diff --git a/CHANGELOG.md b/CHANGELOG.md index f4ce5ea5..001f9132 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file. ## [Unreleased] +### Added + +- Support `configOverrides` for `config.json` (#818). + +[#818]: https://github.com/stackabletech/opa-operator/pull/818 + ## [26.3.0] - 2026-03-16 ## [26.3.0-rc1] - 2026-03-16 diff --git a/docs/modules/opa/pages/usage-guide/OpenTelemetry.adoc b/docs/modules/opa/pages/usage-guide/OpenTelemetry.adoc index f592b089..4272f8e8 100644 --- a/docs/modules/opa/pages/usage-guide/OpenTelemetry.adoc +++ b/docs/modules/opa/pages/usage-guide/OpenTelemetry.adoc @@ -1,30 +1,19 @@ = OpenTelemetry :description: Ship OPA traces and logs to OpenTelemetry -:opa-docs: https://v1-4-2--opa-docs.netlify.app/configuration/#distributed-tracing +:opa-docs: https://www.openpolicyagent.org/docs/configuration/#distributed-tracing -Opa supports sending OpenTelemetry traces as stated in {opa-docs}[the documentation]. +OPA supports sending OpenTelemetry traces as stated in {opa-docs}[the documentation]. -As of SDP 25.7, `configOverrides` are (still) not supported, we are tracking the progress in https://github.com/stackabletech/opa-operator/issues/756[this GitHub issue]. -To enable traces you need to modify the config and thus xref:opa:usage-guide/operations/cluster-operations.adoc[pause the reconciliation] of your OpaCluster, so that changes to the ConfigMap aren't immediately overridden by the opa-operator. - -WARNING: It's not encouraged to pause the reconciliation more than just temporarily. We recommend disabling it while you debug e.g. performance problems and re-enabling it afterwards. This problem will be solved once we support configOverrides for OPA. - -Afterwards you can edit the `-server-default` ConfigMap and append a `distributed_tracing` section as follows. +To enable traces, add a `distributed_tracing` section to the OPA configuration using `configOverrides`. Please check the {opa-docs}[OPA documentation] to see what other settings you can configure. [source,yaml] ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: opa-server-default -data: - config.json: |- - { - <<< existing JSON >>> - "distributed_tracing": { - "address": "jaeger-collector.default.svc.cluster.local:4317", - "type": "grpc" - } - } +servers: + configOverrides: + config.json: + jsonMergePatch: + distributed_tracing: + address: jaeger-collector.default.svc.cluster.local:4317 + type: grpc ---- diff --git a/docs/modules/opa/pages/usage-guide/configuration-environment-overrides.adoc b/docs/modules/opa/pages/usage-guide/configuration-environment-overrides.adoc index a5abbd44..e61df279 100644 --- a/docs/modules/opa/pages/usage-guide/configuration-environment-overrides.adoc +++ b/docs/modules/opa/pages/usage-guide/configuration-environment-overrides.adoc @@ -8,7 +8,37 @@ This will lead to faulty installations. == Configuration properties -Currently, not supported for `config.json`. +OPA's `config.json` can be overridden using `configOverrides`, the supported override strategies are `jsonMergePatch` (RFC 7396) and `jsonPatches` (RFC 6902). + +For example per role group: + +[source,yaml] +---- +servers: + roleGroups: + default: + configOverrides: + config.json: + jsonMergePatch: + distributed_tracing: + address: jaeger-collector.default.svc.cluster.local:4317 + type: grpc +---- + +or per role: + +[source,yaml] +---- +servers: + configOverrides: + config.json: + jsonPatches: + - '{"op": "replace", "path": "/bundles/stackable/polling/min_delay_seconds", "value": 3}' + - '{"op": "add", "path": "/default_decision", "value": "allow"}' + roleGroups: + default: + config: {} +---- == Environment variables diff --git a/extra/crds.yaml b/extra/crds.yaml