From 4701df0dc2cb615a9ac704c31d7efc32e4731202 Mon Sep 17 00:00:00 2001 From: Francesco Pantano Date: Wed, 10 Sep 2025 15:33:02 +0200 Subject: [PATCH] Watch for keystone-overrides This patch implements a watcher over keystone-overrides secrets based on a particular labelSelector. By doing this it is possible to extract and process keystone parameters (auth_url, www_authenticate_uri, region) and override the default information. Signed-off-by: Francesco Pantano --- api/go.mod | 4 ++ api/go.sum | 4 +- controllers/glance_controller.go | 2 +- controllers/glanceapi_controller.go | 65 ++++++++++++++++++++++++-- go.mod | 4 ++ go.sum | 8 ++-- templates/common/config/00-config.conf | 3 ++ 7 files changed, 80 insertions(+), 10 deletions(-) diff --git a/api/go.mod b/api/go.mod index 7689a670..37dfb049 100644 --- a/api/go.mod +++ b/api/go.mod @@ -71,3 +71,7 @@ require ( // mschuppert: map to latest commit from release-4.16 tag // must consistent within modules and service operators replace github.com/openshift/api => github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 //allow-merging + +replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/fmount/keystone-operator/api v0.0.0-20250911131155-943583d54a0f + +replace github.com/openstack-k8s-operators/lib-common/modules/common => github.com/fmount/lib-common/modules/common v0.0.0-20250911113320-38e70af6eeb4 diff --git a/api/go.sum b/api/go.sum index a6f529a9..92813e0d 100644 --- a/api/go.sum +++ b/api/go.sum @@ -12,6 +12,8 @@ github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/fmount/lib-common/modules/common v0.0.0-20250911113320-38e70af6eeb4 h1:QwZdXf9dAuvvN1eOGnzPtUtROv4R0pfuWxZOtdqBDQE= +github.com/fmount/lib-common/modules/common v0.0.0-20250911113320-38e70af6eeb4/go.mod h1:Z+rmtn3qhuPZfx2EDVmloUh2MkYbvDMgcpJneRYerS0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= @@ -77,8 +79,6 @@ github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094 h1:J1wuGhVxpsHykZBa6 github.com/openshift/api v0.0.0-20240830023148-b7d0481c9094/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250909143828-e33d35ffd64f h1:chuu4iBT5sXHYw8aPeP/pWC+S3yGo6hdy39foP7c5vs= github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250909143828-e33d35ffd64f/go.mod h1:Dv8qpmBIQy3Jv/EyQnOyc0w61X8vyfxpjcIQONP5CwY= -github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250823121217-7e1cd2e3dd03 h1:9VanDdvg1APf9B1nzGElLvWr6dM5GsSayMLSV/nJZnE= -github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250823121217-7e1cd2e3dd03/go.mod h1:Z+rmtn3qhuPZfx2EDVmloUh2MkYbvDMgcpJneRYerS0= github.com/openstack-k8s-operators/lib-common/modules/storage v0.6.1-0.20250823121217-7e1cd2e3dd03 h1:DrKbzsweRx8VBNb5ur+/XcHSi+MR3VdzCsIEXYGc5SM= github.com/openstack-k8s-operators/lib-common/modules/storage v0.6.1-0.20250823121217-7e1cd2e3dd03/go.mod h1:U3LQ4Nz2+syTPfW66bSLv6OzefLpsqxWLdX9AFotRPA= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= diff --git a/controllers/glance_controller.go b/controllers/glance_controller.go index dc6865dc..a65190f3 100644 --- a/controllers/glance_controller.go +++ b/controllers/glance_controller.go @@ -269,7 +269,7 @@ func (r *GlanceReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manage // TransportURL created and used by Glance CRs. transportURLSecretFn := func(_ context.Context, o client.Object) []reconcile.Request { result := []reconcile.Request{} - // get all Manila CRs + // get all Glance CRs glances := &glancev1.GlanceList{} listOpts := []client.ListOption{ client.InNamespace(o.GetNamespace()), diff --git a/controllers/glanceapi_controller.go b/controllers/glanceapi_controller.go index 74f8118a..1a4108e9 100644 --- a/controllers/glanceapi_controller.go +++ b/controllers/glanceapi_controller.go @@ -377,6 +377,39 @@ func (r *GlanceAPIReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Man return nil } + keystoneOverrideSecretFn := func(_ context.Context, o client.Object) []reconcile.Request { + secret := o.