From b02981dca63153c183b1029d96dd7bd3e8ee409c Mon Sep 17 00:00:00 2001 From: Ade Lee Date: Thu, 16 Nov 2023 15:18:53 -0500 Subject: [PATCH] Add Barbican --- ....openstack.org_openstackcontrolplanes.yaml | 416 ++++++++++++++++++ apis/core/v1beta1/conditions.go | 18 + .../v1beta1/openstackcontrolplane_types.go | 24 + .../v1beta1/openstackcontrolplane_webhook.go | 14 + apis/core/v1beta1/zz_generated.deepcopy.go | 18 + apis/go.mod | 1 + apis/go.sum | 9 + cmd/csv-merger/csv-merger.go | 2 + ....openstack.org_openstackcontrolplanes.yaml | 416 ++++++++++++++++++ ...nstack-operator.clusterserviceversion.yaml | 15 + config/rbac/role.yaml | 12 + .../core_v1beta1_openstackcontrolplane.yaml | 10 + ..._openstackcontrolplane_collapsed_cell.yaml | 10 + ..._v1beta1_openstackcontrolplane_galera.yaml | 10 + ...penstackcontrolplane_galera_3replicas.yaml | 10 + ...controlplane_galera_network_isolation.yaml | 22 + ...ne_galera_network_isolation_3replicas.yaml | 22 + ...enstackcontrolplane_network_isolation.yaml | 22 + ...ckcontrolplane_network_isolation_ceph.yaml | 22 + .../core/openstackcontrolplane_controller.go | 10 + custom-bundle.Dockerfile | 4 + dependencies.yaml | 4 + go.mod | 1 + go.sum | 11 + main.go | 5 + pkg/openstack/barbican.go | 134 ++++++ tests/functional/base_test.go | 3 + tests/functional/suite_test.go | 7 + .../common/assert-sample-deployment.yaml | 19 + .../common/errors_cleanup_openstack.yaml | 5 + .../collapsed/01-assert-collapsed-cell.yaml | 19 + .../01-assert-galera-3replicas.yaml | 19 + .../tests/galera-basic/01-assert-galera.yaml | 19 + 33 files changed, 1333 insertions(+) create mode 100644 pkg/openstack/barbican.go diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml index 2cb96eae8..f4d16b4fc 100644 --- a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -41,6 +41,422 @@ spec: type: object spec: properties: + barbican: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + insecureEdgeTerminationPolicy: + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + barbicanAPI: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanKeystoneListener: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanWorker: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + customServiceConfig: + type: string + databaseInstance: + type: string + databaseUser: + default: barbican + type: string + debug: + properties: + dbInitContainer: + default: false + type: boolean + dbSync: + default: false + type: boolean + initContainer: + default: false + type: boolean + service: + default: false + type: boolean + type: object + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + database: BarbicanDatabasePassword + service: BarbicanPassword + properties: + database: + default: BarbicanDatabasePassword + type: string + service: + default: BarbicanPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: barbican + type: string + simpleCryptoBackendKEKSecret: + type: string + required: + - barbicanAPI + - barbicanKeystoneListener + - barbicanWorker + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + type: object ceilometer: properties: enabled: diff --git a/apis/core/v1beta1/conditions.go b/apis/core/v1beta1/conditions.go index 074fbc97a..464504546 100644 --- a/apis/core/v1beta1/conditions.go +++ b/apis/core/v1beta1/conditions.go @@ -147,6 +147,9 @@ const ( // OpenStackControlPlaneDesignateReadyCondition Status=True condition which indicates if Designate is configured and operational OpenStackControlPlaneDesignateReadyCondition condition.Type = "OpenStackControlPlaneDesignateReady" + // OpenStackControlPlaneBarbicanReadyCondition Status=True condition which indicates if Barbican is configured and operational + OpenStackControlPlaneBarbicanReadyCondition condition.Type = "OpenStackControlPlaneBarbicanReady" + // OpenStackControlPlaneRedisReadyCondition Status=True condition which indicates if Redis is configured and operational OpenStackControlPlaneRedisReadyCondition condition.Type = "OpenStackControlPlaneRedisReady" @@ -155,6 +158,9 @@ const ( // OpenStackControlPlaneExposeDesignateReadyCondition Status=True condition which indicates if Designate is exposed via a route OpenStackControlPlaneExposeDesignateReadyCondition condition.Type = "OpenStackControlPlaneExposeDesignateReady" + + // OpenStackControlPlaneExposeBarbicanReadyCondition Status=True condition which indicates if Barbican is exposed via a route + OpenStackControlPlaneExposeBarbicanReadyCondition