[COST-4230] make spec.authentication.token_url optional (#238)

* [COST-4230] make spec.authentication.token_url optional * keep sources to integration terminology * cleanup unit test * update api description
project-koku · Dec 1, 2023 · fc5aee5 · fc5aee5
1 parent 3b413d3
commit fc5aee5
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 19 deletions.
diff --git a/api/v1beta1/metricsconfig_types.go b/api/v1beta1/metricsconfig_types.go
@@ -98,10 +98,10 @@ type EmbeddedPersistentVolumeClaim struct {
 // AuthenticationSpec defines the desired state of Authentication object in the KokuMetricsConfigSpec.
 type AuthenticationSpec struct {
 
-	// AuthType is a field of KokuMetricsConfig to represent the authentication type to be used basic or token.
+	// AuthType is a field of KokuMetricsConfig to represent the authentication type to be used basic, service-account or token.
 	// Valid values are:
 	// - "basic" : Enables authentication using user and password from authentication secret.
-	// - "service-account" : Enables authentication using client-id and client-secret from the secret containing service account information.
+	// - "service-account" : Enables authentication using client_id and client_secret from the secret containing service account information.
 	// - "token" (default): Uses cluster token for authentication.
 	// +kubebuilder:default="token"
 	AuthType AuthenticationType `json:"type"`
@@ -114,7 +114,7 @@ type AuthenticationSpec struct {
 	// TokenURL is a field of KokuMetricsConfig to represent the endpoint used to obtain the service account token.
 	// The default is `https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token`.
 	// +kubebuilder:default=`https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token`
-	TokenURL string `json:"token_url"`
+	TokenURL string `json:"token_url,omitempty"`
 }
 
 // PackagingSpec defines the desired state of the Packaging object in the KokuMetricsConfigSpec.
@@ -270,7 +270,7 @@ type KokuMetricsConfigSpec struct {
 // AuthenticationStatus defines the desired state of Authentication object in the KokuMetricsConfigStatus.
 type AuthenticationStatus struct {
 
-	// AuthType is a field of KokuMetricsConfig to represent the authentication type to be used basic or token.
+	// AuthType is a field of KokuMetricsConfig to represent the authentication type to be used basic, service-account or token.
 	AuthType AuthenticationType `json:"type,omitempty"`
 
 	// AuthenticationSecretName is a field of KokuMetricsConfig to represent the secret with the user and password used for uploads.

diff --git a/config/crd/bases/koku-metrics-cfg.openshift.io_kokumetricsconfigs.yaml b/config/crd/bases/koku-metrics-cfg.openshift.io_kokumetricsconfigs.yaml
@@ -58,19 +58,18 @@ spec:
                   type:
                     default: token
                     description: 'AuthType is a field of KokuMetricsConfig to represent
-                      the authentication type to be used basic or token. Valid values
-                      are: - "basic" : Enables authentication using user and password
-                      from authentication secret. - "service-account" : Enables authentication
-                      using client-id and client-secret from the secret containing
-                      service account information. - "token" (default): Uses cluster
-                      token for authentication.'
+                      the authentication type to be used basic, service-account or
+                      token. Valid values are: - "basic" : Enables authentication
+                      using user and password from authentication secret. - "service-account"
+                      : Enables authentication using client_id and client_secret from
+                      the secret containing service account information. - "token"
+                      (default): Uses cluster token for authentication.'
                     enum:
                     - token
                     - basic
                     - service-account
                     type: string
                 required:
-                - token_url
                 - type
                 type: object
               clusterID:
@@ -532,7 +531,8 @@ spec:
                     type: string
                   type:
                     description: AuthType is a field of KokuMetricsConfig to represent
-                      the authentication type to be used basic or token.
+                      the authentication type to be used basic, service-account or
+                      token.
                     enum:
                     - token
                     - basic

diff --git a/controllers/kokumetricsconfig_controller.go b/controllers/kokumetricsconfig_controller.go
@@ -395,7 +395,7 @@ func (r *MetricsConfigReconciler) setAuthentication(ctx context.Context, authCon
 	if cr.Spec.Authentication.AuthenticationSecretName == "" {
 		// No authentication secret name set when using basic or service-account auth
 		cr.Status.Authentication.AuthenticationCredentialsFound = &falseDef
-		err := fmt.Errorf("no authentication secret name set when using basic or service-account auth")
+		err := fmt.Errorf("no authentication secret name set when using %s auth", cr.Status.Authentication.AuthType)
 		cr.Status.Authentication.AuthErrorMessage = err.Error()
 		cr.Status.Authentication.ValidBasicAuth = &falseDef
 		return err

