From da7d116ff83e5c37b9e351d4aac90c969209e433 Mon Sep 17 00:00:00 2001 From: Anders Stigaard Date: Mon, 13 Apr 2026 14:59:31 +0200 Subject: [PATCH 1/4] test needed --- api/config/v2alpha2/projectconfig_types.go | 20 +++++++------- api/config/v2alpha2/zz_generated.deepcopy.go | 10 +++---- .../controller/styra/system_controller.go | 26 ++++++++++++------- .../controller/controller_suite_test.go | 16 ++++++------ 4 files changed, 40 insertions(+), 32 deletions(-) diff --git a/api/config/v2alpha2/projectconfig_types.go b/api/config/v2alpha2/projectconfig_types.go index 260b0897..67fcdeb0 100644 --- a/api/config/v2alpha2/projectconfig_types.go +++ b/api/config/v2alpha2/projectconfig_types.go @@ -222,9 +222,6 @@ type OPAControlPlaneConfig struct { SystemDatasourceChanged string `json:"systemDatasourceChanged,omitempty"` // LibraryDatasourceChanged is the URL to be called when a library datasource has changed. LibraryDatasourceChanged string `json:"libraryDatasourceChanged,omitempty"` - - // DecisionAPIConfig contains configuration for which api OPAs should use to and how - DecisionAPIConfig *DecisionAPIConfig `json:"decisionAPIConfig,omitempty"` } // UserCredentialHandler defines the structure of possible user credential handlers @@ -266,17 +263,20 @@ type GitCredentials struct { // OPAConfig contains default configuration for the opa config generated by the styra-controller type OPAConfig struct { - DecisionLogs DecisionLog `json:"decisionLogs,omitempty" yaml:"decisionLogs,omitempty"` - Metrics MetricsConfig `json:"metrics,omitempty" yaml:"metrics,omitempty"` - PersistBundle bool `json:"persist_bundle,omitempty" yaml:"persist_bundle,omitempty"` - PersistBundleDirectory string `json:"persist_bundle_directory,omitempty" yaml:"persist_bundle_directory,omitempty"` //nolint:lll - BundleServer *OPABundleServer `json:"bundleServer,omitempty" yaml:"bundleServer,omitempty"` + DecisionLogs DecisionLog `json:"decisionLogs,omitempty" yaml:"decisionLogs,omitempty"` + Metrics MetricsConfig `json:"metrics,omitempty" yaml:"metrics,omitempty"` + PersistBundle bool `json:"persist_bundle,omitempty" yaml:"persist_bundle,omitempty"` + PersistBundleDirectory string `json:"persist_bundle_directory,omitempty" yaml:"persist_bundle_directory,omitempty"` //nolint:lll + BundleServer *OPABundleServer `json:"bundleServer,omitempty" yaml:"bundleServer,omitempty"` + DecisionAPIConfig *DecisionAPIConfig `json:"decisionAPIConfig,omitempty" yaml:"decisionAPIConfig,omitempty"` } // OPABundleServer contains configuration for the OPA bundle server type OPABundleServer struct { - URL string `json:"url,omitempty" yaml:"url,omitempty"` - Path string `json:"path,omitempty" yaml:"path,omitempty"` + Name string `json:"name,omitempty" yaml:"name,omitempty"` + URL string `json:"url,omitempty" yaml:"url,omitempty"` + Path string `json:"path,omitempty" yaml:"path,omitempty"` + TokenPath string `json:"tokenPath,omitempty" yaml:"tokenPath,omitempty"` } // MetricsConfig contains configuration for OPA metrics diff --git a/api/config/v2alpha2/zz_generated.deepcopy.go b/api/config/v2alpha2/zz_generated.deepcopy.go index eef69be5..63219c22 100644 --- a/api/config/v2alpha2/zz_generated.deepcopy.go +++ b/api/config/v2alpha2/zz_generated.deepcopy.go @@ -280,6 +280,11 @@ func (in *OPAConfig) DeepCopyInto(out *OPAConfig) { *out = new(OPABundleServer) **out = **in } + if in.DecisionAPIConfig != nil { + in, out := &in.DecisionAPIConfig, &out.DecisionAPIConfig + *out = new(DecisionAPIConfig) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OPAConfig. @@ -316,11 +321,6 @@ func (in *OPAControlPlaneConfig) DeepCopyInto(out *OPAControlPlaneConfig) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.DecisionAPIConfig != nil { - in, out := &in.DecisionAPIConfig, &out.DecisionAPIConfig - *out = new(DecisionAPIConfig) - **out = **in - } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OPAControlPlaneConfig. diff --git a/internal/controller/styra/system_controller.go b/internal/controller/styra/system_controller.go index c2ea33a5..9b2a6bbd 100644 --- a/internal/controller/styra/system_controller.go +++ b/internal/controller/styra/system_controller.go @@ -531,26 +531,34 @@ func (r *SystemReconciler) reconcileOPAConfigMapForOCP( WithSystemCondition(v1beta1.ConditionTypeOPAConfigMapUpdated) } + bundleServiceCredintials := &ocp.ServiceCredentials{ + S3: &ocp.S3Signing{ + S3EnvironmentCredentials: map[string]ocp.EmptyStruct{}, + }} + if r.Config.OPA.BundleServer.TokenPath != "" { + bundleServiceCredintials = &ocp.ServiceCredentials{ + Bearer: &ocp.Bearer{ + TokenPath: r.Config.OPA.BundleServer.TokenPath, + }, + } + } + opaconf := ocp.OPAConfig{ BundleService: &ocp.OPAServiceConfig{ - Name: "s3", - URL: bundleURL, - Credentials: &ocp.ServiceCredentials{ - S3: &ocp.S3Signing{ - S3EnvironmentCredentials: map[string]ocp.EmptyStruct{}, - }, - }, + Name: r.Config.OPA.BundleServer.Name, + URL: bundleURL, + Credentials: bundleServiceCredintials, }, LogService: &ocp.OPAServiceConfig{ Name: "logs", - URL: r.Config.OPAControlPlaneConfig.DecisionAPIConfig.ServiceURL, + URL: r.Config.OPA.DecisionAPIConfig.ServiceURL, Credentials: &ocp.ServiceCredentials{ Bearer: &ocp.Bearer{ TokenPath: "/run/secrets/kubernetes.io/serviceaccount/token", }, }, }, - DecisionLogReporting: r.Config.OPAControlPlaneConfig.DecisionAPIConfig.Reporting, + DecisionLogReporting: r.Config.OPA.DecisionAPIConfig.Reporting, BundleResource: fmt.Sprintf("bundles/%s/bundle.tar.gz", uniqueName), UniqueName: uniqueName, Namespace: system.Namespace, diff --git a/test/integration/controller/controller_suite_test.go b/test/integration/controller/controller_suite_test.go index 7ed9900f..d7f403d2 100644 --- a/test/integration/controller/controller_suite_test.go +++ b/test/integration/controller/controller_suite_test.go @@ -155,14 +155,6 @@ var _ = ginkgo.BeforeSuite(func() { OCPConfigSecretName: "s3-credentials", }, }, - DecisionAPIConfig: &configv2alpha2.DecisionAPIConfig{ - ServiceURL: "log-api-url", - Reporting: configv2alpha2.DecisionLogReporting{ - MaxDelaySeconds: 60, - MinDelaySeconds: 5, - UploadSizeLimitBytes: 1024, - }, - }, }, UserCredentialHandler: &configv2alpha2.UserCredentialHandler{ S3: &configv2alpha2.S3Handler{ @@ -178,6 +170,14 @@ var _ = ginkgo.BeforeSuite(func() { URL: "https://s3-url2", Path: "/test-bucket", }, + DecisionAPIConfig: &configv2alpha2.DecisionAPIConfig{ + ServiceURL: "log-api-url", + Reporting: configv2alpha2.DecisionLogReporting{ + MaxDelaySeconds: 60, + MinDelaySeconds: 5, + UploadSizeLimitBytes: 1024, + }, + }, }, }, From 48a3eb9766e9d609c2cbb4eaea070485a5ce1298 Mon Sep 17 00:00:00 2001 From: jgs_bankdata Date: Mon, 13 Apr 2026 15:00:42 +0200 Subject: [PATCH 2/4] typo --- internal/controller/styra/system_controller.