Merge "placement: split service accounts from placement.conf"

placement/templates/configmap-etc.yaml

@@ -33,24 +33,6 @@ limitations under the License.
 {{- $_ := tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "auth_url" -}}
 {{- end -}}
 
-{{- if empty .Values.conf.placement.keystone_authtoken.os_region_name -}}
-{{- $_ := set .Values.conf.placement.keystone_authtoken "os_region_name" .Values.endpoints.identity.auth.placement.region_name -}}
-{{- end -}}
-{{- if empty .Values.conf.placement.keystone_authtoken.project_name -}}
-{{- $_ := set .Values.conf.placement.keystone_authtoken "project_name" .Values.endpoints.identity.auth.placement.project_name -}}
-{{- end -}}
-{{- if empty .Values.conf.placement.keystone_authtoken.project_domain_name -}}
-{{- $_ := set .Values.conf.placement.keystone_authtoken "project_domain_name" .Values.endpoints.identity.auth.placement.project_domain_name -}}
-{{- end -}}
-{{- if empty .Values.conf.placement.keystone_authtoken.user_domain_name -}}
-{{- $_ := set .Values.conf.placement.keystone_authtoken "user_domain_name" .Values.endpoints.identity.auth.placement.user_domain_name -}}
-{{- end -}}
-{{- if empty .Values.conf.placement.keystone_authtoken.username -}}
-{{- $_ := set .Values.conf.placement.keystone_authtoken "username" .Values.endpoints.identity.auth.placement.username -}}
-{{- end -}}
-{{- if empty .Values.conf.placement.keystone_authtoken.password -}}
-{{- $_ := set .Values.conf.placement.keystone_authtoken "password" .Values.endpoints.identity.auth.placement.password -}}
-{{- end -}}
 {{- if empty .Values.conf.placement.keystone_authtoken.memcached_servers -}}
 {{- $_ := tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.host_and_port_endpoint_uri_lookup" | set .Values.conf.placement.keystone_authtoken "memcached_servers" -}}
 {{- end -}}

placement/templates/deployment.yaml

@@ -19,11 +19,13 @@ limitations under the License.
 
 {{- $mounts_placement := .Values.pod.mounts.placement.placement }}
 {{- $mounts_placement_init := .Values.pod.mounts.placement.init_container }}
+{{- $etcSources := .Values.pod.etcSources.placement }}
+{{- if eq .Values.manifests.secret_ks_etc true }}
+{{- $etcSources = append $etcSources (dict "secret" (dict "name" "placement-ks-etc")) }}
+{{- end }}
 
 {{- $serviceAccountName := "placement-api" }}
 {{ tuple $envAll "api" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
-
-{{- $etcSources := .Values.pod.etcSources.placement }}
 ---
 apiVersion: apps/v1
 kind: Deployment

placement/templates/secret-ks-etc.yaml

@@ -0,0 +1,27 @@
+{{/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if .Values.manifests.secret_ks_etc }}
+{{- $envAll := . -}}
+{{/* the endpoints.identity.auth sections with the oslo conf sections they get rendered to */}}
+{{- $ksUsers := dict
+  "placement" "keystone_authtoken"
+-}}
+{{ dict
+  "envAll" $envAll
+  "serviceName" "placement"
+  "serviceUserSections" $ksUsers
+  | include "helm-toolkit.manifests.secret_ks_etc"
+}}
+{{- end }}

placement/values.yaml

@@ -481,6 +481,7 @@ manifests:
   pdb: true
   ingress: true
   secret_keystone: true
+  secret_ks_etc: true
   service_ingress: true
   service: true
 

releasenotes/notes/placement-2b023904bc06028b.yaml

@@ -0,0 +1,8 @@
+---
+placement:
+  - |
+    Split out the OpenStack service account definitions from placement.conf and into
+    config snippets which are loaded at /etc/placement/placement.d/, which is automatically
+    loaded by OSLO when loading the main placement.conf. This makes it easier for users
+    to use the regular config generation while supplying credentials out of band.
+...