Openstack auth error breaks HeatStack

Summary

After updating my password on Openstack platform, my HeatStack is in error with following status:

apiVersion: heatoperator.sylva/v1
kind: HeatStack
metadata:
  name: heatstack-capo-cluster-resources
  namespace: sylva-system
[...]
status:
  conditions:
  - lastTransitionTime: "2026-02-03T02:38:02Z"
    message: Failed to authenticate with OpenStack — please verify credentials, endpoint,
      or secret access
    observedGeneration: 42
    reason: AuthenticationFailure
    status: "False"
    type: Ready
  - lastTransitionTime: "2026-02-03T02:38:02Z"
    message: Failed to authenticate with OpenStack — please verify credentials, endpoint,
      or secret access
    observedGeneration: 42
    reason: AuthenticationFailure
    status: "True"
    type: Stalled
  failureMessage: Failed to authenticate with OpenStack — please verify credentials,
    endpoint, or secret access
  observedGeneration: 41
  stackid: heatstack-capo-cluster-resources      # <<<< invalid ID
  stackname: heatstack-capo-cluster-resources    # <<<< invalid Name

In operator logs, I can see:

2026-02-09T10:10:18Z    ERROR   Reconciler error        {"controller": "heatstack", "controllerGroup": "heatoperator.sylva", "controllerKind": "HeatStack", "HeatStack": {"name":"heatstack-capo-cluster-resources","namespace":"sylva-system"}, "namespace": "sylva-system", "name": "heatstack-capo-cluster-resources", "reconcileID": "8cc98965-fc47-421c-931e-5be9365d8745", "error": "Resource not found: [GET https://172.20.136.36:13009/v1/ffae57fa41a840de9a4ac26f62c54311/stacks/heatstack-capo-cluster-resources], error message: {\"code\": 404, \"title\": \"Not Found\", \"explanation\": \"The resource could not be found.\", \"error\": {\"type\": \"EntityNotFound\", \"traceback\": null, \"message\": \"The Stack (heatstack-capo-cluster-resources) could not be found.\"}}"}

This regression has been introduced by that change: sylva-projects/sylva-elements/heat-operator!268 (merged) that sets stack ID and name to the k8s object name in case of authentication errors, which prevents the operator from finding the stack once authentication issues are resolved.

Edited by Francois Eleouet