591 lines
25 KiB
YAML
591 lines
25 KiB
YAML
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: cinder
|
|
labels:
|
|
name: cinder-global
|
|
component: cinder
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
storagePolicy: cleartext
|
|
substitutions:
|
|
# Chart source
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.osh.cinder
|
|
dest:
|
|
path: .source
|
|
|
|
# Images
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .images.osh.cinder
|
|
dest:
|
|
path: .values.images.tags
|
|
|
|
# Endpoints
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.identity
|
|
dest:
|
|
path: .values.endpoints.identity
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.image
|
|
dest:
|
|
path: .values.endpoints.image
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.image_registry
|
|
dest:
|
|
path: .values.endpoints.image_registry
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.volume
|
|
dest:
|
|
path: .values.endpoints.volume
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.volumev2
|
|
dest:
|
|
path: .values.endpoints.volumev2
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.volumev3
|
|
dest:
|
|
path: .values.endpoints.volumev3
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.oslo_db
|
|
dest:
|
|
path: .values.endpoints.oslo_db
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.oslo_messaging
|
|
dest:
|
|
path: .values.endpoints.oslo_messaging
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.oslo_cache
|
|
dest:
|
|
path: .values.endpoints.oslo_cache
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.keystone.admin
|
|
dest:
|
|
path: .values.endpoints.identity.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.cinder.cinder
|
|
dest:
|
|
path: .values.endpoints.identity.auth.cinder
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.cinder.test
|
|
dest:
|
|
path: .values.endpoints.identity.auth.test
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.oslo_messaging.admin
|
|
dest:
|
|
path: .values.endpoints.oslo_messaging.auth.admin
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.cinder.oslo_messaging.cinder
|
|
dest:
|
|
path: .values.endpoints.oslo_messaging.auth.cinder
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.cinder.oslo_db
|
|
dest:
|
|
path: .values.endpoints.oslo_db.auth.cinder
|
|
- src:
|
|
schema: pegleg/AccountCatalogue/v1
|
|
name: osh_service_accounts
|
|
path: .osh.cinder.oslo_db.database
|
|
dest:
|
|
path: .values.endpoints.oslo_db.path
|
|
pattern: DB_NAME
|
|
- src:
|
|
schema: pegleg/EndpointCatalogue/v1
|
|
name: osh_endpoints
|
|
path: .osh.volume.name
|
|
dest:
|
|
path: .values.endpoints.oslo_messaging.path
|
|
pattern: VHOST_NAME
|
|
|
|
# Secrets
|
|
- dest:
|
|
path: .values.endpoints.identity.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_keystone_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.identity.auth.cinder.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_cinder_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.identity.auth.test.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_cinder_test_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_messaging.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_messaging_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_messaging.auth.cinder.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_cinder_oslo_messaging_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_db.auth.cinder.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_cinder_oslo_db_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_db.auth.admin.password
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_db_admin_password
|
|
path: .
|
|
- dest:
|
|
path: .values.endpoints.oslo_cache.auth.memcache_secret_key
|
|
src:
|
|
schema: deckhand/Passphrase/v1
|
|
name: osh_oslo_cache_secret_key
|
|
path: .
