Merge pull request #650 from olliewalsh/horizon_tls

openshift-merge-bot[bot] · web-flow · commit ae4e9e49c4ce · 2024-02-02T08:29:47.000Z
[tlse] tls for Horizon
diff --git a/apis/bases/core.openstack.org_openstackcontrolplanes.yaml b/apis/bases/core.openstack.org_openstackcontrolplanes.yaml
@@ -5486,6 +5486,13 @@ spec:
                         type: object
                       secret:
                         type: string
+                      tls:
+                        properties:
+                          caBundleSecretName:
+                            type: string
+                          secretName:
+                            type: string
+                        type: object
                     required:
                     - containerImage
                     - memcachedInstance
diff --git a/apis/go.mod b/apis/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20240104144436-858a0383741c
 	github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240125205602-5078ec145f59
 	github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240126104104-98b57e66f7b5
-	github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240107213124-f2df1172f89e
+	github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240201165829-8bf07cefa542
 	github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240131020128-fea7453a8039
 	github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240201134523-df1ac5ea0807
 	github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240125201204-a18a1e700034
diff --git a/apis/go.sum b/apis/go.sum
@@ -140,8 +140,8 @@ github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240125205602-5
 github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240125205602-5078ec145f59/go.mod h1:s1zOUVnG8X7O3MuymRC/BhbOCn5ZjU7FrfX4wOnQs6E=
 github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240126104104-98b57e66f7b5 h1:3OXMNE58GsoH4oik991Jw90zyyC0c4HwtdLXinVtCvA=
 github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240126104104-98b57e66f7b5/go.mod h1:uELus2W9VhyxtcByNyUgNZyTH2qpcJH4c7FZz6SOI/I=
-github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240107213124-f2df1172f89e h1:GbIGvapn+D/fDvK8IoxVbgCLaTxD3OwtYe9PQ9DdVy0=
-github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240107213124-f2df1172f89e/go.mod h1:5U3y8EfcYL21ipAXxPgVMSSfSOdCRN0wNmh0L7aREKw=
+github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240201165829-8bf07cefa542 h1:5JgxlBCmPGDSv7FKv3ZGnuAwr2PFVyRNNmf/UfGVoIk=
+github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240201165829-8bf07cefa542/go.mod h1:vqtXw4Sj2MOZgVP2Kzs1WK2sPweTyhYmwVZau7kc96s=
 github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240131020128-fea7453a8039 h1:z48vu+NVNS2Pt5Pv0DLSUpTFfb1nqb8jweC2ZRurNlw=
 github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240131020128-fea7453a8039/go.mod h1:M3859LWhTb+9zahzU3nhkrwUBvAgTmLPaG10haK9djM=
 github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240201134523-df1ac5ea0807 h1:pCGPzFAo85glN8ApN45uyxQ8uaOPCDQYdfF2Kh0ReK8=
diff --git a/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml b/config/crd/bases/core.openstack.org_openstackcontrolplanes.yaml
@@ -5486,6 +5486,13 @@ spec:
                         type: object
                       secret:
                         type: string
+                      tls:
+                        properties:
+                          caBundleSecretName:
+                            type: string
+                          secretName:
+                            type: string
+                        type: object
                     required:
                     - containerImage
                     - memcachedInstance
diff --git a/go.mod b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/openstack-k8s-operators/designate-operator/api v0.0.0-20240104144436-858a0383741c
 	github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240125205602-5078ec145f59
 	github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240126104104-98b57e66f7b5
-	github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240107213124-f2df1172f89e
+	github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240201165829-8bf07cefa542
 	github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240131020128-fea7453a8039
 	github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240201134523-df1ac5ea0807
 	github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240125201204-a18a1e700034
diff --git a/go.sum b/go.sum
@@ -153,8 +153,8 @@ github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240125205602-5
 github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240125205602-5078ec145f59/go.mod h1:s1zOUVnG8X7O3MuymRC/BhbOCn5ZjU7FrfX4wOnQs6E=
 github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240126104104-98b57e66f7b5 h1:3OXMNE58GsoH4oik991Jw90zyyC0c4HwtdLXinVtCvA=
 github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240126104104-98b57e66f7b5/go.mod h1:uELus2W9VhyxtcByNyUgNZyTH2qpcJH4c7FZz6SOI/I=
-github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240107213124-f2df1172f89e h1:GbIGvapn+D/fDvK8IoxVbgCLaTxD3OwtYe9PQ9DdVy0=
-github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240107213124-f2df1172f89e/go.mod h1:5U3y8EfcYL21ipAXxPgVMSSfSOdCRN0wNmh0L7aREKw=
+github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240201165829-8bf07cefa542 h1:5JgxlBCmPGDSv7FKv3ZGnuAwr2PFVyRNNmf/UfGVoIk=
+github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240201165829-8bf07cefa542/go.mod h1:vqtXw4Sj2MOZgVP2Kzs1WK2sPweTyhYmwVZau7kc96s=
 github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240131020128-fea7453a8039 h1:z48vu+NVNS2Pt5Pv0DLSUpTFfb1nqb8jweC2ZRurNlw=
 github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240131020128-fea7453a8039/go.mod h1:M3859LWhTb+9zahzU3nhkrwUBvAgTmLPaG10haK9djM=
 github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240201134523-df1ac5ea0807 h1:pCGPzFAo85glN8ApN45uyxQ8uaOPCDQYdfF2Kh0ReK8=
diff --git a/pkg/openstack/horizon.go b/pkg/openstack/horizon.go
@@ -67,6 +67,12 @@ func ReconcileHorizon(ctx context.Context, instance *corev1beta1.OpenStackContro
 		}
 	}
 
