dell · atye · May 4, 2022 · Apr 12, 2022 · Apr 18, 2022 · Apr 18, 2022
@@ -0,0 +1,2 @@
+Chart.lock
+charts/*tgz
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+installer/
@@ -0,0 +1,13 @@
+apiVersion: v2
+name: csm-authorization
+version: 1.3.0
+appVersion: 1.3.0
+type: application
+description: CSM for Authorization is part of the [Container Storage Modules](https://github.com/dell/csm) open source suite of Kubernetes storage enablers for Dell EMC storage products. CSM for Authorization provides storage and Kubernetes administrators the ability to apply RBAC for Dell CSI Drivers.
+dependencies:
+- name: cert-manager
+  version: 1.6.1
+  repository: https://charts.jetstack.io
+- name: ingress-nginx
+  version: 4.0.19
+  repository: https://kubernetes.github.io/ingress-nginx
@@ -0,0 +1,19 @@
+<!--
+Copyright (c) 2022 Dell Inc., or its subsidiaries. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+-->
+
+# Container Storage Modules (CSM) for Authorization Dell Community Helm Chart 
+
+CSM for Authorization can be deployed using Helm.
+
+For complete deployment instructions, refer to the [Container Storage Modules documentation](https://dell.github.io/csm-docs/docs/authorization/deployment/helm).
+
+## Helm Chart Versioning
+
+For an explanation and examples on versioning/releasing the CSM for Authorization Helm chart, please see the [contributing guide](../../docs/CONTRIBUTING.md#helm-chart-release-strategy).
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: redis
+description: A Helm chart for Redis
+type: application
+version: 0.1.0
+appVersion: 0.1.0
@@ -0,0 +1,126 @@
+apiVersion: apps/v1 
+kind: Deployment
+metadata:
+  name: redis-primary
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: redis
+spec:
+  selector:
+    matchLabels:
+      app: redis
+      role: primary
+      tier: backend
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: redis
+        role: primary
+        tier: backend
+    spec:
+      containers:
+      - name: primary
+        image: {{ .Values.images.redis }}
+        imagePullPolicy: IfNotPresent
+        args: ["--appendonly", "yes", "--appendfsync", "always"]
+        resources:
+          requests:
+            cpu: 100m
+            memory: 100Mi
+        ports:
+        - containerPort: 6379
+        volumeMounts:
+          - name: redis-primary-volume
+            mountPath: /data
+      volumes:
+        - name: redis-primary-volume
+          persistentVolumeClaim:
+            claimName: redis-primary-pv-claim
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: redis-primary-pv-claim
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: redis-primary
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: {{ required "Must provide the storage class for redis." .Values.storageClass }}
+  resources:
+    requests:
+      storage: 8Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis-commander
+  namespace: {{ .Release.Namespace }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis-commander
+  template:
+    metadata:
+      labels:
+        app: redis-commander
+        tier: backend
+    spec:
+      containers:
+      - name: redis-commander
+        image: {{ .Values.images.commander }}
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: REDIS_HOSTS
+          value: "rbac:redis.{{ .Release.Namespace }}.svc.cluster.local:6379"
+        - name: K8S_SIGTERM
+          value: "1"
+        ports:
+        - name: redis-commander
+          containerPort: 8081
+        livenessProbe:
+          httpGet:
+            path: /favicon.png
+            port: 8081
+          initialDelaySeconds: 10
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: "500m"
+            memory: "512M"
+        securityContext:
+          runAsNonRoot: true
+          readOnlyRootFilesystem: false
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: redis
+  ports:
+  - protocol: TCP
+    port: 6379
+    targetPort: 6379
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis-commander
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    app: redis-commander
+  ports:
+  - protocol: TCP
+    port: 8081
+    targetPort: 8081
@@ -0,0 +1,4 @@
+package karavi.common
+default roles = {}
+roles = {}
+
@@ -0,0 +1,47 @@
+# Copyright © 2021 Dell Inc., or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+package karavi.authz.powermax.url
+
+allowlist = [
+	"GET /univmax/restapi/version",
