From 515b6697d3abec5099609da73b173f80a281d1db Mon Sep 17 00:00:00 2001
From: Tin Lam <tin@irrational.io>
Date: Wed, 12 Sep 2018 10:02:00 -0500
Subject: [PATCH] Add apparmor annotation function

This patch set adds helm toolkit functions to annotate apparmor profile
in the container's metadata section.

Change-Id: Ib0ca04e8b8527194778afb8053046797abdfdb98
Signed-off-by: Tin Lam <tin@irrational.io>
---
 .../_kubernetes_apparmor_annotation.tpl       | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 helm-toolkit/templates/snippets/_kubernetes_apparmor_annotation.tpl

diff --git a/helm-toolkit/templates/snippets/_kubernetes_apparmor_annotation.tpl b/helm-toolkit/templates/snippets/_kubernetes_apparmor_annotation.tpl
new file mode 100644
index 000000000..27029b5e9
--- /dev/null
+++ b/helm-toolkit/templates/snippets/_kubernetes_apparmor_annotation.tpl
@@ -0,0 +1,49 @@
+{{/*
+Copyright 2017-2018 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{/*
+abstract: |
+  Renders apparmor annotations for a list of containers driven by values.yaml.
+values: |
+  pod:
+    apparmor:
+      myPodName:
+        myContainerName: localhost/myAppArmor
+        mySecondContainerName: localhost/secondProfile # optional
+        myThirdContainerName: localhost/thirdProfile # optional
+usage: |
+  {{ dict "envAll" . "podName" "myPodName" "containerNames" (list "myContainerName" "mySecondContainerName" "myThirdContainerName") | include "helm-toolkit.snippets.kubernetes_apparmor_annotation" }}
+return: |
+  container.apparmor.security.beta.kubernetes.io/myContainerName: localhost/myAppArmor
+  container.apparmor.security.beta.kubernetes.io/mySecondContainerName: localhost/secondProfile
+  container.apparmor.security.beta.kubernetes.io/myThirdContainerName: localhost/thirdProfile
+note: |
+  The number of container underneath is a variable arguments. It loops through
+  all the container names specified.
+*/}}
+{{- define "helm-toolkit.snippets.kubernetes_apparmor_annotation" -}}
+{{- $envAll := index . "envAll" -}}
+{{- $podName := index . "podName" -}}
+{{- $containerNames := index . "containerNames" -}}
+{{- if hasKey (index $envAll.Values.pod "apparmor") $podName -}}
+{{- range $name := $containerNames -}}
+{{- $apparmorProfile := index $envAll.Values.pod.apparmor $podName $name -}}
+{{- if $apparmorProfile }}
+container.apparmor.security.beta.kubernetes.io/{{ $name }}: {{ $apparmorProfile }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}