`ConsoleDefender` credentials values not used

Describe the bug

credentials.accessToken, credentials.license, credentials.password, and credentials.username do not appear to work at all. When deploying a ConsoleDefender with these values specified the ansible fails to create the user, deploy the license, etc citing those values being empty.

Expected behavior

These values should be passed in to the tasks and be used for user creation, license setup, etc.

Current behavior

The values appear to be ignored and not used at all.

Possible solution

I'll take the license example and walk through my guess at what's happening?

license: "{{ lookup('env', 'PCC_LICENSE') | default(credentials.license) }}"

This var does a lookup of the PCC_LICENSE env and then if that fails uses the default of credentials.license. I'm not skilled with Ansible at all, but from some preliminary reading it appears that the lookup used here will simply return an empty string rather than a "null/none". I suspect that the default here is not used when a value (even if empty string) is returned.

From some preliminary reading ansible_env.PCC_LICENSE may be an alternative to this that fails when the env doesn't exist.

Steps to reproduce

Deploy the operator without a secret for pcc-credentials,

Deploy a ConsoleDefender like the below:

apiVersion: pcc.paloaltonetworks.com/v1alpha1
kind: ConsoleDefender
metadata:
name: pcc-consoleplusdefender
namespace: twistlock
spec:
orchestrator: "kubernetes"
consoleConfig:
serviceType: ClusterIP
credentials:
license: "licensehere"
accessToken: "tokenhere"
username: "admin"
password: "password"
defenderConfig:
docker: false
namespace: twistlock

Validate that it fails to create the user/license (view the operator logs).

Additional Info

I have also opened https://github.com/PaloAltoNetworks/prisma-cloud-compute-operator/issues/9 which is somewhat related/may affect similar pieces of the code if there is consensus that it should be added.

PaloAltoNetworks / prisma-cloud-compute-operator