ctao-bdms-clients 0.0.0a0__tar.gz

ctao_bdms_clients-0.0.0a0/.codespell-ignores

@@ -0,0 +1 @@
+anull

ctao_bdms_clients-0.0.0a0/.dockerignore

@@ -0,0 +1,5 @@
+**/__pycache__
+**/*.pyc
+**/*.egg-info
+**/build
+**/_version.py

ctao_bdms_clients-0.0.0a0/.flake8

@@ -0,0 +1,2 @@
+[flake8]
+max-line-length=88

ctao_bdms_clients-0.0.0a0/.gitignore

@@ -0,0 +1,143 @@
+# Files downloaded by the dpps-aiv-toolkit
+Chart.lock
+helm
+helm.tar.gz
+kind
+kubectl
+linux-amd64
+# generated file
+chart/**/*.tgz
+report.xml
+# setuptools_scm generated version file
+_version.py
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+docs/api
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/

ctao_bdms_clients-0.0.0a0/.gitlab-ci.yml

@@ -0,0 +1,37 @@
+include:
+  - project: 'cta-computing/dpps/aiv/dpps-aiv-toolkit'
+    ref: 705e92d15a41d000f458dcb11d662f83d5718aaf
+    file: 'ci-functions.yml'
+  - "aiv-config.yml"
+
+
+variables:
+  CHART_LOCATION: chart
+  CHART_NAME: bdms
+  CHART_EXTRA_VALUES: "--set client_image_tag=${DOCKER_TAG}"
+  DPPS_AIV_TOOLKIT_DIR: dpps-aiv-toolkit
+  DOCKER_IMAGE_CONTEXT: '${CI_PROJECT_DIR}'
+  RUCIO_VERSION: "35.4.1"
+  RUCIO_TAG: "release-${RUCIO_VERSION}"
+
+stages:
+  - lint
+  - build
+  - sign
+  - tests
+  - sonarqube
+  - publish
+  - report
+
+build:
+  variables:
+    CI_HARBOR_REGISTRY_IMAGE: '${HARBOR_HOST}/dpps/bdms-client:${DOCKER_TAG}'
+    KANIKO_EXTRA_ARGS: --build-arg RUCIO_TAG=${RUCIO_TAG}
+
+hadolint:
+  rules:
+    - when: never
+
+sign:
+  rules:
+    - when: never

ctao_bdms_clients-0.0.0a0/.gitmodules

@@ -0,0 +1,9 @@
+[submodule "dpps-aiv-toolkit"]
+	path = dpps-aiv-toolkit
+	url = ../../aiv/dpps-aiv-toolkit.git
+[submodule "dpps-release-plan"]
+	path = dpps-release-plan
+	url = ../../dpps-project-management/dpps-release-plan.git
+[submodule "requirements-traceability"]
+	path = requirements-traceability
+	url = ../../dpps-project-management/requirements-traceability.git

ctao_bdms_clients-0.0.0a0/.pre-commit-config.yaml

@@ -0,0 +1,61 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0  # Use the ref you want to point at
+    hooks:
+    - id: trailing-whitespace
+      exclude: '(.*\.fits(\.fz)?)|(.*.patch.*)$'
+    - id: check-added-large-files
+    - id: check-case-conflict
+    - id: check-merge-conflict
+    - id: end-of-file-fixer
+      exclude: '(.*\.fits(\.fz)?)|(.*.patch.*)|(chart\/.*README.md)$'
+
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+    - id: codespell
+      additional_dependencies:
+        - tomli
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.8.0
+    hooks:
+      - id: ruff
+        args: [ --fix, --show-fixes ]
+        exclude: chart/charts/rucio-daemons/patches/request_patched.py
+      - id: ruff-format
+        exclude: chart/charts/rucio-daemons/patches/request_patched.py
+        exclude: '.*.patch.*'
+      - id: ruff-format
+        exclude: '.*.patch.*'
+
+  - repo: https://github.com/scientific-python/cookie
+    rev: "2024.08.19"
+    hooks:
+      - id: sp-repo-review
+
+  - repo: local
+    hooks:
+    - id: CI yaml check
+      args: [ dpps-aiv-toolkit ]
+      name: CI yaml check
+      description: CI yaml check
+      language: script
+      entry: dpps-aiv-toolkit/cicheck.sh
+      pass_filenames: true
+      files: ^.gitlab-ci.yml$
+      always_run: true
+
+  - repo: https://github.com/norwoodj/helm-docs
+    rev: "v1.14.2"
+    hooks:
+    - id: helm-docs-built
+      args:
+        - "--chart-search-root=chart"
+
+  # - id: helm-lint
+  #   name: helm-lint
+  #   language: docker_image
+  #   entry: alpine/helm:3.11.1 lint chart/ # --set
+  #   always_run: true
+  #   pass_filenames: false

