Merge pull request #364 from jlarriba/fix_swift

[OSPRH-6229] Ceilometer gets 403 Forbidden when accessing Swift API
openstack-k8s-operators · Apr 30, 2024 · 115b844 · 115b844
2 parents f5c888b + 02977d7
commit 115b844
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 12 deletions.
diff --git a/controllers/ceilometer_controller.go b/controllers/ceilometer_controller.go
@@ -40,6 +40,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	logr "github.com/go-logr/logr"
+	projects "github.com/gophercloud/gophercloud/openstack/identity/v3/projects"
 	common "github.com/openstack-k8s-operators/lib-common/modules/common"
 	condition "github.com/openstack-k8s-operators/lib-common/modules/common/condition"
 	endpoint "github.com/openstack-k8s-operators/lib-common/modules/common/endpoint"
@@ -51,6 +52,7 @@ import (
 	statefulset "github.com/openstack-k8s-operators/lib-common/modules/common/statefulset"
 	"github.com/openstack-k8s-operators/lib-common/modules/common/tls"
 	util "github.com/openstack-k8s-operators/lib-common/modules/common/util"
+	openstack "github.com/openstack-k8s-operators/lib-common/modules/openstack"
 
 	rabbitmqv1 "github.com/openstack-k8s-operators/infra-operator/apis/rabbitmq/v1beta1"
 	keystonev1 "github.com/openstack-k8s-operators/keystone-operator/api/v1beta1"
@@ -451,6 +453,19 @@ func (r *CeilometerReconciler) reconcileNormal(ctx context.Context, instance *te
 		}
 	}
 
+	// Hash all the endpointurls to trigger a redeployment everytime one of the internal endpoints changes or is added
+	v := "internal"
+	endpointurls, err := keystonev1.GetKeystoneEndpointUrls(ctx, helper, instance.Namespace, &v)
+	if err != nil {
+
+		return ctrl.Result{}, err
+	}
+	hash, err := util.ObjectHash(endpointurls)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+	configMapVars["endpointurls"] = env.SetValue(hash)
+
 	//
 	// create hash over all the different input resources to identify if any those changed
 	// and a restart/recreate is required.
@@ -786,17 +801,15 @@ func (r *CeilometerReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Ma
 		return nil
 	}
 
-	// Force restart of Ceilometer every time a keystoneendpoint is modified
+	// Reconcile every time a keystoneendpoint is modified
 	keystoneEndpointsWatchFn := func(ctx context.Context, o client.Object) []reconcile.Request {
-		pod := &corev1.Pod{}
-		// Ceilometer can never have replicas so it will always be pod 0
-		err := r.Client.Get(ctx, types.NamespacedName{Name: fmt.Sprintf("%v-0", ceilometer.ServiceName), Namespace: o.GetNamespace()}, pod)
-		if err != nil {
-			return nil
+		result := []reconcile.Request{}
+		name := client.ObjectKey{
+			Namespace: o.GetNamespace(),
+			Name:      ceilometer.ServiceName,
 		}
-		// Delete the pod so the statefulset re-creates it
-		_ = r.Client.Delete(ctx, pod)
-		return nil
+		result = append(result, reconcile.Request{NamespacedName: name})
+		return result
 	}
 
 	// index ceilometerPasswordSecretField
@@ -947,14 +960,48 @@ func (r *CeilometerReconciler) ensureSwiftRole(
 		return err
 	}
 
+	// We are using the fixed domainID "default" because it is also fixed in ceilometer.conf
+	project, err := getProject(os, log, "service", "default")
+	if err != nil {
+		return err
+	}
+
 	err = os.AssignUserRole(
 		log,
 		"SwiftSystemReader",
 		user.ID,
-		"service")
+		project.ID)
 	if err != nil {
+		log.Error(err, "Cannot AssignUserRole")
 		return err
 	}
 
 	return nil
 }
+
+// getProject - gets project with projectName
+func getProject(
+	o *openstack.OpenStack,
+	log logr.Logger,
+	projectName string,
+	domainID string,
+) (*projects.Project, error) {
+	allPages, err := projects.List(o.GetOSClient(), projects.ListOpts{Name: projectName, DomainID: domainID}).AllPages()
+	if err != nil {
+		return nil, err
+	}
+	allProjects, err := projects.ExtractProjects(allPages)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(allProjects) == 0 {
+		log.Error(err, fmt.Sprintf("%s %s", projectName, "project not found"))
+		return nil, err
+	} else if len(allProjects) > 1 {
+		log.Error(err, fmt.Sprintf("multiple project named \"%s\" found", projectName))
+		return nil, err
+	}
+
+	return &allProjects[0], nil
+}
diff --git a/go.mod b/go.mod
@@ -6,13 +6,15 @@ replace github.com/openstack-k8s-operators/telemetry-operator/api => ./api
 
 require (
 	github.com/go-logr/logr v1.4.1
+	github.com/gophercloud/gophercloud v1.11.0
 	github.com/onsi/ginkgo/v2 v2.17.2
 	github.com/onsi/gomega v1.33.0
 	github.com/openstack-k8s-operators/dataplane-operator/api v0.3.1-0.20240430064940-efe1bb725a94
 	github.com/openstack-k8s-operators/heat-operator/api v0.3.1-0.20240430090712-e6c78e4ea887
 	github.com/openstack-k8s-operators/infra-operator/apis v0.3.1-0.20240429104248-25176c735750
 	github.com/openstack-k8s-operators/keystone-operator/api v0.3.1-0.20240429164853-7e1e3b111ee9
 	github.com/openstack-k8s-operators/lib-common/modules/common v0.3.1-0.20240429052447-09a614506ca6
+	github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240429052447-09a614506ca6
 	github.com/openstack-k8s-operators/mariadb-operator/api v0.3.1-0.20240429121622-952f44520872
 	github.com/openstack-k8s-operators/telemetry-operator/api v0.3.1-0.20240429095317-40ac2890007c
 	github.com/rhobs/obo-prometheus-operator/pkg/apis/monitoring v0.69.0-rhobs1
@@ -49,7 +51,6 @@ require (
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/gophercloud/gophercloud v1.11.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -67,7 +68,6 @@ require (
 	github.com/openstack-k8s-operators/glance-operator/api v0.3.1-0.20240430052712-841fde32d943 // indirect
 	github.com/openstack-k8s-operators/horizon-operator/api v0.3.1-0.20240430085044-cf46cfe9e9aa // indirect
 	github.com/openstack-k8s-operators/ironic-operator/api v0.3.1-0.20240430085043-5c245a596d9b // indirect
-	github.com/openstack-k8s-operators/lib-common/modules/openstack v0.3.1-0.20240429052447-09a614506ca6 // indirect
 	github.com/openstack-k8s-operators/lib-common/modules/storage v0.3.1-0.20240429052447-09a614506ca6 // indirect
 	github.com/openstack-k8s-operators/manila-operator/api v0.3.1-0.20240430085856-68c83fbc3041 // indirect
 	github.com/openstack-k8s-operators/neutron-operator/api v0.3.1-0.20240430093731-289b1f3dcb7b // indirect