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/controller/styra/system_controller.go b/internal/controller/styra/system_controller.go index 9b2a6bbd..d948b033 100644 --- a/internal/controller/styra/system_controller.go +++ b/internal/controller/styra/system_controller.go @@ -531,12 +531,12 @@ func (r *SystemReconciler) reconcileOPAConfigMapForOCP( WithSystemCondition(v1beta1.ConditionTypeOPAConfigMapUpdated) } - bundleServiceCredintials := &ocp.ServiceCredentials{ + bundleServiceCredentials := &ocp.ServiceCredentials{ S3: &ocp.S3Signing{ S3EnvironmentCredentials: map[string]ocp.EmptyStruct{}, }} if r.Config.OPA.BundleServer.TokenPath != "" { - bundleServiceCredintials = &ocp.ServiceCredentials{ + bundleServiceCredentials = &ocp.ServiceCredentials{ Bearer: &ocp.Bearer{ TokenPath: r.Config.OPA.BundleServer.TokenPath, }, @@ -547,7 +547,7 @@ func (r *SystemReconciler) reconcileOPAConfigMapForOCP( BundleService: &ocp.OPAServiceConfig{ Name: r.Config.OPA.BundleServer.Name, URL: bundleURL, - Credentials: bundleServiceCredintials, + Credentials: bundleServiceCredentials, }, LogService: &ocp.OPAServiceConfig{ Name: "logs", From 3f722d72e1481e4c005efbe9f51f3970a01136ce Mon Sep 17 00:00:00 2001 From: Anders Stigaard Date: Mon, 13 Apr 2026 15:43:14 +0200 Subject: [PATCH 3/4] test created --- api/config/v2alpha2/projectconfig_types.go | 2 ++ .../crd/bases/styra.bankdata.dk_libraries.yaml | 2 +- config/crd/bases/styra.bankdata.dk_systems.yaml | 2 +- internal/controller/styra/system_controller.go | 4 ++-- .../controller/controller_suite_test.go | 8 ++++++-- .../controller/system_controller_test.go | 16 ++++++++-------- 6 files changed, 20 insertions(+), 14 deletions(-) diff --git a/api/config/v2alpha2/projectconfig_types.go b/api/config/v2alpha2/projectconfig_types.go index 67fcdeb0..09edc402 100644 --- a/api/config/v2alpha2/projectconfig_types.go +++ b/api/config/v2alpha2/projectconfig_types.go @@ -301,7 +301,9 @@ type DecisionLog struct { // DecisionAPIConfig contains configuration for decision log dispatch type DecisionAPIConfig struct { + Name string `json:"name,omitempty"` ServiceURL string `json:"serviceUrl,omitempty"` + TokenPath string `json:"tokenPath,omitempty"` Reporting DecisionLogReporting `json:"reporting,omitempty"` } diff --git a/config/crd/bases/styra.bankdata.dk_libraries.yaml b/config/crd/bases/styra.bankdata.dk_libraries.yaml index f8281cce..f238a9a0 100644 --- a/config/crd/bases/styra.bankdata.dk_libraries.yaml +++ b/config/crd/bases/styra.bankdata.dk_libraries.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 name: libraries.styra.bankdata.dk spec: group: styra.bankdata.dk diff --git a/config/crd/bases/styra.bankdata.dk_systems.yaml b/config/crd/bases/styra.bankdata.dk_systems.yaml index 555ad550..261fce1d 100644 --- a/config/crd/bases/styra.bankdata.dk_systems.yaml +++ b/config/crd/bases/styra.bankdata.dk_systems.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.20.0 + controller-gen.kubebuilder.io/version: v0.20.1 name: systems.styra.bankdata.dk spec: group: styra.bankdata.dk diff --git a/internal/controller/styra/system_controller.go b/internal/controller/styra/system_controller.go index d948b033..ba23c26d 100644 --- a/internal/controller/styra/system_controller.go +++ b/internal/controller/styra/system_controller.go @@ -550,11 +550,11 @@ func (r *SystemReconciler) reconcileOPAConfigMapForOCP( Credentials: bundleServiceCredentials, }, LogService: &ocp.OPAServiceConfig{ - Name: "logs", + Name: r.Config.OPA.DecisionAPIConfig.Name, URL: r.Config.OPA.DecisionAPIConfig.ServiceURL, Credentials: &ocp.ServiceCredentials{ Bearer: &ocp.Bearer{ - TokenPath: "/run/secrets/kubernetes.io/serviceaccount/token", + TokenPath: r.Config.OPA.DecisionAPIConfig.TokenPath, }, }, }, diff --git a/test/integration/controller/controller_suite_test.go b/test/integration/controller/controller_suite_test.go index d7f403d2..ad8f215a 100644 --- a/test/integration/controller/controller_suite_test.go +++ b/test/integration/controller/controller_suite_test.go @@ -167,11 +167,15 @@ var _ = ginkgo.BeforeSuite(func() { }, OPA: configv2alpha2.OPAConfig{ BundleServer: &configv2alpha2.OPABundleServer{ - URL: "https://s3-url2", - Path: "/test-bucket", + Name: "bundle-server", + URL: "https://bundle-server-url", + Path: "/test-bucket", + TokenPath: "token-path-bundle-server", }, DecisionAPIConfig: &configv2alpha2.DecisionAPIConfig{ + Name: "decision-api", ServiceURL: "log-api-url", + TokenPath: "token-path-decision-api", Reporting: configv2alpha2.DecisionLogReporting{ MaxDelaySeconds: 60, MinDelaySeconds: 5, diff --git a/test/integration/controller/system_controller_test.go b/test/integration/controller/system_controller_test.go index b44ce293..f931b2e4 100644 --- a/test/integration/controller/system_controller_test.go +++ b/test/integration/controller/system_controller_test.go @@ -2817,27 +2817,27 @@ var _ = ginkgo.Describe("SystemReconciler.ReconcileOCPSystem", ginkgo.Label("int expectedYAML := `bundles: authz: resource: bundles/default-ocp-system/bundle.tar.gz - service: s3 + service: bundle-server decision_logs: reporting: max_delay_seconds: 60 min_delay_seconds: 5 upload_size_limit_bytes: 1024 resource_path: /logs - service: logs + service: decision-api labels: namespace: default unique-name: default-ocp-system services: - credentials: - s3_signing: - environment_credentials: {} - name: s3 - url: https://s3-url2/test-bucket + bearer: + token_path: token-path-bundle-server + name: bundle-server + url: https://bundle-server-url/test-bucket - credentials: bearer: - token_path: /run/secrets/kubernetes.io/serviceaccount/token - name: logs + token_path: token-path-decision-api + name: decision-api url: log-api-url ` From f2e12e8edde7221be028501f8c01a22351c723b5 Mon Sep 17 00:00:00 2001 From: bdjgs <104349651+bdjgs@users.noreply.github.com> Date: Tue, 14 Apr 2026 09:29:19 +0200 Subject: [PATCH 4/4] log-api-url to decision-api-url Co-authored-by: bdjgs <104349651+bdjgs@users.noreply.github.com> --- test/integration/controller/controller_suite_test.go | 2 +- test/integration/controller/system_controller_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/controller/controller_suite_test.go b/test/integration/controller/controller_suite_test.go index ad8f215a..42d2908c 100644 --- a/test/integration/controller/controller_suite_test.go +++ b/test/integration/controller/controller_suite_test.go @@ -174,7 +174,7 @@ var _ = ginkgo.BeforeSuite(func() { }, DecisionAPIConfig: &configv2alpha2.DecisionAPIConfig{ Name: "decision-api", - ServiceURL: "log-api-url", + ServiceURL: "decision-api-url", TokenPath: "token-path-decision-api", Reporting: configv2alpha2.DecisionLogReporting{ MaxDelaySeconds: 60, diff --git a/test/integration/controller/system_controller_test.go b/test/integration/controller/system_controller_test.go index f931b2e4..10442113 100644 --- a/test/integration/controller/system_controller_test.go +++ b/test/integration/controller/system_controller_test.go @@ -2838,7 +2838,7 @@ services: bearer: token_path: token-path-decision-api name: decision-api - url: log-api-url + url: decision-api-url ` if err := yaml.Unmarshal([]byte(actualYAML), &actualMap); err != nil {