Skip to content

Commit 0ddd273

Browse files
Deydra71Deydra71
committed
Adding roles, access rules and unrestricted AC support
Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
1 parent 6ed1e4b commit 0ddd273

File tree

11 files changed

+472
-9
lines changed

11 files changed

+472
-9
lines changed

apis/bases/core.openstack.org_openstackcontrolplanes.yaml

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,17 @@ spec:
5353
default: 7
5454
minimum: 1
5555
type: integer
56+
roles:
57+
default:
58+
- admin
59+
- service
60+
items:
61+
type: string
62+
minItems: 1
63+
type: array
64+
unrestricted:
65+
default: false
66+
type: boolean
5667
type: object
5768
x-kubernetes-validations:
5869
- message: gracePeriodDays must be smaller than expirationDays
@@ -188,6 +199,13 @@ spec:
188199
enabled: false
189200
nullable: true
190201
properties:
202+
accessRules:
203+
items:
204+
properties:
205+
service:
206+
type: string
207+
type: object
208+
type: array
191209
enabled:
192210
default: false
193211
type: boolean
@@ -197,6 +215,12 @@ spec:
197215
gracePeriodDays:
198216
minimum: 1
199217
type: integer
218+
roles:
219+
items:
220+
type: string
221+
type: array
222+
unrestricted:
223+
type: boolean
200224
type: object
201225
x-kubernetes-validations:
202226
- message: gracePeriodDays must be smaller than expirationDays
@@ -709,6 +733,13 @@ spec:
709733
enabled: false
710734
nullable: true
711735
properties:
736+
accessRules:
737+
items:
738+
properties:
739+
service:
740+
type: string
741+
type: object
742+
type: array
712743
enabled:
713744
default: false
714745
type: boolean
@@ -718,6 +749,12 @@ spec:
718749
gracePeriodDays:
719750
minimum: 1
720751
type: integer
752+
roles:
753+
items:
754+
type: string
755+
type: array
756+
unrestricted:
757+
type: boolean
721758
type: object
722759
x-kubernetes-validations:
723760
- message: gracePeriodDays must be smaller than expirationDays
@@ -3507,6 +3544,13 @@ spec:
35073544
enabled: false
35083545
nullable: true
35093546
properties:
3547+
accessRules:
3548+
items:
3549+
properties:
3550+
service:
3551+
type: string
3552+
type: object
3553+
type: array
35103554
enabled:
35113555
default: false
35123556
type: boolean
@@ -3516,6 +3560,12 @@ spec:
35163560
gracePeriodDays:
35173561
minimum: 1
35183562
type: integer
3563+
roles:
3564+
items:
3565+
type: string
3566+
type: array
3567+
unrestricted:
3568+
type: boolean
35193569
type: object
35203570
x-kubernetes-validations:
35213571
- message: gracePeriodDays must be smaller than expirationDays
@@ -8422,6 +8472,13 @@ spec:
84228472
enabled: false
84238473
nullable: true
84248474
properties:
8475+
accessRules:
8476+
items:
8477+
properties:
8478+
service:
8479+
type: string
8480+
type: object
8481+
type: array
84258482
enabled:
84268483
default: false
84278484
type: boolean
@@ -8431,6 +8488,12 @@ spec:
84318488
gracePeriodDays:
84328489
minimum: 1
84338490
type: integer
8491+
roles:
8492+
items:
8493+
type: string
8494+
type: array
8495+
unrestricted:
8496+
type: boolean
84348497
type: object
84358498
x-kubernetes-validations:
84368499
- message: gracePeriodDays must be smaller than expirationDays
@@ -9239,6 +9302,13 @@ spec:
92399302
enabled: false
92409303
nullable: true
92419304
properties:
9305+
accessRules:
9306+
items:
9307+
properties:
9308+
service:
9309+
type: string
9310+
type: object
9311+
type: array
92429312
enabled:
92439313
default: false
92449314
type: boolean
@@ -9248,6 +9318,12 @@ spec:
92489318
gracePeriodDays:
92499319
minimum: 1
92509320
type: integer
9321+
roles:
9322+
items:
9323+
type: string
9324+
type: array
9325+
unrestricted:
9326+
type: boolean
92519327
type: object
92529328
x-kubernetes-validations:
92539329
- message: gracePeriodDays must be smaller than expirationDays
@@ -11691,6 +11767,13 @@ spec:
1169111767
enabled: false
1169211768
nullable: true
1169311769
properties:
11770+
accessRules:
11771+
items:
11772+
properties:
11773+
service:
11774+
type: string
11775+
type: object
11776+
type: array
1169411777
enabled:
1169511778
default: false
1169611779
type: boolean
@@ -11700,6 +11783,12 @@ spec:
1170011783
gracePeriodDays:
1170111784
minimum: 1
1170211785
type: integer
11786+
roles:
11787+
items:
11788+
type: string
11789+
type: array
11790+
unrestricted:
11791+
type: boolean
1170311792
type: object
1170411793
x-kubernetes-validations:
1170511794
- message: gracePeriodDays must be smaller than expirationDays
@@ -16163,6 +16252,13 @@ spec:
1616316252
enabled: false
1616416253
nullable: true
1616516254
properties:
16255+
accessRules:
16256+
items:
16257+
properties:
16258+
service:
16259+
type: string
16260+
type: object
16261+
type: array
1616616262
enabled:
1616716263
default: false
1616816264
type: boolean
@@ -16172,6 +16268,12 @@ spec:
1617216268
gracePeriodDays:
1617316269
minimum: 1
1617416270
type: integer
16271+
roles:
16272+
items:
16273+
type: string
16274+
type: array
16275+
unrestricted:
16276+
type: boolean
1617516277
type: object
1617616278
x-kubernetes-validations:
1617716279
- message: gracePeriodDays must be smaller than expirationDays
@@ -16794,6 +16896,13 @@ spec:
1679416896
enabled: false
1679516897
nullable: true
1679616898
properties:
16899+
accessRules:
16900+
items:
16901+
properties:
16902+
service:
16903+
type: string
16904+
type: object
16905+
type: array
1679716906
enabled:
1679816907
default: false
1679916908
type: boolean
@@ -16803,6 +16912,12 @@ spec:
1680316912
gracePeriodDays:
1680416913
minimum: 1
1680516914
type: integer
16915+
roles:
16916+
items:
16917+
type: string
16918+
type: array
16919+
unrestricted:
16920+
type: boolean
1680616921
type: object
1680716922
x-kubernetes-validations:
1680816923
- message: gracePeriodDays must be smaller than expirationDays

