[Cinder] Add visibilty settings to volume types

This is to add public/private  visibility option
and project level access list to a volume type while creating.

Change-Id: Id33c8c9f10e60fcdb4b6c49e69f3b5d8f11850c6

cinder/Chart.yaml

@@ -14,7 +14,7 @@ apiVersion: v1
 appVersion: v1.0.0
 description: OpenStack-Helm Cinder
 name: cinder
-version: 0.2.18
+version: 0.2.19
 home: https://docs.openstack.org/cinder/latest/
 icon: https://www.openstack.org/themes/openstack/images/project-mascots/Cinder/OpenStack_Project_Cinder_vertical.png
 sources:

cinder/templates/bin/_bootstrap.sh.tpl

@@ -22,30 +22,53 @@ export HOME=/tmp
   {{- /* Create volume types defined in Values.bootstrap */}}
   {{- /* Types can only be created for backends defined in Values.conf */}}
   {{- $volumeTypes := .Values.bootstrap.volume_types }}
+  {{- /* Generating list of backends listed in .Values.conf.backends */}}
+  {{- $backendsList := list}}
   {{- range $backend_name, $backend_properties := .Values.conf.backends }}
-    {{- if $backend_properties }}
+    {{- if and $backend_properties $backend_properties.volume_backend_name }}
+    {{- $backendsList = append $backendsList $backend_properties.volume_backend_name }}
+    {{- end }}
+  {{- end }}
+
   {{- range $name, $properties := $volumeTypes }}
-        {{- if $properties.volume_backend_name }}
+    {{- if and $properties.volume_backend_name (has $properties.volume_backend_name $backendsList) }}
-          {{- if (eq $properties.volume_backend_name $backend_properties.volume_backend_name) }}
+      {{- $access_type := $properties.access_type | default "public"}}
-if [[ $(openstack volume type list -f value -c Name | grep -w {{ $name }}) ]]; then
+      # Create a volume type if it doesn't exist.
-  if [[ ! $(openstack volume type show {{ $name }} | grep volume_backend_name) ]]; then
+      # Assumption: the volume type name is unique.
-    openstack volume type set \
+      openstack volume type show {{ $name }} || \
-      {{- range $key, $value := $properties }}
-      --property {{ $key }}={{ $value }} \
-      {{- end }}
-      {{ $name }}
-  fi
-else
       openstack volume type create \
-    --public \
+        --{{ $access_type }} \
-      {{- range $key, $value := $properties }}
-    --property {{ $key }}={{ $value }} \
-      {{- end }}
       {{ $name }}
-fi
+      {{/*
+        We will try to set or update volume type properties.
+        To update properties, the volume type MUST NOT BE IN USE,
+        and projects and domains with access to the volume type
+        MUST EXIST, as well.
+      */}}
+      is_in_use=$(openstack volume list --long --all-projects -c Type -f value | grep -E "^{{ $name }}\s*$" || true)
+      if [[ -z ${is_in_use} ]]; then
+        {{- if (eq $access_type "private") }}
+        volumeTypeID=$(openstack volume type show {{ $name }} -f value -c id)
+        cinder type-update --is-public false ${volumeTypeID}
+        {{- end }}
+
+        {{- if and $properties.grant_access (eq $access_type "private") }}
+        {{- range $domain, $domainProjects := $properties.grant_access }}
+        {{- range $project := $domainProjects }}
+        project_id=$(openstack project show --domain {{ $domain }} -c id -f value {{ $project }})
+        if [[ -z  $(openstack volume type show {{ $name }} -c access_project_ids -f value | grep ${project_id} || true) ]]; then
+          openstack volume type set --project-domain {{ $domain }} --project {{ $project }} {{ $name }}
+        fi
         {{- end }}
         {{- end }}
         {{- end }}
+
+        {{- range $key, $value := $properties }}
+        {{- if and (ne $key "access_type") (ne $key "grant_access") $value }}
+        openstack volume type set --property {{ $key }}={{ $value }} {{ $name }}
+        {{- end }}
+        {{- end }}
+      fi
     {{- end }}
   {{- end }}
 
@@ -53,7 +76,7 @@ fi
   {{- if .Values.bootstrap.bootstrap_conf_backends }}
     {{- range $name, $properties := .Values.conf.backends }}
       {{- if $properties }}
-openstack volume type show {{ $name }} || \
+        openstack volume type show {{ $name }} || \
         openstack volume type create \
         --public \
         --property volume_backend_name={{ $properties.volume_backend_name }} \
@@ -65,14 +88,14 @@ openstack volume type show {{ $name }} || \
   {{- /* Create and associate volume QoS if defined */}}
   {{- if .Values.bootstrap.volume_qos}}
     {{- range $qos_name, $qos_properties := .Values.bootstrap.volume_qos }}
-type_defined=true
+      type_defined=true
       {{- /* If the volume type to associate with is not defined, skip the qos */}}
       {{- range $qos_properties.associates }}
-if ! openstack volume type show {{ . }}; then
+        if ! openstack volume type show {{ . }}; then
           type_defined=false
-fi
+        fi
       {{- end }}
-if $type_defined; then
+      if [[ ${type_defined} ]]; then
         openstack volume qos show {{ $qos_name }} || \
           openstack volume qos create \
           --consumer {{ $qos_properties.consumer }} \
@@ -83,14 +106,13 @@ if $type_defined; then
           {{- range $qos_properties.associates }}
             openstack volume qos associate {{ $qos_name }} {{ . }}
           {{- end }}
-fi
+      fi
     {{- end }}
   {{- end }}
 
 {{- /* Check volume type and properties were added */}}
 openstack volume type list --long
 openstack volume qos list
-
 {{- end }}
 
 exit 0

cinder/values.yaml

@@ -368,6 +368,19 @@ bootstrap:
     name:
       group:
       volume_backend_name:
+      # access_type: "private"
+      # If you set up access_type to private, only the creator
+      # will get an access to the volume type. You can extend
+      # the access to your volume type by providing a list of
+      # domain names and projects as shown below
+      # grant_access:
+      #   <domain name 1>:
+      #     - <project name 1>
+      #     - <project name 2>
+      #     <...>
+      #   <domain name 2>:
+      #     - <project name 1>
+      #     <...>
   # Volume QoS if any. By default, None QoS is created.
   # Below values with a number at the end need to be replaced
   # with real names.

cinder/values_overrides/backend_pure.yaml

@@ -22,6 +22,10 @@ bootstrap:
     PURE-MULTIATTACH:
       multiattach: "\"<is> True\""
       volume_backend_name: "PURE_BE"
+      access_type: "private"
+      grant_access:
+        default:
+          - admin
 conf:
   cinder:
     DEFAULT:

releasenotes/notes/cinder.yaml

@@ -35,4 +35,5 @@ cinder:
   - 0.2.16 Enable taint toleration for Openstack services
   - 0.2.17 Remove unsupported values overrides
   - 0.2.18 Add helm hook in bootstrap job
+  - 0.2.19 Add volume types visibility (public/private)
 ...