1. Proposed title of this feature request

ObjectBucketClaim credentials should use secretRef

2. What is the nature and description of the request?

The ObjectBucketClaim API does not allow a user to specify the credentials to be used in a secretRef, rather it generates a secret with a random set of credentials.

This RFE is to allow the ObjectBucketClaim to use a secretRef to reference an existing secret for cedentials (both ID and access key) to use directly instead of randomly generating them. 

3. Why does the customer need this? (List the business requirements here)

There a number of reasons why this RFE is important:

• The OBC API is not useable with GitOps since many Red Hat and third party products cannot consume the secret directly. This requires the GitOps user to create a complicated post-sunc hook job in order to extract the credentials from the generated secret to populate the required configuration in the other product.

An example of this can be seen with ACM's Observability here:

https://github.com/redhat-cop/gitops-catalog/blob/main/advanced-cluster-management/instance/observability/02-install-observability.yaml#L47

• Some Red Hat products require the use of the same credential across all buckets, this is impossible to achieve with MCG/Noobaa unless you manually create the buckets using the Noobaa API/CLI. Red Hat Trusted Profile Analyzer is an example of this, in fact they deploy Minio to handle this instead of using a Red Hat product (ODF/MCG)

• When integrating MCG with external applications there is a need to coordinate secrets across different teams and orgs where pre-generated a secret is easier to manage.

• When backing up and restoring you need to have the same credentials on the restore.

• Enterprises may have policies around credentials that the randomly generated secret does not confirm to.

4. List any affected packages or components.

OpenShift Data Foundation
MultiCloud Gateway