|
|
data:
|
|
chart_name: cinder
|
|
release: cinder
|
|
namespace: openstack
|
|
wait:
|
|
timeout: 900
|
|
labels:
|
|
release_group: clcp-cinder
|
|
resources:
|
|
- type: job
|
|
- type: deployment
|
|
min_ready: 100%
|
|
native:
|
|
enabled: false
|
|
test:
|
|
timeout: 600
|
|
install:
|
|
no_hooks: false
|
|
upgrade:
|
|
no_hooks: false
|
|
pre:
|
|
delete:
|
|
- type: job
|
|
labels:
|
|
release_group: clcp-cinder
|
|
post:
|
|
create: []
|
|
values:
|
|
dependencies:
|
|
static:
|
|
bootstrap:
|
|
pod:
|
|
- requireSameNode: false
|
|
labels:
|
|
application: cinder
|
|
component: volume
|
|
rabbit_init:
|
|
services:
|
|
- endpoint: internal
|
|
service: oslo_messaging
|
|
jobs:
|
|
- clcp-openstack-rabbitmq-cluster-wait
|
|
pod:
|
|
mandatory_access_control:
|
|
type: apparmor
|
|
cinder-api:
|
|
cinder-api: runtime/default
|
|
ceph-coordination-volume-perms: runtime/default
|
|
init: runtime/default
|
|
cinder-backup:
|
|
cinder-backup: runtime/default
|
|
ceph-coordination-volume-perms: runtime/default
|
|
init: runtime/default
|
|
cinder-scheduler:
|
|
cinder-scheduler: runtime/default
|
|
ceph-coordination-volume-perms: runtime/default
|
|
init: runtime/default
|
|
cinder-volume:
|
|
cinder-volume: runtime/default
|
|
ceph-coordination-volume-perms: runtime/default
|
|
init-cinder-conf: runtime/default
|
|
init: runtime/default
|
|
cinder-backup-storage-init:
|
|
cinder-backup-storage-init: runtime/default
|
|
init: runtime/default
|
|
cinder-test:
|
|
init: runtime/default
|
|
cinder-test: runtime/default
|
|
cinder-test-ks-user: runtime/default
|
|
cinder-create-internal-tenant:
|
|
init: runtime/default
|
|
create-internal-tenant: runtime/default
|
|
cinder-volume-usage-audit:
|
|
cinder-volume-usage-audit: runtime/default
|
|
init: runtime/default
|
|
replicas:
|
|
api: 3
|
|
volume: 3
|
|
scheduler: 3
|
|
backup: 3
|
|
affinity:
|
|
anti:
|
|
type:
|
|
api: requiredDuringSchedulingIgnoredDuringExecution
|
|
backup: requiredDuringSchedulingIgnoredDuringExecution
|
|
scheduler: requiredDuringSchedulingIgnoredDuringExecution
|
|
volume: requiredDuringSchedulingIgnoredDuringExecution
|
|
lifecycle:
|
|
upgrades:
|
|
deployments:
|
|
pod_replacement_strategy: RollingUpdate
|
|
rolling_update:
|
|
max_unavailable: 50%
|
|
security_context:
|
|
cinder_volume:
|
|
container:
|
|
cinder_volume:
|
|
allowPrivilegeEscalation: true
|
|
privileged: true
|
|
readOnlyRootFilesystem: false
|
|
cinder_backup:
|
|
container:
|
|
cinder_backup:
|
|
privileged: true
|
|
cinder_api:
|
|
container:
|
|
cinder_api:
|
|
runAsUser: 0
|
|
readOnlyRootFilesystem: false
|
|
labels:
|
|
api:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
backup:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
job:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
scheduler:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
test:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
volume:
|
|
node_selector_key: openstack-control-plane
|
|
node_selector_value: enabled
|
|
ceph_client:
|
|
configmap: tenant-ceph-etc
|
|
user_secret_name: pvc-tceph-client-key
|
|
conf:
|
|
ceph:
|
|
pools:
|
|
backup:
|
|
crush_rule: rack_replicated_rule
|
|
cinder.volumes:
|
|
crush_rule: rack_replicated_rule
|
|
rabbitmq:
|
|
policies:
|
|
- vhost: "cinder"
|
|
name: "ha_ttl_cinder"
|
|
definition:
|
|
ha-mode: "all"
|
|
ha-sync-mode: "automatic"
|
|
message-ttl: 70000
|
|
priority: 0
|
|
apply-to: all
|
|
pattern: '^(?!(amq\.|reply_)).*'
|
|
cinder:
|
|
DEFAULT:
|
|
backup_driver: "cinder.backup.drivers.swift.SwiftBackupDriver"
|
|
oslo_middleware:
|
|
enable_proxy_headers_parsing: true
|
|
max_request_body_size: 114688
|
|
audit_middleware_notifications:
|
|
driver: log
|
|
logging:
|
|
loggers:
|
|
keys:
|
|
- root
|
|
- cinder
|
|
- oslo.messaging
|
|
handlers:
|
|
keys:
|
|
- stdout
|
|
- stderr
|
|
- "null"
|
|
formatters:
|
|
keys:
|
|
- context
|
|
- default
|
|
logger_root:
|
|
level: WARNING
|
|
handlers: "null"
|
|
logger_cinder:
|
|
level: INFO
|
|
handlers:
|
|
- stdout
|
|
qualname: cinder
|
|
logger_oslo.messaging:
|
|
level: INFO
|
|
handlers:
|
|
- stdout
|
|
qualname: oslo.messaging
|
|
logger_amqp:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: amqp
|
|
logger_amqplib:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: amqplib
|
|
logger_eventletwsgi:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: eventlet.wsgi.server
|
|
logger_sqlalchemy:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: sqlalchemy
