Skip to content

Commit 5dc1220

Browse files
Deydra71Deydra71
committed
Testing AccessRules
Signed-off-by: Veronika Fisarova <vfisarov@redhat.com>
1 parent c28c6be commit 5dc1220

15 files changed

Lines changed: 528 additions & 42 deletions

apis/bases/core.openstack.org_openstackcontrolplanes.yaml

Lines changed: 144 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,22 @@ spec:
4242
properties:
4343
applicationCredential:
4444
properties:
45+
accessRules:
46+
items:
47+
properties:
48+
method:
49+
type: string
50+
path:
51+
type: string
52+
service:
53+
type: string
54+
required:
55+
- method
56+
- path
57+
- service
58+
type: object
59+
type: array
60+
x-kubernetes-list-type: atomic
4561
enabled:
4662
default: false
4763
type: boolean
@@ -198,6 +214,22 @@ spec:
198214
enabled: false
199215
nullable: true
200216
properties:
217+
accessRules:
218+
items:
219+
properties:
220+
method:
221+
type: string
222+
path:
223+
type: string
224+
service:
225+
type: string
226+
required:
227+
- method
228+
- path
229+
- service
230+
type: object
231+
type: array
232+
x-kubernetes-list-type: atomic
201233
enabled:
202234
default: false
203235
type: boolean
@@ -725,6 +757,22 @@ spec:
725757
enabled: false
726758
nullable: true
727759
properties:
760+
accessRules:
761+
items:
762+
properties:
763+
method:
764+
type: string
765+
path:
766+
type: string
767+
service:
768+
type: string
769+
required:
770+
- method
771+
- path
772+
- service
773+
type: object
774+
type: array
775+
x-kubernetes-list-type: atomic
728776
enabled:
729777
default: false
730778
type: boolean
@@ -3529,6 +3577,22 @@ spec:
35293577
enabled: false
35303578
nullable: true
35313579
properties:
3580+
accessRules:
3581+
items:
3582+
properties:
3583+
method:
3584+
type: string
3585+
path:
3586+
type: string
3587+
service:
3588+
type: string
3589+
required:
3590+
- method
3591+
- path
3592+
- service
3593+
type: object
3594+
type: array
3595+
x-kubernetes-list-type: atomic
35323596
enabled:
35333597
default: false
35343598
type: boolean
@@ -8933,6 +8997,22 @@ spec:
89338997
enabled: false
89348998
nullable: true
89358999
properties:
9000+
accessRules:
9001+
items:
9002+
properties:
9003+
method:
9004+
type: string
9005+
path:
9006+
type: string
9007+
service:
9008+
type: string
9009+
required:
9010+
- method
9011+
- path
9012+
- service
9013+
type: object
9014+
type: array
9015+
x-kubernetes-list-type: atomic
89369016
enabled:
89379017
default: false
89389018
type: boolean
@@ -9756,6 +9836,22 @@ spec:
97569836
enabled: false
97579837
nullable: true
97589838
properties:
9839+
accessRules:
9840+
items:
9841+
properties:
9842+
method:
9843+
type: string
9844+
path:
9845+
type: string
9846+
service:
9847+
type: string
9848+
required:
9849+
- method
9850+
- path
9851+
- service
9852+
type: object
9853+
type: array
9854+
x-kubernetes-list-type: atomic
97599855
enabled:
97609856
default: false
97619857
type: boolean
@@ -12216,6 +12312,22 @@ spec:
1221612312
enabled: false
1221712313
nullable: true
1221812314
properties:
12315+
accessRules:
12316+
items:
12317+
properties:
12318+
method:
12319+
type: string
12320+
path:
12321+
type: string
12322+
service:
12323+
type: string
12324+
required:
12325+
- method
12326+
- path
12327+
- service
12328+
type: object
12329+
type: array
12330+
x-kubernetes-list-type: atomic
1221912331
enabled:
1222012332
default: false
1222112333
type: boolean
@@ -16694,6 +16806,22 @@ spec:
1669416806
enabled: false
1669516807
nullable: true
1669616808
properties:
16809+
accessRules:
16810+
items:
16811+
properties:
16812+
method:
16813+
type: string
16814+
path:
16815+
type: string
16816+
service:
16817+
type: string
16818+
required:
16819+
- method
16820+
- path
16821+
- service
16822+
type: object
16823+
type: array
16824+
x-kubernetes-list-type: atomic
1669716825
enabled:
1669816826
default: false
1669916827
type: boolean
@@ -17331,6 +17459,22 @@ spec:
1733117459
enabled: false
1733217460
nullable: true
1733317461
properties:
17462+
accessRules:
17463+
items:
17464+
properties:
17465+
method:
17466+
type: string
17467+
path:
17468+
type: string
17469+
service:
17470+
type: string
17471+
required:
17472+
- method
17473+
- path
17474+
- service
17475+
type: object
17476+
type: array
17477+
x-kubernetes-list-type: atomic
1733417478
enabled:
1733517479
default: false
1733617480
type: boolean

