Skip to content

Commit

Permalink
Merge pull request #55 from vakwetu/add_tls
Browse files Browse the repository at this point in the history 
Add TLS Support to barbican operator
  • Loading branch information
@openshift-merge-bot
openshift-merge-bot[bot] authored Feb 9, 2024
2 parents 28e9a42 + 5d6488d commit 3b43913
Show file tree
Hide file tree
Showing 29 changed files with 1,187 additions and 208 deletions.
30 changes: 30 additions & 0 deletions api/bases/barbican.openstack.org_barbicanapis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,36 @@ spec:
simpleCryptoBackendKEKSecret:
description: Secret containing SimpleCrypto KEK
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret for
the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
public:
description: Public GenericService - holds the secret for
the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
transportURLSecret:
description: TransportURLSecret - Secret containing RabbitMQ transportURL
type: string
Expand Down
8 changes: 8 additions & 0 deletions api/bases/barbican.openstack.org_barbicankeystonelisteners.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,14 @@ spec:
simpleCryptoBackendKEKSecret:
description: Secret containing SimpleCrypto KEK
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
transportURLSecret:
type: string
required:
Expand Down
30 changes: 30 additions & 0 deletions api/bases/barbican.openstack.org_barbicans.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,36 @@ spec:
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret
for the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
public:
description: Public GenericService - holds the secret
for the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in
a pre-created bundle file
type: string
type: object
required:
- containerImage
type: object
Expand Down
8 changes: 8 additions & 0 deletions api/bases/barbican.openstack.org_barbicanworkers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,14 @@ spec:
simpleCryptoBackendKEKSecret:
description: Secret containing SimpleCrypto KEK
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
transportURLSecret:
type: string
required:
Expand Down
6 changes: 6 additions & 0 deletions api/v1beta1/barbicanapi_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1beta1
import (
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/service"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand All @@ -34,6 +35,11 @@ type BarbicanAPITemplate struct {

// Override, provides the ability to override the generated manifest of several child resources.
Override APIOverrideSpec `json:"override,omitempty"`

// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec
// TLS - Parameters related to the TLS
TLS tls.API `json:"tls,omitempty"`
}

// APIOverrideSpec to override the generated manifest of several child resources.
Expand Down
6 changes: 6 additions & 0 deletions api/v1beta1/barbicankeystonelistener_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package v1beta1

import (
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand All @@ -37,6 +38,11 @@ type BarbicanKeystoneListenerSpec struct {
DatabaseHostname string `json:"databaseHostname"`

TransportURLSecret string `json:"transportURLSecret,omitempty"`

// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec
// TLS - Parameters related to the TLS
TLS tls.Ca `json:"tls,omitempty"`
}

// BarbicanKeystoneListenerStatus defines the observed state of BarbicanKeystoneListener
Expand Down
6 changes: 6 additions & 0 deletions api/v1beta1/barbicanworker_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package v1beta1

import (
"github.com/openstack-k8s-operators/lib-common/modules/common/condition"
"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

Expand All @@ -37,6 +38,11 @@ type BarbicanWorkerSpec struct {
DatabaseHostname string `json:"databaseHostname"`

TransportURLSecret string `json:"transportURLSecret,omitempty"`

// +kubebuilder:validation:Optional
// +operator-sdk:csv:customresourcedefinitions:type=spec
// TLS - Parameters related to the TLS
TLS tls.Ca `json:"tls,omitempty"`
}

