path. The only thing worth adding might be a kuttl test with the new secret

auniyal61

the kuttl test fail - GetACSecretName exist in keystone operator now
its because of dependency bump, can be in next PS
along with Kamil comment on test

Rest of the PR lgtm and works in my local deployment, thanks

auniyal61 · 2026-01-21T06:23:31Z

+auth_type = v3applicationcredential
+application_credential_id = {{ .ACID }}
+application_credential_secret = {{ .ACSecret }}
+{{ else -}}


+1, changes are reflecting.

mrkisaolamb

lgtm

softwarefactory-project-zuul · 2026-01-28T11:08:57Z

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/placement-operator for 364,3743f2851cee24caa09067e3857575698fbfe511

softwarefactory-project-zuul · 2026-01-28T11:16:48Z

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/placement-operator for 364,e3b17e3e505a252be83cae3ab82eaca487cac3e7

softwarefactory-project-zuul · 2026-01-28T11:19:10Z

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/placement-operator for 364,b539de535188c5ccd47a31ed38a74cf1b969a56f

softwarefactory-project-zuul · 2026-01-28T11:21:06Z

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/placement-operator for 364,51a8ffca11239bba680206e3f1b7e9375f781ea8

xek · 2026-01-28T13:25:40Z

/retest-required

xek · 2026-01-28T16:26:16Z

/retest

vakwetu · 2026-01-28T21:46:31Z

/retest

auniyal61 · 2026-01-29T07:05:05Z

recheck

auniyal61 · 2026-01-29T07:06:02Z

/test placement-operator-build-deploy-kuttl

softwarefactory-project-zuul · 2026-01-29T15:33:02Z

Merge Failed.

This change or one of its cross-repo dependencies was unable to be automatically merged with the current state of its repository. Please rebase the change and upload a new patchset.
Warning:
Error merging github.com/openstack-k8s-operators/placement-operator for 364,036ffadcd4794805126f5e15abd63036c850a72f

Co-authored-by: Cursor <cursoragent@cursor.com>

vakwetu · 2026-01-29T16:52:20Z

/retest

xek · 2026-01-30T13:05:14Z

/retest

mrkisaolamb

lgtm

openshift-ci · 2026-02-02T14:36:41Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Deydra71, mrkisaolamb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [mrkisaolamb]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci Bot requested review from auniyal61 and gibizer November 11, 2025 12:40

Deydra71 force-pushed the appcred-support branch from 6c8e2ac to 09e4eb3 Compare November 13, 2025 12:43

Deydra71 force-pushed the appcred-support branch from 09e4eb3 to 2e641c2 Compare November 25, 2025 08:15

mrkisaolamb reviewed Dec 5, 2025

View reviewed changes

Comment thread Makefile

Comment thread test/functional/placementapi_controller_test.go

Deydra71 force-pushed the appcred-support branch from 2e641c2 to 2ca02e9 Compare December 5, 2025 11:57

Deydra71 force-pushed the appcred-support branch from 2ca02e9 to 0cd688b Compare December 15, 2025 11:29

Deydra71 force-pushed the appcred-support branch 4 times, most recently from aafb90e to e683b4d Compare January 8, 2026 11:14

auniyal61 reviewed Jan 21, 2026

View reviewed changes

Deydra71 force-pushed the appcred-support branch from e683b4d to 541dfe9 Compare January 23, 2026 08:08

mrkisaolamb approved these changes Jan 26, 2026

View reviewed changes

openshift-ci Bot assigned mrkisaolamb Jan 26, 2026

openshift-ci Bot added lgtm approved labels Jan 26, 2026

openshift-merge-robot added the needs-rebase label Jan 26, 2026

mrkisaolamb force-pushed the appcred-support branch from 541dfe9 to 4ab2eaf Compare January 27, 2026 11:28

openshift-ci Bot removed the lgtm label Jan 27, 2026

openshift-merge-robot removed the needs-rebase label Jan 27, 2026

xek force-pushed the appcred-support branch 2 times, most recently from 28880be to 3743f28 Compare January 28, 2026 11:07

openshift-merge-robot added the needs-rebase label Jan 28, 2026

xek force-pushed the appcred-support branch 3 times, most recently from b539de5 to 51a8ffc Compare January 28, 2026 11:13

xek force-pushed the appcred-support branch from 51a8ffc to ec14939 Compare January 28, 2026 11:25

openshift-merge-robot removed the needs-rebase label Jan 28, 2026

xek force-pushed the appcred-support branch from ec14939 to bb34e64 Compare January 28, 2026 11:57

xek force-pushed the appcred-support branch 3 times, most recently from b337941 to 036ffad Compare January 29, 2026 15:30

openshift-merge-robot added the needs-rebase label Jan 29, 2026

xek force-pushed the appcred-support branch from 036ffad to 3507bcb Compare January 29, 2026 15:35

openshift-merge-robot removed the needs-rebase label Jan 29, 2026

Application Credential support

c13cd52

Co-authored-by: Cursor <cursoragent@cursor.com>

xek force-pushed the appcred-support branch from 3507bcb to c13cd52 Compare January 29, 2026 15:46

mrkisaolamb approved these changes Feb 2, 2026

View reviewed changes

openshift-ci Bot added the lgtm label Feb 2, 2026

openshift-merge-bot Bot merged commit 7b903f2 into openstack-k8s-operators:main Feb 2, 2026
7 checks passed

Conversation

Deydra71 commented Nov 11, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

softwarefactory-project-zuul Bot commented Nov 25, 2025

Uh oh!

mrkisaolamb left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

auniyal61 left a comment

Choose a reason for hiding this comment

Uh oh!

auniyal61 Jan 21, 2026

Choose a reason for hiding this comment

Uh oh!

mrkisaolamb left a comment

Choose a reason for hiding this comment

Uh oh!

softwarefactory-project-zuul Bot commented Jan 28, 2026

Uh oh!

softwarefactory-project-zuul Bot commented Jan 28, 2026

Uh oh!

softwarefactory-project-zuul Bot commented Jan 28, 2026

Uh oh!

softwarefactory-project-zuul Bot commented Jan 28, 2026

Uh oh!

xek commented Jan 28, 2026

Uh oh!

xek commented Jan 28, 2026

Uh oh!

vakwetu commented Jan 28, 2026

Uh oh!

auniyal61 commented Jan 29, 2026

Uh oh!

auniyal61 commented Jan 29, 2026

Uh oh!

softwarefactory-project-zuul Bot commented Jan 29, 2026

Uh oh!

vakwetu commented Jan 29, 2026

Uh oh!

xek commented Jan 30, 2026

Uh oh!

mrkisaolamb left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-ci Bot commented Feb 2, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Deydra71 commented Nov 11, 2025 •

edited

Loading