Skip to content

Commit 9014923

Browse files
Deydra71Deydra71
committed
Adding roles, access rules and unrestricted AC support
Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
1 parent 63f5573 commit 9014923

File tree

11 files changed

+310
-19
lines changed

11 files changed

+310
-19
lines changed

apis/bases/core.openstack.org_openstackcontrolplanes.yaml

Lines changed: 61 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,13 +46,24 @@ spec:
4646
default: false
4747
type: boolean
4848
expirationDays:
49-
default: 14
49+
default: 365
5050
minimum: 2
5151
type: integer
5252
gracePeriodDays:
53-
default: 7
53+
default: 182
5454
minimum: 1
5555
type: integer
56+
roles:
57+
default:
58+
- admin
59+
- service
60+
items:
61+
type: string
62+
minItems: 1
63+
type: array
64+
unrestricted:
65+
default: false
66+
type: boolean
5667
type: object
5768
x-kubernetes-validations:
5869
- message: gracePeriodDays must be smaller than expirationDays
@@ -197,6 +208,12 @@ spec:
197208
gracePeriodDays:
198209
minimum: 1
199210
type: integer
211+
roles:
212+
items:
213+
type: string
214+
type: array
215+
unrestricted:
216+
type: boolean
200217
type: object
201218
x-kubernetes-validations:
202219
- message: gracePeriodDays must be smaller than expirationDays
@@ -718,6 +735,12 @@ spec:
718735
gracePeriodDays:
719736
minimum: 1
720737
type: integer
738+
roles:
739+
items:
740+
type: string
741+
type: array
742+
unrestricted:
743+
type: boolean
721744
type: object
722745
x-kubernetes-validations:
723746
- message: gracePeriodDays must be smaller than expirationDays
@@ -3516,6 +3539,12 @@ spec:
35163539
gracePeriodDays:
35173540
minimum: 1
35183541
type: integer
3542+
roles:
3543+
items:
3544+
type: string
3545+
type: array
3546+
unrestricted:
3547+
type: boolean
35193548
type: object
35203549
x-kubernetes-validations:
35213550
- message: gracePeriodDays must be smaller than expirationDays
@@ -8431,6 +8460,12 @@ spec:
84318460
gracePeriodDays:
84328461
minimum: 1
84338462
type: integer
8463+
roles:
8464+
items:
8465+
type: string
8466+
type: array
8467+
unrestricted:
8468+
type: boolean
84348469
type: object
84358470
x-kubernetes-validations:
84368471
- message: gracePeriodDays must be smaller than expirationDays
@@ -9248,6 +9283,12 @@ spec:
92489283
gracePeriodDays:
92499284
minimum: 1
92509285
type: integer
9286+
roles:
9287+
items:
9288+
type: string
9289+
type: array
9290+
unrestricted:
9291+
type: boolean
92519292
type: object
92529293
x-kubernetes-validations:
92539294
- message: gracePeriodDays must be smaller than expirationDays
@@ -11700,6 +11741,12 @@ spec:
1170011741
gracePeriodDays:
1170111742
minimum: 1
1170211743
type: integer
11744+
roles:
11745+
items:
11746+
type: string
11747+
type: array
11748+
unrestricted:
11749+
type: boolean
1170311750
type: object
1170411751
x-kubernetes-validations:
1170511752
- message: gracePeriodDays must be smaller than expirationDays
@@ -16172,6 +16219,12 @@ spec:
1617216219
gracePeriodDays:
1617316220
minimum: 1
1617416221
type: integer
16222+
roles:
16223+
items:
16224+
type: string
16225+
type: array
16226+
unrestricted:
16227+
type: boolean
1617516228
type: object
1617616229
x-kubernetes-validations:
1617716230
- message: gracePeriodDays must be smaller than expirationDays
@@ -16803,6 +16856,12 @@ spec:
1680316856
gracePeriodDays:
1680416857
minimum: 1
1680516858
type: integer
16859+
roles:
16860+
items:
16861+
type: string
16862+
type: array
16863+
unrestricted:
16864+
type: boolean
1680616865
type: object
1680716866
x-kubernetes-validations:
1680816867
- message: gracePeriodDays must be smaller than expirationDays

apis/core/v1beta1/openstackcontrolplane_types.go

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -869,15 +869,26 @@ type ApplicationCredentialSection struct {
869869

