Skip to content

Commit 4871011

Browse files
Merge pull request #511 from lmiccini/rabbitmq_vhosts
Add support for RabbitMQ Users and Vhosts and implement credentials rotation
2 parents 7862693 + f4eab21 commit 4871011

59 files changed

Lines changed: 6460 additions & 111 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Lines changed: 151 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,151 @@
1+
---
2+
apiVersion: apiextensions.k8s.io/v1
3+
kind: CustomResourceDefinition
4+
metadata:
5+
annotations:
6+
controller-gen.kubebuilder.io/version: v0.18.0
7+
name: rabbitmqpolicies.rabbitmq.openstack.org
8+
spec:
9+
group: rabbitmq.openstack.org
10+
names:
11+
categories:
12+
- all
13+
- rabbitmq
14+
kind: RabbitMQPolicy
15+
listKind: RabbitMQPolicyList
16+
plural: rabbitmqpolicies
17+
shortNames:
18+
- rmqpolicy
19+
singular: rabbitmqpolicy
20+
scope: Namespaced
21+
versions:
22+
- additionalPrinterColumns:
23+
- jsonPath: .spec.rabbitmqClusterName
24+
name: Cluster
25+
type: string
26+
- jsonPath: .spec.vhostRef
27+
name: Vhost
28+
type: string
29+
- jsonPath: .spec.pattern
30+
name: Pattern
31+
type: string
32+
- jsonPath: .status.conditions[0].status
33+
name: Status
34+
type: string
35+
- jsonPath: .status.conditions[0].message
36+
name: Message
37+
type: string
38+
name: v1beta1
39+
schema:
40+
openAPIV3Schema:
41+
description: RabbitMQPolicy is the Schema for the rabbitmqpolicies API
42+
properties:
43+
apiVersion:
44+
description: |-
45+
APIVersion defines the versioned schema of this representation of an object.
46+
Servers should convert recognized schemas to the latest internal value, and
47+
may reject unrecognized values.
48+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
49+
type: string
50+
kind:
51+
description: |-
52+
Kind is a string value representing the REST resource this object represents.
53+
Servers may infer this from the endpoint the client submits requests to.
54+
Cannot be updated.
55+
In CamelCase.
56+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
57+
type: string
58+
metadata:
59+
type: object
60+
spec:
61+
description: RabbitMQPolicySpec defines the desired state of RabbitMQPolicy
62+
properties:
63+
applyTo:
64+
default: all
65+
description: ApplyTo - what to apply the policy to
66+
enum:
67+
- queues
68+
- exchanges
69+
- all
70+
type: string
71+
definition:
72+
description: Definition - policy definition as key-value pairs
73+
x-kubernetes-preserve-unknown-fields: true
74+
name:
75+
description: Name - the policy name in RabbitMQ (defaults to CR name)
76+
type: string
77+
pattern:
78+
description: Pattern - regex pattern to match queue/exchange names
79+
type: string
80+
priority:
81+
default: 0
82+
description: Priority - policy priority (higher value = higher priority)
83+
type: integer
84+
rabbitmqClusterName:
85+
description: RabbitmqClusterName - the name of the RabbitMQ cluster
86+
type: string
87+
vhostRef:
88+
description: VhostRef - reference to the RabbitMQVhost resource (if
89+
empty, uses default vhost "/")
90+
type: string
91+
required:
92+
- definition
93+
- pattern
94+
- rabbitmqClusterName
95+
type: object
96+
status:
97+
description: RabbitMQPolicyStatus defines the observed state of RabbitMQPolicy
98+
properties:
99+
conditions:
100+
description: Conditions
101+
items:
102+
description: Condition defines an observation of a API resource
103+
operational state.
104+
properties:
105+
lastTransitionTime:
106+
description: |-
107+
Last time the condition transitioned from one status to another.
108+
This should be when the underlying condition changed. If that is not known, then using the time when
109+
the API field changed is acceptable.
110+
format: date-time
111+
type: string
112+
message:
113+
description: A human readable message indicating details about
114+
the transition.
115+
type: string
116+
reason:
117+
description: The reason for the condition's last transition
118+
in CamelCase.
119+
type: string
120+
severity:
121+
description: |-
122+
Severity provides a classification of Reason code, so the current situation is immediately
123+
understandable and could act accordingly.
124+
It is meant for situations where Status=False and it should be indicated if it is just
125+
informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue
126+
and no actions to automatically resolve the issue can/should be done).
127+
For conditions where Status=Unknown or Status=True the Severity should be SeverityNone.
128+
type: string
129+
status:
130+
description: Status of the condition, one of True, False, Unknown.
131+
type: string
132+
type:
133+
description: Type of condition in CamelCase.
134+
type: string
135+
required:
136+
- lastTransitionTime
137+
- status
138+
- type
139+
type: object
140+
type: array
141+
observedGeneration:
142+
description: ObservedGeneration - the most recent generation observed
143+
for this resource
144+
format: int64
145+
type: integer
146+
type: object
147+
type: object
148+
served: true
149+
storage: true
150+
subresources:
151+
status: {}
Lines changed: 168 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,168 @@
1+
---
2+
apiVersion: apiextensions.k8s.io/v1
