openstack-helm/ironic/templates/configmap-etc.yaml
Thiago Brito 8ab6013409 Changing all policies to yaml format
In the Victoria cycle oslo.policy decided to change all default policies
to yaml format. Today on openstack-helm we have a mix of json and yaml
on projects and, after having a bad time debugging policies that should
have beeing mounted somewhere but was being mounted elsewhere, I'm
proposing this change so we can unify the delivery method for all
policies across components on yaml (that is supported for quite some
time). This will also avoid having problems in the future as the
services move from json to yaml.

[1] https://specs.openstack.org/openstack/oslo-specs/specs/victoria/policy-json-to-yaml.html

Signed-off-by: Thiago Brito <thiago.brito@windriver.com>
Change-Id: Id170bf184e44fd77cd53929d474582022a5b6d4f
2021-05-26 18:15:41 -03:00

210 lines
12 KiB
YAML

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.configmap_etc }}
{{- $envAll := . }}
{{- if empty .Values.conf.ironic.keystone_authtoken.auth_uri -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.keystone_authtoken "auth_uri" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.keystone_authtoken "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.region_name -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "region_name" .Values.endpoints.identity.auth.ironic.region_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.project_name -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.project_domain_name -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.user_domain_name -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.username -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "username" .Values.endpoints.identity.auth.ironic.username -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.password -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "password" .Values.endpoints.identity.auth.ironic.password -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.memcached_servers -}}
{{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.ironic.keystone_authtoken "memcached_servers" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.keystone_authtoken.memcache_secret_key -}}
{{- $_ := set .Values.conf.ironic.keystone_authtoken "memcache_secret_key" ( default ( randAlphaNum 64 ) .Values.endpoints.oslo_cache.auth.memcache_secret_key ) -}}
{{- end -}}
{{- if empty .Values.conf.ironic.database.connection -}}
{{- $_ := tuple "oslo_db" "internal" "ironic" "mysql" . | include "helm-toolkit.endpoints.authenticated_endpoint_uri_lookup"| set .Values.conf.ironic.database "connection" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.DEFAULT.transport_url -}}
{{- $_ := tuple "oslo_messaging" "internal" "ironic" "amqp" . | include "helm-toolkit.endpoints.authenticated_transport_endpoint_uri_lookup" | set .Values.conf.ironic.DEFAULT "transport_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.glance_host -}}
{{- $_ := tuple "image" "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup"| set .Values.conf.ironic.glance "glance_host" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.glance_port -}}
{{- $_ := tuple "image" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup"| set .Values.conf.ironic.glance "glance_port" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.glance "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.project_name -}}
{{- $_ := set .Values.conf.ironic.glance "project_name" .Values.endpoints.identity.auth.glance.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.project_domain_name -}}
{{- $_ := set .Values.conf.ironic.glance "project_domain_name" .Values.endpoints.identity.auth.glance.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.user_domain_name -}}
{{- $_ := set .Values.conf.ironic.glance "user_domain_name" .Values.endpoints.identity.auth.glance.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.username -}}
{{- $_ := set .Values.conf.ironic.glance "username" .Values.endpoints.identity.auth.glance.username -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.password -}}
{{- $_ := set .Values.conf.ironic.glance "password" .Values.endpoints.identity.auth.glance.password -}}
{{- end -}}
{{- if empty .Values.conf.ironic.inspector.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.inspector "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.inspector.project_name -}}
{{- $_ := set .Values.conf.ironic.inspector "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.inspector.project_domain_name -}}
{{- $_ := set .Values.conf.ironic.inspector "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.inspector.user_domain_name -}}
{{- $_ := set .Values.conf.ironic.inspector "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.inspector.username -}}
{{- $_ := set .Values.conf.ironic.inspector "username" .Values.endpoints.identity.auth.ironic.username -}}
{{- end -}}
{{- if empty .Values.conf.ironic.inspector.password -}}
{{- $_ := set .Values.conf.ironic.inspector "password" .Values.endpoints.identity.auth.ironic.password -}}
{{- end -}}
{{- if empty .Values.conf.ironic.neutron.url -}}
