diff --git a/Cargo.lock b/Cargo.lock index 25ac572e..1b5e7601 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1582,7 +1582,7 @@ dependencies = [ [[package]] name = "k8s-version" version = "0.1.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "darling", "regex", @@ -2993,7 +2993,7 @@ checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596" [[package]] name = "stackable-certs" version = "0.4.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "const-oid", "ecdsa", @@ -3043,8 +3043,8 @@ dependencies = [ [[package]] name = "stackable-operator" -version = "0.111.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +version = "0.111.1" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "base64", "clap", @@ -3080,12 +3080,13 @@ dependencies = [ "tracing-appender", "tracing-subscriber", "url", + "winnow", ] [[package]] name = "stackable-operator-derive" version = "0.3.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "darling", "proc-macro2", @@ -3096,7 +3097,7 @@ dependencies = [ [[package]] name = "stackable-shared" version = "0.1.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "jiff", "k8s-openapi", @@ -3113,7 +3114,7 @@ dependencies = [ [[package]] name = "stackable-telemetry" version = "0.6.3" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "axum", "clap", @@ -3137,7 +3138,7 @@ dependencies = [ [[package]] name = "stackable-versioned" version = "0.10.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "kube", "schemars", @@ -3151,7 +3152,7 @@ dependencies = [ [[package]] name = "stackable-versioned-macros" version = "0.10.0" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "convert_case", "convert_case_extras", @@ -3169,7 +3170,7 @@ dependencies = [ [[package]] name = "stackable-webhook" version = "0.9.1" -source = "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51" +source = "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#8eb179f9faf75afae2db8171445e84a6a54a4401" dependencies = [ "arc-swap", "async-trait", @@ -4046,9 +4047,9 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" -version = "1.0.1" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "09dac053f1cd375980747450bfc7250c264eaae0583872e845c0c7cd578872b5" +checksum = "0592e1c9d151f854e6fd382574c3a0855250e1d9b2f99d9281c6e6391af352f1" dependencies = [ "memchr", ] diff --git a/Cargo.nix b/Cargo.nix index cf857536..fffb3599 100644 --- a/Cargo.nix +++ b/Cargo.nix @@ -5106,9 +5106,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; libName = "k8s_version"; authors = [ @@ -9891,9 +9891,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; libName = "stackable_certs"; authors = [ @@ -10103,13 +10103,13 @@ rec { }; "stackable-operator" = rec { crateName = "stackable-operator"; - version = "0.111.0"; + version = "0.111.1"; edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; libName = "stackable_operator"; authors = [ @@ -10269,6 +10269,10 @@ rec { packageId = "url"; features = [ "serde" ]; } + { + name = "winnow"; + packageId = "winnow"; + } ]; features = { "certs" = [ "dep:stackable-certs" ]; @@ -10287,9 +10291,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; procMacro = true; libName = "stackable_operator_derive"; @@ -10322,9 +10326,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; libName = "stackable_shared"; authors = [ @@ -10403,9 +10407,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; libName = "stackable_telemetry"; authors = [ @@ -10513,9 +10517,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; libName = "stackable_versioned"; authors = [ @@ -10563,9 +10567,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; procMacro = true; libName = "stackable_versioned_macros"; @@ -10631,9 +10635,9 @@ rec { edition = "2024"; workspace_member = null; src = pkgs.fetchgit { - url = "https://github.com/stackabletech/operator-rs.git"; - rev = "b7c8a3a5483b4d35d0abfa11f6db6c153bda8a51"; - sha256 = "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc"; + url = "https://github.com/stackabletech//operator-rs.git"; + rev = "8eb179f9faf75afae2db8171445e84a6a54a4401"; + sha256 = "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d"; }; libName = "stackable_webhook"; authors = [ @@ -14321,9 +14325,9 @@ rec { }; "winnow" = rec { crateName = "winnow"; - version = "1.0.1"; + version = "1.0.3"; edition = "2021"; - sha256 = "1dbji1bwviy08pl74f2qw2m4w9hc4p3vyl3lfj05jdydy59w1nh9"; + sha256 = "1wajycd3krn6h699vydjv7hm0ll5l31p899qzpk59y2is74y34h5"; dependencies = [ { name = "memchr"; diff --git a/Cargo.toml b/Cargo.toml index 7ad6543a..0045c8f7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,7 +11,7 @@ repository = "https://github.com/stackabletech/nifi-operator" [workspace.dependencies] product-config = { git = "https://github.com/stackabletech/product-config.git", tag = "0.8.0" } -stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.111.0", features = ["webhook"] } +stackable-operator = { git = "https://github.com/stackabletech/operator-rs.git", tag = "stackable-operator-0.111.1", features = ["webhook"] } anyhow = "1.0" built = { version = "0.8", features = ["chrono", "git2"] } @@ -34,6 +34,6 @@ tracing = "0.1" url = { version = "2.5.7" } xml-rs = "1.0" -# [patch."https://github.com/stackabletech/operator-rs.git"] -# stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "main" } +[patch."https://github.com/stackabletech/operator-rs.git"] +stackable-operator = { git = "https://github.com/stackabletech//operator-rs.git", branch = "feat/annotation-auto-tls-cert-subject-dn" } # stackable-operator = { path = "../operator-rs/crates/stackable-operator" } diff --git a/crate-hashes.json b/crate-hashes.json index 71fbc1c3..4e0f1877 100644 --- a/crate-hashes.json +++ b/crate-hashes.json @@ -1,12 +1,12 @@ { - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#k8s-version@0.1.3": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-certs@0.4.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-operator-derive@0.3.1": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-operator@0.111.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-shared@0.1.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-telemetry@0.6.3": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-versioned-macros@0.10.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-versioned@0.10.0": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", - "git+https://github.com/stackabletech/operator-rs.git?tag=stackable-operator-0.111.0#stackable-webhook@0.9.1": "14q10sppdjdf3vbcbxz12rlgm1g9l6p87nk9wr707w2a71z8vgxc", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#k8s-version@0.1.3": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-certs@0.4.0": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-operator-derive@0.3.1": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-operator@0.111.1": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-shared@0.1.0": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-telemetry@0.6.3": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-versioned-macros@0.10.0": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-versioned@0.10.0": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", + "git+https://github.com/stackabletech//operator-rs.git?branch=feat%2Fannotation-auto-tls-cert-subject-dn#stackable-webhook@0.9.1": "0liwh50756wajvzrbklcdcasrzczrh7xsf3q4gzq32h145x9151d", "git+https://github.com/stackabletech/product-config.git?tag=0.8.0#product-config@0.8.0": "1dz70kapm2wdqcr7ndyjji0lhsl98bsq95gnb2lw487wf6yr7987" } \ No newline at end of file diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index a2b0cd52..ced58c44 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -517,6 +517,7 @@ pub async fn reconcile_nifi( &merged_config, &proxy_hosts, &git_sync_resources, + &client.kubernetes_cluster_info, ) .await?; @@ -700,6 +701,7 @@ async fn build_node_rolegroup_config_map( merged_config: &NifiConfig, proxy_hosts: &str, git_sync_resources: &git_sync::v1alpha2::GitSyncResources, + cluster_info: &KubernetesClusterInfo, ) -> Result { tracing::debug!