AppCred service operator support

[Deydra71]

Jira: OSPRH-16627

This PR adds end-to-end support for consuming Keystone ApplicationCredentials (AC) in the Swift operator, enabling Swift Proxy pods to use AC-based authentication when available.

API changes:

Adds an optional authentication field to the Swift PRoxy CR:

spec.auth.applicationCredentialSecret — name of the Secret that contains the Keystone Application Credential ID and Secret (AC_ID and AC_SECRET).

Reconcile behavior:

Reads spec.auth.applicationCredentialSecret
Attempts to load AC_ID / AC_SECRET from the referenced Secret (via the Keystone helper).
If the secret is missing or incomplete, it falls back to password authentication (the AppCred auth is optional, not an error).

• Once the AC Secret is ready with valid AC_ID and AC_SECRET fields, templates AC credentials into Swift PRoxy configuration

• Computes hash of Secret contents and stores in configVars to trigger rolling updates when credentials rotate

Depends-On: openstack-k8s-operators/keystone-operator#567

[cschwede]

Please see my inline comment

[cschwede]

Looks like an unresolved merge conflict

[Deydra71]

Thanks for catching this up! Also I will soon push update to this PR anyway to reflect latest changes in keystone-operator

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Deydra71
Once this PR has been reviewed and has the lgtm label, please ask for approval from cschwede. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cschwede]

@Deydra71 Is the "do-not-merge/hold" label still valid or should this be merged?

[Deydra71]

@cschwede It's still valid. We need to merge the openstack-k8s-operators/keystone-operator#567 first, which will happen soon. I'm asking for final reviews, and will talk about it at the soonest operator's roundtable.

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/6cf6921b23044a5ea365e1f1b06cfa52

❌ openstack-k8s-operators-content-provider FAILURE in 6m 08s
⚠️ swift-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ swift-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/203a18225364481c9f57bad6b434fb24

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 44m 25s
❌ swift-operator-kuttl FAILURE in 54m 24s
✔️ swift-operator-tempest SUCCESS in 1h 19m 20s

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/4498829190ab41c3b20a8782390421df

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 49m 30s
❌ swift-operator-kuttl RETRY_LIMIT in 9m 22s
✔️ swift-operator-tempest SUCCESS in 1h 22m 14s

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/1ae38461e58643e0ad225d0dbaf3b97e

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 06m 48s
✔️ swift-operator-kuttl SUCCESS in 42m 44s
❌ swift-operator-tempest RETRY_LIMIT in 9m 34s