test toplevel

Author: lmiccini

api/bases/core.openstack.org_openstackcontrolplanes.yaml

@@ -7235,7 +7235,6 @@ spec:
                             - cluster
                             type: object
                           rabbitMqClusterName:
-                            default: rabbitmq
                             type: string
                           replicas:
                             default: 1
@@ -7324,7 +7323,6 @@ spec:
                         default: true
                         type: boolean
                       rabbitMqClusterName:
-                        default: rabbitmq
                         type: string
                       rpcTransport:
                         type: string
@@ -9308,6 +9306,18 @@ spec:
                       type: object
                     type: object
                 type: object
+              messagingBus:
+                properties:
+                  cluster:
+                    minLength: 1
+                    type: string
+                  user:
+                    type: string
+                  vhost:
+                    type: string
+                required:
+                - cluster
+                type: object
               neutron:
                 properties:
                   apiOverride:
@@ -15022,7 +15032,6 @@ spec:
                                 default: false
                                 type: boolean
                               rabbitMqClusterName:
-                                default: rabbitmq
                                 type: string
                               secret:
                                 default: osp-secret
@@ -15164,7 +15173,6 @@ spec:
                                 type: string
                             type: object
                           rabbitMqClusterName:
-                            default: rabbitmq
                             type: string
                           secret:
                             default: osp-secret

api/core/v1beta1/openstackcontrolplane_types.go

@@ -127,6 +127,12 @@ type OpenStackControlPlaneSpec struct {
 	// Rabbitmq - Parameters related to the Rabbitmq service
 	Rabbitmq RabbitmqSection `json:"rabbitmq,omitempty"`
 
+	// +kubebuilder:validation:Optional
+	// MessagingBus configuration (username, vhost, and cluster) for RPC communication.
+	// This is the default configuration for all services.
+	// Individual services can override by setting their own Template.MessagingBus.
+	MessagingBus *rabbitmqv1.RabbitMqConfig `json:"messagingBus,omitempty"`
+
 	// +kubebuilder:validation:Optional
 	// NotificationsBusInstance - the name of RabbitMQ Cluster CR to select a Messaging
 	// Bus Service instance used by all services that produce or consume notifications.
@@ -136,7 +142,10 @@ type OpenStackControlPlaneSpec struct {
 	NotificationsBusInstance *string `json:"notificationsBusInstance,omitempty"`
 
 	// +kubebuilder:validation:Optional
-	// NotificationsBus configuration (username, vhost, and cluster) for notifications
+	// NotificationsBus configuration (username, vhost, and cluster) for notifications.
+	// This is the default configuration for all services.
+	// Individual services can override by setting their own Template.NotificationsBus.
+	// Avoid colocating with MessagingBus used for RPC.
 	NotificationsBus *rabbitmqv1.RabbitMqConfig `json:"notificationsBus,omitempty"`
 
 	// +kubebuilder:validation:Optional

api/core/v1beta1/openstackcontrolplane_webhook.go

@@ -123,6 +123,10 @@ func (r *OpenStackControlPlane) ValidateCreate(ctx context.Context, c client.Cli
 		allErrs = append(allErrs, err)
 	}
 
+	if errs := r.ValidateMessagingBusConfig(basePath); len(errs) != 0 {
+		allErrs = append(allErrs, errs...)
+	}
+
 	if len(allErrs) != 0 {
 		return allWarn, apierrors.NewInvalid(
 			schema.GroupKind{Group: "core.openstack.org", Kind: "OpenStackControlPlane"},
@@ -162,6 +166,10 @@ func (r *OpenStackControlPlane) ValidateUpdate(ctx context.Context, old runtime.
 		allErrs = append(allErrs, err)
 	}
 
+	if errs := r.ValidateMessagingBusConfig(basePath); len(errs) != 0 {
+		allErrs = append(allErrs, errs...)
+	}
+
 	if len(allErrs) != 0 {
 		return nil, apierrors.NewInvalid(
 			schema.GroupKind{Group: "core.openstack.org", Kind: "OpenStackControlPlane"},
@@ -1273,6 +1281,39 @@ func (r *OpenStackControlPlane) ValidateTopology(basePath *field.Path) *field.Er
 	return nil
 }
 