|
|
logger_boto:
|
|
level: WARNING
|
|
handlers: stderr
|
|
qualname: boto
|
|
handler_null:
|
|
class: logging.NullHandler
|
|
formatter: default
|
|
args: ()
|
|
handler_stdout:
|
|
class: StreamHandler
|
|
args: (sys.stdout,)
|
|
formatter: context
|
|
handler_stderr:
|
|
class: StreamHandler
|
|
args: (sys.stderr,)
|
|
formatter: context
|
|
formatter_context:
|
|
class: oslo_log.formatters.ContextFormatter
|
|
formatter_default:
|
|
format: "%(message)s"
|
|
policy:
|
|
context_is_admin: role:admin or role:admin_support or role:admin_viewer
|
|
admin_create: role:admin or role:admin_support
|
|
admin_read: role:admin or role:admin_support or role:admin_viewer
|
|
admin_update: role:admin
|
|
admin_delete: role:admin
|
|
tenant_create: role:snapshot_member or role:_member_ or role:sriov_member or role:support_member or rule:admin_create
|
|
tenant_snapshot_create: role:snapshot_member or rule:admin_update
|
|
tenant_read: role:snapshot_member or role:_member_ or role:sriov_member or role:support_member or role:viewer or rule:admin_read
|
|
tenant_update: role:snapshot_member or role:_member_ or role:sriov_member or rule:admin_update
|
|
tenant_delete: role:snapshot_member or role:_member_ or role:sriov_member or rule:admin_delete
|
|
default: role:admin
|
|
not_supported_in_nc: "!"
|
|
volume:attachment_delete: rule:tenant_update or role:tenant_cinder_update
|
|
volume:attachment_create: rule:tenant_create or role:tenant_cinder_create
|
|
volume:attachment_complete: rule:tenant_create or role:tenant_cinder_create
|
|
volume:attachment_update: rule:tenant_update or role:tenant_cinder_update
|
|
volume:multiattach: rule:tenant_create or role:tenant_cinder_create
|
|
volume:multiattach_bootable_volume: rule:tenant_create or role:tenant_cinder_create
|
|
volume:create: rule:tenant_create or role:tenant_cinder_create
|
|
volume:create_from_image: rule:tenant_create or role:tenant_cinder_create
|
|
volume:delete: rule:tenant_delete or role:tenant_cinder_delete
|
|
volume:force_delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume:update: rule:tenant_update or role:tenant_cinder_update
|
|
volume:get: rule:tenant_read or role:tenant_cinder_read
|
|
volume:get_all: rule:tenant_read or role:tenant_cinder_read
|
|
volume:get_volume_metadata: rule:tenant_read or role:tenant_cinder_read
|
|
volume:create_volume_metadata: rule:tenant_create or role:tenant_cinder_create
|
|
volume:delete_volume_metadata: rule:tenant_delete or role:tenant_cinder_delete
|
|
volume:update_volume_metadata: rule:tenant_update or role:tenant_cinder_update
|
|
volume:update_volume_admin_metadata: rule:admin_update or role:admin_cinder_update
|
|
volume:get_snapshot: rule:tenant_read or role:tenant_cinder_read
|
|
volume:get_all_snapshots: rule:tenant_read or role:tenant_cinder_read
|
|
volume:create_snapshot: rule:tenant_create or role:tenant_cinder_create
|
|
volume:delete_snapshot: rule:tenant_delete or role:tenant_cinder_delete
|
|
volume:update_snapshot: rule:tenant_update or role:tenant_cinder_update
|
|
volume:get_snapshot_metadata: rule:tenant_read or role:tenant_cinder_read
|
|
volume:delete_snapshot_metadata: rule:tenant_delete or role:tenant_cinder_delete
|
|
volume:update_snapshot_metadata: rule:tenant_update or role:tenant_cinder_update
|
|
volume:extend: rule:tenant_update or role:tenant_cinder_update
|
|
volume:extend_attached_volume: rule:tenant_update or role:tenant_cinder_update
|
|
volume:revert_to_snapshot: rule:tenant_update or role:tenant_cinder_update
|
|
volume:update_readonly_flag: rule:tenant_update or role:tenant_cinder_update
|
|
volume:retype: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:types_manage: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:type_get: rule:tenant_read or role:tenant_cinder_read
|
|
volume_extension:type_get_all: rule:tenant_read or role:tenant_cinder_read
|
|
volume_extension:types_extra_specs:create: rule:admin_create or role:admin_cinder_create
|
|
volume_extension:types_extra_specs:delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:types_extra_specs:index: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:types_extra_specs:show: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:types_extra_specs:update: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:access_types_qos_specs_id: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:access_types_extra_specs: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_type_access: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_type_access:addProjectAccess: rule:admin_create or role:admin_cinder_create