condition.Type = "OpenStackControlPlaneExposeBarbicanReady" ) // OpenStackControlPlane Reasons used by API objects. @@ -385,6 +391,18 @@ const ( // OpenStackControlPlaneDesignateReadyErrorMessage OpenStackControlPlaneDesignateReadyErrorMessage = "OpenStackControlPlane Designate error occured %s" + // OpenStackControlPlaneBarbicanReadyInitMessage + OpenStackControlPlaneBarbicanReadyInitMessage = "OpenStackControlPlane Barbican not started" + + // OpenStackControlPlaneBarbicanReadyMessage + OpenStackControlPlaneBarbicanReadyMessage = "OpenStackControlPlane Barbican completed" + + // OpenStackControlPlaneBarbicanReadyRunningMessage + OpenStackControlPlaneBarbicanReadyRunningMessage = "OpenStackControlPlane Barbican in progress" + + // OpenStackControlPlaneBarbicanReadyErrorMessage + OpenStackControlPlaneBarbicanReadyErrorMessage = "OpenStackControlPlane Barbican error occured %s" + // OpenStackControlPlaneRedisReadyInitMessage OpenStackControlPlaneRedisReadyInitMessage = "OpenStackControlPlane Redis not started" diff --git a/apis/core/v1beta1/openstackcontrolplane_types.go b/apis/core/v1beta1/openstackcontrolplane_types.go index e2213a83a..e8af7c9d7 100644 --- a/apis/core/v1beta1/openstackcontrolplane_types.go +++ b/apis/core/v1beta1/openstackcontrolplane_types.go @@ -17,6 +17,7 @@ limitations under the License. package v1beta1 import ( + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" designatev1 "github.com/openstack-k8s-operators/designate-operator/api/v1beta1" glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1" @@ -168,6 +169,9 @@ type OpenStackControlPlaneSpec struct { // Designate - Parameters related to the Designate service Designate DesignateSection `json:"designate,omitempty"` + // Barbican - Parameters related to the Barbican service + Barbican BarbicanSection `json:"barbican,omitempty"` + // Redis - Parameters related to the Redis service Redis RedisSection `json:"redis,omitempty"` @@ -621,6 +625,25 @@ type DesignateSection struct { APIOverride Override `json:"apiOverride,omitempty"` } +// BarbicanSection defines the desired state of Barbican service +type BarbicanSection struct { + // +kubebuilder:validation:Optional + // +kubebuilder:default=true + // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"} + // Enabled - Whether Barbican service should be deployed and managed + Enabled bool `json:"enabled"` + + // +kubebuilder:validation:Optional + //+operator-sdk:csv:customresourcedefinitions:type=spec + // Template - Overrides to use when creating the Barbican Service + Template barbicanv1.BarbicanSpec `json:"template,omitempty"` + + // +kubebuilder:validation:Optional + // +operator-sdk:csv:customresourcedefinitions:type=spec + // APIOverride, provides the ability to override the generated manifest of several child resources. + APIOverride Override `json:"apiOverride,omitempty"` +} + // RedisSection defines the desired state of the Redis service type RedisSection struct { // +kubebuilder:validation:Optional @@ -724,6 +747,7 @@ func (instance *OpenStackControlPlane) InitConditions() { condition.UnknownCondition(OpenStackControlPlaneSwiftReadyCondition, condition.InitReason, OpenStackControlPlaneSwiftReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneOctaviaReadyCondition, condition.InitReason, OpenStackControlPlaneOctaviaReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneDesignateReadyCondition, condition.InitReason, OpenStackControlPlaneDesignateReadyInitMessage), + condition.UnknownCondition(OpenStackControlPlaneBarbicanReadyCondition, condition.InitReason, OpenStackControlPlaneBarbicanReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneRedisReadyCondition, condition.InitReason, OpenStackControlPlaneRedisReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneCAReadyCondition, condition.InitReason, OpenStackControlPlaneCAReadyInitMessage), diff --git a/apis/core/v1beta1/openstackcontrolplane_webhook.go b/apis/core/v1beta1/openstackcontrolplane_webhook.go index a36c9603f..59f564738 100644 --- a/apis/core/v1beta1/openstackcontrolplane_webhook.go +++ b/apis/core/v1beta1/openstackcontrolplane_webhook.go @@ -155,6 +155,10 @@ func (r *OpenStackControlPlane) checkDepsEnabled(name string) string { if !((r.Spec.Mariadb.Enabled || r.Spec.Galera.Enabled) && r.Spec.Memcached.Enabled && r.Spec.Keystone.Enabled) { reqs = "MariaDB or Galera, Memcached, Keystone" } + case "Barbican": + if !