.readthedocs.yaml - oom - Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).

Linux Foundation Collaborative Projects

summary refs log tree commit diff stats

path: root/.readthedocs.yaml

blob: 3797dc8bb9fc5745b518089fe3a576848c4f4036 (plain)

---
# .readthedocs.yml
# Read the Docs configuration file
# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
# Required
version: 2

formats:
  - htmlzip

build:
  image: latest

python:
  version: 3.7
  install:
    - requirements: docs/requirements-docs.txt

sphinx:
  configuration: docs/conf.py

ht: bold } /* Keyword.Type */ .highlight .m { color: #0000DD; font-weight: bold } /* Literal.Number */ .highlight .s { color: #dd2200; background-color: #fff0f0 } /* Literal.String */ .highlight .na { color: #336699 } /* Name.Attribute */ .highlight .nb { color: #003388 } /* Name.Builtin */ .highlight .nc { color: #bb0066; font-weight: bold } /* Name.Class */ .highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ }

{{/*
# Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}

{{ include "common.authorizationPolicy" . }}
---
{{- $dot := default . .dot -}}
{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
{{- $defaultOperationPorts := list "5432" -}}
{{- $relName := include "common.release" . -}}
{{- $postgresName := $dot.Values.postgres.service.name -}}
{{- if (include "common.useAuthorizationPolicies" .) }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: {{ $relName }}-{{ $postgresName }}-authz
  namespace: {{ include "common.namespace" . }}
spec:
  selector:
    matchLabels:
      app: {{ $postgresName }}
  action: ALLOW
  rules:
{{-   if $authorizedPrincipalsPostgres }}
{{-     range $principal := $authorizedPrincipalsPostgres }}
  - from:
    - source:
        principals:
{{-       $namespace := default "onap" $principal.namespace -}}
{{-       if eq "onap" $namespace }}
        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
{{-       else }}
        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
{{-       end }}
    to:
    - operation:
        ports:
{{-       range $port := $defaultOperationPorts }}
        - "{{ $port }}"
{{-       end }}
{{-     end }}
{{-   end }}
{{- end }}
---
{{- $dot := default . .dot -}}
{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
{{- $defaultOperationPorts := list "5432" -}}
{{- $relName := include "common.release" . -}}
{{- $postgresName := $dot.Values.postgres.service.name -}}
{{- $pgHost := "primary" -}}
{{- if (include "common.useAuthorizationPolicies" .) }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
  namespace: {{ include "common.namespace" . }}
spec:
  selector:
    matchLabels:
      app: {{ $postgresName }}-{{ $pgHost }}
  action: ALLOW
  rules:
{{-   if $authorizedPrincipalsPostgres }}
{{-     range $principal := $authorizedPrincipalsPostgres }}
  - from:
    - source:
        principals:
{{-       $namespace := default "onap" $principal.namespace -}}
{{-       if eq "onap" $namespace }}
        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
{{-       else }}
        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
{{-       end }}
    to:
    - operation:
        ports:
{{-       range $port := $defaultOperationPorts }}
        - "{{ $port }}"
{{-       end }}
{{-     end }}
{{-   end }}
{{- end }}
---
{{- $dot := default . .dot -}}
{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
{{- $defaultOperationPorts := list "5432" -}}
{{- $relName := include "common.release" . -}}
{{- $postgresName := $dot.Values.postgres.service.name -}}
{{- $pgHost := "replica" -}}
{{- if (include "common.useAuthorizationPolicies" .) }}
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
  name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
  namespace: {{ include "common.namespace" . }}
spec:
  selector:
    matchLabels:
      app: {{ $postgresName }}-{{ $pgHost }}
  action: ALLOW
  rules:
{{-   if $authorizedPrincipalsPostgres }}
{{-     range $principal := $authorizedPrincipalsPostgres }}
  - from:
    - source:
        principals:
{{-       $namespace := default "onap" $principal.namespace -}}
{{-       if eq "onap" $namespace }}
        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
{{-       else }}
        - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
{{-       end }}
    to:
    - operation:
        ports:
{{-       range $port := $defaultOperationPorts }}
        - "{{ $port }}"
{{-       end }}
{{-     end }}
{{-   end }}
{{- end }}