Skip to content

[rosa-consolidated] Add service account (client-id/client-secret) authentication support#9832

Open
makirill wants to merge 5 commits into
developmentfrom
rosa-consolidated-hcp
Open

[rosa-consolidated] Add service account (client-id/client-secret) authentication support#9832
makirill wants to merge 5 commits into
developmentfrom
rosa-consolidated-hcp

Conversation

@makirill

@makirill makirill commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator
SUMMARY
  • Add support for ROSA CLI login using service account client credentials (--client-id / --client-secret) as the preferred authentication method, with existing token-based login as fallback
  • Add configurable rosa_api_url variable (defaults to https://api.openshift.com)
  • Update documentation with both authentication options

The ROSA CLI login in rosa-consolidated previously only supported token-based authentication (rosa login --token). This change adds support for service account credentials, which are preferred by automation.

Auth priority:

  1. If rosa_sa_client_id and rosa_sa_secret are set → use rosa login --url --client-id --client-secret
  2. Otherwise → fall back to existing token-based login

New variables (in default_vars.yml):

  • rosa_sa_client_id — service account client ID (default: "")
  • rosa_sa_secret — service account client secret (default: "")
  • rosa_api_url — ROSA API URL (default: https://api.openshift.com)

Files changed:

  • default_vars.yml — new variable defaults
  • software.yml — login logic + token warning logic updated
  • destroy_env.yml — login logic updated
  • README.adoc — documents both auth options
ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME
  • rosa-consolidated

Comment thread ansible/configs/rosa-consolidated/destroy_env.yml Outdated
@makirill makirill marked this pull request as ready for review July 2, 2026 23:50
@makirill makirill requested a review from a team as a code owner July 2, 2026 23:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants