Merge pull request #829 from Deydra71/appcred-support

Add Application Credential support

Author: openshift-merge-bot[bot]

api/bases/telemetry.openstack.org_autoscalings.yaml

@@ -70,6 +70,14 @@ spec:
                     default: 60
                     description: APITimeout for Route and Apache
                     type: integer
+                  auth:
+                    description: Auth - authentication settings for keystone integration
+                    properties:
+                      applicationCredentialSecret:
+                        description: ApplicationCredentialSecret - secret name for
+                          application credential
+                        type: string
+                    type: object
                   customConfigsSecretName:
                     description: |-
                       A name of a secret containing custom configuration files. Files

api/bases/telemetry.openstack.org_ceilometers.yaml

@@ -116,6 +116,14 @@ spec:
                 default: 60
                 description: APITimeout for Apache
                 type: integer
+              auth:
+                description: Auth - authentication settings for keystone integration
+                properties:
+                  applicationCredentialSecret:
+                    description: ApplicationCredentialSecret - secret name for application
+                      credential
+                    type: string
+                type: object
               centralImage:
                 type: string
               computeImage:

api/bases/telemetry.openstack.org_cloudkitties.yaml

@@ -52,6 +52,14 @@ spec:
                 default: 60
                 description: APITimeout for HAProxy, Apache, and rpc_response_timeout
                 type: integer
+              auth:
+                description: Auth - authentication settings for keystone integration
+                properties:
+                  applicationCredentialSecret:
+                    description: ApplicationCredentialSecret - secret name for application
+                      credential
+                    type: string
+                type: object
               cloudKittyAPI:
                 description: CloudKittyAPI - Spec definition for the API service of
                   this CloudKitty deployment

api/bases/telemetry.openstack.org_cloudkittyapis.yaml

@@ -48,6 +48,14 @@ spec:
           spec:
             description: CloudKittyAPISpec defines the desired state of CloudKittyAPI
             properties:
+              auth:
+                description: Auth - authentication settings for keystone integration
+                properties:
+                  applicationCredentialSecret:
+                    description: ApplicationCredentialSecret - secret name for application
+                      credential
+                    type: string
+                type: object
               containerImage:
                 description: ContainerImage - CloudKitty Container Image URL (will
                   be set to environmental default if empty)

api/bases/telemetry.openstack.org_cloudkittyprocs.yaml

@@ -53,6 +53,14 @@ spec:
             description: CloudKittyProcSpec defines the desired state of CloudKitty
               Processor
             properties:
+              auth:
+                description: Auth - authentication settings for keystone integration
+                properties:
+                  applicationCredentialSecret:
+                    description: ApplicationCredentialSecret - secret name for application
+                      credential
+                    type: string
+                type: object
               containerImage:
                 description: ContainerImage - CloudKitty Container Image URL (will
                   be set to environmental default if empty)

api/bases/telemetry.openstack.org_telemetries.yaml

@@ -73,6 +73,14 @@ spec:
                         default: 60
                         description: APITimeout for Route and Apache
                         type: integer
+                      auth:
+                        description: Auth - authentication settings for keystone integration
+                        properties:
+                          applicationCredentialSecret:
+                            description: ApplicationCredentialSecret - secret name
+                              for application credential
+                            type: string
+                        type: object
                       customConfigsSecretName:
                         description: |-
                           A name of a secret containing custom configuration files. Files
@@ -439,6 +447,14 @@ spec:
                     default: 60
                     description: APITimeout for Apache
                     type: integer
+                  auth:
+                    description: Auth - authentication settings for keystone integration
+                    properties:
+                      applicationCredentialSecret:
+                        description: ApplicationCredentialSecret - secret name for
+                          application credential
+                        type: string
+                    type: object
                   centralImage:
                     type: string
                   computeImage:
@@ -614,6 +630,14 @@ spec:
                     default: 60
                     description: APITimeout for HAProxy, Apache, and rpc_response_timeout
                     type: integer
+                  auth:
+                    description: Auth - authentication settings for keystone integration
+                    properties:
+                      applicationCredentialSecret:
+                        description: ApplicationCredentialSecret - secret name for
+                          application credential
+                        type: string
+                    type: object
                   cloudKittyAPI:
                     description: CloudKittyAPI - Spec definition for the API service
                       of this CloudKitty deployment

api/go.mod

@@ -38,6 +38,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/onsi/gomega v1.39.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.22.0 // indirect
 	github.com/prometheus/client_model v0.6.2 // indirect

api/go.sum

@@ -76,8 +76,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/onsi/ginkgo/v2 v2.27.3 h1:ICsZJ8JoYafeXFFlFAG75a7CxMsJHwgKwtO+82SE9L8=
 github.com/onsi/ginkgo/v2 v2.27.3/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
-github.com/onsi/gomega v1.38.3 h1:eTX+W6dobAYfFeGC2PV6RwXRu/MyT+cQguijutvkpSM=
-github.com/onsi/gomega v1.38.3/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4=
+github.com/onsi/gomega v1.39.0 h1:y2ROC3hKFmQZJNFeGAMeHZKkjBL65mIZcvrLQBF9k6Q=
+github.com/onsi/gomega v1.39.0/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4=
 github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20260108154501-11e5091cddf1 h1:zAbZVtpldi1TU/CO9aU2ZByzcsi+N3aIv6snpSjBVLY=
 github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20260108154501-11e5091cddf1/go.mod h1:ZXwFlspJCdZEUjMbmaf61t5AMB4u2vMyAMMoe/vJroE=
 github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20251230215914-6ba873b49a35 h1:pF3mJ3nwq6r4qwom+rEWZNquZpcQW/iftHlJ1KPIDsk=

api/v1beta1/autoscaling_types.go

@@ -142,6 +142,11 @@ type AodhCore struct {
 	// from this secret will get copied into /etc/aodh/ and they'll
 	// overwrite any default files already present there.
 	CustomConfigsSecretName string `json:"customConfigsSecretName,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	// Auth - authentication settings for keystone integration
+	Auth AuthSpec `json:"auth,omitempty"`
 }
 
 // AutoscalingSpec defines the desired state of Autoscaling

api/v1beta1/autoscaling_webhook.go

@@ -76,6 +76,8 @@ func (spec *AodhCore) Default() {
 	if spec.MemcachedInstance == "" {
 		spec.MemcachedInstance = "memcached"
 	}
+	// NOTE: ApplicationCredentialSecret is NOT defaulted here.
+	// AppCred is opt-in: only used when explicitly configured by the user.
 }
 
 // SetDefaultRouteAnnotations sets HAProxy timeout values of the route