(*corev1.Secret) + result := []reconcile.Request{} + // get all GlanceAPI CRs + glances := &glancev1.GlanceAPIList{} + listOpts := []client.ListOption{ + client.InNamespace(o.GetNamespace()), + } + if err := r.Client.List(context.Background(), glances, listOpts...); err != nil { + Log.Error(err, "Unable to retrieve GlanceAPI CRs %v") + return nil + } + // Check if the secret has a specific label + if ls := secret.GetLabels(); ls != nil { + lSelector := labels.GetLabelSelector(ls) + kSelector := labels.GetLabelSelector(keystonev1.KeystoneOverridesLabelSelector) + if labels.EqualLabelSelectors(lSelector, kSelector) { + for _, cr := range glances.Items { + name := client.ObjectKey{ + Namespace: o.GetNamespace(), + Name: cr.Name, + } + // append the request for this particular glance instance + result = append(result, reconcile.Request{NamespacedName: name}) + } + } + } + if len(result) > 0 { + return result + } + return nil + } + return ctrl.NewControllerManagedBy(mgr). For(&glancev1.GlanceAPI{}). Owns(&keystonev1.KeystoneEndpoint{}). @@ -385,6 +418,8 @@ func (r *GlanceAPIReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Man Owns(&appsv1.StatefulSet{}). Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(svcSecretFn)). + Watches(&corev1.Secret{}, + handler.EnqueueRequestsFromMapFunc(keystoneOverrideSecretFn)). Watches(&networkv1.NetworkAttachmentDefinition{}, handler.EnqueueRequestsFromMapFunc(nadFn)). Watches( @@ -1188,6 +1223,30 @@ func (r *GlanceAPIReconciler) generateServiceConfig( return err } + // Collect all keystone information required to render the config templates + // in a dedicated structure. + keystoneData := map[string]string{ + "www_authenticate_uri": keystonePublicURL, + "auth_url": keystoneInternalURL, + "region": keystoneAPI.GetRegion(), + } + + // Get keystoneOverrides + keystoneOverrides, err := keystonev1.GetKeystoneOverrides( + ctx, + h, + instance.Namespace, + keystonev1.KeystoneOverridesLabelSelector, + ) + if err != nil { + return err + } + + // Merge overrides into keystoneData + for k, v := range keystoneOverrides { + keystoneData[k] = v + } + ospSecret, _, err := secret.GetSecret(ctx, h, instance.Spec.Secret, instance.Namespace) if err != nil { return err @@ -1224,8 +1283,9 @@ func (r *GlanceAPIReconciler) generateServiceConfig( templateParameters := map[string]interface{}{ "ServiceUser": instance.Spec.ServiceUser, "ServicePassword": string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]), - "KeystoneInternalURL": keystoneInternalURL, - "KeystonePublicURL": keystonePublicURL, + "KeystoneInternalURL": keystoneData["auth_url"], + "KeystonePublicURL": keystoneData["www_authenticate_uri"], + "Region": keystoneData["region"], "DatabaseConnection": fmt.Sprintf("mysql+pymysql://%s:%s@%s/%s?read_default_file=/etc/my.cnf", databaseAccount.Spec.UserName, string(dbSecret.Data[mariadbv1.DatabasePasswordSelector]), @@ -1247,7 +1307,6 @@ func (r *GlanceAPIReconciler) generateServiceConfig( // .Status. if len(endpointID) > 0 { templateParameters["EndpointID"] = endpointID - templateParameters["Region"] = keystoneAPI.GetRegion() } // Configure