Skip to content

Commit 535e8ef

Browse files
Deydra71Deydra71
committed
Adding roles, access rules and unrestricted AC support
Signed-off-by: Veronika Fisarova <[email protected]>
1 parent 6ed1e4b commit 535e8ef

File tree

11 files changed

+504
-9
lines changed

11 files changed

+504
-9
lines changed

apis/bases/core.openstack.org_openstackcontrolplanes.yaml

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,13 @@ spec:
4242
properties:
4343
applicationCredential:
4444
properties:
45+
accessRules:
46+
items:
47+
properties:
48+
service:
49+
type: string
50+
type: object
51+
type: array
4552
enabled:
4653
default: false
4754
type: boolean
@@ -53,6 +60,17 @@ spec:
5360
default: 7
5461
minimum: 1
5562
type: integer
63+
roles:
64+
default:
65+
- admin
66+
- service
67+
items:
68+
type: string
69+
minItems: 1
70+
type: array
71+
unrestricted:
72+
default: false
73+
type: boolean
5674
type: object
5775
x-kubernetes-validations:
5876
- message: gracePeriodDays must be smaller than expirationDays
@@ -188,6 +206,13 @@ spec:
188206
enabled: false
189207
nullable: true
190208
properties:
209+
accessRules:
210+
items:
211+
properties:
212+
service:
213+
type: string
214+
type: object
215+
type: array
191216
enabled:
192217
default: false
193218
type: boolean
@@ -197,6 +222,12 @@ spec:
197222
gracePeriodDays:
198223
minimum: 1
199224
type: integer
225+
roles:
226+
items:
227+
type: string
228+
type: array
229+
unrestricted:
230+
type: boolean
200231
type: object
201232
x-kubernetes-validations:
202233
- message: gracePeriodDays must be smaller than expirationDays
@@ -709,6 +740,13 @@ spec:
709740
enabled: false
710741
nullable: true
711742
properties:
743+
accessRules:
744+
items:
745+
properties:
746+
service:
747+
type: string
748+
type: object
749+
type: array
712750
enabled:
713751
default: false
714752
type: boolean
@@ -718,6 +756,12 @@ spec:
718756
gracePeriodDays:
719757
minimum: 1
720758
type: integer
759+
roles:
760+
items:
761+
type: string
762+
type: array
763+
unrestricted:
764+
type: boolean
721765
type: object
722766
x-kubernetes-validations:
723767
- message: gracePeriodDays must be smaller than expirationDays
@@ -3507,6 +3551,13 @@ spec:
35073551
enabled: false
35083552
nullable: true
35093553
properties:
3554+
accessRules:
3555+
items:
3556+
properties:
3557+
service:
3558+
type: string
3559+
type: object
3560+
type: array
35103561
enabled:
35113562
default: false
35123563
type: boolean
@@ -3516,6 +3567,12 @@ spec:
35163567
gracePeriodDays:
35173568
minimum: 1
35183569
type: integer
3570+
roles:
3571+
items:
3572+
type: string
3573+
type: array
3574+
unrestricted:
3575+
type: boolean
35193576
type: object
35203577
x-kubernetes-validations:
35213578
- message: gracePeriodDays must be smaller than expirationDays
@@ -8422,6 +8479,13 @@ spec:
84228479
enabled: false
84238480
nullable: true
84248481
properties:
8482+
accessRules:
8483+
items:
8484+
properties:
8485+
service:
8486+
type: string
8487+
type: object
8488+
type: array
84258489
enabled:
84268490
default: false
84278491
type: boolean
@@ -8431,6 +8495,12 @@ spec:
84318495
gracePeriodDays:
84328496
minimum: 1
84338497
type: integer
8498+
roles:
8499+
items:
8500+
type: string
8501+
type: array
8502+
unrestricted:
8503+
type: boolean
84348504
type: object
84358505
x-kubernetes-validations:
84368506
- message: gracePeriodDays must be smaller than expirationDays
@@ -9239,6 +9309,13 @@ spec:
92399309
enabled: false
92409310
nullable: true
92419311
properties:
9312+
accessRules:
9313+
items:
9314+
properties:
9315+
service:
9316+
type: string
9317+
type: object
9318+
type: array
92429319
enabled:
92439320
default: false
92449321
type: boolean
@@ -9248,6 +9325,12 @@ spec:
92489325
gracePeriodDays:
92499326
minimum: 1
92509327
type: integer
9328+
roles:
9329+
items:
9330+
type: string
9331+
type: array
9332+
unrestricted:
9333+
type: boolean
92519334
type: object
92529335
x-kubernetes-validations:
92539336
- message: gracePeriodDays must be smaller than expirationDays
@@ -11691,6 +11774,13 @@ spec:
1169111774
enabled: false
1169211775
nullable: true
1169311776
properties:
11777+
accessRules:
11778+
items:
11779+
properties:
11780+
service:
11781+
type: string
11782+
type: object
11783+
type: array
1169411784
enabled:
1169511785
default: false
1169611786
type: boolean
@@ -11700,6 +11790,12 @@ spec:
1170011790
gracePeriodDays:
1170111791
minimum: 1
1170211792
type: integer
11793+
roles:
11794+
items:
11795+
type: string
11796+
type: array
11797+
unrestricted:
11798+
type: boolean
1170311799
type: object
1170411800
x-kubernetes-validations:
1170511801
- message: gracePeriodDays must be smaller than expirationDays
@@ -16163,6 +16259,13 @@ spec:
1616316259
enabled: false
1616416260
nullable: true
1616516261
properties:
16262+
accessRules:
16263+
items:
16264+
properties:
16265+
service:
16266+
type: string
16267+
type: object
16268+
type: array
1616616269
enabled:
1616716270
default: false
1616816271
type: boolean
@@ -16172,6 +16275,12 @@ spec:
1617216275
gracePeriodDays:
1617316276
minimum: 1
1617416277
type: integer
16278+
roles:
16279+
items:
16280+
type: string
16281+
type: array
16282+
unrestricted:
16283+
type: boolean
1617516284
type: object
1617616285
x-kubernetes-validations:
1617716286
- message: gracePeriodDays must be smaller than expirationDays
@@ -16794,6 +16903,13 @@ spec:
1679416903
enabled: false
1679516904
nullable: true
1679616905
properties:
16906+
accessRules:
16907+
items:
16908+
properties:
16909+
service:
16910+
type: string
16911+
type: object
16912+
type: array
1679716913
enabled:
1679816914
default: false
1679916915
type: boolean
@@ -16803,6 +16919,12 @@ spec:
1680316919
gracePeriodDays:
1680416920
minimum: 1
1680516921
type: integer
16922+
roles:
16923+
items:
16924+
type: string
16925+
type: array
16926+
unrestricted:
16927+
type: boolean
1680616928
type: object
1680716929
x-kubernetes-validations:
1680816930
- message: gracePeriodDays must be smaller than expirationDays