((r.Spec.Mariadb.Enabled || r.Spec.Galera.Enabled) && r.Spec.Keystone.Enabled) { + reqs = "MariaDB or Galera, Keystone" + } case "Octavia": // TODO(beagles): So far we haven't declared Redis as dependency for Octavia, but we might. if !((r.Spec.Mariadb.Enabled || r.Spec.Galera.Enabled) && r.Spec.Memcached.Enabled && r.Spec.Rabbitmq.Enabled && @@ -291,6 +295,13 @@ func (r *OpenStackControlPlane) ValidateServiceDependencies(basePath *field.Path } } + if r.Spec.Barbican.Enabled { + if depErrorMsg := r.checkDepsEnabled("Barbican"); depErrorMsg != "" { + err := field.Invalid(basePath.Child("barbican").Child("enabled"), r.Spec.Barbican.Enabled, depErrorMsg) + allErrs = append(allErrs, err) + } + } + return allErrs } @@ -420,6 +431,9 @@ func (r *OpenStackControlPlane) DefaultServices() { // Octavia r.Spec.Octavia.Template.Default() + // Barbican + r.Spec.Barbican.Template.Default() + // Redis for key, template := range r.Spec.Redis.Templates { template.Default() diff --git a/apis/core/v1beta1/zz_generated.deepcopy.go b/apis/core/v1beta1/zz_generated.deepcopy.go index 5a1952fdb..54ecdd009 100644 --- a/apis/core/v1beta1/zz_generated.deepcopy.go +++ b/apis/core/v1beta1/zz_generated.deepcopy.go @@ -33,6 +33,23 @@ import ( "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BarbicanSection) DeepCopyInto(out *BarbicanSection) { + *out = *in + in.Template.DeepCopyInto(&out.Template) + in.APIOverride.DeepCopyInto(&out.APIOverride) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BarbicanSection. +func (in *BarbicanSection) DeepCopy() *BarbicanSection { + if in == nil { + return nil + } + out := new(BarbicanSection) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CeilometerSection) DeepCopyInto(out *CeilometerSection) { *out = *in @@ -464,6 +481,7 @@ func (in *OpenStackControlPlaneSpec) DeepCopyInto(out *OpenStackControlPlaneSpec in.Swift.DeepCopyInto(&out.Swift) in.Octavia.DeepCopyInto(&out.Octavia) in.Designate.DeepCopyInto(&out.Designate) + in.Barbican.DeepCopyInto(&out.Barbican) in.Redis.DeepCopyInto(&out.Redis) in.OpenStackClient.DeepCopyInto(&out.OpenStackClient) if in.ExtraMounts != nil { diff --git a/apis/go.mod b/apis/go.mod index 809bce0c3..386c07365 100644 --- a/apis/go.mod +++ b/apis/go.mod @@ -5,6 +5,7 @@ go 1.19 require ( github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 + github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231121155117-5a217c748fbd github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231114160640-3c5c40e6cc3a github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20231113184257-f5f91f9b0986 github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20231117074407-25683ec68a7f diff --git a/apis/go.sum b/apis/go.sum index e38dcf794..04ed74ba7 100644 --- a/apis/go.sum +++ b/apis/go.sum @@ -2,6 +2,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -36,6 +38,7 @@ github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= @@ -101,8 +104,10 @@ github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+h github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -124,12 +129,16 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231121155117-5a217c748fbd h1:pgqxPq/B77Rl1gry/OxN+Bw8RG7TjGmY/yCduHixNZY= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231121155117-5a217c748fbd/go.mod h1:cW498Nb/C86IqMJSyP6QLmeo0MS7rEL7dUTm4iBZlxM= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231114160640-3c5c40e6cc3a h1:zKkWfeu+7mzFeTNLgZ10t70jMLwky7jHc1PfWUpJC3Y= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231114160640-3c5c40e6cc3a/go.mod h1:wV6KRR6y+QCJf5R6nQ7dSRQenKEFWV6TIHWhh9wTbMc= github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20231113184257-f5f91f9b0986 h1:m4h3nNtLYab80h3ke5HbSNFW/TMw01F2LFICDD2v5uk= diff --git a/cmd/csv-merger/csv-merger.go b/cmd/csv-merger/csv-merger.go index 10263cae5..02596ab5f 100644 --- a/cmd/csv-merger/csv-merger.go +++ b/cmd/csv-merger/csv-merger.go @@ -95,6 +95,7 @@ var ( swiftCsv = flag.String("swift-csv", "", "Swift CSV filename") octaviaCsv = flag.String("octavia-csv", "", "Octavia CSV filename") designateCsv = flag.String("designate-csv", "", "Designate CSV filename") + barbicanCsv = flag.String("barbican-csv", "", "Barbican CSV filename") csvOverrides = flag.String("csv-overrides", "", "CSV like string with punctual changes that will be recursively applied (if possible)") importEnvFiles = flag.String("import-env-files", "", "Comma separated list of file names to read default operator ENVs from. Used