Add support for External Keystone Service

This patch adds a new `ExternalKeystoneAPI` property to KeystoneAPI to
enable the use of an existing Keystone Service that is external to the
OpenShift environment used to run this operator.

For example, a multi-region deployment where one region is running a
centralized Keystone service can use this to deploy additional regions
that can use the centralized Keystone service without the need to run
their own instance of Keystone.

Assisted-by: Cursor (Auto Model)

Author: dmendiza

api/bases/keystone.openstack.org_keystoneapis.yaml

@@ -98,6 +98,11 @@ spec:
                 description: EnableSecureRBAC - Enable Consistent and Secure RBAC
                   policies
                 type: boolean
+              externalKeystoneAPI:
+                default: false
+                description: ExternalKeystoneAPI - Enable use of external Keystone
+                  API endpoints instead of deploying a local Keystone API
+                type: boolean
               extraMounts:
                 default: []
                 description: ExtraMounts containing conf files

api/v1beta1/conditions.go

@@ -111,4 +111,25 @@ const (
 
 	// KeystoneServiceOSUserReadyErrorMessage
 	KeystoneServiceOSUserReadyErrorMessage = "Keystone Service user error occured %s"
+
+	//
+	// External Keystone API condition messages
+	//
+	// ExternalKeystoneAPIDBMessage
+	ExternalKeystoneAPIDBMessage = "External Keystone API configured - database is not managed by this operator"
+
+	// ExternalKeystoneAPIDBAccountMessage
+	ExternalKeystoneAPIDBAccountMessage = "External Keystone API configured - database account is not managed by this operator"
+
+	// ExternalKeystoneAPIRabbitMQTransportURLMessage
+	ExternalKeystoneAPIRabbitMQTransportURLMessage = "External Keystone API configured - RabbitMQ is not managed by this operator"
+
+	// ExternalKeystoneAPIMemcachedReadyMessage
+	ExternalKeystoneAPIMemcachedReadyMessage = "External Keystone API configured - memcached is not managed by this operator"
+
+	// ExternalKeystoneAPIServiceConfigReadyMessage
+	ExternalKeystoneAPIServiceMessage = "External Keystone API configured - service is not managed by this operator"
+
+	// ExternalKeystoneAPINetworkAttachmentsReadyMessage
+	ExternalKeystoneAPINetworkAttachmentsReadyMessage = "External Keystone API configured - network attachments are not managed by this operator"
 )

api/v1beta1/keystoneapi_types.go

@@ -213,6 +213,18 @@ type KeystoneAPISpecCore struct {
 	// This is only needed when multiple realms are federated.
 	// Config files mount path is set to /var/lib/httpd/metadata/
 	FederatedRealmConfig string `json:"federatedRealmConfig"`
+
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=false
+	// ExternalKeystoneAPI - Enable use of external Keystone API endpoints instead of deploying a local Keystone API
+	ExternalKeystoneAPI bool `json:"externalKeystoneAPI,omitempty"`
+}
+
+// ExternalKeystoneAPI defines the configuration for an external Keystone API
+type ExternalKeystoneAPI struct {
+	// +kubebuilder:validation:Optional
+	// Endpoints - Endpoint URLs for the external Keystone API
+	Endpoints map[string]string `json:"endpoints,omitempty"`
 }
 
 // APIOverrideSpec to override the generated manifest of several child resources.

api/v1beta1/zz_generated.deepcopy.go

@@ -98,6 +98,11 @@ spec:
                 description: EnableSecureRBAC - Enable Consistent and Secure RBAC
                   policies
                 type: boolean
+              externalKeystoneAPI:
+                default: false
+                description: ExternalKeystoneAPI - Enable use of external Keystone
+                  API endpoints instead of deploying a local Keystone API
+                type: boolean
               extraMounts:
                 default: []
                 description: ExtraMounts containing conf files