Skip to content

Commit

Permalink
Merge pull request #454 from rabi/stack_domain
Browse files Browse the repository at this point in the history
Add HeatStackDomainAdminPassword to heat passwords
  • Loading branch information
openshift-merge-bot[bot] authored Oct 24, 2024
2 parents 61d18ee + d006379 commit 6e17ef7
Show file tree
Hide file tree
Showing 12 changed files with 65 additions and 3 deletions.
5 changes: 5 additions & 0 deletions api/bases/heat.openstack.org_heatapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
replicas:
default: 1
Expand Down
5 changes: 5 additions & 0 deletions api/bases/heat.openstack.org_heatcfnapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
replicas:
default: 1
Expand Down
5 changes: 5 additions & 0 deletions api/bases/heat.openstack.org_heatengines.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
replicas:
default: 1
Expand Down
5 changes: 5 additions & 0 deletions api/bases/heat.openstack.org_heats.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -819,6 +819,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
preserveJobs:
default: false
Expand Down
4 changes: 4 additions & 0 deletions api/v1beta1/common_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -98,4 +98,8 @@ type PasswordSelector struct {
// +kubebuilder:default="HeatAuthEncryptionKey"
// AuthEncryptionKey - Selector to get the heat auth encryption key from the Secret
AuthEncryptionKey string `json:"authEncryptionKey"`
// +kubebuilder:validation:Optional
// +kubebuilder:default="HeatStackDomainAdminPassword"
// StackDomainAdminPassword - Selector to get the heat stack domain admin password from the Secret
StackDomainAdminPassword string `json:"stackDomainAdminPassword"`
}
5 changes: 5 additions & 0 deletions config/crd/bases/heat.openstack.org_heatapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
replicas:
default: 1
Expand Down
5 changes: 5 additions & 0 deletions config/crd/bases/heat.openstack.org_heatcfnapis.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -275,6 +275,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
replicas:
default: 1
Expand Down
5 changes: 5 additions & 0 deletions config/crd/bases/heat.openstack.org_heatengines.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
replicas:
default: 1
Expand Down
5 changes: 5 additions & 0 deletions config/crd/bases/heat.openstack.org_heats.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -819,6 +819,11 @@ spec:
description: Service - Selector to get the heat service password
from the Secret
type: string
stackDomainAdminPassword:
default: HeatStackDomainAdminPassword
description: StackDomainAdminPassword - Selector to get the heat
stack domain admin password from the Secret
type: string
type: object
preserveJobs:
default: false
Expand Down
18 changes: 16 additions & 2 deletions controllers/heat_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -953,6 +953,13 @@ func (r *HeatReconciler) generateServiceSecrets(
return err
}
password := strings.TrimSuffix(string(ospSecret.Data[instance.Spec.PasswordSelectors.Service]), "\n")

domainAdminPassword := password
val, ok := ospSecret.Data[instance.Spec.PasswordSelectors.StackDomainAdminPassword]
if ok {
domainAdminPassword = strings.TrimSuffix(string(val), "\n")
}

authEncryptionKey, err := validateAuthEncryptionKey(instance, ospSecret)
if err != nil {
return err
Expand All @@ -967,7 +974,7 @@ func (r *HeatReconciler) generateServiceSecrets(
databaseAccount := db.GetAccount()
dbSecret := db.GetSecret()

templateParameters := initTemplateParameters(instance, authURL, password, authEncryptionKey, transportURL, mc, databaseAccount, dbSecret)
templateParameters := initTemplateParameters(instance, authURL, password, domainAdminPassword, authEncryptionKey, transportURL, mc, databaseAccount, dbSecret)

// Render vhost configuration for API and CFN
httpdAPIVhostConfig := map[string]interface{}{}
Expand Down Expand Up @@ -1048,6 +1055,11 @@ func (r *HeatReconciler) ensureStackDomain(
}
password := strings.TrimSuffix(string(val), "\n")

domainAdminPassword := password
val, ok = secret.Data[instance.Spec.PasswordSelectors.StackDomainAdminPassword]
if ok {
domainAdminPassword = strings.TrimSuffix(string(val), "\n")
}
//
// get admin authentication OpenStack
//
Expand Down Expand Up @@ -1082,7 +1094,7 @@ func (r *HeatReconciler) ensureStackDomain(
r.Log,
openstack.User{
Name: heat.StackDomainAdminUsername,
Password: password,
Password: domainAdminPassword,
DomainID: domainID,
})
if err != nil {
Expand Down Expand Up @@ -1301,6 +1313,7 @@ func initTemplateParameters(
instance *heatv1beta1.Heat,
authURL string,
password string,
domainAdminPassword string,
authEncryptionKey string,
transportURL string,
mc *memcachedv1.Memcached,
Expand All @@ -1321,6 +1334,7 @@ func initTemplateParameters(
"ServicePassword": password,
"StackDomainAdminUsername": heat.StackDomainAdminUsername,
"StackDomainName": heat.StackDomainName,
"StackDomainAdminPassword": domainAdminPassword,
"AuthEncryptionKey": authEncryptionKey,
"TransportURL": transportURL,
"MemcachedServers": mc.GetMemcachedServerListString(),
Expand Down
2 changes: 1 addition & 1 deletion templates/heat/config/00-default.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
region_name_for_services=regionOne
stack_user_domain_name={{ .StackDomainName }}
stack_domain_admin={{ .StackDomainAdminUsername }}
stack_domain_admin_password={{ .ServicePassword }}
stack_domain_admin_password={{ .StackDomainAdminPassword }}
num_engine_workers=4
auth_encryption_key={{ .AuthEncryptionKey }}
use_stderr=true
Expand Down
4 changes: 4 additions & 0 deletions tests/kuttl/common/assert-sample-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ spec:
memcachedInstance: memcached
passwordSelectors:
authEncryptionKey: HeatAuthEncryptionKey
stackDomainAdminPassword: HeatStackDomainAdminPassword
service: HeatPassword
preserveJobs: false
rabbitMqClusterName: rabbitmq
Expand Down Expand Up @@ -61,6 +62,7 @@ spec:
databaseAccount: heat
passwordSelectors:
authEncryptionKey: HeatAuthEncryptionKey
stackDomainAdminPassword: HeatStackDomainAdminPassword
service: HeatPassword
replicas: 1
resources: {}
Expand Down Expand Up @@ -88,6 +90,7 @@ spec:
databaseAccount: heat
passwordSelectors:
authEncryptionKey: HeatAuthEncryptionKey
stackDomainAdminPassword: HeatStackDomainAdminPassword
service: HeatPassword
replicas: 1
resources: {}
Expand Down Expand Up @@ -115,6 +118,7 @@ spec:
databaseAccount: heat
passwordSelectors:
authEncryptionKey: HeatAuthEncryptionKey
stackDomainAdminPassword: HeatStackDomainAdminPassword
service: HeatPassword
replicas: 1
resources: {}
Expand Down

0 comments on commit 6e17ef7

Please sign in to comment.