3+
kind: CustomResourceDefinition
4+
metadata:
5+
annotations:
6+
controller-gen.kubebuilder.io/version: v0.18.0
7+
name: rabbitmqusers.rabbitmq.openstack.org
8+
spec:
9+
group: rabbitmq.openstack.org
10+
names:
11+
categories:
12+
- all
13+
- rabbitmq
14+
kind: RabbitMQUser
15+
listKind: RabbitMQUserList
16+
plural: rabbitmqusers
17+
shortNames:
18+
- rmquser
19+
singular: rabbitmquser
20+
scope: Namespaced
21+
versions:
22+
- additionalPrinterColumns:
23+
- jsonPath: .spec.rabbitmqClusterName
24+
name: Cluster
25+
type: string
26+
- jsonPath: .status.username
27+
name: Username
28+
type: string
29+
- jsonPath: .status.vhost
30+
name: Vhost
31+
type: string
32+
- jsonPath: .status.conditions[0].status
33+
name: Status
34+
type: string
35+
- jsonPath: .status.conditions[0].message
36+
name: Message
37+
type: string
38+
name: v1beta1
39+
schema:
40+
openAPIV3Schema:
41+
description: RabbitMQUser is the Schema for the rabbitmqusers API
42+
properties:
43+
apiVersion:
44+
description: |-
45+
APIVersion defines the versioned schema of this representation of an object.
46+
Servers should convert recognized schemas to the latest internal value, and
47+
may reject unrecognized values.
48+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
49+
type: string
50+
kind:
51+
description: |-
52+
Kind is a string value representing the REST resource this object represents.
53+
Servers may infer this from the endpoint the client submits requests to.
54+
Cannot be updated.
55+
In CamelCase.
56+
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
57+
type: string
58+
metadata:
59+
type: object
60+
spec:
61+
description: RabbitMQUserSpec defines the desired state of RabbitMQUser
62+
properties:
63+
permissions:
64+
description: Permissions - user permissions on the vhost
65+
properties:
66+
configure:
67+
default: .*
68+
description: Configure - configure permission regex (default ".*"
69+
allows all, "" denies all)
70+
type: string
71+
read:
72+
default: .*
73+
description: Read - read permission regex (default ".*" allows
74+
all, "" denies all)
75+
type: string
76+
write:
77+
default: .*
78+
description: Write - write permission regex (default ".*" allows
79+
all, "" denies all)
80+
type: string
81+
type: object
82+
rabbitmqClusterName:
83+
description: RabbitmqClusterName - the name of the RabbitMQ cluster
84+
type: string
85+
tags:
86+
description: Tags - RabbitMQ user tags
87+
items:
88+
type: string
89+
type: array
90+
username:
91+
description: Username - the username in RabbitMQ (defaults to CR name)
92+
type: string
93+
vhostRef:
94+
description: VhostRef - reference to the RabbitMQVhost resource (defaults
95+
to default vhost "/" if empty)
96+
type: string
97+
required:
98+
- rabbitmqClusterName
99+
type: object
100+
status:
101+
description: RabbitMQUserStatus defines the observed state of RabbitMQUser
102+
properties:
103+
conditions:
104+
description: Conditions
105+
items:
106+
description: Condition defines an observation of a API resource
107+
operational state.
108+
properties:
109+
lastTransitionTime:
110+
description: |-
111+
Last time the condition transitioned from one status to another.
112+
This should be when the underlying condition changed. If that is not known, then using the time when
113+
the API field changed is acceptable.
114+
format: date-time
115+
type: string
116+
message:
117+
description: A human readable message indicating details about
118+
the transition.
119+
type: string
120+
reason:
121+
description: The reason for the condition's last transition
122+
in CamelCase.
123+
type: string
124+
severity:
125+
description: |-
126+
Severity provides a classification of Reason code, so the current situation is immediately
127+
understandable and could act accordingly.
128+
It is meant for situations where Status=False and it should be indicated if it is just
129+
informational, warning (next reconciliation might fix it) or an error (e.g. DB create issue
130+
and no actions to automatically resolve the issue can/should be done).
131+
For conditions where Status=Unknown or Status=True the Severity should be SeverityNone.
132+
type: string
133+
status:
134+
description: Status of the condition, one of True, False, Unknown.
135+
type: string
136+
type:
137+
description: Type of condition in CamelCase.
138+
type: string
139+
required:
140+
- lastTransitionTime
141+
- status
142+
- type
143+
type: object
144+
type: array
145+
observedGeneration:
146+
description: ObservedGeneration - the most recent generation observed
147+
for this resource
148+
format: int64
149+
type: integer
150+
secretName:
151+
description: SecretName - name of the secret containing user credentials
152+
type: string
153+
username:
154+
description: Username - actual username used in RabbitMQ
155+
type: string
156+
vhost:
157+
description: Vhost - actual vhost name used in RabbitMQ
158+
type: string
159+
vhostRef:
160+
description: VhostRef - reference to the RabbitMQVhost CR (for tracking
161+
finalizers)
162+
type: string
163+
type: object
164+
type: object
165+
served: true
166+
storage: true
167+
subresources:
168+
status: {}

0 commit comments

Comments
 (0)