Merge pull request #662 from Deydra71/tls-support-manila

openshift-merge-bot[bot] · web-flow · commit 10230e390599 · 2024-02-12T23:45:10.000Z
[tlse] internal TLS support for manila
diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml
@@ -7460,6 +7460,24 @@ spec:
                                   x-kubernetes-int-or-string: true
                                 type: object
                             type: object
+                          tls:
+                            properties:
+                              api:
+                                properties:
+                                  internal:
+                                    properties:
+                                      secretName:
+                                        type: string
+                                    type: object
+                                  public:
+                                    properties:
+                                      secretName:
+                                        type: string
+                                    type: object
+                                type: object
+                              caBundleSecretName:
+                                type: string
+                            type: object
                         required:
                         - containerImage
                         type: object
diff --git a/apis/go.mod b/apis/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240202131833-8b6a4ca3bdc5
 	github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240202140528-34883c60812b
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240129151020-c9467a8fbbfc
-	github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240205075416-5a5000e56580
+	github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240212073017-91c953f42846
 	github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240201121152-3dcb5d5b24f7
 	github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240205081907-ca38cd1c0fd7
 	github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240206080218-0a39e8ee1c07
diff --git a/apis/go.sum b/apis/go.sum
@@ -154,8 +154,8 @@ github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.2024012
 github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240129151020-c9467a8fbbfc/go.mod h1:GammFyM5i2OY0lBEAcyEi9Gk46jXFIlD+z+JqBikfoY=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240129151020-c9467a8fbbfc h1:At0RB1SfDAR50H4R+SGykczEmYz8XkEJllVM5YUujAE=
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240129151020-c9467a8fbbfc/go.mod h1:lf4VSkNgy2mPyf4tR5xBXs8wQU9TJ9BYfY/Ay9/JkP0=
-github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240205075416-5a5000e56580 h1:Nem1hsYnQZPZrQKvSJ7ocZsOYaEy6IR76z20Lr0ALtY=
-github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240205075416-5a5000e56580/go.mod h1:TFWmtTRY1KLPoSOOriSEP7LgCrBwF8qM5ASAPxuvzyg=
+github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240212073017-91c953f42846 h1:x3IxqzMPb5V9wl83Sv6cEPWtdqtqRcQrDwSX02MH0/0=
+github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240212073017-91c953f42846/go.mod h1:TFWmtTRY1KLPoSOOriSEP7LgCrBwF8qM5ASAPxuvzyg=
 github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240201121152-3dcb5d5b24f7 h1:pFtnmP9SS0FX1EQVlDmOf26G8G+ZlZkvowJLQUhvV6I=
 github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240201121152-3dcb5d5b24f7/go.mod h1:D4sr4UipU4qjyrcO2mjW8YlSm48AdkY69dloASUbNYE=
 github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240205081907-ca38cd1c0fd7 h1:kHXBC17KCkoHwVGt6kJEY0FAWZuXwTM62xsxfKtRdsk=
diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml
@@ -7460,6 +7460,24 @@ spec:
                                   x-kubernetes-int-or-string: true
                                 type: object
                             type: object
+                          tls:
+                            properties:
+                              api:
+                                properties:
+                                  internal:
+                                    properties:
+                                      secretName:
+                                        type: string
+                                    type: object
+                                  public:
+                                    properties:
+                                      secretName:
+                                        type: string
+                                    type: object
+                                type: object
+                              caBundleSecretName:
+                                type: string
+                            type: object
                         required:
                         - containerImage
                         type: object
diff --git a/go.mod b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/openstack-k8s-operators/lib-common/modules/certmanager v0.0.0-20240129151020-c9467a8fbbfc
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240129151020-c9467a8fbbfc
 	github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240129151020-c9467a8fbbfc
-	github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240205075416-5a5000e56580
+	github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240212073017-91c953f42846
 	github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240201121152-3dcb5d5b24f7
 	github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240205081907-ca38cd1c0fd7
 	github.com/openstack-k8s-operators/nova-operator/api v0.3.1-0.20240206080218-0a39e8ee1c07
diff --git a/go.sum b/go.sum
@@ -171,8 +171,8 @@ github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.202401291
 github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240129151020-c9467a8fbbfc/go.mod h1:lf4VSkNgy2mPyf4tR5xBXs8wQU9TJ9BYfY/Ay9/JkP0=
 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240129151020-c9467a8fbbfc h1:1vqB6G8qvXH030JyVsx4acl5xtbCqwdbTHivc9f4vvY=
 github.com/openstack-k8s-operators/lib-common/modules/test v0.3.1-0.20240129151020-c9467a8fbbfc/go.mod h1:ni4mvKeubWsTjKmcToJ+hIo7pJipM9hwiUv8qhm1R6Y=
-github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240205075416-5a5000e56580 h1:Nem1hsYnQZPZrQKvSJ7ocZsOYaEy6IR76z20Lr0ALtY=
-github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240205075416-5a5000e56580/go.mod h1:TFWmtTRY1KLPoSOOriSEP7LgCrBwF8qM5ASAPxuvzyg=
+github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240212073017-91c953f42846 h1:x3IxqzMPb5V9wl83Sv6cEPWtdqtqRcQrDwSX02MH0/0=
+github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240212073017-91c953f42846/go.mod h1:TFWmtTRY1KLPoSOOriSEP7LgCrBwF8qM5ASAPxuvzyg=
 github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240201121152-3dcb5d5b24f7 h1:pFtnmP9SS0FX1EQVlDmOf26G8G+ZlZkvowJLQUhvV6I=
 github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240201121152-3dcb5d5b24f7/go.mod h1:D4sr4UipU4qjyrcO2mjW8YlSm48AdkY69dloASUbNYE=
 github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240205081907-ca38cd1c0fd7 h1:kHXBC17KCkoHwVGt6kJEY0FAWZuXwTM62xsxfKtRdsk=
diff --git a/pkg/openstack/manila.go b/pkg/openstack/manila.go
@@ -56,6 +56,12 @@ func ReconcileManila(ctx context.Context, instance *corev1beta1.OpenStackControl
 		}
 	}
 