ctao_bdms_clients-0.0.0a0/CHANGES.rst

@@ -0,0 +1,15 @@
+BDMS v0.1.0rc1 (2025-02-12)
+---------------------------
+
+First release candidate for the Bulk Data Management System (BDMS).
+
+* Deployment of Rucio 35.4 using helm
+
+
+
+Maintenance
+~~~~~~~~~~~
+
+- Write and publish BDMS documentation for DPPS Release 0. [`!47 <https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/-/merge_requests/47>`__]
+
+- Setup ``towncrier`` for changelog generation. [`!49 <https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/-/merge_requests/49>`__]

ctao_bdms_clients-0.0.0a0/Dockerfile

@@ -0,0 +1,30 @@
+ # rucio version used as base for the final image
+ARG RUCIO_TAG=release-35.4.1
+
+FROM python:3.9 AS builder
+
+COPY pyproject.toml MANIFEST.in /tmp/bdms/
+COPY .git /tmp/bdms/.git/
+COPY src /tmp/bdms/src/
+
+RUN python -m pip install build \
+  && python -m build /tmp/bdms --wheel -o /tmp/dist
+
+# second stage, copy and install wheel
+# We are using the official python 3.11 image
+# as base image in the slim variant to reduce image size.
+FROM rucio/rucio-clients:${RUCIO_TAG}
+
+ARG RUCIO_TAG
+
+# server and daemons use root, clients use "user", switch to root, install, then back
+USER root
+COPY --from=builder /tmp/dist/ /tmp/dist/
+RUN  dnf install -y --setopt=install_weak_deps=False git \
+  && python3 -m pip install --no-cache-dir /tmp/dist/ctao_bdms* \
+  && dnf autoremove \
+  && dnf clean all
+
+USER user
+
+ENV RUCIO_POLICY_PACKAGE=bdms_rucio_policy

ctao_bdms_clients-0.0.0a0/LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2022, Cherenkov Telescope Array Observatory Consortium
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

ctao_bdms_clients-0.0.0a0/MANIFEST.in

@@ -0,0 +1,2 @@
+prune src/template/_dev_version
+prune .github

ctao_bdms_clients-0.0.0a0/Makefile

@@ -0,0 +1,11 @@
+###
+# TODO: duplicate in config?
+export CHART_NAME=bdms
+export CHART_LOCATION=chart
+include dpps-aiv-toolkit/Makefile
+
+
+# TODO: move this to kit
+export TEST_ARTIFACTS_PATH ?= $(PWD)
+export TEST_REPORT_CONFIG ?= $(PWD)/aiv-config.yml
+export TEX_CONTENT_PATH ?= $(PWD)/report

ctao_bdms_clients-0.0.0a0/PKG-INFO

@@ -0,0 +1,35 @@
+Metadata-Version: 2.2
+Name: ctao-bdms-clients
+Version: 0.0.0a0
+Summary: Client module for the CTAO DPPS Bulk Data Management System
+Author-email: Georgios Zacharis <georgios.zacharis@inaf.it>, Stefano Gallozzi <Stefano.gallozzi@inaf.it>, Michele Mastropietro <michele.mastropietro@inaf.it>, Syed Anwar Ul Hasan <syedanwarul.hasan@cta-consortium.org>, Maximilian Linhoff <maximilian.linhoff@cta-observatory.org>, Volodymyr Savchenko <Volodymyr.Savchenko@epfl.ch>
+License: BSD-3-Clause
+Project-URL: repository, https://github.com/cta-observatory/...
+Project-URL: documentation, http://cta-computing.gitlab-pages.cta-observatory.org/documentation/...
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: rucio-clients~=35.4.1
+Requires-Dist: ctao-bdms-rucio-policy==0.1.0
+Provides-Extra: test
+Requires-Dist: pytest; extra == "test"
+Requires-Dist: pytest-cov; extra == "test"
+Requires-Dist: pytest-mock; extra == "test"
+Requires-Dist: pytest-requirements; extra == "test"
+Provides-Extra: doc
+Requires-Dist: sphinx; extra == "doc"
+Requires-Dist: numpydoc; extra == "doc"
+Requires-Dist: ctao-sphinx-theme; extra == "doc"
+Requires-Dist: myst-parser; extra == "doc"
+Requires-Dist: sphinx-changelog; extra == "doc"
+Provides-Extra: dev
+Requires-Dist: setuptools_scm; extra == "dev"
+Requires-Dist: sphinx-autobuild; extra == "dev"
+Provides-Extra: all
+Requires-Dist: bdms[dev,doc,test]; extra == "all"
+
+# Bulk Data Management System
+
+[![CI](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/badges/main/pipeline.svg?key_text=CI&key_width=25)](https://gitlab.cta-observatory.org/dpps/bdms/bdms/-/pipelines/main/latest)
+[![Test Report](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/badges/main/pipeline.svg?key_text=Test%20Report)](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/-/jobs/artifacts/main/file/test_report.pdf?job=build-test-report)
+[![Docs](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/badges/main/pipeline.svg?key_text=docs&key_width=30)](http://cta-computing.gitlab-pages.cta-observatory.org/dpps/bdms/bdms/)