+	"GET /univmax/restapi/(90|91)/system/symmetrix/[a-f0-9A-F]+",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/srp",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup",
+	"POST /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup/(.+)",
+	"PUT /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup/(.+)",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+",
+	"PUT /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+",
+	"DELETE /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+",
+	"DELETE /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/storagegroup/[a-f0-9A-F]+",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+/snapshot",
+	"GET /univmax/restapi/91/sloprovisioning/symmetrix/[a-f0-9A-F]+/portgroup/(.+)",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/initiator",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/host/(.+)",
+	"GET /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/maskingview/(.+)",
+	"GET /univmax/restapi/(90|91)/system/symmetrix",
+	"GET /univmax/restapi/private/(90|91)/replication/symmetrix/[a-f0-9A-F]+/volume/[a-f0-9A-F]+/snapshot",
+	"GET /univmax/restapi/private/(90|91)/replication/symmetrix/[a-f0-9A-F]+/volume/",
+	"DELETE /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/maskingview/(.+)",
+	"GET /univmax/restapi/(90|91)/replication/capabilities/symmetrix/",
+	"POST /univmax/restapi/(90|91)/sloprovisioning/symmetrix/[a-f0-9A-F]+/maskingview",
+]
+
+default allow = true
+
+allow {
+	regex.match(allowlist[_], sprintf("%s %s", [input.method, input.url]))
+}
@@ -0,0 +1,42 @@
+# Copyright © 2021 Dell Inc., or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+package karavi.authz.powerscale.url
+
+allowlist = [
+    "GET /platform/latest/",
+    "GET /platform/[0-9]/cluster/config/",
+    "GET /namespace/(.+)",
+    "GET /platform/[0-9]/protocols/nfs/exports/?(.+)",
+    "PUT /namespace/(.+)",
+    "GET /platform/[0-9]/quota/license/",
+    "POST /platform/[0-9]/quota/quotas/",
+    "POST /platform/[0-9]/protocols/nfs/exports/?(.+)",
+    "GET /platform/[0-9]/protocols/nfs/exports/[0-9]+?(.+)",
+    "PUT /platform/[0-9]/protocols/nfs/exports/[0-9]+?(.+)",
+    "DELETE /platform/[0-9]/quota/quotas/[a-z0-9A-Z]+/",
+    "DELETE /platform/[0-9]/protocols/nfs/exports/[0-9]+?(.+)",
+    "DELETE /namespace/(.+)",
+    "GET /platform/[0-9]/snapshot/snapshots/(.+)",
+    "POST /platform/[0-9]/snapshot/snapshots",
+    "DELETE /platform/[0-9]/snapshot/snapshots/(.+)",
+    "POST /session/[0-9]/session/",
+    "GET /session/[0-9]/session/",
+    "POST /proxy/refresh-token/"
+]
+
+default allow = true
+allow {
+	regex.match(allowlist[_], sprintf("%s %s", [input.method, input.url]))
+}
@@ -0,0 +1,63 @@
+# Copyright © 2021 Dell Inc., or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+package karavi.authz.url
+
+test_get_api_login_allowed {
+    allow with input as {"method": "GET", "url": "/api/login/"}
+}
+
+test_post_proxy_refresh_token_allowed {
+    allow with input as {"method": "POST", "url": "/proxy/refresh-token/"}
+}
+
+test_get_api_version_allowed {
+    allow with input as {"method": "GET", "url": "/api/version/"}
+}
+
+test_get_system_instances_allowed {
+    allow with input as {"method": "GET", "url": "/api/types/System/instances/"}
+}
+
+test_get_storagpool_instances_allowed {
+    allow with input as {"method": "GET", "url": "/api/types/StoragePool/instances/"}
+}
+
+test_post_volume_instances_allowed {
+    allow with input as {"method": "POST", "url": "/api/types/Volume/instances/"}
+}
+
+test_get_volume_instance_allowed {
+    allow with input as {"method": "GET", "url": "/api/instances/Volume::2a3814c600000003/"}
+}
+
+test_post_volume_instances_queryIdByKey_allowed {
+    allow with input as {"method": "POST", "url": "/api/types/Volume/instances/action/queryIdByKey/"}
+}
+
+test_get_system_sdc_allowed {
+    allow with input as {"method": "GET", "url": "/api/instances/System::7045c4cc20dffc0f/relationships/Sdc/"}
+}
+
+test_post_volume_add_sdc_allowed {
+    allow with input as {"method": "POST", "url": "/api/instances/Volume::2a3814c600000003/action/addMappedSdc/"}
+}
+
+test_post_volume_remove_sdc_allowed {
+    allow with input as {"method": "POST", "url": "/api/instances/Volume::2a3814c600000003/action/removeMappedSdc/"}
+}
+
+test_post_volume_remove_allowed {
+    allow with input as {"method": "POST", "url": "/api/instances/Volume::2a3814c600000003/action/removeVolume/"}
+}