the internal GlanceAPI to provide image location data, and the diff --git a/go.mod b/go.mod index e13205ab..e7e1ad83 100644 --- a/go.mod +++ b/go.mod @@ -94,3 +94,7 @@ replace github.com/openshift/api => github.com/openshift/api v0.0.0-202408300231 // custom RabbitmqClusterSpecCore for OpenStackControlplane (v2.6.0_patches_tag) replace github.com/rabbitmq/cluster-operator/v2 => github.com/openstack-k8s-operators/rabbitmq-cluster-operator/v2 v2.6.1-0.20250717122149-12f70b7f3d8d //allow-merging + +replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/fmount/keystone-operator/api v0.0.0-20250911131155-943583d54a0f + +replace github.com/openstack-k8s-operators/lib-common/modules/common => github.com/fmount/lib-common/modules/common v0.0.0-20250911113320-38e70af6eeb4 diff --git a/go.sum b/go.sum index 89ddd531..d9ea90d7 100644 --- a/go.sum +++ b/go.sum @@ -12,6 +12,10 @@ github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/fmount/keystone-operator/api v0.0.0-20250911131155-943583d54a0f h1:sKYnDezUOIJUPXSsF8zhqZDQbRBucW4fBMeY504v+0w= +github.com/fmount/keystone-operator/api v0.0.0-20250911131155-943583d54a0f/go.mod h1:G6BkoPfgALryMlOZwIH036iSWUMiDJQAYL1lXuLyPZ0= +github.com/fmount/lib-common/modules/common v0.0.0-20250911113320-38e70af6eeb4 h1:QwZdXf9dAuvvN1eOGnzPtUtROv4R0pfuWxZOtdqBDQE= +github.com/fmount/lib-common/modules/common v0.0.0-20250911113320-38e70af6eeb4/go.mod h1:Z+rmtn3qhuPZfx2EDVmloUh2MkYbvDMgcpJneRYerS0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= @@ -84,10 +88,6 @@ github.com/openstack-k8s-operators/horizon-operator/api v0.6.1-0.20250902143657- github.com/openstack-k8s-operators/horizon-operator/api v0.6.1-0.20250902143657-1a0c8d38827e/go.mod h1:j9yGw80eA38kEvHEkx/BONqIhLnKFmpjAtyAB8S817E= github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250909143828-e33d35ffd64f h1:chuu4iBT5sXHYw8aPeP/pWC+S3yGo6hdy39foP7c5vs= github.com/openstack-k8s-operators/infra-operator/apis v0.6.1-0.20250909143828-e33d35ffd64f/go.mod h1:Dv8qpmBIQy3Jv/EyQnOyc0w61X8vyfxpjcIQONP5CwY= -github.com/openstack-k8s-operators/keystone-operator/api v0.6.1-0.20250905083405-40d18a7ca650 h1:n1s6jr8GJ6cn/1tjLVGPkTURb4ooHwjdS5YeppKdB0g= -github.com/openstack-k8s-operators/keystone-operator/api v0.6.1-0.20250905083405-40d18a7ca650/go.mod h1:G6BkoPfgALryMlOZwIH036iSWUMiDJQAYL1lXuLyPZ0= -github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250823121217-7e1cd2e3dd03 h1:9VanDdvg1APf9B1nzGElLvWr6dM5GsSayMLSV/nJZnE= -github.com/openstack-k8s-operators/lib-common/modules/common v0.6.1-0.20250823121217-7e1cd2e3dd03/go.mod h1:Z+rmtn3qhuPZfx2EDVmloUh2MkYbvDMgcpJneRYerS0= github.com/openstack-k8s-operators/lib-common/modules/openstack v0.6.1-0.20250823121217-7e1cd2e3dd03 h1:tSMLVApQ4j4YJ56TGIYzaNo2Zh/ruDAY0wCcOEVKoIQ= github.com/openstack-k8s-operators/lib-common/modules/openstack v0.6.1-0.20250823121217-7e1cd2e3dd03/go.mod h1:nachFP0Yicw/e8ZlqZzvnBN6w9kjMcnqrhaDw36PGjw= github.com/openstack-k8s-operators/lib-common/modules/storage v0.6.1-0.20250823121217-7e1cd2e3dd03 h1:DrKbzsweRx8VBNb5ur+/XcHSi+MR3VdzCsIEXYGc5SM= diff --git a/templates/common/config/00-config.conf b/templates/common/config/00-config.conf index 0f771670..e5879d73 100644 --- a/templates/common/config/00-config.conf +++ b/templates/common/config/00-config.conf @@ -58,6 +58,9 @@ memcache_tls_enabled = true project_domain_name=Default user_domain_name=Default project_name=service +{{ if (index . "Region") -}} +region_name = {{ .Region }} +{{ end -}} [service_user] password = {{ .ServicePassword }}