+	// preserve any previously set TLS certs, set CA cert
+	if instance.Spec.TLS.Enabled(service.EndpointInternal) {
+		instance.Spec.Manila.Template.ManilaAPI.TLS = manila.Spec.ManilaAPI.TLS
+	}
+	instance.Spec.Manila.Template.ManilaAPI.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName
+
 	// When component services got created check if there is the need to create a route
 	if manila.Status.Conditions.IsTrue(manilav1.ManilaAPIReadyCondition) {
 		svcs, err := service.GetServicesListWithLabel(
@@ -77,7 +83,7 @@ func ReconcileManila(ctx context.Context, instance *corev1beta1.OpenStackControl
 			instance.Spec.Manila.Template.ManilaAPI.Override.Service,
 			instance.Spec.Manila.APIOverride,
 			corev1beta1.OpenStackControlPlaneExposeManilaReadyCondition,
-			true, // TODO: (mschuppert) disable TLS for now until implemented
+			false, // TODO: (mschuppert) could be removed when all integrated service support TLS
 		)
 		if err != nil {
 			return ctrlResult, err
@@ -86,6 +92,10 @@ func ReconcileManila(ctx context.Context, instance *corev1beta1.OpenStackControl
 		}
 
 		instance.Spec.Manila.Template.ManilaAPI.Override.Service = endpointDetails.GetEndpointServiceOverrides()
+
+		// update TLS settings with cert secret
+		instance.Spec.Manila.Template.ManilaAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)
+		instance.Spec.Manila.Template.ManilaAPI.TLS.API.Internal.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointInternal)
 	}
 
 	Log.Info("Reconciling Manila", "Manila.Namespace", instance.Namespace, "Manila.Name", "manila")

Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,12 @@ func ReconcileManila(ctx context.Context, instance *corev1beta1.OpenStackControl`
`56`	`56`	`}`
`57`	`57`	`}`
`58`	`58`
	`59`	`+ // preserve any previously set TLS certs, set CA cert`
	`60`	`+ if instance.Spec.TLS.Enabled(service.EndpointInternal) {`
	`61`	`+ instance.Spec.Manila.Template.ManilaAPI.TLS = manila.Spec.ManilaAPI.TLS`
	`62`	`+ }`
	`63`	`+ instance.Spec.Manila.Template.ManilaAPI.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName`
	`64`	`+`
`59`	`65`	`// When component services got created check if there is the need to create a route`
`60`	`66`	`if manila.Status.Conditions.IsTrue(manilav1.ManilaAPIReadyCondition) {`
`61`	`67`	`svcs, err := service.GetServicesListWithLabel(`
`@@ -77,7 +83,7 @@ func ReconcileManila(ctx context.Context, instance *corev1beta1.OpenStackControl`
`77`	`83`	`instance.Spec.Manila.Template.ManilaAPI.Override.Service,`
`78`	`84`	`instance.Spec.Manila.APIOverride,`
`79`	`85`	`corev1beta1.OpenStackControlPlaneExposeManilaReadyCondition,`
`80`		`- true, // TODO: (mschuppert) disable TLS for now until implemented`
	`86`	`+ false, // TODO: (mschuppert) could be removed when all integrated service support TLS`
`81`	`87`	`)`
`82`	`88`	`if err != nil {`
`83`	`89`	`return ctrlResult, err`
`@@ -86,6 +92,10 @@ func ReconcileManila(ctx context.Context, instance *corev1beta1.OpenStackControl`
`86`	`92`	`}`
`87`	`93`
`88`	`94`	`instance.Spec.Manila.Template.ManilaAPI.Override.Service = endpointDetails.GetEndpointServiceOverrides()`
	`95`	`+`
	`96`	`+ // update TLS settings with cert secret`
	`97`	`+ instance.Spec.Manila.Template.ManilaAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)`
	`98`	`+ instance.Spec.Manila.Template.ManilaAPI.TLS.API.Internal.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointInternal)`
`89`	`99`	`}`
`90`	`100`
`91`	`101`	`Log.Info("Reconciling Manila", "Manila.Namespace", instance.Namespace, "Manila.Name", "manila")`