ctao_bdms_clients-0.0.0a0/README.md

@@ -0,0 +1,5 @@
+# Bulk Data Management System
+
+[![CI](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/badges/main/pipeline.svg?key_text=CI&key_width=25)](https://gitlab.cta-observatory.org/dpps/bdms/bdms/-/pipelines/main/latest)
+[![Test Report](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/badges/main/pipeline.svg?key_text=Test%20Report)](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/-/jobs/artifacts/main/file/test_report.pdf?job=build-test-report)
+[![Docs](https://gitlab.cta-observatory.org/cta-computing/dpps/bdms/bdms/badges/main/pipeline.svg?key_text=docs&key_width=30)](http://cta-computing.gitlab-pages.cta-observatory.org/dpps/bdms/bdms/)

ctao_bdms_clients-0.0.0a0/aiv-config-dependencies.yml

@@ -0,0 +1,4 @@
+dependencies:
+  - gitlab_path: cta-computing/dpps/bdms/bdms-rucio-policy
+    revision: main
+    sonar_key: cta-computing_dpps_bdms_bdms-rucio-policy_AZPO4IWyAfB1AuE28R3d

ctao_bdms_clients-0.0.0a0/aiv-config.yml

@@ -0,0 +1,18 @@
+# This is the configuration used both in CI and local Makefile
+
+variables:
+  # Comma-separated list of "UC Groups" to select UCs and Requirements, e.g. "BDMS,AIV"
+  DPPS_UC_GROUPS: BDMS
+  DPPS_RELEASE: v0.0
+
+  # these paths are relative to TEST_ARTIFACTS_PATH
+  REPORT_XML: report.xml
+  RELEASE_PLAN_FN: dpps-release-plan/release_development_document/dpps-release-plan.tex
+  TRACEABILITY_CSV_FN: requirements-traceability/DPPS_Requirements_Traceability_Matrix.csv
+
+  APPLICATION_NAME: BDMS
+  APPLICATION_AUTHOR: BDMS Team
+  APPLICATION_AUTHOR_ORGANIZATION: CTAO
+  APPLICATION_VERSION: 0.0.0
+
+  EXTRA_CONFIG_FILES: aiv-config-dependencies.yml

ctao_bdms_clients-0.0.0a0/chart/Chart.yaml

@@ -0,0 +1,39 @@
+apiVersion: v2
+name: bdms
+version: 0.1.0
+appVersion: 0.1.0
+description: A Helm chart for the bdms project
+type: application
+keywords:
+- bdms
+- rucio
+- monitoring
+- postgresql
+
+maintainers:
+- name: The BDMS Authors
+  email:
+
+dependencies:
+- name: postgresql
+  condition: postgresql.enabled
+  version: 15.5.10
+  repository: oci://registry-1.docker.io/bitnamicharts
+
+- name: rucio-server
+  version: 35.0.0
+  repository: oci://harbor.cta-observatory.org/dpps
+
+- name: rucio-daemons
+  version: 35.0.0
+  repository: oci://harbor.cta-observatory.org/dpps
+
+- name: cert-generator-grid
+  condition: cert-generator-grid.enabled
+  version: 0.0.0-75a4994-75a4994c
+  repository: oci://harbor.cta-observatory.org/dpps
+
+- name: fts
+  condition: fts.enabled
+  version: 0.0.0-c435e63-c435e636
+  repository: oci://harbor.cta-observatory.org/dpps