diff --git a/controllers/kokumetricsconfig_controller_test.go b/controllers/kokumetricsconfig_controller_test.go
@@ -615,7 +615,7 @@ var _ = Describe("MetricsConfigController - CRD Handling", Ordered, func() {
 				Expect(*fetched.Status.Authentication.AuthenticationCredentialsFound).To(BeFalse())
 				Expect(fetched.Status.Authentication.AuthenticationSecretName).To(BeEmpty())
 				Expect(fetched.Status.Authentication.AuthErrorMessage).ToNot(BeEmpty())
-				Expect(fetched.Status.Authentication.AuthErrorMessage).To(ContainSubstring("no authentication secret name set when using basic or service-account auth"))
+				Expect(fetched.Status.Authentication.AuthErrorMessage).To(ContainSubstring("no authentication secret name set when using service-account auth"))
 			})
 
 			It("should handle missing required fields in service account auth creds", func() {

diff --git a/docs/csv-description.md b/docs/csv-description.md
@@ -60,8 +60,8 @@ If these assumptions are not met, the operator will not deploy correctly. In the
 
 ## Configurable parameters:
   * `authentication`:
-    * `type: token` -> The authentication method for connecting to `console.redhat.com`. The default and preferred method is `token`. `basic` is used when the openshift-config pull-secret does not contain a token for `console.redhat.com`.
-    * `secret_name` -> The Secret used by the operator when the authentication type is `basic`. This parameter is required **only if** the authentication type is `basic`.
+    * `type: token` -> The authentication method for connecting to `console.redhat.com`. The default and preferred method is `token`. `basic` and `service-account` authentication methods are used when the openshift-config pull-secret does not contain a token for `console.redhat.com`.
+    * `secret_name` -> The Secret used by the operator when the authentication type is `basic` or `service-account`. This parameter is required **only if** the authentication type is `basic` or `service-account`.
   * `packaging`:
     * `max_reports_to_store: 30` -> The number of reports to store when configured in air-gapped mode. The default is 30, with a minimum of 1 and no maximum. When the operator is not configured in air-gapped mode, this parameter has no effect. Reports are removed as soon as they are uploaded.
     * `max_size: 100` -> The maximum size for packaged files in Megabytes prior to compression. The default is 100, with a minimum of 1 and maximum of 100.
@@ -85,20 +85,31 @@ If these assumptions are not met, the operator will not deploy correctly. In the
 ##### Configure authentication
 The default authentication for the operator is `token`. No further steps are required to configure token authentication. If `basic` is the preferred authentication method, a Secret must be created which holds username and password credentials:
 1. On the left navigation pane, select `Workloads` -> `Secrets` -> select Project: `koku-metrics-operator` -> `Create` -> `Key/Value Secret`
-2. Give the Secret a name and add 2 keys: `username` and `password` (all lowercase). The values for these keys correspond to console.redhat.com credentials.
+2. Give the Secret a name and add 2 keys (all lowercase) for the respective authentication type. The values for these keys correspond to console.redhat.com credentials:
+    * basic auth: `username` and `password`
+    * service-account auth: `client_id` and `client_secret` 
+
 3. Select `Create`.
 ##### Create the KokuMetricsConfig
 Configure the koku-metrics-operator by creating a `KokuMetricsConfig`.
 1. On the left navigation pane, select `Operators` -> `Installed Operators` -> `koku-metrics-operator` -> `KokuMetricsConfig` -> `Create Instance`.
-2. For `basic` authentication, edit the following values in the spec:
-    * Replace `authentication: type:` with `basic`.
+2. For `basic` or `service-account` authentication, edit the following values in the spec:
+    * Replace `authentication: type:` with `basic` or `service-account`.
     * Add the `secret_name` field under `authentication`, and set it equal to the name of the authentication Secret that was created above. The spec should look similar to the following:
 
+        * for basic auth type
         ```
           authentication:
             secret_name: SECRET-NAME
             type: basic
         ```
+          
+        * for service-account auth type
+        ```
+          authentication:
+            secret_name: SECRET-NAME
+            type: service-account
+        ```
 
 3. To configure the koku-metrics-operator to create a cost management integration, edit the following values in the `source` field:
     * Replace the `name` field value with the preferred name of the integration to be created.