// BarbicanWorkerStatus defines the observed state of BarbicanWorker
Expand Down
3 changes: 3 additions & 0 deletions api/v1beta1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 30 additions & 0 deletions config/crd/bases/barbican.openstack.org_barbicanapis.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,36 @@ spec:
simpleCryptoBackendKEKSecret:
description: Secret containing SimpleCrypto KEK
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret for
the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
public:
description: Public GenericService - holds the secret for
the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for the
service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
transportURLSecret:
description: TransportURLSecret - Secret containing RabbitMQ transportURL
type: string
Expand Down
8 changes: 8 additions & 0 deletions config/crd/bases/barbican.openstack.org_barbicankeystonelisteners.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,14 @@ spec:
simpleCryptoBackendKEKSecret:
description: Secret containing SimpleCrypto KEK
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
transportURLSecret:
type: string
required:
Expand Down
30 changes: 30 additions & 0 deletions config/crd/bases/barbican.openstack.org_barbicans.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,36 @@ spec:
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/'
type: object
type: object
tls:
description: TLS - Parameters related to the TLS
properties:
api:
description: API tls type which encapsulates for API services
properties:
internal:
description: Internal GenericService - holds the secret
for the internal endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
public:
description: Public GenericService - holds the secret
for the public endpoint
properties:
secretName:
description: SecretName - holding the cert, key for
the service
type: string
type: object
type: object
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in
a pre-created bundle file
type: string
type: object
required:
- containerImage
type: object
Expand Down
8 changes: 8 additions & 0 deletions config/crd/bases/barbican.openstack.org_barbicanworkers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,14 @@ spec:
simpleCryptoBackendKEKSecret:
description: Secret containing SimpleCrypto KEK
type: string
tls:
description: TLS - Parameters related to the TLS
properties:
caBundleSecretName:
description: CaBundleSecretName - holding the CA certs in a pre-created
bundle file
type: string
type: object
transportURLSecret:
type: string
required:
Expand Down
12 changes: 12 additions & 0 deletions config/manifests/bases/barbican-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,16 +18,28 @@ spec:
displayName: Barbican API
kind: BarbicanAPI
name: barbicanapis.barbican.openstack.org
specDescriptors:
- description: TLS - Parameters related to the TLS
displayName: TLS
path: tls
version: v1beta1
- description: Barbican is the Schema for the barbicans API
displayName: Barbican
kind: Barbican
name: barbicans.barbican.openstack.org
specDescriptors:
- description: TLS - Parameters related to the TLS
displayName: TLS
path: barbicanAPI.tls
version: v1beta1
- description: BarbicanWorker is the Schema for the barbicanworkers API
displayName: Barbican Worker
kind: BarbicanWorker
name: barbicanworkers.barbican.openstack.org
specDescriptors:
- description: TLS - Parameters related to the TLS
displayName: TLS
path: tls
version: v1beta1
description: Barbican Operator
displayName: Barbican Operator
Expand Down
24 changes: 23 additions & 1 deletion controllers/barbican_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -478,6 +478,27 @@ func (r *BarbicanReconciler) reconcileDelete(ctx context.Context, instance *barb
return ctrl.Result{}, nil
}

// fields to index to reconcile when change
const (
passwordSecretField = ".spec.secret"
caBundleSecretNameField = ".spec.tls.caBundleSecretName"
tlsAPIInternalField = ".spec.tls.api.internal.secretName"
tlsAPIPublicField = ".spec.tls.api.public.secretName"
)

var (
commonWatchFields = []string{
passwordSecretField,
caBundleSecretNameField,
}
apinWatchFields = []string{
passwordSecretField,
caBundleSecretNameField,
tlsAPIInternalField,
tlsAPIPublicField,
}
)

// SetupWithManager sets up the controller with the Manager.
func (r *BarbicanReconciler) SetupWithManager(mgr ctrl.Manager) error {
return ctrl.NewControllerManagedBy(mgr).
Expand Down Expand Up @@ -624,6 +645,7 @@ func (r *BarbicanReconciler) workerDeploymentCreateOrUpdate(ctx context.Context,
BarbicanWorkerTemplate: instance.Spec.BarbicanWorker,
DatabaseHostname: instance.Status.DatabaseHostname,
TransportURLSecret: instance.Status.TransportURLSecret,
TLS: instance.Spec.BarbicanAPI.TLS.Ca,
}

deployment := &barbicanv1beta1.BarbicanWorker{
Expand Down Expand Up @@ -652,7 +674,6 @@ func (r *BarbicanReconciler) workerDeploymentCreateOrUpdate(ctx context.Context,
}

func (r *BarbicanReconciler) keystoneListenerDeploymentCreateOrUpdate(ctx context.Context, instance *barbicanv1beta1.Barbican, helper *helper.Helper) (*barbicanv1beta1.BarbicanKeystoneListener, controllerutil.OperationResult, error) {

Log := r.GetLogger(ctx)
Log.Info(fmt.Sprintf("Creating barbican KeystoneListener spec. transporturlsecret: '%s'", instance.Status.TransportURLSecret))
Log.Info(fmt.Sprintf("database hostname: '%s'", instance.Status.DatabaseHostname))
Expand All @@ -661,6 +682,7 @@ func (r *BarbicanReconciler) keystoneListenerDeploymentCreateOrUpdate(ctx contex
BarbicanKeystoneListenerTemplate: instance.Spec.BarbicanKeystoneListener,
DatabaseHostname: instance.Status.DatabaseHostname,
TransportURLSecret: instance.Status.TransportURLSecret,
TLS: instance.Spec.BarbicanAPI.TLS.Ca,
}

deployment := &barbicanv1beta1.BarbicanKeystoneListener{
Expand Down
Loading

0 comments on commit 3b43913

Please sign in to comment.