ctao_bdms_clients-0.0.0a0/chart/Makefile

@@ -0,0 +1,15 @@
+install:
+	helm upgrade --install --wait bdms .
+
+test:
+	helm test bdms
+
+publish:
+	helm package .
+	helm push bdms-0.1.0.tgz oci://harbor.cta-observatory.org/dpps
+
+reset:
+	helm delete bdms || true
+	kubectl delete secrets bdms-rucio-server bdms-rucio-server-tls bdms-server-cafile bdms-server-hostcert bdms-server-hostkey dppsuser-certkey || true
+	kubectl delete job  generate-certificates configure-test-rucio test-rucio || true
+	kubectl delete pvc data-bdms-postgresql-0 || true

ctao_bdms_clients-0.0.0a0/chart/README.md

@@ -0,0 +1,140 @@
+# bdms
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=flat-square)
+
+A Helm chart for the bdms project
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| The BDMS Authors |  |  |
+
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| oci://harbor.cta-observatory.org/dpps | cert-generator-grid | 0.0.0-75a4994-75a4994c |
+| oci://harbor.cta-observatory.org/dpps | fts | 0.0.0-c435e63-c435e636 |
+| oci://harbor.cta-observatory.org/dpps | rucio-daemons | 35.0.0 |
+| oci://harbor.cta-observatory.org/dpps | rucio-server | 35.0.0 |
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 15.5.10 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| auth.authRucioHost | string | `"rucio-server.local"` | The hostname of the Rucio authentication server. It is used by clients and services to authenticate with Rucio |
+| auth.certificate.existingSecret.cert | string | `"tls.crt"` | The key inside the kubernetes secret that stores the TLS certificate |
+| auth.certificate.existingSecret.enabled | bool | `true` | Use an existing kubernetes (K8s) secret for certificates instead of creating new ones |
+| auth.certificate.existingSecret.key | string | `"tls.key"` | The key inside the kubernetes secret that stores the private key |
+| auth.certificate.existingSecret.secretName | string | `"rucio-server.local"` | The name of the kubernetes secret containing the TLS certificate and key |
+| auth.certificate.letsencrypt.email | string | `""` | Email address for Let's encrypt registration and renewal reminders |
+| auth.certificate.letsencrypt.enabled | bool | `false` | Enables SSL/TLS certificate provisioning using Let's encrypt |
+| bootstrap.image.repository | string | `"harbor.cta-observatory.org/dpps/bdms-rucio-server"` | The container image for bootstrapping Rucio (initialization, configuration) with the CTAO Rucio policy package installed |
+| bootstrap.image.tag | string | `"35.4.1-v0.1.0"` | The specific image tag to use for the bootstrap container |
+| cert-generator-grid.enabled | bool | `true` |  |
+| cert-generator-grid.generatePreHooks | bool | `true` |  |
+| client_image_tag | string | `"6cbd744c"` |  |
+| configure_test_setup | bool | `true` | This will configure the rucio server with the storages |
+| database | object | `{"default":"postgresql://rucio:XcL0xT9FgFgJEc4i3OcQf2DMVKpjIWDGezqcIPmXlM@bdms-postgresql:5432/rucio"}` | Databases Credentials used by Rucio to access the database. If postgresql subchart is deployed, these credentials should match those in postgresql.global.postgresql.auth. If postgresql subchart is not deployed, an external database must be provided |
+| database.default | string | `"postgresql://rucio:XcL0xT9FgFgJEc4i3OcQf2DMVKpjIWDGezqcIPmXlM@bdms-postgresql:5432/rucio"` | The Rucio database connection URI |
+| dev.mount_repo | bool | `true` |  |
+| dev.run_tests | bool | `true` |  |
+| dev.sleep | bool | `false` | sleep after test to allow interactive development |
+| fts.enabled | bool | `true` | Specifies the configuration for FTS test step (FTS server, FTS database, and ActiveMQ broker containers). Enables or disables the deployment of a FTS instance for testing. This is set to 'False' if an external FTS is used |
+| fts.ftsdb_password | string | `"SDP2RQkbJE2f+ohUb2nUu6Ae10BpQH0VD70CsIQcDtM"` | Defines the password for the FTS database user |
+| fts.ftsdb_root_password | string | `"iB7dMiIybdoaozWZMkvRo0eg9HbQzG9+5up50zUDjE4"` | Defines the root password for the FTS database |
+| fts.image.pullPolicy | string | `"Always"` |  |
+| fts.image.repository | string | `"harbor.cta-observatory.org/proxy_cache/rucio/fts"` | The container image repository for the FTS deployment |