("building rolegroup configmaps"); @@ -707,7 +709,7 @@ async fn build_node_rolegroup_config_map( .get_authentication_config() .context(InvalidNifiAuthenticationConfigSnafu)?; - let authorizers_xml = authorization_config.get_authorizers_config(nifi); + let authorizers_xml = authorization_config.get_authorizers_config(nifi, cluster_info); let jvm_sec_props: BTreeMap> = rolegroup_config .get(&PropertyNameKind::File( diff --git a/rust/operator-binary/src/security/authorization.rs b/rust/operator-binary/src/security/authorization.rs index df8d1d99..028b6615 100644 --- a/rust/operator-binary/src/security/authorization.rs +++ b/rust/operator-binary/src/security/authorization.rs @@ -1,3 +1,5 @@ +use std::collections::BTreeMap; + use indoc::{formatdoc, indoc}; use snafu::{ResultExt, Snafu}; use stackable_operator::{ @@ -8,11 +10,13 @@ use stackable_operator::{ ConfigMap, ConfigMapKeySelector, EnvVar, EnvVarSource, Volume, VolumeMount, }, kube::ResourceExt, + utils::cluster_info::KubernetesClusterInfo, }; use crate::{ config::{NIFI_PVC_STORAGE_DIRECTORY, NifiRepository}, crd::{ + NifiRole, authorization::{NifiAccessPolicyProvider, NifiAuthorization, NifiOpaConfig}, v1alpha1, }, @@ -117,7 +121,11 @@ impl ResolvedNifiAuthorizationConfig { } } - pub fn get_authorizers_config(&self, nifi_cluster: &v1alpha1::NifiCluster) -> String { + pub fn get_authorizers_config( + &self, + nifi_cluster: &v1alpha1::NifiCluster, + cluster_info: &KubernetesClusterInfo, + ) -> String { let mut authorizers_xml = indoc! {r#" @@ -157,15 +165,69 @@ impl ResolvedNifiAuthorizationConfig { } => { let file_based_mount_path = Self::file_based_mount_path(); + let namespace = nifi_cluster.namespace().expect(""); + + let mut dns = vec![]; + + for _role_name in [NifiRole::Node.to_string()] { + let role_groups = nifi_cluster + .spec + .nodes + .iter() + .flat_map(|role| &role.role_groups) + .collect::>(); + + for (role_group_name, role_group) in role_groups { + let headless_service_name = nifi_cluster + .node_rolegroup_ref(role_group_name) + .rolegroup_headless_service_name(); + + let stateful_set_name = nifi_cluster.name_any(); + + for replica in 0..role_group.replicas.unwrap_or(1) { + let cn = "cn=generated certificate for pod"; + let dc = cluster_info + .cluster_domain + .split('.') + .rev() + .chain([ + "svc", + &namespace, + &headless_service_name, + &format!("{stateful_set_name}-{replica}",), + ]) + .map(|component| format!("dc={component}")) + .collect::>(); + + let mut dn = vec![cn.to_string()]; + dn.extend(dc); + let dn = dn.join(","); + + dns.push(dn); + } + } + } + + let user_group_povider_dns = dns.iter().enumerate().map(|(i, dn)| format!(" {dn}")).collect::>().join("\n"); + + let access_policy_provider_dns = dns + .iter() + .enumerate() + .map(|(i, dn)| { + format!( + " {dn}" + ) + }) + .collect::>() + .join("\n"); + authorizers_xml.push_str(&formatdoc! {r#" file-user-group-provider org.apache.nifi.authorization.FileUserGroupProvider {file_based_mount_path}/users.xml {initial_admin_user} - - - CN=generated certificate for pod + {user_group_povider_dns} @@ -174,9 +236,7 @@ impl ResolvedNifiAuthorizationConfig { file-user-group-provider {file_based_mount_path}/authorizations.xml {initial_admin_user} - - - CN=generated certificate for pod + {access_policy_provider_dns} diff --git a/rust/operator-binary/src/security/tls.rs b/rust/operator-binary/src/security/tls.rs index 196b7a66..11004f9d 100644 --- a/rust/operator-binary/src/security/tls.rs +++ b/rust/operator-binary/src/security/tls.rs @@ -53,6 +53,7 @@ pub(crate) fn build_tls_volume( .with_pod_scope() .with_format(secret_format) .with_auto_tls_cert_lifetime(*requested_secret_lifetime) + .with_auto_tls_cert_domain_components_in_subject_dn(true) .build() .context(TlsCertSecretClassVolumeBuildSnafu)?, ) diff --git a/tests/release.yaml b/tests/release.yaml index 04ee6498..c7fb777a 100644 --- a/tests/release.yaml +++ b/tests/release.yaml @@ -9,7 +9,7 @@ releases: commons: operatorVersion: 0.0.0-dev secret: - operatorVersion: 0.0.0-dev + operatorVersion: 0.0.0-pr708 listener: operatorVersion: 0.0.0-dev opa: @@ -23,4 +23,4 @@ releases: trino: operatorVersion: 0.0.0-dev nifi: - operatorVersion: 0.0.0-dev + operatorVersion: 0.0.0-pr941 diff --git a/tests/templates/kuttl/oidc-opa/25-opa-rego.yaml b/tests/templates/kuttl/oidc-opa/25-opa-rego.yaml index 16d60f5d..0ce7c481 100644 --- a/tests/templates/kuttl/oidc-opa/25-opa-rego.yaml +++ b/tests/templates/kuttl/oidc-opa/25-opa-rego.yaml @@ -9,7 +9,8 @@ data: my_nifi_package.rego: | package my_nifi_package - nifi_node_proxy := "CN=generated certificate for pod" + # TODO Parse or use a regular expression to validate the DN + nifi_node_proxy := "DC=local, DC=cluster, DC=svc, DC=test, DC=test-nifi-node-default-headless, DC=test-nifi-node-default-0, CN=generated certificate for pod" nifi_reporting_task_user := "admin" # Setting "resourceNotFound" to true results in the parent resource being evaluated for authorization,