|
|
volume_extension:volume_type_access:removeProjectAccess: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:volume_type_encryption:create: rule:admin_create or role:admin_cinder_create
|
|
volume_extension:volume_type_encryption:update: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_type_encryption:delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:volume_type_encryption:get: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:volume_encryption_metadata: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:extended_snapshot_attributes: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:volume_image_metadata: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:volume_actions:upload_image: rule:tenant_snapshot_create or role:admin_cinder_update
|
|
volume_extension:volume_actions:attach: rule:tenant_create or role:tenant_cinder_create
|
|
volume_extension:volume_actions:detach: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:volume_actions:reserve: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:volume_actions:unreserve: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:volume_actions:begin_detaching: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:volume_actions:initialize_connection: rule:tenant_create or role:tenant_cinder_create
|
|
volume_extension:volume_actions:terminate_connection: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:volume_actions:roll_detaching: rule:tenant_update or role:tenant_cinder_update
|
|
volume_extension:qos_specs_manage:create: rule:admin_create or role:admin_cinder_create
|
|
volume_extension:qos_specs_manage:get: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:qos_specs_manage:get_all: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:qos_specs_manage:update: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:qos_specs_manage:delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:quotas:show: rule:tenant_read or role:tenant_cinder_read
|
|
volume_extension:quotas:update: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:quotas:delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:quota_classes: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:quota_classes:validate_setup_for_nested_quota_use: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:volume_admin_actions:reset_status: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:snapshot_admin_actions:reset_status: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:backup_admin_actions:reset_status: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_admin_actions:force_delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:volume_admin_actions:force_detach: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:snapshot_admin_actions:force_delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:backup_admin_actions:force_delete: rule:admin_delete or role:admin_cinder_delete
|
|
volume_extension:volume_admin_actions:migrate_volume: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_admin_actions:migrate_volume_completion: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_actions:upload_public: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_host_attribute: rule:context_is_admin or role:admin_cinder_create or role:admin_cinder_update or role:admin_cinder_read or role:admin_cinder_delete
|
|
volume_extension:volume_tenant_attribute: rule:tenant_update or role:tenant_cinder_update or rule:context_is_admin or role:admin_cinder_create or role:admin_cinder_update or role:admin_cinder_read or role:admin_cinder_delete
|
|
volume_extension:volume_mig_status_attribute: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:hosts: rule:context_is_admin or role:admin_cinder_create or role:admin_cinder_update or role:admin_cinder_read or role:admin_cinder_delete
|
|
volume_extension:services:index: rule:admin_read or role:admin_cinder_read
|
|
volume_extension:services:update: rule:admin_update or role:admin_cinder_update
|
|
volume_extension:volume_manage: rule:not_supported_in_nc
|
|
volume_extension:volume_unmanage: rule:not_supported_in_nc
|
|
volume_extension:list_manageable: rule:not_supported_in_nc
|
|
volume_extension:capabilities: rule:admin_read or role:admin_cinder_read
|
|
volume:create_transfer: rule:tenant_create or role:tenant_cinder_create
|
|
volume:accept_transfer: rule:tenant_update or role:tenant_cinder_update
