diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml index 261a70ccf..ca37166c0 100644 --- a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -41,6 +41,422 @@ spec: type: object spec: properties: + barbican: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + insecureEdgeTerminationPolicy: + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + barbicanAPI: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanKeystoneListener: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanWorker: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + customServiceConfig: + type: string + databaseInstance: + type: string + databaseUser: + default: barbican + type: string + debug: + properties: + dbInitContainer: + default: false + type: boolean + dbSync: + default: false + type: boolean + initContainer: + default: false + type: boolean + service: + default: false + type: boolean + type: object + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + database: BarbicanDatabasePassword + service: BarbicanPassword + properties: + database: + default: BarbicanDatabasePassword + type: string + service: + default: BarbicanPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: barbican + type: string + simpleCryptoBackendKEKSecret: + type: string + required: + - barbicanAPI + - barbicanKeystoneListener + - barbicanWorker + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + type: object ceilometer: properties: enabled: diff --git a/apis/core/v1beta1/conditions.go b/apis/core/v1beta1/conditions.go index 074fbc97a..464504546 100644 --- a/apis/core/v1beta1/conditions.go +++ b/apis/core/v1beta1/conditions.go @@ -147,6 +147,9 @@ const ( // OpenStackControlPlaneDesignateReadyCondition Status=True condition which indicates if Designate is configured and operational OpenStackControlPlaneDesignateReadyCondition condition.Type = "OpenStackControlPlaneDesignateReady" + // OpenStackControlPlaneBarbicanReadyCondition Status=True condition which indicates if Barbican is configured and operational + OpenStackControlPlaneBarbicanReadyCondition condition.Type = "OpenStackControlPlaneBarbicanReady" + // OpenStackControlPlaneRedisReadyCondition Status=True condition which indicates if Redis is configured and operational OpenStackControlPlaneRedisReadyCondition condition.Type = "OpenStackControlPlaneRedisReady" @@ -155,6 +158,9 @@ const ( // OpenStackControlPlaneExposeDesignateReadyCondition Status=True condition which indicates if Designate is exposed via a route OpenStackControlPlaneExposeDesignateReadyCondition condition.Type = "OpenStackControlPlaneExposeDesignateReady" + + // OpenStackControlPlaneExposeBarbicanReadyCondition Status=True condition which indicates if Barbican is exposed via a route + OpenStackControlPlaneExposeBarbicanReadyCondition condition.Type = "OpenStackControlPlaneExposeBarbicanReady" ) // OpenStackControlPlane Reasons used by API objects. @@ -385,6 +391,18 @@ const ( // OpenStackControlPlaneDesignateReadyErrorMessage OpenStackControlPlaneDesignateReadyErrorMessage = "OpenStackControlPlane Designate error occured %s" + // OpenStackControlPlaneBarbicanReadyInitMessage + OpenStackControlPlaneBarbicanReadyInitMessage = "OpenStackControlPlane Barbican not started" + + // OpenStackControlPlaneBarbicanReadyMessage + OpenStackControlPlaneBarbicanReadyMessage = "OpenStackControlPlane Barbican completed" + + // OpenStackControlPlaneBarbicanReadyRunningMessage + OpenStackControlPlaneBarbicanReadyRunningMessage = "OpenStackControlPlane Barbican in progress" + + // OpenStackControlPlaneBarbicanReadyErrorMessage + OpenStackControlPlaneBarbicanReadyErrorMessage = "OpenStackControlPlane Barbican error occured %s" + // OpenStackControlPlaneRedisReadyInitMessage OpenStackControlPlaneRedisReadyInitMessage = "OpenStackControlPlane Redis not started" diff --git a/apis/core/v1beta1/openstackcontrolplane_types.go b/apis/core/v1beta1/openstackcontrolplane_types.go index e2213a83a..e8af7c9d7 100644 --- a/apis/core/v1beta1/openstackcontrolplane_types.go +++ b/apis/core/v1beta1/openstackcontrolplane_types.go @@ -17,6 +17,7 @@ limitations under the License. package v1beta1 import ( + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" designatev1 "github.com/openstack-k8s-operators/designate-operator/api/v1beta1" glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1" @@ -168,6 +169,9 @@ type OpenStackControlPlaneSpec struct { // Designate - Parameters related to the Designate service Designate DesignateSection `json:"designate,omitempty"` + // Barbican - Parameters related to the Barbican service + Barbican BarbicanSection `json:"barbican,omitempty"` + // Redis - Parameters related to the Redis service Redis RedisSection `json:"redis,omitempty"` @@ -621,6 +625,25 @@ type