ory · aeneasr · Dec 20, 2019 · Dec 18, 2019 · Dec 19, 2019
@@ -1,10 +1,105 @@
 ---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-ns-1
+---
 apiVersion: oathkeeper.ory.sh/v1alpha1
 kind: Rule
 metadata:
   name: sample-rule-1
+  namespace: test-ns-1
+spec:
+  description: Sample rule
+  upstream:
+    url: "http://abc.ef"
+    preserveHost: false
+  match:
+    methods: ["GET"]
+    url: <http|https>://foo.bar
+  authenticators:
+  - handler: anonymous
+  authorizer:
+    handler: allow
+  mutators:
+  - handler: noop
+    config: {}
+---
+apiVersion: oathkeeper.ory.sh/v1alpha1
+kind: Rule
+metadata:
+  name: sample-rule-2
+  namespace: test-ns-1
+spec:
+  description: Sample rule
+  upstream:
+    url: "http://abc.ef"
+    preserveHost: false
+  match:
+    methods: ["GET"]
+    url: <http|https>://foo.bar
+  authenticators:
+  - handler: anonymous
+  authorizer:
+    handler: allow
+  mutators:
+  - handler: noop
+    config: {}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: test-ns-2
+---
+apiVersion: oathkeeper.ory.sh/v1alpha1
+kind: Rule
+metadata:
+  name: sample-rule-1
+  namespace: test-ns-2
+spec:
+  description: Sample rule
+  upstream:
+    url: "http://abc.ef"
+    preserveHost: false
+  match:
+    methods: ["GET"]
+    url: <http|https>://foo.bar
+  authenticators:
+  - handler: anonymous
+  authorizer:
+    handler: allow
+  mutators:
+  - handler: noop
+    config: {}
+---
+apiVersion: oathkeeper.ory.sh/v1alpha1
+kind: Rule
+metadata:
+  name: sample-rule-2
+  namespace: test-ns-2
+spec:
+  description: Sample rule
+  upstream:
+    url: "http://abc.ef"
+    preserveHost: false
+  match:
+    methods: ["GET"]
+    url: <http|https>://foo.bar
+  authenticators:
+  - handler: anonymous
+  authorizer:
+    handler: allow
+  mutators:
+  - handler: noop
+    config: {}
+---
+apiVersion: oathkeeper.ory.sh/v1alpha1
+kind: Rule
+metadata:
+  name: sample-rule-cm
   namespace: default
 spec:
+  configMapName: some-cm
   description: Sample rule
   upstream:
     url: "http://abc.ef"

@@ -58,6 +58,7 @@ func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 	_ = r.Log.WithValues("rule", req.NamespacedName)
 
 	var rule oathkeeperv1alpha1.Rule
+
 	skipValidation := false
 
 	if err := r.Get(ctx, req.NamespacedName, &rule); err != nil {
@@ -94,8 +95,14 @@ func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 
 	var rulesList oathkeeperv1alpha1.RuleList
 
-	if err := r.List(ctx, &rulesList, client.InNamespace(req.NamespacedName.Namespace)); err != nil {
-		return ctrl.Result{}, err
+	if rule.Spec.ConfigMapName != nil {
+		if err := r.List(ctx, &rulesList, client.InNamespace(req.NamespacedName.Namespace)); err != nil {
+			return ctrl.Result{}, err
+		}
+	} else {
+		if err := r.List(ctx, &rulesList); err != nil {
+			return ctrl.Result{}, err
+		}
 	}
 
 	// examine DeletionTimestamp to determine if object is under deletion
@@ -123,11 +130,20 @@ func (r *RuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 		}
 	}
 
-	oathkeeperRulesJSON, err := rulesList.FilterNotValid().
-		FilterConfigMapName(rule.Spec.ConfigMapName).
-		ToOathkeeperRules()
-	if err != nil {
-		return ctrl.Result{}, err
+	var err error
+	var oathkeeperRulesJSON []byte
+
+	if rule.Spec.ConfigMapName != nil {
+		r.Log.Info(fmt.Sprintf("Found ConfigMap definition in Rule %s/%s: Writing data to \"%s\"", rule.Namespace, rule.Name, *rule.Spec.ConfigMapName))
+		oathkeeperRulesJSON, err = rulesList.FilterNotValid().FilterConfigMapName(rule.Spec.ConfigMapName).ToOathkeeperRules()
+		if err != nil {
+			return ctrl.Result{}, err
+		}
+	} else {
+		oathkeeperRulesJSON, err = rulesList.FilterNotValid().ToOathkeeperRules()
+		if err != nil {
+			return ctrl.Result{}, err
+		}
 	}
 
 	if err := r.OperatorMode.CreateOrUpdate(ctx, oathkeeperRulesJSON, &rule); err != nil {