index 208b8153..f770cd3a 100644 --- a/extra/crds.yaml +++ b/extra/crds.yaml @@ -1121,17 +1121,50 @@ spec: type: object type: object configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} description: |- The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. + properties: + config.json: + description: Overrides for the OPA `config.json` file. + nullable: true + oneOf: + - required: + - jsonMergePatch + - required: + - jsonPatches + - required: + - userProvided + properties: + jsonMergePatch: + description: |- + Can be set to arbitrary YAML content, which is converted to JSON and used as + [RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch. + x-kubernetes-preserve-unknown-fields: true + jsonPatches: + description: |- + List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches. + + Can be used when more flexibility is needed, e.g. to only modify elements + in a list based on a condition. + + A patch looks something like + + `{"op": "test", "path": "/0/name", "value": "Andrew"}` + + or + + `{"op": "add", "path": "/0/happy", "value": true}` + items: + type: string + type: array + userProvided: + description: Override the entire config file with the specified String. + type: string + type: object type: object envOverrides: additionalProperties: @@ -1680,17 +1713,50 @@ spec: type: object type: object configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} description: |- The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. + properties: + config.json: + description: Overrides for the OPA `config.json` file. + nullable: true + oneOf: + - required: + - jsonMergePatch + - required: + - jsonPatches + - required: + - userProvided + properties: + jsonMergePatch: + description: |- + Can be set to arbitrary YAML content, which is converted to JSON and used as + [RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch. + x-kubernetes-preserve-unknown-fields: true + jsonPatches: + description: |- + List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches. + + Can be used when more flexibility is needed, e.g. to only modify elements + in a list based on a condition. + + A patch looks something like + + `{"op": "test", "path": "/0/name", "value": "Andrew"}` + + or + + `{"op": "add", "path": "/0/happy", "value": true}` + items: + type: string + type: array + userProvided: + description: Override the entire config file with the specified String. + type: string + type: object type: object envOverrides: additionalProperties: @@ -2887,17 +2953,50 @@ spec: type: object type: object configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} description: |- The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. + properties: + config.json: + description: Overrides for the OPA `config.json` file. + nullable: true + oneOf: + - required: + - jsonMergePatch + - required: + - jsonPatches + - required: + - userProvided + properties: + jsonMergePatch: + description: |- + Can be set to arbitrary YAML content, which is converted to JSON and used as + [RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch. + x-kubernetes-preserve-unknown-fields: true + jsonPatches: + description: |- + List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches. + + Can be used when more flexibility is needed, e.g. to only modify elements + in a list based on a condition. + + A patch looks something like + + `{"op": "test", "path": "/0/name", "value": "Andrew"}` + + or + + `{"op": "add", "path": "/0/happy", "value": true}` + items: + type: string + type: array + userProvided: + description: Override the entire config file with the specified String. + type: string + type: object type: object envOverrides: additionalProperties: @@ -3446,17 +3545,50 @@ spec: type: object type: object configOverrides: - additionalProperties: - additionalProperties: - type: string - type: object - default: {} description: |- The `configOverrides` can be used to configure properties in product config files that are not exposed in the CRD. Read the [config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides) and consult the operator specific usage guide documentation for details on the available config files and settings for the specific product. + properties: + config.json: + description: Overrides for the OPA `config.json` file. + nullable: true + oneOf: + - required: + - jsonMergePatch + - required: + - jsonPatches + - required: + - userProvided + properties: + jsonMergePatch: + description: |- + Can be set to arbitrary YAML content, which is converted to JSON and used as + [RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch. + x-kubernetes-preserve-unknown-fields: true + jsonPatches: + description: |- + List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches. + + Can be used when more flexibility is needed, e.g. to only modify elements + in a list based on a condition. + + A patch looks something like + + `{"op": "test", "path": "/0/name", "value": "Andrew"}` + + or + + `{"op": "add", "path": "/0/happy", "value": true}` + items: + type: string + type: array + userProvided: + description: Override the entire config file with the specified String. + type: string + type: object type: object envOverrides: additionalProperties: diff --git a/rust/operator-binary/src/controller.rs b/rust/operator-binary/src/controller.rs index f3d1567c..1969fc2c 100644 --- a/rust/operator-binary/src/controller.rs +++ b/rust/operator-binary/src/controller.rs @@ -30,6 +30,7 @@ use stackable_operator::{ secret_class::{SecretClassVolume, SecretClassVolumeScope}, tls_verification::{TlsClientDetails, TlsClientDetailsError}, }, + config_overrides, crd::authentication::ldap, k8s_openapi::{ DeepMerge, @@ -339,6 +340,19 @@ pub enum Error { TlsVolumeBuild { source: builder::pod::volume::SecretOperatorVolumeSourceBuilderError, }, + + #[snafu(display("failed to apply config overrides to {file}"))] + ApplyConfigOverrides { + source: config_overrides::Error, + file: String, + }, + + #[snafu(display("failed to serialize config file {file}"))] + SerializeConfigFile { + source: serde_json::Error, + file: String, + }, + } type Result = std::result::Result; @@ -630,6 +644,17 @@ fn build_server_rolegroup_config_map( ) -> Result { let mut cm_builder = ConfigMapBuilder::new(); + // Collect config overrides from role and rolegroup levels. + // Both are applied in order: role-level first, then rolegroup-level on top, + // so rolegroup overrides take precedence. + let role_config_override = opa.spec.servers.config.config_overrides.config_json.as_ref(); + let rolegroup_config_override = opa + .spec + .servers + .role_groups + .get(&rolegroup.role_group) + .and_then(|rg| rg.config.config_overrides.config_json.as_ref()); + let metadata = ObjectMetaBuilder::new() .name_and_namespace(opa) .name(rolegroup.object_name()) @@ -644,9 +669,14 @@ fn build_server_rolegroup_config_map( .context(ObjectMetaSnafu)? .build(); - cm_builder - .metadata(metadata) - .add_data(CONFIG_FILE, build_config_file(merged_config)); + cm_builder.metadata(metadata).add_data( + CONFIG_FILE, + build_config_file( + merged_config, + role_config_override, + rolegroup_config_override, + )?, + ); if let Some(user_info) = &opa.spec.cluster_config.user_info { cm_builder.add_data( @@ -1176,7 +1206,11 @@ pub fn error_policy( } } -fn build_config_file(merged_config: &OpaConfig) -> String { +fn build_config_file( + merged_config: &OpaConfig, + role_config_override: Option<&config_overrides::JsonConfigOverrides>, + rolegroup_config_override: Option<&config_overrides::JsonConfigOverrides>, +) -> Result { let mut decision_logging_enabled = DEFAULT_DECISION_LOGGING_ENABLED; if let Some(ContainerLogConfig { @@ -1196,9 +1230,24 @@ fn build_config_file(merged_config: &OpaConfig) -> String { let config = OpaClusterConfigFile::new(decision_logging); - // The unwrap() shouldn't panic under any circumstances because Rusts type checker takes care of the OpaClusterConfigFile - // and serde + serde_json therefore serialize/deserialize a valid struct - serde_json::to_string_pretty(&json!(config)).unwrap() + let mut config_value = serde_json::to_value(&config).context(SerializeConfigFileSnafu { + file: CONFIG_FILE.to_string(), + })?; + + // Apply role-level overrides first, then rolegroup-level on top. + // This way rolegroup settings take precedence over role settings. + for overrides in [role_config_override, rolegroup_config_override] + .into_iter() + .flatten() + { + config_value = overrides.apply(&config_value).context(ApplyConfigOverridesSnafu { + file: CONFIG_FILE.to_string(), + })?; + } + + serde_json::to_string_pretty(&config_value).context(SerializeConfigFileSnafu { + file: CONFIG_FILE.to_string(), + }) } fn build_opa_start_command( diff --git a/rust/operator-binary/src/crd/mod.rs b/rust/operator-binary/src/crd/mod.rs index 6a0745ce..07ac5d24 100644 --- a/rust/operator-binary/src/crd/mod.rs +++ b/rust/operator-binary/src/crd/mod.rs @@ -16,6 +16,7 @@ use stackable_operator::{ fragment::{self, Fragment, ValidationError}, merge::Merge, }, + config_overrides::{JsonConfigOverrides, KeyValueOverridesProvider}, deep_merger::ObjectOverrides, k8s_openapi::apimachinery::pkg::api::resource::Quantity, kube::{CustomResource, ResourceExt}, @@ -95,7 +96,7 @@ pub mod versioned { /// OPA server configuration. // #[versioned(hint(role))] - pub servers: Role, + pub servers: Role, /// The OPA image to use pub image: ProductImage, @@ -164,6 +165,25 @@ pub mod versioned { } } +/// Typed config override strategies for OPA config files. +/// +/// OPA only has one config file (`config.json`), which is JSON-formatted. +/// Users can override it using JSON merge patch (RFC 7396), JSON patch (RFC 6902), +/// or by providing the full file content. +#[derive(Clone, Debug, Default, Deserialize, Eq, JsonSchema, PartialEq, Serialize)] +#[serde(rename_all = "camelCase")] +pub struct OpaConfigOverrides { + /// Overrides for the OPA `config.json` file. + #[serde(default, rename = "config.json", skip_serializing_if = "Option::is_none")] + pub config_json: Option, +} + +// OPA has no key-value config files, all overrides go through JsonConfigOverrides. +// This impl is still required because the shared product config pipeline +// (`transform_all_roles_to_config`) requires the `KeyValueOverridesProvider` bound +// at compile time. The default implementation returns an empty map. +impl KeyValueOverridesProvider for OpaConfigOverrides {} + #[allow(clippy::derive_partial_eq_without_eq)] #[derive(Clone, Debug, Default, Fragment, JsonSchema, PartialEq)] #[fragment_attrs( @@ -339,7 +359,7 @@ impl Configuration for OpaConfigFragment { impl v1alpha2::OpaCluster { /// Returns a reference to the role. - pub fn role(&self, role_variant: &OpaRole) -> &Role { + pub fn role(&self, role_variant: &OpaRole) -> &Role { match role_variant { OpaRole::Server => &self.spec.servers, } @@ -349,7 +369,7 @@ impl v1alpha2::OpaCluster { pub fn rolegroup( &self, rolegroup_ref: &RoleGroupRef, - ) -> Result<&RoleGroup, Error> { + ) -> Result<&RoleGroup, Error> { let role_variant = OpaRole::from_str(&rolegroup_ref.role).with_context(|_| UnknownOpaRoleSnafu { role: rolegroup_ref.role.to_owned(), diff --git a/tests/templates/kuttl/config-overrides/00-limit-range.yaml b/tests/templates/kuttl/config-overrides/00-limit-range.yaml new file mode 100644 index 00000000..7b6cb30e --- /dev/null +++ b/tests/templates/kuttl/config-overrides/00-limit-range.