apis/core/v1beta1/openstackcontrolplane_types.go

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -878,6 +878,17 @@ type ApplicationCredentialSection struct {
878878
// +kubebuilder:default=7
879879
// +kubebuilder:validation:Minimum=1
880880
GracePeriodDays *int `json:"gracePeriodDays,omitempty"`
881+
882+
// +kubebuilder:validation:Optional
883+
// +kubebuilder:default={"admin","service"}
884+
// +kubebuilder:validation:MinItems=1
885+
// Roles to assign to the ApplicationCredential
886+
Roles []string `json:"roles,omitempty"`
887+
888+
// +kubebuilder:validation:Optional
889+
// +kubebuilder:default=false
890+
// Whether the AC should be unrestricted
891+
Unrestricted *bool `json:"unrestricted,omitempty"`
881892
}
882893

883894
// +kubebuilder:validation:XValidation:rule="!(has(self.expirationDays) && has(self.gracePeriodDays)) || self.gracePeriodDays < self.expirationDays",message="gracePeriodDays must be smaller than expirationDays"
@@ -894,6 +905,25 @@ type ServiceAppCredSection struct {
894905
// +kubebuilder:validation:Optional
895906
// +kubebuilder:validation:Minimum=1
896907
GracePeriodDays *int `json:"gracePeriodDays,omitempty"`
908+
909+
// +kubebuilder:validation:Optional
910+
// Roles to assign to the ApplicationCredential
911+
Roles []string `json:"roles,omitempty"`
912+
913+
// +kubebuilder:validation:Optional
914+
// Whether the AC should be unrestricted
915+
Unrestricted *bool `json:"unrestricted,omitempty"`
916+
917+
// +kubebuilder:validation:Optional
918+
// Set service specific AC access rules
919+
AccessRules []ACRule `json:"accessRules,omitempty"`
920+
}
921+
922+
// ACRule sets access rules for AC
923+
type ACRule struct {
924+
// Service is the OpenStack service type
925+
// +kubebuilder:validation:Optional
926+
Service string `json:"service"`
897927
}
898928

899929
// OpenStackControlPlaneStatus defines the observed state of OpenStackControlPlane

apis/core/v1beta1/zz_generated.deepcopy.go

Lines changed: 40 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apis/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,4 +116,4 @@ replace github.com/openshift/api => github.com/openshift/api v0.0.0-202408300231
116116
// custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.9.0_patches_tag)
117117
replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49 //allow-merging
118118

119-
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c
119+
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250516095609-4b11a161953e

apis/go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c h1:DXnHQg/+AjMsoJqvQEusjkyjOsOPGbKJ8uRVLyTkseQ=
2-
github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
1+
github.com/Deydra71/keystone-operator/api v0.0.0-20250516095609-4b11a161953e h1:0tAu/ZD0gLnT9HlvXwO8t2bl2ha02T+oiWbcGgAR45Q=
2+
github.com/Deydra71/keystone-operator/api v0.0.0-20250516095609-4b11a161953e/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
33
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
44
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
55
github.com/cert-manager/cert-manager v1.14.7 h1:C2L59sMGMdSpd8SPx5qfPAL7ejZaNxJBRd24S7Ws5Ek=

0 commit comments

Comments
 (0)