|
|
volume:delete_transfer: rule:tenant_delete or role:tenant_cinder_delete
|
|
volume:get_transfer: rule:tenant_read or role:tenant_cinder_read
|
|
volume:get_all_transfers: rule:tenant_read or role:tenant_cinder_read
|
|
group:enable_replication: rule:admin_update or role:admin_cinder_update
|
|
group:disable_replication: rule:admin_update or role:admin_cinder_update
|
|
group:failover_replication: rule:admin_update or role:admin_cinder_update
|
|
group:list_replication_targets: rule:admin_update or role:admin_cinder_update
|
|
volume:failover_host: rule:admin_update or role:admin_cinder_update
|
|
volume:freeze_host: rule:admin_update or role:admin_cinder_update
|
|
volume:thaw_host: rule:admin_update or role:admin_cinder_update
|
|
backup:create: rule:tenant_create or role:tenant_cinder_create
|
|
backup:delete: rule:tenant_delete or role:tenant_cinder_delete
|
|
backup:get: rule:tenant_read or role:tenant_cinder_read
|
|
backup:get_all: rule:tenant_read or role:tenant_cinder_read
|
|
backup:restore: rule:tenant_update or role:tenant_cinder_update
|
|
backup:backup-import: rule:admin_update or role:admin_cinder_update
|
|
backup:export-import: rule:admin_create or role:admin_cinder_create or role:tenant_cinder_create
|
|
backup:update: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
|
|
backup:backup_project_attribute: rule:admin_update or role:admin_cinder_update
|
|
snapshot_extension:snapshot_actions:update_snapshot_status: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
|
|
snapshot_extension:snapshot_manage: rule:not_supported_in_nc
|
|
snapshot_extension:snapshot_unmanage: rule:not_supported_in_nc
|
|
snapshot_extension:list_manageable: rule:not_supported_in_nc
|
|
limits_extension:used_limits: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
group:group_types_manage: rule:admin_read or role:admin_cinder_read or role:admin_cinder_update
|
|
group:group_types_specs: rule:admin_create or role:admin_cinder_create
|
|
group:access_group_types_specs: rule:admin_read or role:admin_cinder_read
|
|
group:create: rule:tenant_create or role:tenant_cinder_create or role:admin_cinder_create
|
|
group:delete: rule:tenant_delete or role:tenant_cinder_delete or role:admin_cinder_delete
|
|
group:update: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
|
|
group:group_project_attribute: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
group:group_snapshot_project_attribute: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
group:get: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
group:get_all: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
group:create_group_snapshot: rule:tenant_create or role:tenant_cinder_create or role:admin_cinder_create
|
|
group:delete_group_snapshot: rule:tenant_delete or role:tenant_cinder_delete or role:admin_cinder_delete
|
|
group:update_group_snapshot: rule:tenant_update or role:tenant_cinder_update or role:admin_cinder_update
|
|
group:get_group_snapshot: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
group:get_all_group_snapshots: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
group:reset_group_snapshot_status: rule:admin_update or role:admin_cinder_update
|
|
group:reset_status: rule:admin_update or role:admin_cinder_update
|
|
scheduler_extension:scheduler_stats:get_pools: rule:admin_read or role:admin_cinder_read
|
|
message:delete: rule:tenant_delete or role:tenant_cinder_delete or role:admin_cinder_delete
|
|
message:get: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
message:get_all: rule:tenant_read or role:tenant_cinder_read or role:admin_cinder_read
|
|
clusters:get: rule:admin_read or role:admin_cinder_read
|
|
clusters:get_all: rule:admin_read or role:admin_cinder_read
|
|
clusters:update: rule:admin_update or role:admin_cinder_update
|
|
workers:cleanup: rule:admin_update or role:admin_cinder_update
|
|
dependencies:
|
|
- os-cinder-htk
|
|
...
|
|
---
|
|
schema: armada/Chart/v1
|
|
metadata:
|
|
schema: metadata/Document/v1
|
|
name: os-cinder-htk
|
|
layeringDefinition:
|
|
abstract: false
|
|
layer: global
|
|
substitutions:
|
|
- src:
|
|
schema: pegleg/SoftwareVersions/v1
|
|
name: software-versions
|
|
path: .charts.osh.cinder-htk
|
|
dest:
|
|
path: .source
|
|
storagePolicy: cleartext
|
|
data:
|
|
chart_name: os-cinder-htk
|
|
release: os-cinder-htk
|
|
namespace: os-cinder-htk
|
|
timeout: 600
|
|
wait:
|
|
timeout: 600
|
|
upgrade:
|
|
no_hooks: true
|
|
values: {}
|
|
dependencies: []
|
|
...
|