diff --git a/api/v1alpha1/nats_account_types.go b/api/v1alpha1/nats_account_types.go index 5a32104..2fc3a58 100644 --- a/api/v1alpha1/nats_account_types.go +++ b/api/v1alpha1/nats_account_types.go @@ -9,11 +9,23 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) +// ExportType defines the type of import/export. +type ExportType int + +const ( + // Unknown is used if we don't know the type + Unknown ExportType = iota + // Stream defines the type field value for a stream "stream" + Stream + // Service defines the type field value for a service "service" + Service +) + // Export ... type Export struct { Name string `json:"name,omitempty"` Subject jwt.Subject `json:"subject,omitempty"` - Type jwt.ExportType `json:"type,omitempty"` + Type ExportType `json:"type,omitempty"` TokenReq bool `json:"token_req,omitempty"` Revocations jwt.RevocationList `json:"revocations,omitempty"` ResponseType jwt.ResponseType `json:"response_type,omitempty"` @@ -45,8 +57,6 @@ type NatsAccountSpec struct { Exports []Export `json:"exports,omitempty"` Limits OperatorLimits `json:"limits,omitempty"` Revocations jwt.RevocationList `json:"revocations,omitempty"` - - // FIXME: Scoped signing keys } func (s NatsAccountSpec) ToJWTAccount() jwt.Account { @@ -54,7 +64,7 @@ func (s NatsAccountSpec) ToJWTAccount() jwt.Account { return &jwt.Export{ Name: e.Name, Subject: e.Subject, - Type: e.Type, + Type: jwt.ExportType(e.Type), TokenReq: e.TokenReq, Revocations: e.Revocations, ResponseType: e.ResponseType, diff --git a/controllers/natsoperator_controller.go b/controllers/natsoperator_controller.go index c7d9d50..5af1fa7 100644 --- a/controllers/natsoperator_controller.go +++ b/controllers/natsoperator_controller.go @@ -101,7 +101,7 @@ func (r *NatsOperatorReconciler) Reconcile(ctx context.Context, req ctrl.Request { Name: "account-monitoring-services", Subject: "$SYS.REQ.ACCOUNT.*.*", - Type: jwt.Service, + Type: natsv1alpha1.Service, ResponseType: jwt.ResponseTypeStream, AccountTokenPosition: 4, Info: jwt.Info{ @@ -112,7 +112,7 @@ func (r *NatsOperatorReconciler) Reconcile(ctx context.Context, req ctrl.Request { Name: "account-monitoring-streams", Subject: "$SYS.ACCOUNT.*.>", - Type: jwt.Stream, + Type: natsv1alpha1.Stream, AccountTokenPosition: 3, Info: jwt.Info{ Description: `Account specific monitoring stream`, @@ -134,6 +134,9 @@ func (r *NatsOperatorReconciler) Reconcile(ctx context.Context, req ctrl.Request } if err := r.Create(ctx, systemAccount); err != nil { + for _, e := range systemAccount.Spec.Exports { + logger.Info("export", "name", e.Name, "subject", e.Subject, "type", e.Type) + } return ctrl.Result{}, err } diff --git a/helm/charts/natz-operator/templates/crds/natsaccounts.yaml b/helm/charts/natz-operator/templates/crds/natsaccounts.yaml index 9f4b1d2..91000ac 100644 --- a/helm/charts/natz-operator/templates/crds/natsaccounts.yaml +++ b/helm/charts/natz-operator/templates/crds/natsaccounts.yaml @@ -48,6 +48,7 @@ spec: type: array exports: items: + description: Export ... properties: account_token_position: type: integer diff --git a/manifests/crd/bases/natz.zeiss.com_natsaccounts.yaml b/manifests/crd/bases/natz.zeiss.com_natsaccounts.yaml index 9f4b1d2..91000ac 100644 --- a/manifests/crd/bases/natz.zeiss.com_natsaccounts.yaml +++ b/manifests/crd/bases/natz.zeiss.com_natsaccounts.yaml @@ -48,6 +48,7 @@ spec: type: array exports: items: + description: Export ... properties: account_token_position: type: integer