apis/core/v1beta1/openstackcontrolplane_types.go

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -889,6 +889,12 @@ type ApplicationCredentialSection struct {
889889
// +kubebuilder:default=false
890890
// Whether the AC should be unrestricted
891891
Unrestricted *bool `json:"unrestricted,omitempty"`
892+
893+
// AccessRules lets supply a custom list of rules
894+
// If unset, no accessRules field is emitted
895+
// +kubebuilder:validation:Optional
896+
// +listType=atomic
897+
AccessRules []ACRule `json:"accessRules,omitempty"`
892898
}
893899

894900
// +kubebuilder:validation:XValidation:rule="!(has(self.expirationDays) && has(self.gracePeriodDays)) || self.gracePeriodDays < self.expirationDays",message="gracePeriodDays must be smaller than expirationDays"
@@ -913,6 +919,25 @@ type ServiceAppCredSection struct {
913919
// +kubebuilder:validation:Optional
914920
// Whether the AC should be unrestricted
915921
Unrestricted *bool `json:"unrestricted,omitempty"`
922+
923+
// AccessRules lets the service override either the global rules
924+
// +kubebuilder:validation:Optional
925+
// +listType=atomic
926+
AccessRules []ACRule `json:"accessRules,omitempty"`
927+
}
928+
929+
// ACRule describes a single access rule for an ApplicationCredential
930+
// +k8s:openapi-gen=true
931+
type ACRule struct {
932+
// Service is the name of the service to target (e.g. "identity").
933+
// +kubebuilder:validation:Required
934+
Service string `json:"service"`
935+
// Path is the HTTP path (e.g. "/v3/auth/tokens").
936+
// +kubebuilder:validation:Required
937+
Path string `json:"path"`
938+
// Method is the HTTP method to allow (e.g. "POST").
939+
// +kubebuilder:validation:Required
940+
Method string `json:"method"`
916941
}
917942

918943
// OpenStackControlPlaneStatus defines the observed state of OpenStackControlPlane

apis/core/v1beta1/zz_generated.deepcopy.go

Lines changed: 25 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

apis/go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,4 +116,4 @@ replace github.com/openshift/api => github.com/openshift/api v0.0.0-202408300231
116116
// custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.9.0_patches_tag)
117117
replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20241017142550-a3524acedd49 //allow-merging
118118

119-
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250519123217-49620096eb19
119+
replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/Deydra71/keystone-operator/api v0.0.0-20250528184216-de52054bb72b

apis/go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
github.com/Deydra71/keystone-operator/api v0.0.0-20250519123217-49620096eb19 h1:P93G634OZTX/Fr6g27G0zZioRCxqLxgKEz9xV5NAALI=
2-
github.com/Deydra71/keystone-operator/api v0.0.0-20250519123217-49620096eb19/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
1+
github.com/Deydra71/keystone-operator/api v0.0.0-20250528184216-de52054bb72b h1:0ZWOPcVIsvj7jrSS59PNIfU6pGbh2fwVSLvvaRidB6A=
2+
github.com/Deydra71/keystone-operator/api v0.0.0-20250528184216-de52054bb72b/go.mod h1:VPkYswnrCtlSMTeYjgxTOpfNN7zvxqa+kZ8EWDJaFrg=
33
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
44
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
55
github.com/cert-manager/cert-manager v1.14.7 h1:C2L59sMGMdSpd8SPx5qfPAL7ejZaNxJBRd24S7Ws5Ek=

0 commit comments

Comments
 (0)