openstack-k8s-operators
diff --git a/‎api/bases/nova.openstack.org_nova.yaml‎
Lines changed: 10 additions & 0 deletions b/‎api/bases/nova.openstack.org_nova.yaml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎api/go.mod‎
Lines changed: 1 addition & 1 deletion b/‎api/go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/go.sum‎
Lines changed: 2 additions & 2 deletions b/‎api/go.sum‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎api/v1beta1/common_types.go‎
Lines changed: 9 additions & 0 deletions b/‎api/v1beta1/common_types.go‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎api/v1beta1/conditions.go‎
Lines changed: 3 additions & 0 deletions b/‎api/v1beta1/conditions.go‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎api/v1beta1/nova_types.go‎
Lines changed: 5 additions & 0 deletions b/‎api/v1beta1/nova_types.go‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎api/v1beta1/nova_webhook.go‎
Lines changed: 1 addition & 1 deletion b/‎api/v1beta1/nova_webhook.go‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 16 additions & 0 deletions b/‎api/v1beta1/zz_generated.deepcopy.go‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎config/crd/bases/nova.openstack.org_nova.yaml‎
Lines changed: 10 additions & 0 deletions b/‎config/crd/bases/nova.openstack.org_nova.yaml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎config/manifests/bases/nova-operator.clusterserviceversion.yaml‎
Lines changed: 9 additions & 0 deletions b/‎config/manifests/bases/nova-operator.clusterserviceversion.yaml‎
Lines changed: 9 additions & 0 deletions
@@ -371,6 +371,16 @@ spec:
                 description: APITimeout for Route and Apache
                 minimum: 10
                 type: integer
+              auth:
+                description: Auth - Parameters related to authentication (shared by
+                  all Nova services)
+                properties:
+                  applicationCredentialSecret:
+                    description: |-
+                      ApplicationCredentialSecret - the name of the k8s Secret that contains the
+                      application credential data used for authentication
+                    type: string
+                type: object
               cellTemplates:
                 additionalProperties:
                   description: |-
 
@@ -39,7 +39,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/onsi/ginkgo/v2 v2.27.4 // indirect
+	github.com/onsi/ginkgo/v2 v2.27.5 // indirect
 	github.com/onsi/gomega v1.39.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.22.0 // indirect
 
@@ -74,8 +74,8 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd
 github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/onsi/ginkgo/v2 v2.27.4 h1:fcEcQW/A++6aZAZQNUmNjvA9PSOzefMJBerHJ4t8v8Y=
-github.com/onsi/ginkgo/v2 v2.27.4/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
+github.com/onsi/ginkgo/v2 v2.27.5 h1:ZeVgZMx2PDMdJm/+w5fE/OyG6ILo1Y3e+QX4zSR0zTE=
+github.com/onsi/ginkgo/v2 v2.27.5/go.mod h1:ArE1D/XhNXBXCBkKOLkbsb2c81dQHCRcF5zwn/ykDRo=
 github.com/onsi/gomega v1.39.0 h1:y2ROC3hKFmQZJNFeGAMeHZKkjBL65mIZcvrLQBF9k6Q=
 github.com/onsi/gomega v1.39.0/go.mod h1:ZCU1pkQcXDO5Sl9/VVEGlDyp+zm0m1cmeG5TOzLgdh4=
 github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20260123105816-865d02e287a9 h1:tD6nnTRcyUCXdVMWPHLApk12tzQlQni5eoxvQ8XdbP8=
 
@@ -104,6 +104,15 @@ type PasswordSelector struct {
 	PrefixMetadataCellsSecret string `json:"prefixMetadataCellsSecret"`
 }
 
+// AuthSpec defines authentication parameters for Nova services
+type AuthSpec struct {
+	// +kubebuilder:validation:Optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	// ApplicationCredentialSecret - the name of the k8s Secret that contains the
+	// application credential data used for authentication
+	ApplicationCredentialSecret string `json:"applicationCredentialSecret,omitempty"`
+}
+
 // NovaImages defines container images used by top level Nova CR
 type NovaImages struct {
 	// +kubebuilder:validation:Required
 
@@ -134,6 +134,9 @@ const (
 	// InputReadyWaitingMessage
 	InputReadyWaitingMessage = "Input data resources missing: %s"
 
+	// NovaApplicationCredentialSecretErrorMessage
+	NovaApplicationCredentialSecretErrorMessage = "Error with application credential secret"
+
 	// NovaCellReadyInitMessage
 	NovaCellReadyInitMessage = "The status of NovaCell %s is unknown"
 
 
@@ -131,6 +131,11 @@ type NovaSpecCore struct {
 	// Avoid colocating it with RabbitMqClusterName, APIMessageBusInstance or CellMessageBusInstance used for RPC.
 	// For particular Nova cells, notifications cannot be disabled, nor configured differently.
 	NotificationsBusInstance *string `json:"notificationsBusInstance,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// +operator-sdk:csv:customresourcedefinitions:type=spec
+	// Auth - Parameters related to authentication (shared by all Nova services)
+	Auth AuthSpec `json:"auth,omitempty"`
 }
 
 // NovaSpec defines the desired state of Nova
 
@@ -26,10 +26,10 @@ import (
 	"fmt"
 
 	"github.com/google/go-cmp/cmp"
+	topologyv1 "github.com/openstack-k8s-operators/infra-operator/apis/topology/v1beta1"
 	service "github.com/openstack-k8s-operators/lib-common/modules/common/service"
 	"github.com/robfig/cron/v3"
 
-	topologyv1 "github.com/openstack-k8s-operators/infra-operator/apis/topology/v1beta1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 
@@ -371,6 +371,16 @@ spec:
                 description: APITimeout for Route and Apache
                 minimum: 10
                 type: integer
+              auth:
+                description: Auth - Parameters related to authentication (shared by
+                  all Nova services)
+                properties:
+                  applicationCredentialSecret:
+                    description: |-
+                      ApplicationCredentialSecret - the name of the k8s Secret that contains the
+                      application credential data used for authentication
+                    type: string
+                type: object
               cellTemplates:
                 additionalProperties:
                   description: |-
 
@@ -107,6 +107,15 @@ spec:
       - description: TLS - Parameters related to the TLS
         displayName: TLS
         path: apiServiceTemplate.tls
+      - description: Auth - Parameters related to authentication (shared by all Nova
+          services)
+        displayName: Auth
+        path: auth
+      - description: |-
+          ApplicationCredentialSecret - the name of the k8s Secret that contains the
+          application credential data used for authentication
+        displayName: Application Credential Secret
+        path: auth.applicationCredentialSecret
       - description: TLS - Parameters related to the TLS
         displayName: TLS
         path: cellTemplates.metadataServiceTemplate.tls