pre-deploy kustomization to enable ApplicationCredentials (ZDPR) globally

Set OpenStackControlPlane.spec.applicationCredential.enabled=true by
a replace patch applied pre-deploy. This enables Keystone Application
Credentials to support zero-downtime password rotation for service users.

Signed-off-by: Milana Levy [email protected]
Signed-off-by: Milana Levy <[email protected]>

Author: millevy

hooks/playbooks/ZDPR-pre-deploy.yaml

@@ -0,0 +1,35 @@
+---
+# Copyright Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+- name: Configure ZDPR Application Credentials in OpenStackControlPlane 
+  hosts: "{{ cifmw_target_hook_host | default('localhost') }}"
+  tasks:
+    - name: Create Kustomization to enable AppCreds (ZDPR)
+      ansible.builtin.copy:
+        dest: "{{ cifmw_basedir }}/artifacts/manifests/kustomizations/controlplane/openstackcontrolplane-applicationcredentials.yaml" 
+        content: |-
+          apiVersion: kustomize.config.k8s.io/v1beta1
+          kind: Kustomization
+          resources:
+          - namespace: {{ namespace }}
+          patches:
+          - target:
+              kind: OpenStackControlPlane
+              name: .*
+            patch: |-
+              - op: replace
+                path: /spec/applicationCredential/enabled
+                value: true
+        mode: "0644"