for inter-bundle ENV merging.") exportEnvFile = flag.String("export-env-file", "", "Name the external file to write operator ENVs to. Used for inter-bundle ENV merging.") @@ -142,6 +143,7 @@ func main() { *swiftCsv, *octaviaCsv, *designateCsv, + *barbicanCsv, } csvVersion := os.Getenv("CSV_VERSION") diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml index 2cb96eae8..f4d16b4fc 100644 --- a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -41,6 +41,422 @@ spec: type: object spec: properties: + barbican: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + insecureEdgeTerminationPolicy: + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + barbicanAPI: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanKeystoneListener: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanWorker: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + customServiceConfig: + type: string + databaseInstance: + type: string + databaseUser: + default: barbican + type: string + debug: + properties: + dbInitContainer: + default: false + type: boolean + dbSync: + default: false + type: boolean + initContainer: + default: false + type: boolean + service: + default: false + type: boolean + type: object + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + database: BarbicanDatabasePassword + service: BarbicanPassword + properties: + database: + default: BarbicanDatabasePassword + type: string + service: + default: BarbicanPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: barbican + type: string + simpleCryptoBackendKEKSecret: + type: string + required: + - barbicanAPI + - barbicanKeystoneListener + - barbicanWorker + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + type: object ceilometer: properties: enabled: diff --git a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml index 7b5383182..e96e98785 100644 --- a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml @@ -26,6 +26,21 @@ spec: kind: OpenStackControlPlane name: openstackcontrolplanes.core.openstack.org specDescriptors: + - description: APIOverride, provides the ability to override the generated manifest + of several child resources. + displayName: APIOverride + path: barbican.apiOverride + - description: TLS - overrides tls parameters for public endpoint + displayName: TLS + path: barbican.apiOverride.tls + - description: Enabled - Whether Barbican service should be deployed and managed + displayName: Enabled + path: barbican.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Template - Overrides to use when creating the Barbican Service + displayName: Template + path: barbican.template - description: Enabled - Whether OpenStack Ceilometer servicesshould be deployed and managed displayName: Enabled diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 18158bef0..401a26acf 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -27,6 +27,18 @@ rules: - list - update - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: diff --git a/config/samples/core_v1beta1_openstackcontrolplane.yaml b/config/samples/core_v1beta1_openstackcontrolplane.yaml index de29fb8a1..a7dc95f53 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane.yaml @@ -51,6 +51,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml b/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml index 34b3645fa..2244d3587 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml @@ -28,6 +28,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml index df9aa8367..9294d7187 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml @@ -44,6 +44,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml index 38e7ada55..68a315146 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml @@ -44,6 +44,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml index 264abd727..a11575493 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml @@ -134,6 +134,28 @@ spec: secret: osp-secret networkAttachments: - internalapi + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 horizon: apiOverride: route: {} diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml index d5692ce77..463ebc835 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml @@ -55,6 +55,28 @@ spec: networkAttachments: - storage replicas: 0 # backend needs to be configured + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 glance: apiOverride: route: {} diff --git a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml index aa538e4d9..6e243ae25 