Set defaulth image for fernet key rotation

Author: xek

api/bases/keystone.openstack.org_keystoneapis.yaml

@@ -94,6 +94,10 @@ spec:
                 description: FernetMaxActiveKeys - Maximum number of fernet token
                   keys after rotation
                 type: string
+              fernetRotationContainerImage:
+                description: Keystone Fernet Rotation Container Image URL (will be
+                  set to environmental default if empty)
+                type: string
               fernetRotationSchedule:
                 default: 1 0 * * *
                 description: FernetRotationSchedule - Schedule rotate fernet token
@@ -422,6 +426,7 @@ spec:
             required:
             - containerImage
             - databaseInstance
+            - fernetRotationContainerImage
             - memcachedInstance
             - rabbitMqClusterName
             - secret

api/v1beta1/keystoneapi_types.go

@@ -45,6 +45,9 @@ const (
 
 	// KeystoneAPIContainerImage is the fall-back container image for KeystoneAPI
 	KeystoneAPIContainerImage = "quay.io/podified-antelope-centos9/openstack-keystone:current-podified"
+
+	// KeystoneFernetRotationContainerImage is the fall-back container image for Keystone Fernet Rotation
+	KeystoneFernetRotationContainerImage = "registry.redhat.io/openshift4/ose-cli"
 )
 
 type KeystoneAPISpec struct {
@@ -53,6 +56,9 @@ type KeystoneAPISpec struct {
 	// +kubebuilder:validation:Required
 	// Keystone Container Image URL (will be set to environmental default if empty)
 	ContainerImage string `json:"containerImage"`
+	// +kubebuilder:validation:Required
+	// Keystone Fernet Rotation Container Image URL (will be set to environmental default if empty)
+	FernetRotationContainerImage string `json:"fernetRotationContainerImage"`
 }
 
 // KeystoneAPISpec defines the desired state of KeystoneAPI
@@ -293,6 +299,7 @@ func SetupDefaults() {
 	// Acquire environmental defaults and initialize Keystone defaults with them
 	keystoneDefaults := KeystoneAPIDefaults{
 		ContainerImageURL: util.GetEnvVar("RELATED_IMAGE_KEYSTONE_API_IMAGE_URL_DEFAULT", KeystoneAPIContainerImage),
+		FernetRotationContainerImageURL: util.GetEnvVar("RELATED_IMAGE_KEYSTONE_FERNET_ROTATION_IMAGE_URL_DEFAULT", KeystoneFernetRotationContainerImage),
 	}
 
 	SetupKeystoneAPIDefaults(keystoneDefaults)

api/v1beta1/keystoneapi_webhook.go

@@ -38,6 +38,7 @@ import (
 // KeystoneAPIDefaults -
 type KeystoneAPIDefaults struct {
 	ContainerImageURL string
+	FernetRotationContainerImageURL string
 }
 
 var keystoneAPIDefaults KeystoneAPIDefaults
@@ -69,6 +70,9 @@ func (r *KeystoneAPI) Default() {
 	if r.Spec.ContainerImage == "" {
 		r.Spec.ContainerImage = keystoneAPIDefaults.ContainerImageURL
 	}
+	if r.Spec.FernetRotationContainerImage == "" {
+		r.Spec.FernetRotationContainerImage = keystoneAPIDefaults.FernetRotationContainerImageURL
+	}
 	r.Spec.Default()
 }
 

config/crd/bases/keystone.openstack.org_keystoneapis.yaml

@@ -94,6 +94,10 @@ spec:
                 description: FernetMaxActiveKeys - Maximum number of fernet token
                   keys after rotation
                 type: string
+              fernetRotationContainerImage:
+                description: Keystone Fernet Rotation Container Image URL (will be
+                  set to environmental default if empty)
+                type: string
               fernetRotationSchedule:
                 default: 1 0 * * *
                 description: FernetRotationSchedule - Schedule rotate fernet token
@@ -422,6 +426,7 @@ spec:
             required:
             - containerImage
             - databaseInstance
+            - fernetRotationContainerImage
             - memcachedInstance
             - rabbitMqClusterName
             - secret

pkg/keystone/fernet.go

@@ -165,7 +165,7 @@ func FernetCronJob(
 							Containers: []corev1.Container{
 								{
 									Name:  ServiceName + "-fernet-job",
-									Image: instance.Spec.ContainerImage,
+									Image: instance.Spec.FernetRotationContainerImage,
 									Command: []string{
 										"/bin/bash",
 									},

tests/functional/keystoneapi_webhook_test.go

@@ -94,13 +94,17 @@ var _ = Describe("KeystoneAPI Webhook", func() {
 			Expect(KeystoneAPI.Spec.ContainerImage).Should(Equal(
 				keystonev1.KeystoneAPIContainerImage,
 			))
+			Expect(KeystoneAPI.Spec.FernetRotationContainerImage).Should(Equal(
+				keystonev1.KeystoneFernetRotationContainerImage,
+			))
 		})
 	})
 
 	When("A KeystoneAPI instance is created with container images", func() {
 		BeforeEach(func() {
 			spec := GetDefaultKeystoneAPISpec()
 			spec["containerImage"] = "api-container-image"
+			spec["fernetRotationContainerImage"] = "fernet-rotation-container-image"
 			DeferCleanup(th.DeleteInstance, CreateKeystoneAPI(keystoneAPIName, spec))
 		})
 
@@ -109,6 +113,9 @@ var _ = Describe("KeystoneAPI Webhook", func() {
 			Expect(KeystoneAPI.Spec.ContainerImage).Should(Equal(
 				"api-container-image",
 			))
+			Expect(KeystoneAPI.Spec.FernetRotationContainerImage).Should(Equal(
+				"fernet-rotation-container-image",
+			))
 		})
 	})