870870
// ExpirationDays sets the lifetime in days for the AC
871871
// +kubebuilder:validation:Optional
872-
// +kubebuilder:default=14
872+
// +kubebuilder:default=365
873873
// +kubebuilder:validation:Minimum=2
874874
ExpirationDays *int `json:"expirationDays,omitempty"`
875875

876876
// GracePeriodDays sets how many days before expiration the AC should be rotated
877877
// +kubebuilder:validation:Optional
878-
// +kubebuilder:default=7
878+
// +kubebuilder:default=182
879879
// +kubebuilder:validation:Minimum=1
880880
GracePeriodDays *int `json:"gracePeriodDays,omitempty"`
881+
882+
// +kubebuilder:validation:Optional
883+
// +kubebuilder:default={"admin","service"}
884+
// +kubebuilder:validation:MinItems=1
885+
// Roles to assign to the ApplicationCredential
886+
Roles []string `json:"roles,omitempty"`
887+
888+
// +kubebuilder:validation:Optional
889+
// +kubebuilder:default=false
890+
// Whether the AC should be unrestricted
891+
Unrestricted *bool `json:"unrestricted,omitempty"`
881892
}
882893

883894
// +kubebuilder:validation:XValidation:rule="!(has(self.expirationDays) && has(self.gracePeriodDays)) || self.gracePeriodDays < self.expirationDays",message="gracePeriodDays must be smaller than expirationDays"
@@ -894,6 +905,14 @@ type ServiceAppCredSection struct {
894905
// +kubebuilder:validation:Optional
895906
// +kubebuilder:validation:Minimum=1
896907
GracePeriodDays *int `json:"gracePeriodDays,omitempty"`
908+
909+
// +kubebuilder:validation:Optional
910+
// Roles to assign to the ApplicationCredential
911+
Roles []string `json:"roles,omitempty"`
912+
913+
// +kubebuilder:validation:Optional
914+
// Whether the AC should be unrestricted
915+
Unrestricted *bool `json:"unrestricted,omitempty"`
897916
}
898917

899918
// OpenStackControlPlaneStatus defines the observed state of OpenStackControlPlane

apis/core/v1beta1/zz_generated.deepcopy.go

Lines changed: 45 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apis/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,4 +116,4 @@ replace github.com/openshift/api => github.com/openshift/api v0.0.0-202408300231
116116
// custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.9.0_patches_tag)
117117
replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49 //allow-merging
118118

119-
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c
119+
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250519123217-49620096eb19

apis/go.sum

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c h1:DXnHQg/+AjMsoJqvQEusjkyjOsOPGbKJ8uRVLyTkseQ=
2-
github.com/Deydra71/keystone-operator/api v0.0.0-20250514070500-15fcdb912b2c/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
1+
github.com/Deydra71/keystone-operator/api v0.0.0-20250519123217-49620096eb19 h1:P93G634OZTX/Fr6g27G0zZioRCxqLxgKEz9xV5NAALI=
2+
github.com/Deydra71/keystone-operator/api v0.0.0-20250519123217-49620096eb19/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
33
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
44
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
55
github.com/cert-manager/cert-manager v1.14.7 h1:C2L59sMGMdSpd8SPx5qfPAL7ejZaNxJBRd24S7Ws5Ek=
@@ -112,8 +112,6 @@ github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250512104855-4
112112
github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250512104855-47f817ef8ff8/go.mod h1:47iJk3vedZWnBkZyNyYij4ma2HjG4l2VCqKz3f+XDkQ=
113113
github.com/openstack-k8s-operators/ironic-operator/api v0.6.1-0.20250505201920-2f6d0b9f6aed h1:Osy/pq1qQ0nxwcATpUOo8bz00MngiBYjHv/9Ov5iuxw=
114114
github.com/openstack-k8s-operators/ironic-operator/api v0.6.1-0.20250505201920-2f6d0b9f6aed/go.mod h1:n8mWh/qZZSieuDEnkTZyhDc5UeVyUHC3YSYMzdVbbVo=
115-
github.com/openstack-k8s-operators/keystone-operator/api v0.6.1-0.20250506083817-ce591b464a0f h1:FR9Wuamrt2h5Dnn3Q1ySXcEZ9OaKDgpSJSA7QBh2jP4=
116-
github.com/openstack-k8s-operators/keystone-operator/api v0.6.1-0.20250506083817-ce591b464a0f/go.mod h1:xmEVdGGDz4pqPyzgR6oAZbeomz00Co68OyvsYNoT3Z0=
117115
github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250508141203-be026d3164f7 h1:c3h1q3fDoit3NmvNL89xUL9A12bJivaTF+IOPEOAwLc=
118116
github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250508141203-be026d3164f7/go.mod h1:UwHXRIrMSPJD3lFqrA4oKmRXVLFQCRkLAj9x6KLEHiQ=
119117
github.com/openstack-k8s-operators/lib-common/modules/openstack v0.6.1-0.20250423055245-3cb2ae8df6f0 h1:FAHrScvlj6w17wvcDhJ0ZnmraMrrOX1CxzvqZK595hA=

