# -*- indent-tabs-mode: nil -*- # vi: set expandtab: # # ============LICENSE_START==================================================== # org.onap.dcae # ============================================================================= # Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. # ============================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # ============LICENSE_END====================================================== tosca_definitions_version: cloudify_dsl_1_3 description: |- This blueprint is an example of how an application can access the needed information about a persistent database created as part of a PGaaS cluster. For a given database "dbname" on a given PGaaS cluster "PGCLUSTERNAME", there are three roles created: admin role: has complete administrative control over that database user role: has complete read and write access on that database viewer role: only has read access on that database The various attributes will return the appropriate information that can be used with that role: host fqdn, role name and password. imports: - http://www.getcloudify.org/spec/cloudify/3.4/types.yaml - "{{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/pgaas/1.1.0/pgaas_types.yaml" inputs: location_domain: type: string location_prefix: type: string pgaas_cluster_name: type: string default: pgcl database_name: type: string default: sample node_templates: pgclustername_dbname: type: dcae.nodes.pgaas.database properties: writerfqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '-write.', { get_input: location_domain } ] } name: { get_input: database_name } use_existing: true outputs: # admin role has control over table/index/view creation/dropping pgclustername_dbname_admin_host: description: Hostname for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, admin, host ] } pgclustername_dbname_admin_user: description: Admin Username for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, admin, user ] } pgclustername_dbname_admin_password: description: Admin Password for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, admin, password ] } # user role can read and write the tables pgclustername_dbname_user_host: description: Hostname for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, user, host ] } pgclustername_dbname_user_user: description: User Username for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, user, user ] } pgclustername_dbname_user_password: description: User Password for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, user, password ] } # viewer role can only read from the tables pgclustername_dbname_viewer_host: description: Hostname for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, viewer, host ] } pgclustername_dbname_viewer_user: description: Viewer Username for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, viewer, user ] } pgclustername_dbname_viewer_password: description: Viewer Password for PGCLUSTERNAME dbname database value: { get_attribute: [ pgclustername_dbname, viewer, password ] }