Skip to content

Commit

Permalink
Merge pull request #634 from stuggi/tlse_heat
Browse files Browse the repository at this point in the history
[tlse] internal TLS support for heat
  • Loading branch information
openshift-merge-bot[bot] authored Jan 30, 2024
2 parents a5d7799 + 4786a77 commit 700bc70
Showing 1 changed file with 18 additions and 2 deletions.
20 changes: 18 additions & 2 deletions pkg/openstack/heat.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,14 @@ func ReconcileHeat(ctx context.Context, instance *corev1beta1.OpenStackControlPl
}
}

// preserve any previously set TLS certs,set CA cert
if instance.Spec.TLS.Enabled(service.EndpointInternal) {
instance.Spec.Heat.Template.HeatAPI.TLS = heat.Spec.HeatAPI.TLS
instance.Spec.Heat.Template.HeatCfnAPI.TLS = heat.Spec.HeatCfnAPI.TLS
}
instance.Spec.Heat.Template.HeatAPI.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName
instance.Spec.Heat.Template.HeatCfnAPI.TLS.CaBundleSecretName = instance.Status.TLS.CaBundleSecretName

// Heat API
if heat.Status.Conditions.IsTrue(heatv1.HeatAPIReadyCondition) {
svcs, err := service.GetServicesListWithLabel(
Expand All @@ -88,7 +96,7 @@ func ReconcileHeat(ctx context.Context, instance *corev1beta1.OpenStackControlPl
instance.Spec.Heat.Template.HeatAPI.Override.Service,
instance.Spec.Heat.APIOverride,
corev1beta1.OpenStackControlPlaneExposeHeatReadyCondition,
true, // TODO: (mschuppert) disable TLS for now until implemented
false, // TODO (mschuppert) could be removed when all integrated service support TLS
)
if err != nil {
return ctrlResult, err
Expand All @@ -97,6 +105,10 @@ func ReconcileHeat(ctx context.Context, instance *corev1beta1.OpenStackControlPl
}

instance.Spec.Heat.Template.HeatAPI.Override.Service = endpointDetails.GetEndpointServiceOverrides()

// update TLS settings with cert secret
instance.Spec.Heat.Template.HeatAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)
instance.Spec.Heat.Template.HeatAPI.TLS.API.Internal.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointInternal)
}

// Heat CFNAPI
Expand All @@ -120,7 +132,7 @@ func ReconcileHeat(ctx context.Context, instance *corev1beta1.OpenStackControlPl
instance.Spec.Heat.Template.HeatCfnAPI.Override.Service,
instance.Spec.Heat.CnfAPIOverride,
corev1beta1.OpenStackControlPlaneExposeHeatReadyCondition,
true, // TODO: (mschuppert) disable TLS for now until implemented
false, // TODO (mschuppert) could be removed when all integrated service support TLS
)
if err != nil {
return ctrlResult, err
Expand All @@ -129,6 +141,10 @@ func ReconcileHeat(ctx context.Context, instance *corev1beta1.OpenStackControlPl
}

instance.Spec.Heat.Template.HeatCfnAPI.Override.Service = endpointDetails.GetEndpointServiceOverrides()

// update TLS settings with cert secret
instance.Spec.Heat.Template.HeatCfnAPI.TLS.API.Public.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointPublic)
instance.Spec.Heat.Template.HeatCfnAPI.TLS.API.Internal.SecretName = endpointDetails.GetEndptCertSecret(service.EndpointInternal)
}

Log := GetLogger(ctx)
Expand Down

0 comments on commit 700bc70

Please sign in to comment.