+// ValidateMessagingBusConfig validates that the User field is not set in top-level
+// messagingBus and notificationsBus configurations. Setting a shared username would
+// cause webhook validation failures in infra-operator when multiple services try to
+// create RabbitMQUser resources with the same username. The Cluster and Vhost fields
+// are allowed at the top level since they can be safely shared across services.
+func (r *OpenStackControlPlane) ValidateMessagingBusConfig(basePath *field.Path) field.ErrorList {
+	var allErrs field.ErrorList
+
+	// Validate messagingBus
+	if r.Spec.MessagingBus != nil {
+		messagingBusPath := basePath.Child("messagingBus")
+		if r.Spec.MessagingBus.User != "" {
+			allErrs = append(allErrs, field.Forbidden(
+				messagingBusPath.Child("user"),
+				"user field is not allowed at the top level. Each service operator creates its own TransportURL with a unique user. Set user in individual service templates if needed.",
+			))
+		}
+	}
+
+	// Validate notificationsBus
+	if r.Spec.NotificationsBus != nil {
+		notificationsBusPath := basePath.Child("notificationsBus")
+		if r.Spec.NotificationsBus.User != "" {
+			allErrs = append(allErrs, field.Forbidden(
+				notificationsBusPath.Child("user"),
+				"user field is not allowed at the top level. Each service operator creates its own TransportURL with a unique user. Set user in individual service templates if needed.",
+			))
+		}
+	}
+
+	return allErrs
+}
+
 // ValidateNotificationsBusInstance - returns an error if the notificationsBusInstance
 // parameter is not valid.
 // - nil or empty string must be raised as an error

api/core/v1beta1/openstackcontrolplane_webhook_test.go

@@ -0,0 +1,124 @@
+package v1beta1
+
+import (
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	rabbitmqv1 "github.com/openstack-k8s-operators/infra-operator/apis/rabbitmq/v1beta1"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+var _ = Describe("OpenStackControlPlane Webhook", func() {
+
+	Context("ValidateMessagingBusConfig", func() {
+		var instance *OpenStackControlPlane
+		var basePath *field.Path
+
+		BeforeEach(func() {
+			instance = &OpenStackControlPlane{
+				Spec: OpenStackControlPlaneSpec{},
+			}
+			basePath = field.NewPath("spec")
+		})
+
+		It("should allow only Cluster field in messagingBus", func() {
+			instance.Spec.MessagingBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(BeEmpty())
+		})
+
+		It("should allow Cluster and Vhost fields in messagingBus", func() {
+			instance.Spec.MessagingBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq",
+				Vhost:   "/openstack",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(BeEmpty())
+		})
+
+		It("should reject User field in messagingBus", func() {
+			instance.Spec.MessagingBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq",
+				User:    "shared-user",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(HaveLen(1))
+			Expect(errs[0].Type).To(Equal(field.ErrorTypeForbidden))
+			Expect(errs[0].Field).To(Equal("spec.messagingBus.user"))
+			Expect(errs[0].Detail).To(ContainSubstring("user field is not allowed at the top level"))
+		})
+
+		It("should reject User field even with other valid fields in messagingBus", func() {
+			instance.Spec.MessagingBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq",
+				Vhost:   "/openstack",
+				User:    "shared-user",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(HaveLen(1))
+			Expect(errs[0].Type).To(Equal(field.ErrorTypeForbidden))
+			Expect(errs[0].Field).To(Equal("spec.messagingBus.user"))
+		})
+
+		It("should allow only Cluster field in notificationsBus", func() {
+			instance.Spec.NotificationsBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq-notifications",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(BeEmpty())
+		})
+
+		It("should allow Cluster and Vhost fields in notificationsBus", func() {
+			instance.Spec.NotificationsBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq-notifications",
+				Vhost:   "/notifications",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(BeEmpty())
+		})
+
+		It("should reject User field in notificationsBus", func() {
+			instance.Spec.NotificationsBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq-notifications",
+				User:    "shared-user",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(HaveLen(1))
+			Expect(errs[0].Type).To(Equal(field.ErrorTypeForbidden))
+			Expect(errs[0].Field).To(Equal("spec.notificationsBus.user"))
+			Expect(errs[0].Detail).To(ContainSubstring("user field is not allowed at the top level"))
+		})
+
+		It("should reject User field in both messagingBus and notificationsBus", func() {
+			instance.Spec.MessagingBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq",
+				User:    "rpc-user",
+			}
+			instance.Spec.NotificationsBus = &rabbitmqv1.RabbitMqConfig{
+				Cluster: "rabbitmq-notifications",
+				User:    "notif-user",
+			}
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(HaveLen(2))
+			Expect(errs[0].Field).To(Equal("spec.messagingBus.user"))
+			Expect(errs[1].Field).To(Equal("spec.notificationsBus.user"))
+		})
+
+		It("should allow nil messagingBus and notificationsBus", func() {
+			instance.Spec.MessagingBus = nil
+			instance.Spec.NotificationsBus = nil
+
+			errs := instance.ValidateMessagingBusConfig(basePath)
+			Expect(errs).To(BeEmpty())
+		})
+	})
+})

api/core/v1beta1/zz_generated.deepcopy.go

@@ -144,30 +144,30 @@ replace k8s.io/component-base => k8s.io/component-base v0.31.14 //allow-merging
 
 replace github.com/cert-manager/cmctl/v2 => github.com/cert-manager/cmctl/v2 v2.1.2-0.20241127223932-88edb96860cf //allow-merging
 