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +kind: LimitRange +metadata: + name: limit-request-ratio +spec: + limits: + - type: "Container" + maxLimitRequestRatio: + cpu: 5 + memory: 1 diff --git a/tests/templates/kuttl/config-overrides/00-patch-ns.yaml.j2 b/tests/templates/kuttl/config-overrides/00-patch-ns.yaml.j2 new file mode 100644 index 00000000..67185acf --- /dev/null +++ b/tests/templates/kuttl/config-overrides/00-patch-ns.yaml.j2 @@ -0,0 +1,9 @@ +{% if test_scenario['values']['openshift'] == 'true' %} +# see https://github.com/stackabletech/issues/issues/566 +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: kubectl patch namespace $NAMESPACE -p '{"metadata":{"labels":{"pod-security.kubernetes.io/enforce":"privileged"}}}' + timeout: 120 +{% endif %} diff --git a/tests/templates/kuttl/config-overrides/01-assert.yaml.j2 b/tests/templates/kuttl/config-overrides/01-assert.yaml.j2 new file mode 100644 index 00000000..50b1d4c3 --- /dev/null +++ b/tests/templates/kuttl/config-overrides/01-assert.yaml.j2 @@ -0,0 +1,10 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +{% endif %} diff --git a/tests/templates/kuttl/config-overrides/01-install-vector-aggregator-discovery-configmap.yaml.j2 b/tests/templates/kuttl/config-overrides/01-install-vector-aggregator-discovery-configmap.yaml.j2 new file mode 100644 index 00000000..2d6a0df5 --- /dev/null +++ b/tests/templates/kuttl/config-overrides/01-install-vector-aggregator-discovery-configmap.yaml.j2 @@ -0,0 +1,9 @@ +{% if lookup('env', 'VECTOR_AGGREGATOR') %} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: vector-aggregator-discovery +data: + ADDRESS: {{ lookup('env', 'VECTOR_AGGREGATOR') }} +{% endif %} diff --git a/tests/templates/kuttl/config-overrides/05-assert.yaml b/tests/templates/kuttl/config-overrides/05-assert.yaml new file mode 100644 index 00000000..54fb9ef7 --- /dev/null +++ b/tests/templates/kuttl/config-overrides/05-assert.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-pod +status: + readyReplicas: 1 diff --git a/tests/templates/kuttl/config-overrides/05-install-test-pod.yaml b/tests/templates/kuttl/config-overrides/05-install-test-pod.yaml new file mode 100644 index 00000000..bbf9e046 --- /dev/null +++ b/tests/templates/kuttl/config-overrides/05-install-test-pod.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: test-pod + labels: + app: test-pod +spec: + replicas: 1 + selector: + matchLabels: + app: test-pod + template: + metadata: + labels: + app: test-pod + spec: + containers: + - name: test-pod + image: oci.stackable.tech/sdp/testing-tools:0.3.0-stackable0.0.0-dev + stdin: true + tty: true + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "500m" diff --git a/tests/templates/kuttl/config-overrides/10-assert.yaml.j2 b/tests/templates/kuttl/config-overrides/10-assert.yaml.j2 new file mode 100644 index 00000000..4d9ec79d --- /dev/null +++ b/tests/templates/kuttl/config-overrides/10-assert.yaml.j2 @@ -0,0 +1,63 @@ +apiVersion: kuttl.dev/v1beta1 +kind: TestAssert +timeout: 300 +commands: + # Wait for OPA cluster to be available + - script: kubectl -n $NAMESPACE wait --for=condition=available opaclusters.opa.stackable.tech/test-opa --timeout 301s + + # Wait for test pod to be ready + - script: kubectl -n $NAMESPACE wait --for=condition=ready pod/test-pod-0 --timeout 60s + + # Verify configOverrides are applied correctly via OPA Config API + - script: | + # Fetch the actual running config