DesignateSection struct { APIOverride Override `json:"apiOverride,omitempty"` } +// BarbicanSection defines the desired state of Barbican service +type BarbicanSection struct { + // +kubebuilder:validation:Optional + // +kubebuilder:default=true + // +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors={"urn:alm:descriptor:com.tectonic.ui:booleanSwitch"} + // Enabled - Whether Barbican service should be deployed and managed + Enabled bool `json:"enabled"` + + // +kubebuilder:validation:Optional + //+operator-sdk:csv:customresourcedefinitions:type=spec + // Template - Overrides to use when creating the Barbican Service + Template barbicanv1.BarbicanSpec `json:"template,omitempty"` + + // +kubebuilder:validation:Optional + // +operator-sdk:csv:customresourcedefinitions:type=spec + // APIOverride, provides the ability to override the generated manifest of several child resources. + APIOverride Override `json:"apiOverride,omitempty"` +} + // RedisSection defines the desired state of the Redis service type RedisSection struct { // +kubebuilder:validation:Optional @@ -724,6 +747,7 @@ func (instance *OpenStackControlPlane) InitConditions() { condition.UnknownCondition(OpenStackControlPlaneSwiftReadyCondition, condition.InitReason, OpenStackControlPlaneSwiftReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneOctaviaReadyCondition, condition.InitReason, OpenStackControlPlaneOctaviaReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneDesignateReadyCondition, condition.InitReason, OpenStackControlPlaneDesignateReadyInitMessage), + condition.UnknownCondition(OpenStackControlPlaneBarbicanReadyCondition, condition.InitReason, OpenStackControlPlaneBarbicanReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneRedisReadyCondition, condition.InitReason, OpenStackControlPlaneRedisReadyInitMessage), condition.UnknownCondition(OpenStackControlPlaneCAReadyCondition, condition.InitReason, OpenStackControlPlaneCAReadyInitMessage), diff --git a/apis/core/v1beta1/openstackcontrolplane_webhook.go b/apis/core/v1beta1/openstackcontrolplane_webhook.go index a36c9603f..59f564738 100644 --- a/apis/core/v1beta1/openstackcontrolplane_webhook.go +++ b/apis/core/v1beta1/openstackcontrolplane_webhook.go @@ -155,6 +155,10 @@ func (r *OpenStackControlPlane) checkDepsEnabled(name string) string { if !((r.Spec.Mariadb.Enabled || r.Spec.Galera.Enabled) && r.Spec.Memcached.Enabled && r.Spec.Keystone.Enabled) { reqs = "MariaDB or Galera, Memcached, Keystone" } + case "Barbican": + if !((r.Spec.Mariadb.Enabled || r.Spec.Galera.Enabled) && r.Spec.Keystone.Enabled) { + reqs = "MariaDB or Galera, Keystone" + } case "Octavia": // TODO(beagles): So far we haven't declared Redis as dependency for Octavia, but we might. if !((r.Spec.Mariadb.Enabled || r.Spec.Galera.Enabled) && r.Spec.Memcached.Enabled && r.Spec.Rabbitmq.Enabled && @@ -291,6 +295,13 @@ func (r *OpenStackControlPlane) ValidateServiceDependencies(basePath *field.Path } } + if r.Spec.Barbican.Enabled { + if depErrorMsg := r.checkDepsEnabled("Barbican"); depErrorMsg != "" { + err := field.Invalid(basePath.Child("barbican").Child("enabled"), r.Spec.Barbican.Enabled, depErrorMsg) + allErrs = append(allErrs, err) + } + } + return allErrs } @@ -420,6 +431,9 @@ func (r *OpenStackControlPlane) DefaultServices() { // Octavia r.Spec.Octavia.Template.Default() + // Barbican + r.Spec.Barbican.Template.Default() + // Redis for key, template := range r.Spec.Redis.Templates { template.Default() diff --git a/apis/core/v1beta1/zz_generated.deepcopy.go b/apis/core/v1beta1/zz_generated.deepcopy.go index 5a1952fdb..54ecdd009 100644 --- a/apis/core/v1beta1/zz_generated.deepcopy.go +++ b/apis/core/v1beta1/zz_generated.deepcopy.go @@ -33,6 +33,23 @@ import ( "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BarbicanSection) DeepCopyInto(out *BarbicanSection) { + *out = *in + in.Template.DeepCopyInto(&out.Template) + in.APIOverride.DeepCopyInto(&out.APIOverride) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BarbicanSection. +func (in *BarbicanSection) DeepCopy() *BarbicanSection { + if in == nil { + return nil + } + out := new(BarbicanSection) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CeilometerSection) DeepCopyInto(out *CeilometerSection) { *out = *in @@ -464,6 +481,7 @@ func (in *OpenStackControlPlaneSpec) DeepCopyInto(out *OpenStackControlPlaneSpec in.Swift.DeepCopyInto(&out.Swift) in.Octavia.DeepCopyInto(&out.Octavia) in.Designate.DeepCopyInto(&out.Designate) + in.Barbican.DeepCopyInto(&out.Barbican) in.Redis.DeepCopyInto(&out.Redis) in.OpenStackClient.DeepCopyInto(&out.OpenStackClient) if in.ExtraMounts != nil { diff --git a/apis/go.mod b/apis/go.mod index 0a9b07f26..828688e58 100644 --- a/apis/go.mod +++ b/apis/go.mod @@ -5,6 +5,7 @@ go 1.19 require ( github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 + github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231122193628-96ca1e05d8ad github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231121084647-689b50f424d8 github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20231121201004-def8670ef7e9 github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20231121125418-e3f2a877f48c diff --git a/apis/go.sum b/apis/go.sum index 3eff619bb..9ee12b6d6 100644 --- a/apis/go.sum +++ b/apis/go.sum @@ -130,6 +130,8 @@ github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231122193628-96ca1e05d8ad h1:qBfLa7kRWzTCitV32Zvi89knSNMQgd4bCSGlA4baLHI= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231122193628-96ca1e05d8ad/go.mod h1:cW498Nb/C86IqMJSyP6QLmeo0MS7rEL7dUTm4iBZlxM= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231121084647-689b50f424d8 h1:zkKuC5JIiQB6AezfKBwUJfgNir/w9jSaeFT+naZgC6c= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231121084647-689b50f424d8/go.mod h1:wV6KRR6y+QCJf5R6nQ7dSRQenKEFWV6TIHWhh9wTbMc= github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20231121201004-def8670ef7e9 h1:mdaBbHhIqN5uUhL9z3gmNdRlCg3F3aDtvUZIXTcozQc= diff --git a/cmd/csv-merger/csv-merger.go b/cmd/csv-merger/csv-merger.go index 10263cae5..02596ab5f 100644 --- a/cmd/csv-merger/csv-merger.go +++ b/cmd/csv-merger/csv-merger.go @@ -95,6 +95,7 @@ var ( swiftCsv = flag.String("swift-csv", "", "Swift CSV filename") octaviaCsv = flag.String("octavia-csv", "", "Octavia CSV filename") designateCsv = flag.String("designate-csv", "", "Designate CSV filename") + barbicanCsv = flag.String("barbican-csv", "", "Barbican CSV filename") csvOverrides = flag.String("csv-overrides", "", "CSV like string with punctual changes that will be recursively applied (if possible)") importEnvFiles = flag.String("import-env-files", "", "Comma separated list of file names to read default operator ENVs from. Used for inter-bundle ENV merging.") exportEnvFile = flag.String("export-env-file", "", "Name the external file to write operator ENVs to. Used for inter-bundle ENV merging.") @@ -142,6 +143,7 @@ func main() { *swiftCsv, *octaviaCsv, *designateCsv, + *barbicanCsv, } csvVersion := os.Getenv("CSV_VERSION") diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml index 261a70ccf..ca37166c0 100644 --- a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml +++ b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml @@ -41,6 +41,422 @@ spec: type: object spec: properties: + barbican: + properties: + apiOverride: + properties: + route: + properties: + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + alternateBackends: + items: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + maxItems: 3 + type: array + host: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + path: + pattern: ^/ + type: string + port: + properties: + targetPort: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - targetPort + type: object + subdomain: + maxLength: 253 + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ + type: string + tls: + properties: + caCertificate: + type: string + certificate: + type: string + destinationCACertificate: + type: string + insecureEdgeTerminationPolicy: + type: string + key: + type: string + termination: + enum: + - edge + - reencrypt + - passthrough + type: string + required: + - termination + type: object + to: + properties: + kind: + enum: + - Service + - "" + type: string + name: + type: string + weight: + format: int32 + maximum: 256 + minimum: 0 + type: integer + type: object + wildcardPolicy: + enum: + - None + - Subdomain + - "" + type: string + type: object + type: object + tls: + properties: + secretName: + type: string + type: object + type: object + enabled: + default: true + type: boolean + template: + properties: + barbicanAPI: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + override: + properties: + service: + additionalProperties: + properties: + endpointURL: + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + spec: + properties: + externalName: + type: string + externalTrafficPolicy: + type: string + internalTrafficPolicy: + type: string + ipFamilyPolicy: + type: string + loadBalancerClass: + type: string + loadBalancerSourceRanges: + items: + type: string + type: array + sessionAffinity: + type: string + sessionAffinityConfig: + properties: + clientIP: + properties: + timeoutSeconds: + format: int32 + type: integer + type: object + type: object + type: + type: string + type: object + type: object + type: object + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanKeystoneListener: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + barbicanWorker: + properties: + containerImage: + type: string + customServiceConfig: + type: string + customServiceConfigSecrets: + items: + type: string + type: array + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + networkAttachments: + items: + type: string + type: array + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + default: 1 + format: int32 + maximum: 32 + minimum: 0 + type: integer + resources: + properties: + claims: + items: + properties: + name: + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + required: + - containerImage + type: object + customServiceConfig: + type: string + databaseInstance: + type: string + databaseUser: + default: barbican + type: string + debug: + properties: + dbInitContainer: + default: false + type: boolean + dbSync: + default: false + type: boolean + initContainer: + default: false + type: boolean + service: + default: false + type: boolean + type: object + defaultConfigOverwrite: + additionalProperties: + type: string + type: object + nodeSelector: + additionalProperties: + type: string + type: object + passwordSelectors: + default: + database: BarbicanDatabasePassword + service: BarbicanPassword + properties: + database: + default: BarbicanDatabasePassword + type: string + service: + default: BarbicanPassword + type: string + type: object + preserveJobs: + default: false + type: boolean + rabbitMqClusterName: + default: rabbitmq + type: string + secret: + type: string + serviceAccount: + type: string + serviceUser: + default: barbican + type: string + simpleCryptoBackendKEKSecret: + type: string + required: + - barbicanAPI + - barbicanKeystoneListener + - barbicanWorker + - databaseInstance + - rabbitMqClusterName + - serviceAccount + type: object + type: object ceilometer: properties: enabled: diff --git a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml index 7b5383182..e96e98785 100644 --- a/config/manifests/bases/openstack-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/openstack-operator.clusterserviceversion.yaml @@ -26,6 +26,21 @@ spec: kind: OpenStackControlPlane name: openstackcontrolplanes.core.openstack.org specDescriptors: + - description: APIOverride, provides the ability to override the generated manifest + of several child resources. + displayName: APIOverride + path: barbican.apiOverride + - description: TLS - overrides tls parameters for public endpoint + displayName: TLS + path: barbican.apiOverride.tls + - description: Enabled - Whether Barbican service should be deployed and managed + displayName: Enabled + path: barbican.enabled + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: Template - Overrides to use when creating the Barbican Service + displayName: Template + path: barbican.template - description: Enabled - Whether OpenStack Ceilometer servicesshould be deployed and managed displayName: Enabled diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 18158bef0..401a26acf 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -27,6 +27,18 @@ rules: - list - update - watch +- apiGroups: + - barbican.openstack.org + resources: + - barbicans + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - cert-manager.io resources: diff --git a/config/samples/core_v1beta1_openstackcontrolplane.yaml b/config/samples/core_v1beta1_openstackcontrolplane.yaml index de29fb8a1..a7dc95f53 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane.yaml @@ -51,6 +51,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml b/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml index 34b3645fa..2244d3587 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_collapsed_cell.yaml @@ -28,6 +28,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml index df9aa8367..9294d7187 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera.yaml @@ -44,6 +44,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml index 38e7ada55..68a315146 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera_3replicas.yaml @@ -44,6 +44,16 @@ spec: templates: memcached: replicas: 1 + barbican: + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 placement: template: databaseInstance: openstack diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml index 264abd727..a11575493 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation.yaml @@ -134,6 +134,28 @@ spec: secret: osp-secret networkAttachments: - internalapi + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 horizon: apiOverride: route: {} diff --git a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml index d5692ce77..463ebc835 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_galera_network_isolation_3replicas.yaml @@ -55,6 +55,28 @@ spec: networkAttachments: - storage replicas: 0 # backend needs to be configured + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 glance: apiOverride: route: {} diff --git a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml index aa538e4d9..6e243ae25 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation.yaml @@ -55,6 +55,28 @@ spec: networkAttachments: - storage replicas: 0 # backend needs to be configured + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 glance: apiOverride: route: {} diff --git a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml index 79fb7fce2..e22445f55 100644 --- a/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml +++ b/config/samples/core_v1beta1_openstackcontrolplane_network_isolation_ceph.yaml @@ -41,6 +41,28 @@ spec: values: - 192.168.122.1 replicas: 1 + barbican: + apiOverride: + route: {} + template: + override: + service: + internal: + metadata: + annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + spec: + type: LoadBalancer + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 cinder: apiOverride: route: {} diff --git a/controllers/core/openstackcontrolplane_controller.go b/controllers/core/openstackcontrolplane_controller.go index 0371b1ef1..45eca8210 100644 --- a/controllers/core/openstackcontrolplane_controller.go +++ b/controllers/core/openstackcontrolplane_controller.go @@ -22,6 +22,7 @@ import ( certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" routev1 "github.com/openshift/api/route/v1" + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1" heatv1 "github.com/openstack-k8s-operators/heat-operator/api/v1beta1" @@ -94,6 +95,7 @@ type OpenStackControlPlaneReconciler struct { //+kubebuilder:rbac:groups=telemetry.openstack.org,resources=ceilometers,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=swift.openstack.org,resources=swifts,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=octavia.openstack.org,resources=octavias,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=barbican.openstack.org,resources=barbicans,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=designate.openstack.org,resources=designates,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=redis.openstack.org,resources=redises,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update;patch;delete; @@ -333,6 +335,13 @@ func (r *OpenStackControlPlaneReconciler) reconcileNormal(ctx context.Context, i return ctrlResult, nil } + ctrlResult, err = openstack.ReconcileBarbican(ctx, instance, helper) + if err != nil { + return ctrl.Result{}, err + } else if (ctrlResult != ctrl.Result{}) { + return ctrlResult, nil + } + return ctrl.Result{}, nil } @@ -367,5 +376,6 @@ func (r *OpenStackControlPlaneReconciler) SetupWithManager(mgr ctrl.Manager) err Owns(&routev1.Route{}). Owns(&certmgrv1.Issuer{}). Owns(&certmgrv1.Certificate{}). + Owns(&barbicanv1.Barbican{}). Complete(r) } diff --git a/custom-bundle.Dockerfile b/custom-bundle.Dockerfile index 2c5727dd1..398e42f30 100644 --- a/custom-bundle.Dockerfile +++ b/custom-bundle.Dockerfile @@ -19,6 +19,7 @@ ARG MANILA_BUNDLE=quay.io/openstack-k8s-operators/manila-operator-bundle:latest ARG SWIFT_BUNDLE=quay.io/openstack-k8s-operators/swift-operator-bundle:latest ARG OCTAVIA_BUNDLE=quay.io/openstack-k8s-operators/octavia-operator-bundle:latest ARG DESIGNATE_BUNDLE=quay.io/openstack-k8s-operators/designate-operator-bundle:latest +ARG BARBICAN_BUNDLE=quay.io/openstack-k8s-operators/barbican-operator-bundle:latest # Build the manager binary FROM $GOLANG_CTX as builder @@ -61,6 +62,7 @@ FROM $MANILA_BUNDLE as manila-bundle FROM $SWIFT_BUNDLE as swift-bundle FROM $OCTAVIA_BUNDLE as octavia-bundle FROM $DESIGNATE_BUNDLE as designate-bundle +FROM $BARBICAN_BUNDLE as barbican-bundle FROM $GOLANG_CTX as merger WORKDIR /workspace @@ -90,6 +92,7 @@ COPY --from=manila-bundle /manifests/* /manifests/ COPY --from=swift-bundle /manifests/* /manifests/ COPY --from=octavia-bundle /manifests/* /manifests/ COPY --from=designate-bundle /manifests/* /manifests/ +COPY --from=barbican-bundle /manifests/* /manifests/ # extract all the env vars (NOTE/FIXME: base-csv is unused below to be refactored) RUN /workspace/csv-merger \ @@ -113,6 +116,7 @@ RUN /workspace/csv-merger \ --swift-csv=/manifests/swift-operator.clusterserviceversion.yaml \ --octavia-csv=/manifests/octavia-operator.clusterserviceversion.yaml \ --designate-csv=/manifests/designate-operator.clusterserviceversion.yaml \ + --barbican-csv=/manifests/barbican-operator.clusterserviceversion.yaml \ --base-csv=/manifests/openstack-operator.clusterserviceversion.yaml | tee /fixme-required-for-now-but-will-can-made-optional.yaml # apply all the ENV vars to the actual base-csv diff --git a/dependencies.yaml b/dependencies.yaml index 08807b588..506eb6436 100644 --- a/dependencies.yaml +++ b/dependencies.yaml @@ -3,6 +3,10 @@ dependencies: value: packageName: rabbitmq-cluster-operator version: ">=0.0.0" + - type: olm.package + value: + packageName: barbican-operator + version: ">=0.0.0" - type: olm.package value: packageName: cinder-operator diff --git a/go.mod b/go.mod index 8306beb2f..ec41b5c28 100644 --- a/go.mod +++ b/go.mod @@ -9,6 +9,7 @@ require ( github.com/imdario/mergo v0.3.16 github.com/onsi/ginkgo/v2 v2.13.1 github.com/onsi/gomega v1.30.0 + github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231122193628-96ca1e05d8ad github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231121084647-689b50f424d8 github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20231120221946-75def08c43f0 github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20231121201004-def8670ef7e9 diff --git a/go.sum b/go.sum index be639e04c..ed864a911 100644 --- a/go.sum +++ b/go.sum @@ -141,6 +141,8 @@ github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7 h1:rncLxJBpFGqBztyxCMwNRnMjhhIDOWHJowi6q8G6koI= github.com/openshift/api v0.0.0-20230414143018-3367bc7e6ac7/go.mod h1:ctXNyWanKEjGj8sss1KjjHQ3ENKFm33FFnS5BKaIPh4= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231122193628-96ca1e05d8ad h1:qBfLa7kRWzTCitV32Zvi89knSNMQgd4bCSGlA4baLHI= +github.com/openstack-k8s-operators/barbican-operator/api v0.0.0-20231122193628-96ca1e05d8ad/go.mod h1:cW498Nb/C86IqMJSyP6QLmeo0MS7rEL7dUTm4iBZlxM= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231121084647-689b50f424d8 h1:zkKuC5JIiQB6AezfKBwUJfgNir/w9jSaeFT+naZgC6c= github.com/openstack-k8s-operators/cinder-operator/api v0.3.1-0.20231121084647-689b50f424d8/go.mod h1:wV6KRR6y+QCJf5R6nQ7dSRQenKEFWV6TIHWhh9wTbMc= github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20231120221946-75def08c43f0 h1:Yo/V/PPc11rgHgNojI2OgIp3bLECB3/KBnlfbYwsfGw= diff --git a/main.go b/main.go index 2d08b2285..6a8fb7629 100644 --- a/main.go +++ b/main.go @@ -30,6 +30,7 @@ import ( _ "k8s.io/client-go/plugin/pkg/client/auth" certmgrv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" dataplanev1beta1 "github.com/openstack-k8s-operators/dataplane-operator/api/v1beta1" designatev1 "github.com/openstack-k8s-operators/designate-operator/api/v1beta1" @@ -107,6 +108,7 @@ func init() { utilruntime.Must(redisv1.AddToScheme(scheme)) utilruntime.Must(routev1.AddToScheme(scheme)) utilruntime.Must(certmgrv1.AddToScheme(scheme)) + utilruntime.Must(barbicanv1.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } @@ -304,4 +306,7 @@ func setupServiceOperatorDefaults() { // Designate designatev1.SetupDefaults() + + // Barbican + barbicanv1.SetupDefaults() } diff --git a/pkg/openstack/barbican.go b/pkg/openstack/barbican.go new file mode 100644 index 000000000..dd648299e --- /dev/null +++ b/pkg/openstack/barbican.go @@ -0,0 +1,134 @@ +package openstack + +import ( + "context" + "fmt" + + "github.com/openstack-k8s-operators/lib-common/modules/common" + "github.com/openstack-k8s-operators/lib-common/modules/common/condition" + "github.com/openstack-k8s-operators/lib-common/modules/common/helper" + "github.com/openstack-k8s-operators/lib-common/modules/common/service" + + "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" + corev1beta1 "github.com/openstack-k8s-operators/openstack-operator/apis/core/v1beta1" + k8s_errors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + ctrl "sigs.k8s.io/controller-runtime" +) + +// ReconcileBarbican - +func ReconcileBarbican(ctx context.Context, instance *corev1beta1.OpenStackControlPlane, helper *helper.Helper) (ctrl.Result, error) { + barbican := &barbicanv1.Barbican{ + ObjectMeta: metav1.ObjectMeta{ + Name: "barbican", + Namespace: instance.Namespace, + }, + } + + if !instance.Spec.Barbican.Enabled { + if res, err := EnsureDeleted(ctx, helper, barbican); err != nil { + return res, err + } + instance.Status.Conditions.Remove(corev1beta1.OpenStackControlPlaneBarbicanReadyCondition) + instance.Status.Conditions.Remove(corev1beta1.OpenStackControlPlaneExposeBarbicanReadyCondition) + return ctrl.Result{}, nil + } + + // add selector to service overrides + for _, endpointType := range []service.Endpoint{service.EndpointPublic, service.EndpointInternal} { + if instance.Spec.Barbican.Template.BarbicanAPI.Override.Service == nil { + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service = map[service.Endpoint]service.RoutedOverrideSpec{} + } + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service[endpointType] = + AddServiceComponentLabel( + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service[endpointType], + barbican.Name) + } + + // When component services got created check if there is the need to create a route + if err := helper.GetClient().Get(ctx, types.NamespacedName{Name: "barbican", Namespace: instance.Namespace}, barbican); err != nil { + if !k8s_errors.IsNotFound(err) { + return ctrl.Result{}, err + } + } + + if barbican.Status.Conditions.IsTrue(barbicanv1.BarbicanAPIReadyCondition) { + svcs, err := service.GetServicesListWithLabel( + ctx, + helper, + instance.Namespace, + map[string]string{common.AppSelector: barbican.Name}, + ) + if err != nil { + return ctrl.Result{}, err + } + + var ctrlResult reconcile.Result + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service, ctrlResult, err = EnsureEndpointConfig( + ctx, + instance, + helper, + barbican, + svcs, + instance.Spec.Barbican.Template.BarbicanAPI.Override.Service, + instance.Spec.Barbican.APIOverride, + corev1beta1.OpenStackControlPlaneExposeBarbicanReadyCondition, + ) + if err != nil { + return ctrlResult, err + } else if (ctrlResult != ctrl.Result{}) { + return ctrlResult, nil + } + } + + helper.GetLogger().Info("Reconciling Barbican", "Barbican.Namespace", instance.Namespace, "Barbican.Name", "barbican") + op, err := controllerutil.CreateOrPatch(ctx, helper.GetClient(), barbican, func() error { + instance.Spec.Barbican.Template.DeepCopyInto(&barbican.Spec) + + if barbican.Spec.Secret == "" { + barbican.Spec.Secret = instance.Spec.Secret + } + if barbican.Spec.NodeSelector == nil && instance.Spec.NodeSelector != nil { + barbican.Spec.NodeSelector = instance.Spec.NodeSelector + } + if barbican.Spec.DatabaseInstance == "" { + //barbican.Spec.DatabaseInstance = instance.Name // name of MariaDB we create here + barbican.Spec.DatabaseInstance = "openstack" //FIXME: see above + } + + err := controllerutil.SetControllerReference(helper.GetBeforeObject(), barbican, helper.GetScheme()) + if err != nil { + return err + } + return nil + }) + + if err != nil { + instance.Status.Conditions.Set(condition.FalseCondition( + corev1beta1.OpenStackControlPlaneBarbicanReadyCondition, + condition.ErrorReason, + condition.SeverityWarning, + corev1beta1.OpenStackControlPlaneBarbicanReadyErrorMessage, + err.Error())) + return ctrl.Result{}, err + } + if op != controllerutil.OperationResultNone { + helper.GetLogger().Info(fmt.Sprintf("barbican %s - %s", barbican.Name, op)) + } + + if barbican.IsReady() { + instance.Status.Conditions.MarkTrue(corev1beta1.OpenStackControlPlaneBarbicanReadyCondition, corev1beta1.OpenStackControlPlaneBarbicanReadyMessage) + } else { + instance.Status.Conditions.Set(condition.FalseCondition( + corev1beta1.OpenStackControlPlaneBarbicanReadyCondition, + condition.RequestedReason, + condition.SeverityInfo, + corev1beta1.OpenStackControlPlaneBarbicanReadyRunningMessage)) + } + + return ctrl.Result{}, nil +} diff --git a/tests/functional/base_test.go b/tests/functional/base_test.go index 1f7e570d4..cc37adafc 100644 --- a/tests/functional/base_test.go +++ b/tests/functional/base_test.go @@ -225,6 +225,9 @@ func GetDefaultOpenStackControlPlaneSpec() map[string]interface{} { "designate": map[string]interface{}{ "enabled": false, }, + "barbican": map[string]interface{}{ + "enabled": false, + }, } } diff --git a/tests/functional/suite_test.go b/tests/functional/suite_test.go index 7f9482493..3f23be5b8 100644 --- a/tests/functional/suite_test.go +++ b/tests/functional/suite_test.go @@ -29,6 +29,7 @@ import ( routev1 "github.com/openshift/api/route/v1" rabbitmqv2 "github.com/rabbitmq/cluster-operator/v2/api/v1beta1" + barbicanv1 "github.com/openstack-k8s-operators/barbican-operator/api/v1beta1" cinderv1 "github.com/openstack-k8s-operators/cinder-operator/api/v1beta1" designatev1 "github.com/openstack-k8s-operators/designate-operator/api/v1beta1" glancev1 "github.com/openstack-k8s-operators/glance-operator/api/v1beta1" @@ -157,6 +158,9 @@ var _ = BeforeSuite(func() { designatev1CRDs, err := test.GetCRDDirFromModule( "github.com/openstack-k8s-operators/designate-operator/api", "../../go.mod", "bases") Expect(err).ShouldNot(HaveOccurred()) + barbicanv1CRDs, err := test.GetCRDDirFromModule( + "github.com/openstack-k8s-operators/barbican-operator/api", "../../go.mod", "bases") + Expect(err).ShouldNot(HaveOccurred()) rabbitmqv2CRDs, err := test.GetCRDDirFromModule( "github.com/rabbitmq/cluster-operator/v2", "../../go.mod", "config/crd/bases") Expect(err).ShouldNot(HaveOccurred()) @@ -185,6 +189,7 @@ var _ = BeforeSuite(func() { swiftv1CRDs, telemetryv1CRDs, designatev1CRDs, + barbicanv1CRDs, rabbitmqv2CRDs, certmgrv1CRDs, }, @@ -245,6 +250,8 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) err = designatev1.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) + err = barbicanv1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) err = rabbitmqv2.