+	// preserve any previously set TLS certs, set CA cert
+	if instance.Spec.TLS.Enabled(service.EndpointInternal) {
+		instance.Spec.Horizon.Template.TLS = horizon.Spec.TLS
+	}
+	instance.Spec.Horizon.Template.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName
+
 	if horizon.Status.Conditions.IsTrue(condition.ExposeServiceReadyCondition) {
 		svcs, err := service.GetServicesListWithLabel(
 			ctx,
@@ -87,14 +93,16 @@ func ReconcileHorizon(ctx context.Context, instance *corev1beta1.OpenStackContro
 			serviceOverrides,
 			instance.Spec.Horizon.APIOverride,
 			corev1beta1.OpenStackControlPlaneExposeHorizonReadyCondition,
-			true, // TODO: (mschuppert) disable TLS for now until implemented
+			false, // TODO (mschuppert) could be removed when all integrated service support TLS
 		)
 		if err != nil {
 			return ctrlResult, err
 		} else if (ctrlResult != ctrl.Result{}) {
 			return ctrlResult, nil
 		}
 		serviceOverrides = endpointDetails.GetEndpointServiceOverrides()
+
+		instance.Spec.Horizon.Template.TLS.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)
 	}
 
 	Log.Info("Reconcile Horizon", "horizon.Namespace", instance.Namespace, "horizon.Name", "horizon")

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,12 @@ func ReconcileHorizon(ctx context.Context, instance *corev1beta1.OpenStackContro`
`67`	`67`	`}`
`68`	`68`	`}`
`69`	`69`
	`70`	`+ // preserve any previously set TLS certs, set CA cert`
	`71`	`+ if instance.Spec.TLS.Enabled(service.EndpointInternal) {`
	`72`	`+ instance.Spec.Horizon.Template.TLS = horizon.Spec.TLS`
	`73`	`+ }`
	`74`	`+ instance.Spec.Horizon.Template.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName`
	`75`	`+`
`70`	`76`	`if horizon.Status.Conditions.IsTrue(condition.ExposeServiceReadyCondition) {`
`71`	`77`	`svcs, err := service.GetServicesListWithLabel(`
`72`	`78`	`ctx,`
`@@ -87,14 +93,16 @@ func ReconcileHorizon(ctx context.Context, instance *corev1beta1.OpenStackContro`
`87`	`93`	`serviceOverrides,`
`88`	`94`	`instance.Spec.Horizon.APIOverride,`
`89`	`95`	`corev1beta1.OpenStackControlPlaneExposeHorizonReadyCondition,`
`90`		`- true, // TODO: (mschuppert) disable TLS for now until implemented`
	`96`	`+ false, // TODO (mschuppert) could be removed when all integrated service support TLS`
`91`	`97`	`)`
`92`	`98`	`if err != nil {`
`93`	`99`	`return ctrlResult, err`
`94`	`100`	`} else if (ctrlResult != ctrl.Result{}) {`
`95`	`101`	`return ctrlResult, nil`
`96`	`102`	`}`
`97`	`103`	`serviceOverrides = endpointDetails.GetEndpointServiceOverrides()`
	`104`	`+`
	`105`	`+ instance.Spec.Horizon.Template.TLS.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)`
`98`	`106`	`}`
`99`	`107`
`100`	`108`	`Log.Info("Reconcile Horizon", "horizon.Namespace", instance.Namespace, "horizon.Name", "horizon")`