from OPA's /v1/config endpoint + CONFIG_JSON=$(kubectl exec -n $NAMESPACE test-pod-0 -- curl -s http://test-opa-server:8081/v1/config | jq -r '.result') + + # Check min_delay_seconds is 3 (from role level) + MIN_DELAY=$(echo "$CONFIG_JSON" | jq -r '.bundles.stackable.polling.min_delay_seconds') + if [ "$MIN_DELAY" != "3" ]; then + echo "ERROR: Expected min_delay_seconds=3 (from role configOverrides), got $MIN_DELAY" + exit 1 + fi + echo "OK: min_delay_seconds=3 (role level override)" + + # Check max_delay_seconds is 5 (rolegroup level overrides role level) + MAX_DELAY=$(echo "$CONFIG_JSON" | jq -r '.bundles.stackable.polling.max_delay_seconds') + if [ "$MAX_DELAY" != "5" ]; then + echo "ERROR: Expected max_delay_seconds=5 (rolegroup override), got $MAX_DELAY" + exit 1 + fi + echo "OK: max_delay_seconds=5 (rolegroup level override takes precedence)" + + # Check default_decision is set (from role level) + DEFAULT_DECISION=$(echo "$CONFIG_JSON" | jq -r '.default_decision') + if [ "$DEFAULT_DECISION" != "test/hello" ]; then + echo "ERROR: Expected default_decision='test/hello', got $DEFAULT_DECISION" + exit 1 + fi + echo "OK: default_decision=test/hello (role level override)" + + # Check labels.rolegroup is set (from rolegroup level) + ROLEGROUP_LABEL=$(echo "$CONFIG_JSON" | jq -r '.labels.rolegroup') + if [ "$ROLEGROUP_LABEL" != "default" ]; then + echo "ERROR: Expected labels.rolegroup='default', got $ROLEGROUP_LABEL" + exit 1 + fi + echo "OK: labels.rolegroup=default (rolegroup level override)" + + # Verify original values are still present + SERVICE_URL=$(echo "$CONFIG_JSON" | jq -r '.services[0].url') + if [ "$SERVICE_URL" != "http://localhost:3030/opa/v1" ]; then + echo "ERROR: Original service URL was overwritten, got $SERVICE_URL" + exit 1 + fi + echo "OK: Original service URL preserved" + + echo "All configOverrides tests passed!" +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: test-opa-server-default +status: + numberReady: 1 diff --git a/tests/templates/kuttl/config-overrides/10-install-opa.yaml.j2 b/tests/templates/kuttl/config-overrides/10-install-opa.yaml.j2 new file mode 100644 index 00000000..ba0b24ec --- /dev/null +++ b/tests/templates/kuttl/config-overrides/10-install-opa.yaml.j2 @@ -0,0 +1,65 @@ +--- +apiVersion: kuttl.dev/v1beta1 +kind: TestStep +commands: + - script: | + kubectl apply -n $NAMESPACE -f - < 0 %} + custom: "{{ test_scenario['values']['opa-latest'].split(',')[1] }}" + productVersion: "{{ test_scenario['values']['opa-latest'].split(',')[0] }}" +{% else %} + productVersion: "{{ test_scenario['values']['opa-latest'] }}" +{% endif %} + pullPolicy: IfNotPresent + clusterConfig: +{% if lookup('env', 'VECTOR_AGGREGATOR') %} + vectorAggregatorConfigMapName: vector-aggregator-discovery +{% endif %} + servers: + config: + logging: + enableVectorAgent: {{ lookup('env', 'VECTOR_AGGREGATOR') | length > 0 }} + # Role-level configOverrides using JSON merge patch (RFC 7396) + configOverrides: + config.json: + jsonMergePatch: + bundles: + stackable: + polling: + min_delay_seconds: 3 + max_delay_seconds: 7 + default_decision: test/hello + roleGroups: + default: + # Rolegroup-level configOverrides (takes precedence over role level) + configOverrides: + config.json: + jsonMergePatch: + bundles: + stackable: + polling: + max_delay_seconds: 5 + labels: + rolegroup: default + EOF diff --git a/tests/test-definition.yaml b/tests/test-definition.yaml index f28d0ca3..3b0a8da2 100644 --- a/tests/test-definition.yaml +++ b/tests/test-definition.yaml @@ -39,6 +39,10 @@ tests: dimensions: - opa-latest - openshift + - name: config-overrides + dimensions: + - opa-latest + - openshift - name: keycloak-user-info dimensions: - opa-latest