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml @@ -55,6 +55,28 @@ spec: networkAttachments: - storage replicas: 0 # backend needs to be configured + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 glance: apiOverride: route: {} diff --git a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml index 79fb7fce2..e22445f55 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml @@ -41,6 +41,28 @@ spec: values: - 192.168.122.1 replicas: 1 + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 cinder: apiOverride: route: {} diff --git a/controllers/core/openstackcontrolplane_controller.go b/controllers/core/openstackcontrolplane_controller.go index 0371b1ef1..45eca8210 100644 --- a/controllers/core/openstackcontrolplane_controller.go +++ b/controllers/core/openstackcontrolplane_controller.go @@ -22,6 +22,7 @@ import ( certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" routev1 "github.com/openshift/api/route/v1" + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1" heatv1 "github.com/openstack-k8s-operators/heat-operator/api/v1beta1" @@ -94,6 +95,7 @@ type OpenStackControlPlaneReconciler struct { //+kubebuilder:rbac:groups=telemetry.openstack.org,resources=ceilometers,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=swift.openstack.org,resources=swifts,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=octavia.openstack.org,resources=octavias,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=barbican.openstack.org,resources=barbicans,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=designate.openstack.org,resources=designates,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=redis.openstack.org,resources=redises,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update;patch;delete; @@ -333,6 +335,13 @@ func (r *OpenStackControlPlaneReconciler) reconcileNormal(ctx context.Context, i return ctrlResult, nil } + ctrlResult, err = openstack.ReconcileBarbican(ctx, instance, helper) + if err != nil { + return ctrl.Result{}, err + } else if (ctrlResult != ctrl.Result{}) { + return ctrlResult, nil + } + return ctrl.Result{}, nil } @@ -367,5 +376,6 @@ func (r *OpenStackControlPlaneReconciler) SetupWithManager(mgr ctrl.Manager) err Owns(&routev1.Route{}). Owns(&certmgrv1.Issuer{}). Owns(&certmgrv1.Certificate{}). + Owns(&barbicanv1.Barbican{}). Complete(r) } diff --git a/custom-bundle.Dockerfile b/custom-bundle.Dockerfile index 2c5727dd1..398e42f30 100644 --- a/custom-bundle.Dockerfile +++ b/custom-bundle.Dockerfile @@ -19,6 +19,7 @@ ARG MANILA_BUNDLE=quay.io/openstack-k8s-operators/manila-operator-bundle:latest ARG SWIFT_BUNDLE=quay.io/openstack-k8s-operators/swift-operator-bundle:latest ARG OCTAVIA_BUNDLE=quay.io/openstack-k8s-operators/octavia-operator-bundle:latest ARG DESIGNATE_BUNDLE=quay.io/openstack-k8s-operators/designate-operator-bundle:latest +ARG BARBICAN_BUNDLE=quay.io/openstack-k8s-operators/barbican-operator-bundle:latest # Build the manager binary FROM $GOLANG_CTX as builder @@ -61,6 +62,7 @@ FROM $MANILA_BUNDLE as manila-bundle FROM $SWIFT_BUNDLE as swift-bundle FROM $OCTAVIA_BUNDLE as octavia-bundle FROM $DESIGNATE_BUNDLE as designate-bundle +FROM $BARBICAN_BUNDLE as barbican-bundle FROM $GOLANG_CTX as merger WORKDIR /workspace @@ -90,6 +92,7 @@ COPY --from=manila-bundle /manifests/* /manifests/ COPY --from=swift-bundle /manifests/* /manifests/ COPY --from=octavia-bundle /manifests/* /manifests/ COPY --from=designate-bundle /manifests/* /manifests/ +COPY --from=barbican-bundle /manifests/* /manifests/ # extract all the env vars (NOTE/FIXME: base-csv is unused below to be refactored) RUN /workspace/csv-merger \ @@ -113,6 +116,7 @@ RUN /workspace/csv-merger \ --swift-csv=/manifests/swift-operator.clusterserviceversion.yaml \ --octavia-csv=/manifests/octavia-operator.clusterserviceversion.yaml \ --designate-csv=/manifests/designate-operator.clusterserviceversion.yaml \ + --barbican-csv=/manifests/barbican-operator.clusterserviceversion.yaml \ --base-csv=/manifests/openstack-operator.clusterserviceversion.yaml | tee /fixme-required-for-now-but-will-can-made-optional.yaml # apply all the ENV vars to the actual base-csv diff --git a/dependencies.yaml b/dependencies.yaml index 08807b588..506eb6436 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -3,6 +3,10 @@ dependencies: value: packageName: rabbitmq-cluster-operator version: ">=0.0.0" + - type: olm.package + value: + packageName: barbican-operator + version: ">=0.0.0" - type: olm.package value: packageName: cinder-operator diff --git a/go.mod b/go.mod index 01e8e9bdd..e3d5865a2 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/imdario/mergo v0.3.16 github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 + github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231121155117-5a217c748fbd github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231114160640-3c5c40e6cc3a github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20231120051517-d5780483eee7 github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20231113184257-f5f91f9b0986 diff --git a/go.sum b/go.sum index 2746f9024..157c94b69 100644 --- a/go.sum +++ b/go.sum @@ -2,6 +2,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -41,6 +43,7 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= @@ -106,8 +109,10 @@ github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+h github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0 h1:VzM3TYHDgqPkettiP6I6q2jOeQFL4nrJM+UcAc4f6Fs= github.com/k8snetworkplumbingwg/network-attachment-definition-client v1.4.0/go.mod h1:nqCI7aelBJU61wiBeeZWJ6oi4bJy5nrjkM6lWIMA4j0= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= @@ -135,12 +140,17 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo/v2 v2.13.1 h1:LNGfMbR2OVGBfXjvRZIZ2YCTQdGKtPLvuI1rMCCj3OU= github.com/onsi/ginkgo/v2 v2.13.1/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231121155117-5a217c748fbd h1:pgqxPq/B77Rl1gry/OxN+Bw8RG7TjGmY/yCduHixNZY= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231121155117-5a217c748fbd/go.mod h1:cW498Nb/C86IqMJSyP6QLmeo0MS7rEL7dUTm4iBZlxM= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231114160640-3c5c40e6cc3a h1:zKkWfeu+7mzFeTNLgZ10t70jMLwky7jHc1PfWUpJC3Y= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231114160640-3c5c40e6cc3a/go.mod h1:wV6KRR6y+QCJf5R6nQ7dSRQenKEFWV6TIHWhh9wTbMc= github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20231120051517-d5780483eee7 h1:jBJaB5XWLcKMEdVkRcF2SL70GZ/Wo0IZZ6NqnacSVxM= @@ -360,6 +370,7 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/main.go b/main.go index 2d08b2285..6a8fb7629 100644 --- a/main.go +++ b/main.go @@ -30,6 +30,7 @@ import ( _ "k8s.io/client-go/plugin/pkg/client/auth" certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" dataplanev1beta1 "github.com/openstack-k8s-operators/dataplane-operator/api/v1beta1" designatev1 "github.com/openstack-k8s-operators/designate-operator/api/v1beta1" @@ -107,6 +108,7 @@ func init() { utilruntime.Must(redisv1.AddToScheme(scheme)) utilruntime.Must(routev1.AddToScheme(scheme)) utilruntime.Must(certmgrv1.AddToScheme(scheme)) + utilruntime.Must(barbicanv1.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } @@ -304,4 +306,7 @@ func setupServiceOperatorDefaults() { // Designate designatev1.SetupDefaults() + + // Barbican + barbicanv1.SetupDefaults() } diff --git a/pkg/openstack/barbican.go b/pkg/openstack/barbican.go new file mode 100644 index 000000000..dd648299e --- /dev/null +++ b/pkg/openstack/barbican.go @@ -0,0 +1,134 @@ +package openstack + +import ( + "context" + "fmt" + + "github.com/openstack-k8s-operators/lib-common/modules/common" + "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + "github.com/openstack-k8s-operators/lib-common/modules/common/helper" + "github.com/openstack-k8s-operators/lib-common/modules/common/service" + + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" + corev1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1" + k8s_errors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" +) + +// ReconcileBarbican - +func ReconcileBarbican(ctx context.Context, instance *corev1beta1.OpenStackControlPlane, helper *helper.Helper) (ctrl.Result, error) { + barbican := &barbicanv1.Barbican{ + ObjectMeta: metav1.ObjectMeta{ + Name: "barbican", + Namespace: instance.Namespace, + }, + } + + if !instance.Spec.Barbican.Enabled { + if res, err := EnsureDeleted(ctx, helper, barbican); err != nil { + return res, err + } + instance.Status.Conditions.Remove(corev1beta1.OpenStackControlPlaneBarbicanReadyCondition) + instance.Status.Conditions.Remove(corev1beta1.OpenStackControlPlaneExposeBarbicanReadyCondition) + return ctrl.Result{}, nil + } + + // add selector to service overrides + for _, endpointType := range []service.Endpoint{service.EndpointPublic, service.EndpointInternal} { + if instance.Spec.Barbican.Template.BarbicanAPI.Override.Service == nil { + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service = map[service.Endpoint]service.RoutedOverrideSpec{} + } + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service[endpointType] = + AddServiceComponentLabel( + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service[endpointType], + barbican.Name) + } + + // When component services got created check if there is the need to create a route + if err := helper.GetClient().Get(ctx, types.NamespacedName{Name: "barbican", Namespace: instance.Namespace}, barbican); err != nil { + if !k8s_errors.IsNotFound(err) { + return ctrl.Result{}, err + } + } + + if barbican.Status.Conditions.IsTrue(barbicanv1.BarbicanAPIReadyCondition) { + svcs, err := service.GetServicesListWithLabel( + ctx, + helper, + instance.Namespace, + map[string]string{common.AppSelector: barbican.Name}, + ) + if err != nil { + return ctrl.Result{}, err + } + + var ctrlResult reconcile.Result + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service, ctrlResult, err = EnsureEndpointConfig( + ctx, + instance, + helper, + barbican, + svcs, + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service, + instance.Spec.Barbican.APIOverride, + corev1beta1.OpenStackControlPlaneExposeBarbicanReadyCondition, + ) + if err != nil { + return ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return ctrlResult, nil + } + } + + helper.GetLogger().Info("Reconciling Barbican", "Barbican.Namespace", instance.Namespace, "Barbican.Name", "barbican") + op, err := controllerutil.CreateOrPatch(ctx, helper.GetClient(), barbican, func() error { + instance.Spec.Barbican.Template.DeepCopyInto(&barbican.Spec) + + if barbican.Spec.Secret == "" { + barbican.Spec.Secret = instance.Spec.Secret + } + if barbican.Spec.NodeSelector == nil && instance.Spec.NodeSelector != nil { + barbican.Spec.NodeSelector = instance.Spec.NodeSelector + } + if barbican.Spec.DatabaseInstance == "" { + //barbican.Spec.DatabaseInstance = instance.Name // name of MariaDB we create here + barbican.Spec.DatabaseInstance = "openstack" //FIXME: see above + } + + err := controllerutil.SetControllerReference(helper.GetBeforeObject(), barbican, helper.GetScheme()) + if err != nil { + return err + } + return nil + }) + + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + corev1beta1.OpenStackControlPlaneBarbicanReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + corev1beta1.OpenStackControlPlaneBarbicanReadyErrorMessage, + err.Error())) + return ctrl.Result{}, err + } + if op != controllerutil.OperationResultNone { + helper.GetLogger().Info(fmt.Sprintf("barbican %s - %s", barbican.Name, op)) + } + + if barbican.IsReady() { + instance.Status.Conditions.MarkTrue(corev1beta1.OpenStackControlPlaneBarbicanReadyCondition, corev1beta1.OpenStackControlPlaneBarbicanReadyMessage) + } else { + instance.Status.Conditions.Set(condition.FalseCondition( + corev1beta1.OpenStackControlPlaneBarbicanReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + corev1beta1.OpenStackControlPlaneBarbicanReadyRunningMessage)) + } + + return ctrl.Result{}, nil +} diff --git a/tests/functional/base_test.go b/tests/functional/base_test.go index 1f7e570d4..cc37adafc 100644 --- a/tests/functional/base_test.go +++ b/tests/functional/base_test.go @@ -225,6 +225,9 @@ func GetDefaultOpenStackControlPlaneSpec() map[string]interface{} { "designate": map[string]interface{}{ "enabled": false, }, + "barbican": map[string]interface{}{ + "enabled": false, + }, } } diff --git a/tests/functional/suite_test.go b/tests/functional/suite_test.go index 7f9482493..3f23be5b8 100644 --- a/tests/functional/suite_test.go +++ b/tests/functional/suite_test.go @@ -29,6 +29,7 @@ import ( routev1 "github.com/openshift/api/route/v1" rabbitmqv2 "github.com/rabbitmq/cluster-operator/v2/api/v1beta1" + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" designatev1 "github.com/openstack-k8s-operators/designate-operator/api/v1beta1" glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1" @@ -157,6 +158,9 @@ var _ = BeforeSuite(func() { designatev1CRDs, err := test.GetCRDDirFromModule( "github.com/openstack-k8s-operators/designate-operator/api", "../../go.mod", "bases") Expect(err).ShouldNot(HaveOccurred()) + barbicanv1CRDs, err := test.GetCRDDirFromModule( + "github.com/openstack-k8s-operators/barbican-operator/api", "../../go.mod", "bases") + Expect(err).ShouldNot(HaveOccurred()) rabbitmqv2CRDs, err := test.GetCRDDirFromModule( "github.com/rabbitmq/cluster-operator/v2", "../../go.mod", "config/crd/bases") Expect(err).ShouldNot(HaveOccurred()) @@ -185,6 +189,7 @@ var _ = BeforeSuite(func() { swiftv1CRDs, telemetryv1CRDs, designatev1CRDs, + barbicanv1CRDs, rabbitmqv2CRDs, certmgrv1CRDs, }, @@ -245,6 +250,8 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) err = designatev1.