+| fts.image.tag | string | `"35.4.1"` | Defines the specific version of the FTS image to use |
+| fts.messaging.broker | string | `"localhost:61613"` |  |
+| fts.messaging.password | string | `"topsecret"` |  |
+| fts.messaging.use_broker_credentials | string | `"true"` |  |
+| fts.messaging.username | string | `"fts"` |  |
+| postgresql.enabled | bool | `true` | Configuration of built-in postgresql database. If 'enabled: true', a postgresql instance will be deployed, otherwise, an external database must be provided in database.default value |
+| postgresql.global.postgresql.auth.database | string | `"rucio"` | The name of the database to be created and used by Rucio |
+| postgresql.global.postgresql.auth.password | string | `"XcL0xT9FgFgJEc4i3OcQf2DMVKpjIWDGezqcIPmXlM"` | The password for the database user |
+| postgresql.global.postgresql.auth.username | string | `"rucio"` | The database username for authentication |
+| prepuller_enabled | bool | `true` | Starts containers with the same image as the one used in the deployment before all volumes are available. Saves time in the first deployment |
+| rethinkdb.enabled | bool | `false` |  |
+| rethinkdb.storageClassName | string | `nil` |  |
+| rethinkdb.storageSize | string | `"1Gi"` |  |
+| rucio-daemons.config.database.default | string | `"postgresql://rucio:XcL0xT9FgFgJEc4i3OcQf2DMVKpjIWDGezqcIPmXlM@bdms-postgresql:5432/rucio"` | Specifies the connection URI for the Rucio database, these settings will be written to 'rucio.cfg' |
+| rucio-daemons.config.messaging-fts3.brokers | string | `"fts-activemq"` | Specifies the message broker used for FTS messaging |
+| rucio-daemons.config.messaging-fts3.destination | string | `"/topic/transfer.fts_monitoring_complete"` | Specifies the message broker queue path where FTS sends transfer status updates. This is the place where Rucio listens for completed transfer notifications |
+| rucio-daemons.config.messaging-fts3.nonssl_port | int | `61613` | Specifies the non-SSL port |
+| rucio-daemons.config.messaging-fts3.password | string | `"topsecret"` | Specifies the authentication credential (password) for connecting to the message broker |
+| rucio-daemons.config.messaging-fts3.port | int | `61613` | Defines the port used for the broker |
+| rucio-daemons.config.messaging-fts3.use_ssl | bool | `false` | Determines whether to use SSL for message broker connections. If true, valid certificates are required for securing the connection |
+| rucio-daemons.config.messaging-fts3.username | string | `"fts"` | Specifies the authentication credential (username) for connecting to the message broker |
+| rucio-daemons.config.policy.permission | string | `"ctao"` | Defines the policy permission model for Rucio for determining how authorization and access controls are applied, its value should be taken from the installed Rucio policy package |
+| rucio-daemons.conveyorFinisher.activities | string | `"'User Subscriptions'"` | Specifies which Rucio activities to be handled. Some of the activities for data movements are 'User Subscriptions' and 'Production Transfers' |
+| rucio-daemons.conveyorFinisher.resources.limits.cpu | string | `"3000m"` |  |
+| rucio-daemons.conveyorFinisher.resources.limits.memory | string | `"4Gi"` |  |
+| rucio-daemons.conveyorFinisher.resources.requests.cpu | string | `"700m"` |  |
+| rucio-daemons.conveyorFinisher.resources.requests.memory | string | `"200Mi"` |  |
+| rucio-daemons.conveyorFinisher.sleepTime | int | `5` | Defines how often (in seconds) the daemon processes finished transfers |
+| rucio-daemons.conveyorFinisherCount | int | `1` | Marks completed transfers and updates metadata |
+| rucio-daemons.conveyorPoller.activities | string | `"'User Subscriptions'"` | Specifies which Rucio activities to be handled. Some of the activities for data movements are 'User Subscriptions' and 'Production Transfers' |
+| rucio-daemons.conveyorPoller.olderThan | int | `600` | Filters transfers that are older than the specified time (in seconds) before polling |
+| rucio-daemons.conveyorPoller.resources.limits.cpu | string | `"3000m"` |  |
+| rucio-daemons.conveyorPoller.resources.limits.memory | string | `"4Gi"` |  |
+| rucio-daemons.conveyorPoller.resources.requests.cpu | string | `"700m"` |  |