apis/core/v1beta1/openstackcontrolplane_types.go

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -878,6 +878,21 @@ type ApplicationCredentialSection struct {
878878
// +kubebuilder:default=7
879879
// +kubebuilder:validation:Minimum=1
880880
GracePeriodDays *int `json:"gracePeriodDays,omitempty"`
881+
882+
// +kubebuilder:validation:Optional
883+
// +kubebuilder:default={"admin","service"}
884+
// +kubebuilder:validation:MinItems=1
885+
// Roles to assign to the ApplicationCredential
886+
Roles []string `json:"roles,omitempty"`
887+
888+
// +kubebuilder:validation:Optional
889+
// +kubebuilder:default=false
890+
// Whether the AC should be unrestricted
891+
Unrestricted *bool `json:"unrestricted,omitempty"`
892+
893+
// +kubebuilder:validation:Optional
894+
// Set AC access rules, for now sets just Service rule
895+
AccessRules []ACRule `json:"accessRules,omitempty"`
881896
}
882897

883898
// +kubebuilder:validation:XValidation:rule="!(has(self.expirationDays) && has(self.gracePeriodDays)) || self.gracePeriodDays < self.expirationDays",message="gracePeriodDays must be smaller than expirationDays"
@@ -894,6 +909,25 @@ type ServiceAppCredSection struct {
894909
// +kubebuilder:validation:Optional
895910
// +kubebuilder:validation:Minimum=1
896911
GracePeriodDays *int `json:"gracePeriodDays,omitempty"`
912+
913+
// +kubebuilder:validation:Optional
914+
// Roles to assign to the ApplicationCredential
915+
Roles []string `json:"roles,omitempty"`
916+
917+
// +kubebuilder:validation:Optional
918+
// Whether the AC should be unrestricted
919+
Unrestricted *bool `json:"unrestricted,omitempty"`
920+
921+
// +kubebuilder:validation:Optional
922+
// Set AC access rules, for now sets just Service rule
923+
AccessRules []ACRule `json:"accessRules,omitempty"`
924+
}
925+
926+
// ACRule sets access rules for AC
927+
type ACRule struct {
928+
// Service is the OpenStack service type
929+
// +kubebuilder:validation:Optional
930+
Service string `json:"service"`
897931
}
898932

899933
// OpenStackControlPlaneStatus defines the observed state of OpenStackControlPlane

apis/core/v1beta1/zz_generated.deepcopy.go

Lines changed: 45 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apis/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,4 +116,4 @@ replace github.com/openshift/api => github.com/openshift/api v0.0.0-202408300231
116116
// custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.9.0_patches_tag)
117117
replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49 //allow-merging
118118

119-
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c
119+
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250516091211-c0ae7a4f5db8

apis/go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c h1:DXnHQg/+AjMsoJqvQEusjkyjOsOPGbKJ8uRVLyTkseQ=
2-
github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
1+
github.com/Deydra71/keystone-operator/api v0.0.0-20250516091211-c0ae7a4f5db8 h1:AVTI8JOA76qlTKErdH2+EOs39ABHPW9p4KNrw2TOIsE=
2+
github.com/Deydra71/keystone-operator/api v0.0.0-20250516091211-c0ae7a4f5db8/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
33
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
44
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
55
github.com/cert-manager/cert-manager v1.14.7 h1:C2L59sMGMdSpd8SPx5qfPAL7ejZaNxJBRd24S7Ws5Ek=

0 commit comments

Comments
 (0)