-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into karavi-observability-release
- Loading branch information
Showing
33 changed files
with
1,698 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
Chart.lock | ||
charts/*tgz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*.orig | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj | ||
.vscode/ | ||
installer/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
apiVersion: v2 | ||
name: csm-authorization | ||
version: 1.3.0 | ||
appVersion: 1.3.0 | ||
type: application | ||
description: CSM for Authorization is part of the [Container Storage Modules](https://github.com/dell/csm) open source suite of Kubernetes storage enablers for Dell EMC storage products. CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell CSI Drivers. | ||
dependencies: | ||
- name: cert-manager | ||
version: 1.6.1 | ||
repository: https://charts.jetstack.io | ||
condition: cert-manager.enabled | ||
- name: ingress-nginx | ||
version: 4.0.19 | ||
repository: https://kubernetes.github.io/ingress-nginx | ||
condition: ingress-nginx.enabled |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
<!-- | ||
Copyright (c) 2022 Dell Inc., or its subsidiaries. All Rights Reserved. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
--> | ||
|
||
# Container Storage Modules (CSM) for Authorization Dell Community Helm Chart | ||
|
||
CSM for Authorization can be deployed using Helm. | ||
|
||
For complete deployment instructions, refer to the [Container Storage Modules documentation](https://dell.github.io/csm-docs/docs/authorization/deployment/helm). | ||
|
||
## Helm Chart Versioning | ||
|
||
For an explanation and examples on versioning/releasing the CSM for Authorization Helm chart, please see the [contributing guide](../../docs/CONTRIBUTING.md#helm-chart-release-strategy). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
# Patterns to ignore when building packages. | ||
# This supports shell glob matching, relative path matching, and | ||
# negation (prefixed with !). Only one pattern per line. | ||
.DS_Store | ||
# Common VCS dirs | ||
.git/ | ||
.gitignore | ||
.bzr/ | ||
.bzrignore | ||
.hg/ | ||
.hgignore | ||
.svn/ | ||
# Common backup files | ||
*.swp | ||
*.bak | ||
*.tmp | ||
*.orig | ||
*~ | ||
# Various IDEs | ||
.project | ||
.idea/ | ||
*.tmproj | ||
.vscode/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
apiVersion: v2 | ||
name: redis | ||
description: A Helm chart for Redis | ||
type: application | ||
version: 0.1.0 | ||
appVersion: 0.1.0 |
128 changes: 128 additions & 0 deletions
128
charts/csm-authorization/charts/redis/templates/redis.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,128 @@ | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: redis-primary | ||
namespace: {{ .Release.Namespace }} | ||
labels: | ||
app: redis | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: redis | ||
role: primary | ||
tier: backend | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
app: redis | ||
role: primary | ||
tier: backend | ||
spec: | ||
containers: | ||
- name: primary | ||
image: {{ .Values.images.redis }} | ||
imagePullPolicy: IfNotPresent | ||
args: ["--appendonly", "yes", "--appendfsync", "always"] | ||
resources: | ||
requests: | ||
cpu: 100m | ||
memory: 100Mi | ||
ports: | ||
- containerPort: 6379 | ||
volumeMounts: | ||
- name: redis-primary-volume | ||
mountPath: /data | ||
volumes: | ||
- name: redis-primary-volume | ||
persistentVolumeClaim: | ||
claimName: redis-primary-pv-claim | ||
--- | ||
apiVersion: v1 | ||
kind: PersistentVolumeClaim | ||
metadata: | ||
name: redis-primary-pv-claim | ||
namespace: {{ .Release.Namespace }} | ||
labels: | ||
app: redis-primary | ||
spec: | ||
accessModes: | ||
- ReadWriteOnce | ||
{{- if (.Values.storageClass) }} | ||
storageClassName: {{.Values.storageClass }} | ||
{{- end}} | ||
resources: | ||
requests: | ||
storage: 8Gi | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: redis-commander | ||
namespace: {{ .Release.Namespace }} | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: redis-commander | ||
template: | ||
metadata: | ||
labels: | ||
app: redis-commander | ||
tier: backend | ||
spec: | ||
containers: | ||
- name: redis-commander | ||
image: {{ .Values.images.commander }} | ||
imagePullPolicy: IfNotPresent | ||
env: | ||
- name: REDIS_HOSTS | ||
value: "rbac:redis.{{ .Release.Namespace }}.svc.cluster.local:6379" | ||
- name: K8S_SIGTERM | ||
value: "1" | ||
ports: | ||
- name: redis-commander | ||
containerPort: 8081 | ||
livenessProbe: | ||
httpGet: | ||
path: /favicon.png | ||
port: 8081 | ||
initialDelaySeconds: 10 | ||
timeoutSeconds: 5 | ||
resources: | ||
limits: | ||
cpu: "500m" | ||
memory: "512M" | ||
securityContext: | ||
runAsNonRoot: true | ||
readOnlyRootFilesystem: false | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- ALL | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: redis | ||
namespace: {{ .Release.Namespace }} | ||
spec: | ||
selector: | ||
app: redis | ||
ports: | ||
- protocol: TCP | ||
port: 6379 | ||
targetPort: 6379 | ||
--- | ||
apiVersion: v1 | ||
kind: Service | ||
metadata: | ||
name: redis-commander | ||
namespace: {{ .Release.Namespace }} | ||
spec: | ||
selector: | ||
app: redis-commander | ||
ports: | ||
- protocol: TCP | ||
port: 8081 | ||