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) err = certmgrv1.AddToScheme(scheme.Scheme) diff --git a/tests/kuttl/common/assert-sample-deployment.yaml b/tests/kuttl/common/assert-sample-deployment.yaml index 1bc6f0b4e..f1a044da6 100644 --- a/tests/kuttl/common/assert-sample-deployment.yaml +++ b/tests/kuttl/common/assert-sample-deployment.yaml @@ -159,6 +159,17 @@ spec: replicas: 0 # backend needs to be configured designateBackendbind9: replicas: 0 # backend needs to be configured + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 tls: endpoint: internal: @@ -171,6 +182,10 @@ status: reason: Ready status: "True" type: Ready + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane CAs completed reason: Ready status: "True" @@ -187,6 +202,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneClientReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane cinder service exposed reason: Ready status: "True" diff --git a/tests/kuttl/common/errors_cleanup_openstack.yaml b/tests/kuttl/common/errors_cleanup_openstack.yaml index 1e95b4b0d..0da265e39 100644 --- a/tests/kuttl/common/errors_cleanup_openstack.yaml +++ b/tests/kuttl/common/errors_cleanup_openstack.yaml @@ -195,6 +195,11 @@ metadata: --- apiVersion: route.openshift.io/v1 kind: Route +metadata: + name: barbican-public +--- +apiVersion: route.openshift.io/v1 +kind: Route metadata: name: keystone-public --- diff --git a/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml b/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml index 2746b0de4..a07301179 100644 --- a/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml +++ b/tests/kuttl/tests/collapsed/01-assert-collapsed-cell.yaml @@ -106,6 +106,17 @@ spec: service: CeilometerPassword secret: osp-secret serviceUser: ceilometer + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 tls: endpoint: internal: @@ -118,6 +129,10 @@ status: reason: Ready status: "True" type: Ready + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane CAs completed reason: Ready status: "True" @@ -134,6 +149,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneClientReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane cinder service exposed reason: Ready status: "True" diff --git a/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml b/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml index 35efe9d7d..e84a56d4c 100644 --- a/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml +++ b/tests/kuttl/tests/galera-3replicas/01-assert-galera-3replicas.yaml @@ -59,6 +59,17 @@ spec: cinderVolumes: volume1: replicas: 0 # backend needs to be configured + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 manila: template: manilaAPI: @@ -128,6 +139,10 @@ status: reason: Ready status: "True" type: Ready + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane CAs completed reason: Ready status: "True" @@ -144,6 +159,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneClientReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane cinder service exposed reason: Ready status: "True" diff --git a/tests/kuttl/tests/galera-basic/01-assert-galera.yaml b/tests/kuttl/tests/galera-basic/01-assert-galera.yaml index 57379a3bc..16ad79517 100644 --- a/tests/kuttl/tests/galera-basic/01-assert-galera.yaml +++ b/tests/kuttl/tests/galera-basic/01-assert-galera.yaml @@ -59,6 +59,17 @@ spec: cinderVolumes: volume1: replicas: 0 # backend needs to be configured + barbican: + enabled: true + template: + databaseInstance: openstack + secret: osp-secret + barbicanAPI: + replicas: 1 + barbicanWorker: + replicas: 1 + barbicanKeystoneListener: + replicas: 1 manila: template: manilaAPI: @@ -147,6 +158,10 @@ status: reason: Ready status: "True" type: Ready + - message: OpenStackControlPlane Barbican completed + reason: Ready + status: "True" + type: OpenStackControlPlaneBarbicanReady - message: OpenStackControlPlane CAs completed reason: Ready status: "True" @@ -163,6 +178,10 @@ status: reason: Ready status: "True" type: OpenStackControlPlaneClientReady + - message: OpenStackControlPlane barbican service exposed + reason: Ready + status: "True" + type: OpenStackControlPlaneExposeBarbicanReady - message: OpenStackControlPlane cinder service exposed reason: Ready status: "True" diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml index 5ef3a501b..87b41621f 100644 --- a/zuul.d/projects.yaml +++ b/zuul.d/projects.yaml @@ -10,6 +10,10 @@ compute-feature-enabled.vnc_console: true compute-feature-enabled.stable_rescue: true compute_feature_enabled.hostname_fqdn_sanitization: true + # NOTE(alee) these tests will fail with barbican in the mix + # while cinder/nova is not configured to talk to barbican + # re-enable this when that support is added + compute-feature-enabled.attach_encrypted_volume: false validation.run_validation: true # NOTE(gibi): This is a WA to force the publicURL as otherwise # tempest gets configured with adminURL and that causes test