diff --git a/config/samples/oathkeeper_v1alpha1_rule.yaml b/config/samples/oathkeeper_v1alpha1_rule.yaml index 8fda814..f9cc0f8 100644 --- a/config/samples/oathkeeper_v1alpha1_rule.yaml +++ b/config/samples/oathkeeper_v1alpha1_rule.yaml @@ -1,10 +1,105 @@ --- +apiVersion: v1 +kind: Namespace +metadata: + name: test-ns-1 +--- apiVersion: oathkeeper.ory.sh/v1alpha1 kind: Rule metadata: name: sample-rule-1 + namespace: test-ns-1 +spec: + description: Sample rule + upstream: + url: "http://abc.ef" + preserveHost: false + match: + methods: ["GET"] + url: ://foo.bar + authenticators: + - handler: anonymous + authorizer: + handler: allow + mutators: + - handler: noop + config: {} +--- +apiVersion: oathkeeper.ory.sh/v1alpha1 +kind: Rule +metadata: + name: sample-rule-2 + namespace: test-ns-1 +spec: + description: Sample rule + upstream: + url: "http://abc.ef" + preserveHost: false + match: + methods: ["GET"] + url: ://foo.bar + authenticators: + - handler: anonymous + authorizer: + handler: allow + mutators: + - handler: noop + config: {} +--- +apiVersion: v1 +kind: Namespace +metadata: + name: test-ns-2 +--- +apiVersion: oathkeeper.ory.sh/v1alpha1 +kind: Rule +metadata: + name: sample-rule-1 + namespace: test-ns-2 +spec: + description: Sample rule + upstream: + url: "http://abc.ef" + preserveHost: false + match: + methods: ["GET"] + url: ://foo.bar + authenticators: + - handler: anonymous + authorizer: + handler: allow + mutators: + - handler: noop + config: {} +--- +apiVersion: oathkeeper.ory.sh/v1alpha1 +kind: Rule +metadata: + name: sample-rule-2 + namespace: test-ns-2 +spec: + description: Sample rule + upstream: + url: "http://abc.ef" + preserveHost: false + match: + methods: ["GET"] + url: ://foo.bar + authenticators: + - handler: anonymous + authorizer: + handler: allow + mutators: + - handler: noop + config: {} +--- +apiVersion: oathkeeper.ory.sh/v1alpha1 +kind: Rule +metadata: + name: sample-rule-cm namespace: default spec: + configMapName: some-cm description: Sample rule upstream: url: "http://abc.ef" diff --git a/controllers/rule_controller.go b/controllers/rule_controller.go index f430748..306e31d 100644 --- a/controllers/rule_controller.go +++ b/controllers/rule_controller.go @@ -58,6 +58,7 @@ func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { _ = r.Log.WithValues("rule", req.NamespacedName) var rule oathkeeperv1alpha1.Rule + skipValidation := false if err := r.Get(ctx, req.NamespacedName, &rule); err != nil { @@ -94,8 +95,14 @@ func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { var rulesList oathkeeperv1alpha1.RuleList - if err := r.List(ctx, &rulesList, client.InNamespace(req.NamespacedName.Namespace)); err != nil { - return ctrl.Result{}, err + if rule.Spec.ConfigMapName != nil { + if err := r.List(ctx, &rulesList, client.InNamespace(req.NamespacedName.Namespace)); err != nil { + return ctrl.Result{}, err + } + } else { + if err := r.List(ctx, &rulesList); err != nil { + return ctrl.Result{}, err + } } // examine DeletionTimestamp to determine if object is under deletion @@ -123,11 +130,20 @@ func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { } } - oathkeeperRulesJSON, err := rulesList.FilterNotValid(). - FilterConfigMapName(rule.Spec.ConfigMapName). - ToOathkeeperRules() - if err != nil { - return ctrl.Result{}, err + var err error + var oathkeeperRulesJSON []byte + + if rule.Spec.ConfigMapName != nil { + r.Log.Info(fmt.Sprintf("Found ConfigMap definition in Rule %s/%s: Writing data to \"%s\"", rule.Namespace, rule.Name, *rule.Spec.ConfigMapName)) + oathkeeperRulesJSON, err = rulesList.FilterNotValid().FilterConfigMapName(rule.Spec.ConfigMapName).ToOathkeeperRules() + if err != nil { + return ctrl.Result{}, err + } + } else { + oathkeeperRulesJSON, err = rulesList.FilterNotValid().ToOathkeeperRules() + if err != nil { + return ctrl.Result{}, err + } } if err := r.OperatorMode.CreateOrUpdate(ctx, oathkeeperRulesJSON, &rule); err != nil {