targetPort: 8081 |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
package karavi.common | ||
default roles = {} | ||
roles = {} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
# Copyright © 2022 Dell Inc., or its subsidiaries. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http:#www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
package karavi.authz.powermax.url | ||
|
||
allowlist = [ | ||
"GET /univmax/restapi/version", | ||
"GET /univmax/restapi/(90|91)/system/symmetrix/[a-f0-9A-F]+", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/srp", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup", | ||
"POST /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup/(.+)", | ||
"PUT /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup/(.+)", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+", | ||
"PUT /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+", | ||
"DELETE /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+", | ||
"DELETE /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup/[a-f0-9A-F]+", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+/snapshot", | ||
"GET /univmax/restapi/91/sloprovisioning/symmetrix/[a-f0-9A-F]+/portgroup/(.+)", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/initiator", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/host/(.+)", | ||
"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/maskingview/(.+)", | ||
"GET /univmax/restapi/(90|91)/system/symmetrix", | ||
"GET /univmax/restapi/private/(90|91)/replication/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+/snapshot", | ||
"GET /univmax/restapi/private/(90|91)/replication/symmetrix/[a-f0-9A-F]+/volume/", | ||
"DELETE /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/maskingview/(.+)", | ||
"GET /univmax/restapi/(90|91)/replication/capabilities/symmetrix/", | ||
"POST /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/maskingview", | ||
] | ||
|
||
default allow = true | ||
|
||
allow { | ||
regex.match(allowlist[_], sprintf("%s %s", [input.method, input.url])) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Copyright © 2022 Dell Inc., or its subsidiaries. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http:#www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
package karavi.authz.powerscale.url | ||
|
||
allowlist = [ | ||
"GET /platform/latest/", | ||
"GET /platform/[0-9]/cluster/config/", | ||
"GET /namespace/(.+)", | ||
"GET /platform/[0-9]/protocols/nfs/exports/?(.+)", | ||
"PUT /namespace/(.+)", | ||
"GET /platform/[0-9]/quota/license/", | ||
"POST /platform/[0-9]/quota/quotas/", | ||
"POST /platform/[0-9]/protocols/nfs/exports/?(.+)", | ||
"GET /platform/[0-9]/protocols/nfs/exports/[0-9]+?(.+)", | ||
"PUT /platform/[0-9]/protocols/nfs/exports/[0-9]+?(.+)", | ||
"DELETE /platform/[0-9]/quota/quotas/[a-z0-9A-Z]+/", | ||
"DELETE /platform/[0-9]/protocols/nfs/exports/[0-9]+?(.+)", | ||
"DELETE /namespace/(.+)", | ||
"GET /platform/[0-9]/snapshot/snapshots/(.+)", | ||
"POST /platform/[0-9]/snapshot/snapshots", | ||
"DELETE /platform/[0-9]/snapshot/snapshots/(.+)", | ||
"POST /session/[0-9]/session/", | ||
"GET /session/[0-9]/session/", | ||
"POST /proxy/refresh-token/" | ||
] | ||
|
||
default allow = true | ||
allow { | ||
regex.match(allowlist[_], sprintf("%s %s", [input.method, input.url])) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# Copyright © 2022 Dell Inc., or its subsidiaries. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http:#www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
package karavi.authz.url | ||
|
||
test_get_api_login_allowed { | ||
allow with input as {"method": "GET", "url": "/api/login/"} | ||
} | ||
|
||
test_post_proxy_refresh_token_allowed { | ||
allow with input as {"method": "POST", "url": "/proxy/refresh-token/"} | ||
} | ||
|
||
test_get_api_version_allowed { | ||
allow with input as {"method": "GET", "url": "/api/version/"} | ||
} | ||
|
||
test_get_system_instances_allowed { | ||
allow with input as {"method": "GET", "url": "/api/types/System/instances/"} | ||
} | ||
|
||
test_get_storagpool_instances_allowed { | ||
allow with input as {"method": "GET", "url": "/api/types/StoragePool/instances/"} | ||
} | ||
|
||
test_post_volume_instances_allowed { | ||
allow with input as {"method": "POST", "url": "/api/types/Volume/instances/"} | ||
} | ||
|
||
test_get_volume_instance_allowed { | ||
allow with input as {"method": "GET", "url": "/api/instances/Volume::2a3814c600000003/"} | ||
} | ||
|
||
test_post_volume_instances_queryIdByKey_allowed { | ||
allow with input as {"method": "POST", "url": "/api/types/Volume/instances/action/queryIdByKey/"} | ||
} | ||
|
||
test_get_system_sdc_allowed { | ||
allow with input as {"method": "GET", "url": "/api/instances/System::7045c4cc20dffc0f/relationships/Sdc/"} | ||
} | ||
|
||
test_post_volume_add_sdc_allowed { | ||
allow with input as {"method": "POST", "url": "/api/instances/Volume::2a3814c600000003/action/addMappedSdc/"} | ||
} | ||
|
||
test_post_volume_remove_sdc_allowed { | ||
allow with input as {"method": "POST", "url": "/api/instances/Volume::2a3814c600000003/action/removeMappedSdc/"} | ||
} | ||
|
||
test_post_volume_remove_allowed { | ||
allow with input as {"method": "POST", "url": "/api/instances/Volume::2a3814c600000003/action/removeVolume/"} | ||
} |
Oops, something went wrong.