Skip to content

Commit

Permalink
fix-fulcio-config
Browse files Browse the repository at this point in the history
  • Loading branch information
JasonPowr committed Mar 8, 2024
1 parent 06d1865 commit 0d420cd
Show file tree
Hide file tree
Showing 22 changed files with 218 additions and 168 deletions.
11 changes: 7 additions & 4 deletions api/v1alpha1/fulcio_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ import (
type FulcioSpec struct {
// Define whether you want to export service or not
ExternalAccess ExternalAccess `json:"externalAccess,omitempty"`
// Fulcio Configuration
//+required
Config FulcioConfig `json:"config"`
// Certificate configuration
Expand Down Expand Up @@ -44,8 +45,9 @@ type FulcioCert struct {
}

type FulcioConfig struct {
//+kubebuilder:validation:MinProperties:=1
OIDCIssuers map[string]OIDCIssuer `json:"OIDCIssuers"`
// OIDC Configuration
// +kubebuilder:validation:MinItems=1
OIDCIssuers []OIDCIssuer `json:"OIDCIssuers"`

// A meta issuer has a templated URL of the form:
// https://oidc.eks.*.amazonaws.com/id/*
Expand All @@ -55,12 +57,13 @@ type FulcioConfig struct {
// * https://oidc.eks.us-west-2.amazonaws.com/id/B02C93B6A2D30341AD01E1B6D48164CB
// * https://container.googleapis.com/v1/projects/mattmoor-credit/locations/us-west1-b/clusters/tenant-cluster
// +optional
MetaIssuers map[string]OIDCIssuer `json:"MetaIssuers,omitempty"`
MetaIssuers []OIDCIssuer `json:"MetaIssuers,omitempty"`
}

type OIDCIssuer struct {
// The expected issuer of an OIDC token
IssuerURL string `json:"IssuerURL,omitempty"`
//+required
IssuerURL string `json:"IssuerURL"`
// The expected client ID of the OIDC token
//+required
ClientID string `json:"ClientID"`
Expand Down
16 changes: 8 additions & 8 deletions api/v1alpha1/fulcio_types_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ var _ = Describe("Fulcio", func() {
Expect(k8sClient.Get(context.Background(), getKey(created), fetched)).To(Succeed())
Expect(fetched).To(Equal(created))

fetched.Spec.Config.OIDCIssuers["test"] = OIDCIssuer{
fetched.Spec.Config.OIDCIssuers[0] = OIDCIssuer{
Type: "email",
ClientID: "client",
}
Expand Down Expand Up @@ -128,11 +128,11 @@ var _ = Describe("Fulcio", func() {

It("config is not empty", func() {
invalidObject := generateFulcioObject("config-invalid")
invalidObject.Spec.Config.OIDCIssuers = make(map[string]OIDCIssuer)
invalidObject.Spec.Config.OIDCIssuers = []OIDCIssuer{}

Expect(apierrors.IsInvalid(k8sClient.Create(context.Background(), invalidObject))).To(BeTrue())
Expect(k8sClient.Create(context.Background(), invalidObject)).
To(MatchError(ContainSubstring("in body should have at least 1 properties")))
To(MatchError(ContainSubstring("in body should have at least 1 items")))
})
})

Expand Down Expand Up @@ -170,8 +170,8 @@ var _ = Describe("Fulcio", func() {
Host: "hostname",
},
Config: FulcioConfig{
OIDCIssuers: map[string]OIDCIssuer{
"oidc": {
OIDCIssuers: []OIDCIssuer{
{
ClientID: "client",
Type: "email",
IssuerURL: "url",
Expand All @@ -180,7 +180,7 @@ var _ = Describe("Fulcio", func() {
SPIFFETrustDomain: "SPIFFE",
SubjectDomain: "domain",
},
"oidc2": {
{
ClientID: "clien2",
Type: "email2",
IssuerURL: "url2",
Expand Down Expand Up @@ -220,8 +220,8 @@ func generateFulcioObject(name string) *Fulcio {
},
Spec: FulcioSpec{
Config: FulcioConfig{
OIDCIssuers: map[string]OIDCIssuer{
"oidc": {
OIDCIssuers: []OIDCIssuer{
{
ClientID: "client",
Type: "email",
IssuerURL: "url",
Expand Down
12 changes: 4 additions & 8 deletions api/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion bundle/manifests/rhtas-operator.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ metadata:
}
]
capabilities: Basic Install
createdAt: "2024-03-05T14:59:04Z"
createdAt: "2024-03-08T11:05:02Z"
operators.operatorframework.io/builder: operator-sdk-v1.32.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
name: rhtas-operator.v1.0.0
Expand Down
35 changes: 18 additions & 17 deletions bundle/manifests/rhtas.redhat.com_ctlogs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,16 +50,16 @@ spec:
key:
description: The key of the secret to select from. Must be a valid
secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
privateKeyRef:
Expand All @@ -68,16 +68,16 @@ spec:
key:
description: The key of the secret to select from. Must be a valid
secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
publicKeyRef:
Expand All @@ -89,16 +89,16 @@ spec:
key:
description: The key of the secret to select from. Must be a valid
secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
rootCertificates:
Expand All @@ -111,16 +111,16 @@ spec:
key:
description: The key of the secret to select from. Must be a
valid secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
type: array
Expand Down Expand Up @@ -217,16 +217,16 @@ spec:
key:
description: The key of the secret to select from. Must be a valid
secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
privateKeyRef:
Expand All @@ -235,16 +235,16 @@ spec:
key:
description: The key of the secret to select from. Must be a valid
secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
publicKeyRef:
Expand All @@ -253,16 +253,16 @@ spec:
key:
description: The key of the secret to select from. Must be a valid
secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
rootCertificates:
Expand All @@ -272,16 +272,16 @@ spec:
key:
description: The key of the secret to select from. Must be a
valid secret key.
pattern: '[-._a-zA-Z0-9]+'
pattern: ^[-._a-zA-Z0-9]+$
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- key
- name
type: object
x-kubernetes-map-type: atomic
type: array
Expand All @@ -294,8 +294,9 @@ spec:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
required:
- name
type: object
x-kubernetes-map-type: atomic
type: object
Expand Down
Loading

0 comments on commit 0d420cd

Please sign in to comment.