+| rucio-daemons.conveyorPoller.resources.requests.memory | string | `"200Mi"` |  |
+| rucio-daemons.conveyorPoller.sleepTime | int | `60` | Defines how often (in seconds) the daemon polls for transfer status updates |
+| rucio-daemons.conveyorPollerCount | int | `1` | Polls FTS to check the status of ongoing transfers |
+| rucio-daemons.conveyorReceiverCount | int | `1` | Listens to messages from ActiveMQ, which FTS uses to publish transfer status updates. This ensures Rucio is notified of completed or failed transfers in real time |
+| rucio-daemons.conveyorTransferSubmitter.activities | string | `"'User Subscriptions'"` | Specifies which Rucio activities to be handled. Some of the activities for data movements are 'User Subscriptions' and 'Production Transfers' |
+| rucio-daemons.conveyorTransferSubmitter.archiveTimeout | string | `""` | Sets the timeout if required for archiving completed transfers |
+| rucio-daemons.conveyorTransferSubmitter.resources.limits.cpu | string | `"3000m"` |  |
+| rucio-daemons.conveyorTransferSubmitter.resources.limits.memory | string | `"4Gi"` |  |
+| rucio-daemons.conveyorTransferSubmitter.resources.requests.cpu | string | `"700m"` |  |
+| rucio-daemons.conveyorTransferSubmitter.resources.requests.memory | string | `"200Mi"` |  |
+| rucio-daemons.conveyorTransferSubmitter.sleepTime | int | `5` | Defines the interval (in seconds) the daemon waits before checking for new transfers |
+| rucio-daemons.conveyorTransferSubmitterCount | int | `1` | Number of container instances to deploy for each Rucio daemon, this daemon submits new transfer requests to the FTS |
+| rucio-daemons.image.pullPolicy | string | `"Always"` | It defines when kubernetes should pull the container image, the options available are: Always, IfNotPresent, and Never |
+| rucio-daemons.image.repository | string | `"harbor.cta-observatory.org/dpps/bdms-rucio-daemons"` | Specifies the container image repository for Rucio daemons |
+| rucio-daemons.image.tag | string | `"35.4.1-v0.1.0"` | Specific image tag to use for deployment |
+| rucio-daemons.judgeEvaluatorCount | int | `1` | Evaluates Rucio replication rules and triggers transfers |
+| rucio-daemons.useDeprecatedImplicitSecrets | bool | `true` | Enables the use of deprecated implicit secrets for authentication |
+| rucio-server.authRucioHost | string | `"rucio-server.local"` | The hostname of the Rucio authentication server. |
+| rucio-server.config.database.default | string | `"postgresql://rucio:XcL0xT9FgFgJEc4i3OcQf2DMVKpjIWDGezqcIPmXlM@bdms-postgresql:5432/rucio"` | The database connection URI for Rucio |
+| rucio-server.config.persistence.accessMode | string | `"ReadWriteOnce"` | Defines how storage can be accessed, the options available are: ReadWriteOnce, ReadOnlyMany, ReadWriteMany |
+| rucio-server.config.persistence.enabled | bool | `true` | Enables persistent storage for Rucio server, setting it to false means using temporary storage ('ephemeral' in the context of kubernetes) that gets wiped out and lost when the container is stopped or restarted |
+| rucio-server.config.persistence.size | string | `"1Gi"` | Defines the size of persistent volume claim (PVC) or the amount of the storage capacity provisioned to the Rucio server |
+| rucio-server.config.persistence.storageClass | string | `""` | Specifies the kubernetes storage class for persistent volume, default storage class is used when its value is left empty |
+| rucio-server.ftsRenewal.enabled | bool | `false` | Enables automatic renewal of FTS credentials using X.509 certificates and proxy |
+| rucio-server.httpd_config.encoded_slashes | string | `"True"` | Allows for custom LFNs with slashes in request URLs so that Rucio server (Apache) can decode and handle such requests properly |
+| rucio-server.httpd_config.grid_site_enabled | string | `"True"` | Enables Rucio server to support and interact with grid middleware (storages) for X509 authentication with proxies |
+| rucio-server.image.pullPolicy | string | `"Always"` | It defines when kubernetes should pull the container image, the options available are: Always, IfNotPresent, and Never |
+| rucio-server.image.repository | string | `"harbor.cta-observatory.org/dpps/bdms-rucio-server"` | The container image repository for Rucio server with the CTAO Rucio policy package installed |