bindata/crds/crds.yaml

Lines changed: 61 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -210,13 +210,24 @@ spec:
210210
default: false
211211
type: boolean
212212
expirationDays:
213-
default: 14
213+
default: 365
214214
minimum: 2
215215
type: integer
216216
gracePeriodDays:
217-
default: 7
217+
default: 182
218218
minimum: 1
219219
type: integer
220+
roles:
221+
default:
222+
- admin
223+
- service
224+
items:
225+
type: string
226+
minItems: 1
227+
type: array
228+
unrestricted:
229+
default: false
230+
type: boolean
220231
type: object
221232
x-kubernetes-validations:
222233
- message: gracePeriodDays must be smaller than expirationDays
@@ -361,6 +372,12 @@ spec:
361372
gracePeriodDays:
362373
minimum: 1
363374
type: integer
375+
roles:
376+
items:
377+
type: string
378+
type: array
379+
unrestricted:
380+
type: boolean
364381
type: object
365382
x-kubernetes-validations:
366383
- message: gracePeriodDays must be smaller than expirationDays
@@ -882,6 +899,12 @@ spec:
882899
gracePeriodDays:
883900
minimum: 1
884901
type: integer
902+
roles:
903+
items:
904+
type: string
905+
type: array
906+
unrestricted:
907+
type: boolean
885908
type: object
886909
x-kubernetes-validations:
887910
- message: gracePeriodDays must be smaller than expirationDays
@@ -3680,6 +3703,12 @@ spec:
36803703
gracePeriodDays:
36813704
minimum: 1
36823705
type: integer
3706+
roles:
3707+
items:
3708+
type: string
3709+
type: array
3710+
unrestricted:
3711+
type: boolean
36833712
type: object
36843713
x-kubernetes-validations:
36853714
- message: gracePeriodDays must be smaller than expirationDays
@@ -8595,6 +8624,12 @@ spec:
85958624
gracePeriodDays:
85968625
minimum: 1
85978626
type: integer
8627+
roles:
8628+
items:
8629+
type: string
8630+
type: array
8631+
unrestricted:
8632+
type: boolean
85988633
type: object
85998634
x-kubernetes-validations:
86008635
- message: gracePeriodDays must be smaller than expirationDays
@@ -9412,6 +9447,12 @@ spec:
94129447
gracePeriodDays:
94139448
minimum: 1
94149449
type: integer
9450+
roles:
9451+
items:
9452+
type: string
9453+
type: array
9454+
unrestricted:
9455+
type: boolean
94159456
type: object
94169457
x-kubernetes-validations:
94179458
- message: gracePeriodDays must be smaller than expirationDays
@@ -11864,6 +11905,12 @@ spec:
1186411905
gracePeriodDays:
1186511906
minimum: 1
1186611907
type: integer
11908+
roles:
11909+
items:
11910+
type: string
11911+
type: array
11912+
unrestricted:
11913+
type: boolean
1186711914
type: object
1186811915
x-kubernetes-validations:
1186911916
- message: gracePeriodDays must be smaller than expirationDays
@@ -16336,6 +16383,12 @@ spec:
1633616383
gracePeriodDays:
1633716384
minimum: 1
1633816385
type: integer
16386+
roles:
16387+
items:
16388+
type: string
16389+
type: array
16390+
unrestricted:
16391+
type: boolean
1633916392
type: object
1634016393
x-kubernetes-validations:
1634116394
- message: gracePeriodDays must be smaller than expirationDays
@@ -16967,6 +17020,12 @@ spec:
1696717020
gracePeriodDays:
1696817021
minimum: 1
1696917022
type: integer
17023+
roles:
17024+
items:
17025+
type: string
17026+
type: array
17027+
unrestricted:
17028+
type: boolean
1697017029
type: object
1697117030
x-kubernetes-validations:
1697217031
- message: gracePeriodDays must be smaller than expirationDays

0 commit comments

Comments
 (0)