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) + err = barbicanv1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) err = rabbitmqv2.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) err = certmgrv1.AddToScheme(scheme.Scheme) diff --git a/tests/kuttl/common/assert-sample-deployment.yaml b/tests/kuttl/common/assert-sample-deployment.yaml index 1bc6f0b4e..35bf67ce6 100644 --- a/tests/kuttl/common/assert-sample-deployment.yaml +++ b/tests/kuttl/common/assert-sample-deployment.yaml @@ -159,6 +159,17 @@ spec: replicas: 0 # backend needs to be configured designateBackendbind9: replicas: 0 # backend needs to be configured + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 tls: endpoint: internal: @@ -195,6 +206,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneExposeGlanceReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane keystone service exposed reason: Ready status: "True" @@ -219,6 +234,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneGlanceReady + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane KeystoneAPI completed reason: Ready status: "True" diff --git a/tests/kuttl/common/errors_cleanup_openstack.yaml b/tests/kuttl/common/errors_cleanup_openstack.yaml index 1e95b4b0d..0da265e39 100644 --- a/tests/kuttl/common/errors_cleanup_openstack.yaml +++ b/tests/kuttl/common/errors_cleanup_openstack.yaml @@ -195,6 +195,11 @@ metadata: --- apiVersion: route.openshift.io/v1 kind: Route +metadata: + name: barbican-public +--- +apiVersion: route.openshift.io/v1 +kind: Route metadata: name: keystone-public --- diff --git a/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml b/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml index 2746b0de4..3c00b5e22 100644 --- a/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml +++ b/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml @@ -106,6 +106,17 @@ spec: service: CeilometerPassword secret: osp-secret serviceUser: ceilometer + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 tls: endpoint: internal: @@ -142,6 +153,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneExposeGlanceReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane keystone service exposed reason: Ready status: "True" @@ -162,6 +177,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneGlanceReady + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane KeystoneAPI completed reason: Ready status: "True" diff --git a/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml b/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml index 35efe9d7d..53d4306f3 100644 --- a/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml +++ b/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml @@ -59,6 +59,17 @@ spec: cinderVolumes: volume1: replicas: 0 # backend needs to be configured + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 manila: template: manilaAPI: @@ -152,6 +163,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneExposeGlanceReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane keystone service exposed reason: Ready status: "True" @@ -172,6 +187,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneGlanceReady + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane KeystoneAPI completed reason: Ready status: "True" diff --git a/tests/kuttl/tests/galera-basic/01-assert-galera.yaml b/tests/kuttl/tests/galera-basic/01-assert-galera.yaml index 57379a3bc..881e7e139 100644 --- a/tests/kuttl/tests/galera-basic/01-assert-galera.yaml +++ b/tests/kuttl/tests/galera-basic/01-assert-galera.yaml @@ -59,6 +59,17 @@ spec: cinderVolumes: volume1: replicas: 0 # backend needs to be configured + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 manila: template: manilaAPI: @@ -171,6 +182,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneExposeGlanceReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane keystone service exposed reason: Ready status: "True" @@ -195,6 +210,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneGlanceReady + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane KeystoneAPI completed reason: Ready status: "True"