From 479f50db8b713d2ec82cbd605e054538c7a580dd Mon Sep 17 00:00:00 2001
From: "KAVVA, JAGAN MOHAN REDDY (jk330k)" <jk330k@att.com>
Date: Mon, 10 Feb 2020 15:05:15 -0600
Subject: [PATCH] Enable Docker default AppArmor profile to mini-mirror

This adds default Apparmor profile to mini-mirror.

Change-Id: I4f801580ae7f6f6e59fab38a6742102004ddff05
---
 .../templates/deployment-mini-mirror.yaml     |  1 +
 mini-mirror/values_overrides/apparmor.yaml    |  5 +++
 .../component/mini-mirror/mini-mirror.sh      | 31 +++++++++++++++++++
 zuul.d/jobs.yaml                              | 17 ++++++++++
 zuul.d/project.yaml                           |  2 ++
 5 files changed, 56 insertions(+)
 create mode 100644 mini-mirror/values_overrides/apparmor.yaml
 create mode 100755 tools/deployment/component/mini-mirror/mini-mirror.sh

diff --git a/mini-mirror/templates/deployment-mini-mirror.yaml b/mini-mirror/templates/deployment-mini-mirror.yaml
index 8adb8838..2dde9129 100644
--- a/mini-mirror/templates/deployment-mini-mirror.yaml
+++ b/mini-mirror/templates/deployment-mini-mirror.yaml
@@ -39,6 +39,7 @@ spec:
 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
         configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
         configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
+{{ dict "envAll" $envAll "podName" "mini-mirror" "containerNames" (list "mini-mirror-api") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "mini_mirror" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       nodeSelector:
diff --git a/mini-mirror/values_overrides/apparmor.yaml b/mini-mirror/values_overrides/apparmor.yaml
new file mode 100644
index 00000000..ac1654c3
--- /dev/null
+++ b/mini-mirror/values_overrides/apparmor.yaml
@@ -0,0 +1,5 @@
+pod:
+  mandatory_access_control:
+    type: apparmor
+    mini-mirror:
+      mini-mirror-api: runtime/default
diff --git a/tools/deployment/component/mini-mirror/mini-mirror.sh b/tools/deployment/component/mini-mirror/mini-mirror.sh
new file mode 100755
index 00000000..d64ad2f7
--- /dev/null
+++ b/tools/deployment/component/mini-mirror/mini-mirror.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright 2020 The Openstack-Helm Authors.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make mini-mirror
+
+#NOTE: Get the over-rides to use
+: ${OSH_EXTRA_HELM_ARGS_MINI_MIRROR:="$(./tools/deployment/common/get-values-overrides.sh mini-mirror)"}
+
+#NOTE: Deploy command
+: ${OSH_EXTRA_HELM_ARGS:=""}
+
+helm upgrade --install mini-mirror ./mini-mirror \
+    --namespace=osh-addons \
+    ${OSH_EXTRA_HELM_ARGS} \
+    ${OSH_EXTRA_HELM_ARGS_MINI_MIRROR}
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 0e6a4249..9393faf4 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -78,3 +78,20 @@
         - ./tools/deployment/component/keystone/keystone.sh
         - ./tools/deployment/component/ranger/ranger.sh
         - ./tools/deployment/component/ranger/ranger-agent.sh
+
+- job:
+    name: osh-addons-mini-mirror
+    parent: osh-addons-base
+    run: tools/gate/playbooks/osh-gate-runner.yaml
+    timeout: 7200
+    nodeset: openstack-helm-single-node
+    vars:
+      osh_params:
+        container_distro_name: ubuntu
+        container_distro_version: bionic
+        feature_gates: apparmor
+      gate_scripts:
+        - ./tools/deployment/common/install-packages.sh
+        - ./tools/deployment/common/deploy-k8s.sh
+        - ./tools/deployment/common/setup-client.sh
+        - ./tools/deployment/component/mini-mirror/mini-mirror.sh
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index b802cbaf..ba774fa6 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -17,8 +17,10 @@
         - openstack-helm-lint
         - osh-addons-sonobuoy
         - osh-addons-ranger
+        - osh-addons-mini-mirror
     gate:
       jobs:
         - openstack-helm-lint
         - osh-addons-sonobuoy
         - osh-addons-ranger
+        - osh-addons-mini-mirror