{{- $_ := tuple "network" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.neutron "url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.neutron.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.neutron "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.neutron.project_name -}}
{{- $_ := set .Values.conf.ironic.neutron "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.neutron.project_domain_name -}}
{{- $_ := set .Values.conf.ironic.neutron "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.neutron.user_domain_name -}}
{{- $_ := set .Values.conf.ironic.neutron "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.neutron.username -}}
{{- $_ := set .Values.conf.ironic.neutron "username" .Values.endpoints.identity.auth.ironic.username -}}
{{- end -}}
{{- if empty .Values.conf.ironic.neutron.password -}}
{{- $_ := set .Values.conf.ironic.neutron "password" .Values.endpoints.identity.auth.ironic.password -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_catalog.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.service_catalog "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_catalog.project_name -}}
{{- $_ := set .Values.conf.ironic.service_catalog "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_catalog.project_domain_name -}}
{{- $_ := set .Values.conf.ironic.service_catalog "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_catalog.user_domain_name -}}
{{- $_ := set .Values.conf.ironic.service_catalog "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_catalog.username -}}
{{- $_ := set .Values.conf.ironic.service_catalog "username" .Values.endpoints.identity.auth.ironic.username -}}
{{- end -}}
{{- if empty .Values.conf.ironic.service_catalog.password -}}
{{- $_ := set .Values.conf.ironic.service_catalog "password" .Values.endpoints.identity.auth.ironic.password -}}
{{- end -}}
{{- if empty .Values.conf.ironic.swift.auth_url -}}
{{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.swift "auth_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.swift.project_name -}}
{{- $_ := set .Values.conf.ironic.swift "project_name" .Values.endpoints.identity.auth.ironic.project_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.swift.project_domain_name -}}
{{- $_ := set .Values.conf.ironic.swift "project_domain_name" .Values.endpoints.identity.auth.ironic.project_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.swift.user_domain_name -}}
{{- $_ := set .Values.conf.ironic.swift "user_domain_name" .Values.endpoints.identity.auth.ironic.user_domain_name -}}
{{- end -}}
{{- if empty .Values.conf.ironic.swift.username -}}
{{- $_ := set .Values.conf.ironic.swift "username" .Values.endpoints.identity.auth.ironic.username -}}
{{- end -}}
{{- if empty .Values.conf.ironic.swift.password -}}
{{- $_ := set .Values.conf.ironic.swift "password" .Values.endpoints.identity.auth.ironic.password -}}
{{- end -}}
{{- if empty .Values.conf.ironic.conductor.api_url -}}
{{- $_ := tuple "baremetal" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.conductor "api_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.api.public_endpoint -}}
{{- $_ := tuple "baremetal" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| set .Values.conf.ironic.api "public_endpoint" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.swift_endpoint_url -}}
{{- $_ := tuple "object_store" "public" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup"| trimSuffix .Values.endpoints.object_store.path.default | set .Values.conf.ironic.glance "swift_endpoint_url" -}}
{{- end -}}
{{- if empty .Values.conf.ironic.glance.swift_temp_url_key -}}
{{- $_ := set .Values.conf.ironic.glance "swift_temp_url_key" .Values.endpoints.object_store.auth.glance.tmpurlkey -}}
{{- end -}}
{{- if empty .Values.conf.ironic.api.port -}}
{{- $_ := set .Values.conf.ironic.api "port" (tuple "baremetal" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.handler_fluent) (has "fluent" .Values.conf.logging.handlers.keys) -}}
{{- $fluentd_host := tuple "fluentd" "internal" $envAll | include "helm-toolkit.endpoints.hostname_namespaced_endpoint_lookup" }}
{{- $fluentd_port := tuple "fluentd" "internal" "service" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
{{- $fluent_args := printf "('%s.%s', '%s', %s)" .Release.Namespace .Release.Name $fluentd_host $fluentd_port }}
{{- $handler_fluent := dict "class" "fluent.handler.FluentHandler" "formatter" "fluent" "args" $fluent_args -}}
{{- $_ := set .Values.conf.logging "handler_fluent" $handler_fluent -}}
{{- end -}}
{{- if and (empty .Values.conf.logging.formatter_fluent) (has "fluent" .Values.conf.logging.formatters.keys) -}}
{{- $formatter_fluent := dict "class" "oslo_log.formatters.FluentFormatter" -}}
{{- $_ := set .Values.conf.logging "formatter_fluent" $formatter_fluent -}}
{{- end -}}
---
apiVersion: v1
kind: Secret
metadata:
name: ironic-etc
type: Opaque
data:
ironic.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.ironic | b64enc }}
logging.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.logging | b64enc }}
policy.yaml: {{ toYaml .Values.conf.policy | b64enc }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.tftp_map_file "key" "tftp-map-file" "format" "Secret" ) | indent 2 }}
{{- include "helm-toolkit.snippets.values_template_renderer" (dict "envAll" $envAll "template" .Values.conf.nginx "key" "nginx.conf" "format" "Secret" ) | indent 2 }}
{{- end }}