The keystone_openrc_env_vars snippet unconditionally emitted OS_USERNAME
and OS_PASSWORD environment variables sourced from a Kubernetes secret.
This made it impossible to use alternative keystoneauth plugins (such as
`v3oidcaccesstoken or other federated auth methods) in ks-service,
ks-endpoints, ks-user, and bootstrap jobs without forking the templates.
Add two optional parameters to the snippet:
- exclude_vars: list of default env var names to omit
- extra_vars: list of additional env var entries to inject, supporting
static values, secretKeyRef, and configMapKeyRef
The configuration is driven by identity.openrc values and is fully
backwards-compatible — charts that do not set these values produce
identical output to before.
Change-Id: I37d3b7b34af8d9cf616546a1c61ecb4185f5e928
Signed-off-by: Marek Skrobacki <skrobul@skrobul.com>
Marek Skrobacki
fcf1cd19a7