-replace github.com/openstack-k8s-operators/barbican-operator/api => github.com/lmiccini/barbican-operator/api v0.0.0-20260129115901-ec49646f454d
+replace github.com/openstack-k8s-operators/barbican-operator/api => github.com/lmiccini/barbican-operator/api v0.0.0-20260129195435-4c4763914238
 
-replace github.com/openstack-k8s-operators/cinder-operator/api => github.com/lmiccini/cinder-operator/api v0.0.0-20260129115434-72599ec8b0eb
+replace github.com/openstack-k8s-operators/cinder-operator/api => github.com/lmiccini/cinder-operator/api v0.0.0-20260129195511-0d2903ecac75
 
-replace github.com/openstack-k8s-operators/designate-operator/api => github.com/lmiccini/designate-operator/api v0.0.0-20260129120125-f724aa20f57f
+replace github.com/openstack-k8s-operators/designate-operator/api => github.com/lmiccini/designate-operator/api v0.0.0-20260129195526-07a2bbdbbbc6
 
-replace github.com/openstack-k8s-operators/glance-operator/api => github.com/lmiccini/glance-operator/api v0.0.0-20260129121109-7acdaf900d61
+replace github.com/openstack-k8s-operators/glance-operator/api => github.com/lmiccini/glance-operator/api v0.0.0-20260129195538-5b3c2fe872f7
 
-replace github.com/openstack-k8s-operators/heat-operator/api => github.com/lmiccini/heat-operator/api v0.0.0-20260129120621-5a1c0c25f66d
+replace github.com/openstack-k8s-operators/heat-operator/api => github.com/lmiccini/heat-operator/api v0.0.0-20260129195640-f1137d273619
 
-replace github.com/openstack-k8s-operators/ironic-operator/api => github.com/lmiccini/ironic-operator/api v0.0.0-20260129120750-2bcbec3adfa7
+replace github.com/openstack-k8s-operators/ironic-operator/api => github.com/lmiccini/ironic-operator/api v0.0.0-20260130070940-668bd2fa4901
 
-replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/lmiccini/keystone-operator/api v0.0.0-20260129142446-160e481fd139
+replace github.com/openstack-k8s-operators/keystone-operator/api => github.com/lmiccini/keystone-operator/api v0.0.0-20260129195740-1b691198bdd0
 
-replace github.com/openstack-k8s-operators/manila-operator/api => github.com/lmiccini/manila-operator/api v0.0.0-20260129125945-e216361521f4
+replace github.com/openstack-k8s-operators/manila-operator/api => github.com/lmiccini/manila-operator/api v0.0.0-20260129195800-215a1bb9e623
 
-replace github.com/openstack-k8s-operators/neutron-operator/api => github.com/lmiccini/neutron-operator/api v0.0.0-20260129121503-0aa4d06499c1
+replace github.com/openstack-k8s-operators/neutron-operator/api => github.com/lmiccini/neutron-operator/api v0.0.0-20260129195824-46964feaebad
 
-replace github.com/openstack-k8s-operators/nova-operator/api => github.com/lmiccini/nova-operator/api v0.0.0-20260129134601-7c1ae7633f35
+replace github.com/openstack-k8s-operators/nova-operator/api => github.com/lmiccini/nova-operator/api v0.0.0-20260129195845-8130899633b5
 
-replace github.com/openstack-k8s-operators/octavia-operator/api => github.com/lmiccini/octavia-operator/api v0.0.0-20260129123115-7d5093f00dca
+replace github.com/openstack-k8s-operators/octavia-operator/api => github.com/lmiccini/octavia-operator/api v0.0.0-20260129195900-f6bf3a78a669
 
-replace github.com/openstack-k8s-operators/swift-operator/api => github.com/lmiccini/swift-operator/api v0.0.0-20260129111939-21099018aab1
+replace github.com/openstack-k8s-operators/swift-operator/api => github.com/lmiccini/swift-operator/api v0.0.0-20260130064124-cdb5cb2d15d0
 
-replace github.com/openstack-k8s-operators/telemetry-operator/api => github.com/lmiccini/telemetry-operator/api v0.0.0-20260129121935-22f0adde14e4
+replace github.com/openstack-k8s-operators/telemetry-operator/api => github.com/lmiccini/telemetry-operator/api v0.0.0-20260130070733-39cf42d1afac
 
-replace github.com/openstack-k8s-operators/watcher-operator/api => github.com/lmiccini/watcher-operator/api v0.0.0-20260129123402-744760956f20
+replace github.com/openstack-k8s-operators/watcher-operator/api => github.com/lmiccini/watcher-operator/api v0.0.0-20260129200055-041ac0b5cc0e