openstack: Add TODOs to remove unused secrets, config maps

We'll actually resolve this separately to avoid conflating things in one
PR.

We also fix a type and group two similar secrets that we are creating.

Signed-off-by: Stephen Finucane <[email protected]>

Author: stephenfin

control-plane-operator/controllers/hostedcontrolplane/cloud/openstack/providerconfig.go

@@ -29,8 +29,16 @@ func ReconcileCloudConfigSecret(platformSpec *hyperv1.OpenStackPlatformSpec, sec
 	config := getCloudConfig(platformSpec, credentialsSecret, caCertData, machineNetwork)
 	if caCertData != nil {
 		secret.Data[CASecretKey] = caCertData
+		// TODO(stephenfin): Both csi-operator (for Manila and Cinder CSI) and
+		// cluster-storage-operator now uses the certs from 'cacert', meaning
+		// this is no longer necessary. It is only kept here temporarily to
+		// ease upgrades. Remove in 4.20+
 		secret.Data[CABundleKey] = caCertData
 	}
+	// TODO(stephenfin): Neither cinder nor manila CSI drivers (as deployed by
+	// csi-operator) consume configuration from this secret: cinder sources it
+	// from the config map, and manila does its own special thing. Remove in
+	// 4.20+
 	secret.Data[CloudConfigKey] = []byte(config)
 
 	return nil

control-plane-operator/hostedclusterconfigoperator/controllers/resources/resources.go

@@ -1569,9 +1569,9 @@ func (r *reconciler) reconcileCloudCredentialSecrets(ctx context.Context, hcp *h
 		caCertData := openstack.GetCACertFromCredentialsSecret(credentialsSecret)
 		errs = append(errs,
 			r.reconcileOpenStackCredentialsSecret(ctx, hcp.Spec.Platform.OpenStack, "openshift-cluster-csi-drivers", "openstack-cloud-credentials", credentialsSecret, caCertData, hcp.Spec.Networking.MachineNetwork),
+			r.reconcileOpenStackCredentialsSecret(ctx, hcp.Spec.Platform.OpenStack, "openshift-cluster-csi-drivers", "manila-cloud-credentials", credentialsSecret, caCertData, hcp.Spec.Networking.MachineNetwork),
 			r.reconcileOpenStackCredentialsSecret(ctx, hcp.Spec.Platform.OpenStack, "openshift-image-registry", "installer-cloud-credentials", credentialsSecret, caCertData, hcp.Spec.Networking.MachineNetwork),
 			r.reconcileOpenStackCredentialsSecret(ctx, hcp.Spec.Platform.OpenStack, "openshift-cloud-network-config-controller", "cloud-credentials", credentialsSecret, caCertData, hcp.Spec.Networking.MachineNetwork),
-			r.reconcileOpenStackCredentialsSecret(ctx, hcp.Spec.Platform.OpenStack, "openshift-cluster-csi-drivers", "manila-cloud-credentials", credentialsSecret, caCertData, hcp.Spec.Networking.MachineNetwork),
 		)
 	case hyperv1.PowerVSPlatform:
 		createPowerVSSecret := func(srcSecret, destSecret *corev1.Secret) error {
@@ -1649,7 +1649,7 @@ func (r *reconciler) reconcileCloudCredentialSecrets(ctx context.Context, hcp *h
 	return errs
 }
 
-// reconcileOpenStackCredentialsSecret is a wrapper used to reconcile the OpenStack cloud config secrets.
+// reconcileOpenStackCredentialsSecret is a wrapper used to reconcile the OpenStack credentials secrets.
 func (r *reconciler) reconcileOpenStackCredentialsSecret(ctx context.Context, platformSpec *hyperv1.OpenStackPlatformSpec, namespace, name string, credentialsSecret *corev1.Secret, caCertData []byte, machineNetwork []hyperv1.MachineNetworkEntry) error {
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{