+| rucio-server.image.tag | string | `"35.4.1-v0.1.0"` | The specific image tag to deploy |
+| rucio-server.ingress.enabled | bool | `true` | Enables an ingress resource (controller) for exposing the Rucio server externally to allow clients connect to the Rucio server. It needs one of the ingress controllers (NGINX, Traefik) to be installed |
+| rucio-server.ingress.hosts | list | `["rucio-server-manual-tc.local"]` | Defines the hostname to be used to access the Rucio server. It should match DNS configuration and TLS certificates |
+| rucio-server.replicaCount | int | `1` | Number of replicas of the Rucio server to deploy. We can increase it to meet higher availability goals |
+| rucio-server.service.name | string | `"https"` | The name of the service port |
+| rucio-server.service.port | int | `443` | The port exposed by the kubernetes service, making the Rucio server accessible within the cluster |
+| rucio-server.service.protocol | string | `"TCP"` | The network protocol used for HTTPS based communication |
+| rucio-server.service.targetPort | int | `443` | The port inside the Rucio server container that listens for incoming traffic |
+| rucio-server.service.type | string | `"ClusterIP"` | Specifies the kubernetes service type for making the Rucio server accessible within or outside the kubernetes cluster, available options include clusterIP (internal access only, default), NodePort (exposes the service on port across all cluster nodes), and LoadBalancer (Uses an external load balancer) |
+| rucio-server.useSSL | bool | `true` | Enables the Rucio server to use SSL/TLS for secure communication, requiring valid certificates to be configured |
+| rucio.password | string | `"secret"` |  |
+| rucio.username | string | `"dpps"` | Specifies the username for Rucio operations as part of Rucio configuration |
+| rucio.version | string | `"35.4.1"` | The version of Rucio being deployed |
+| rucio_db.connection | string | `"postgresql://rucio:XcL0xT9FgFgJEc4i3OcQf2DMVKpjIWDGezqcIPmXlM@bdms-postgresql:5432/rucio"` | The database connection URI for Rucio. It is of the format: `postgresql://<user>:<password>@<host>:<port>/<database>`, this field in use only if 'existingSecret.enabled' is set to 'false', otherwise ignored |
+| rucio_db.deploy | bool | `true` | If true, deploys a postgresql instance for the Rucio database, otherwise use an external database |
+| rucio_db.existingSecret.enabled | bool | `false` | If true, the database connection URI is obtained from a kubernetes secret in |
+| rucio_db.existingSecret.key | string | `"connection"` | The key inside the kubernetes secret that holds the database connection URI |
+| rucio_db.existingSecret.secretName | string | `"rucio-db"` | The name of the kubernetes secret storing the database connection URI. Its in use only if 'existingSecret.enabled: true' |
+| safe_to_bootstrap_rucio | bool | `true` | This is a destructive operation, it will delete all data in the database |
+| server.certificate.existingSecret.cert | string | `"tls.crt"` | The key inside the kubernetes secret that stores the TLS certificate |
+| server.certificate.existingSecret.enabled | bool | `true` | Use an existing kubernetes (K8s) secret for certificates instead of creating new ones |
+| server.certificate.existingSecret.key | string | `"tls.key"` | The key inside the kubernetes secret that stores the private key |
+| server.certificate.existingSecret.secretName | string | `"rucio-server-manual-tc.local"` | The name of the kubernetes secret containing the TLS certificate and key |
+| server.certificate.letsencrypt.email | string | `""` |  |
+| server.certificate.letsencrypt.enabled | bool | `false` | Enables SSL/TLS certificate provisioning using Let's encrypt |
+| server.rucioHost | string | `"rucio-server-manual-tc.local"` | The hostname of the Rucio server. It is used by clients and services to communicate with Rucio |
+| storages | list | `["rucio-storage-1","rucio-storage-2","rucio-storage-3"]` | a list of storage element (RSE) hostnames names, for each RSE, one deployment and service are configured, two configmaps xrdconfig and xrd-entrypoint for those three storages |
+| suffix_namespace | string | `"default"` | Specifies the Namespace suffix used for managing deployments in kubernetes |
+