From 9b885238d169baf0aa5967a603f089278a2b8551 Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Wed, 17 Sep 2025 16:51:55 -0500 Subject: [PATCH] fix(openstack): include more fields for the service users The upstream charts do not include a few more of these fields by default for service users so we need to include those in our chart as well. To avoid duplication create helpers so that the behavior stays consistent. --- components/openstack/templates/_helpers.tpl | 11 +++++++++++ .../templates/keystone-service-user.yaml.tpl | 13 ++++++------- 2 files changed, 17 insertions(+), 7 deletions(-) create mode 100644 components/openstack/templates/_helpers.tpl diff --git a/components/openstack/templates/_helpers.tpl b/components/openstack/templates/_helpers.tpl new file mode 100644 index 000000000..385c4fbc5 --- /dev/null +++ b/components/openstack/templates/_helpers.tpl @@ -0,0 +1,11 @@ +{{- define "openstack.serviceuser.user_domain_name" -}} +{{- eq .usage "admin" | ternary "default" "service" }} +{{- end }} + +{{- define "openstack.serviceuser.project_domain_name" -}} +{{- eq .usage "admin" | ternary "default" ( default "service" .project_domain_name ) }} +{{- end }} + +{{- define "openstack.serviceuser.project_name" -}} +{{- eq .usage "admin" | ternary "admin" ( default "service" .project_name ) }} +{{- end }} diff --git a/components/openstack/templates/keystone-service-user.yaml.tpl b/components/openstack/templates/keystone-service-user.yaml.tpl index 79911ba71..ec240b2dd 100644 --- a/components/openstack/templates/keystone-service-user.yaml.tpl +++ b/components/openstack/templates/keystone-service-user.yaml.tpl @@ -1,10 +1,6 @@ {{- if .Values.keystoneServiceUsers.enabled }} {{- range $serviceName, $users := .Values.keystoneServiceUsers.services }} {{- range $_, $user := $users }} -{{/* special override for the admin user since its in the bootstrap domain of default */}} -{{- $user_domain_name := eq $user.usage "admin" | ternary "default" "service" }} -{{- $project_domain_name := eq $user.usage "admin" | ternary "default" ( default "service" $user.project_domain_name ) }} -{{- $project_name := eq $user.usage "admin" | ternary "admin" ( default "service" $user.project_name ) }} --- apiVersion: external-secrets.io/v1 kind: ExternalSecret @@ -27,9 +23,9 @@ spec: OS_AUTH_URL: {{ $.Values.keystoneUrl | quote }} OS_DEFAULT_DOMAIN: 'default' OS_INTERFACE: {{ $.Values.keystoneServiceUsers.keystoneInterface | quote }} - OS_PROJECT_DOMAIN_NAME: {{ $project_domain_name | quote }} - OS_PROJECT_NAME: {{ $project_name | quote }} - OS_USER_DOMAIN_NAME: {{ $user_domain_name | quote }} + OS_PROJECT_DOMAIN_NAME: {{ include "openstack.serviceuser.project_domain_name" $user | quote }} + OS_PROJECT_NAME: {{ include "openstack.serviceuser.project_name" $user | quote }} + OS_USER_DOMAIN_NAME: {{ include "openstack.serviceuser.user_domain_name" $user | quote }} OS_USERNAME: {{ `{{ .username }}` | quote }} OS_PASSWORD: {{ `{{ .password }}` | quote }} OS_REGION_NAME: {{ $.Values.regionName | quote }} @@ -62,6 +58,9 @@ spec: {{- $shouldSkip := or (eq $user.usage "test") (eq $user.usage "admin") }} {{- if not $shouldSkip }} [{{ $section }}] + project_domain_name={{ include "openstack.serviceuser.project_domain_name" $user }} + project_name={{ include "openstack.serviceuser.project_name" $user }} + user_domain_name={{ include "openstack.serviceuser.user_domain_name" $user }} username={{ printf "{{ (fromJson .%s).username }}" $user.usage }} password={{ printf "{{ (fromJson .%s).password }}" $user.usage }} region_name={{ $.Values.regionName | quote }}