From a478913e5ee7870ec099488718d6b3fa9bebe0f3 Mon Sep 17 00:00:00 2001 From: Carmen Rata Date: Thu, 13 Jun 2024 13:47:47 +0000 Subject: [PATCH] Auto-increment chart versions for auditd app To guarantee the helm chart version is incremented when a helm chart change is submitted, a top level hierarchy for helm charts to differentiate between upstream and custom charts: helm-charts/{custom,upstream}, has been created. For auditd app, only the "helm-charts/custom" directory fits this app where the tarball is platform owned. Test Plan: PASS - Successfully built packages generating the helm chart and the application tarball. PASS - Verified that the app tarball version was incremented by 1. PASS - Verified basic application lifecycle operations: upload/apply/remove/delete. PASS - Verified the auditd container is running and the audit logs are updated with new events that can be viewed on the host. Story: 2010929 Task: 50330 Change-Id: If72f6c765139a60117a56b898c5c11d71c735597 Signed-off-by: Carmen Rata --- debian_pkg_dirs | 1 + .../custom/audit-helm/audit-helm}/Makefile | 5 +-- .../audit-helm/audit-helm}/audit/.helmignore | 0 .../audit-helm/audit-helm}/audit/Chart.yaml | 0 .../audit-helm}/audit/templates/NOTES.txt | 0 .../audit-helm}/audit/templates/_helpers.tpl | 0 .../audit/templates/configmap.yaml | 0 .../audit/templates/daemonset.yaml | 0 .../audit-helm/audit-helm}/audit/values.yaml | 0 .../debian/deb_folder/audit-helm.install | 1 + .../audit-helm/debian/deb_folder/changelog | 5 +++ .../audit-helm/debian/deb_folder/control | 15 +++++++ .../audit-helm/debian/deb_folder/copyright | 41 +++++++++++++++++++ .../custom/audit-helm/debian/deb_folder/rules | 28 +++++++++++++ .../debian/deb_folder/source/format | 1 + .../custom/audit-helm/debian/meta_data.yaml | 10 +++++ stx-audit-helm/debian/deb_folder/changelog | 7 ++++ stx-audit-helm/debian/deb_folder/control | 5 ++- stx-audit-helm/debian/deb_folder/copyright | 4 +- stx-audit-helm/debian/deb_folder/rules | 31 +++++++++----- stx-audit-helm/debian/meta_data.yaml | 2 +- .../fluxcd-manifests/auditd/helmrelease.yaml | 2 +- 22 files changed, 138 insertions(+), 20 deletions(-) rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/Makefile (86%) rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/audit/.helmignore (100%) rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/audit/Chart.yaml (100%) rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/audit/templates/NOTES.txt (100%) mode change 100755 => 100644 rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/audit/templates/_helpers.tpl (100%) mode change 100755 => 100644 rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/audit/templates/configmap.yaml (100%) mode change 100755 => 100644 rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/audit/templates/daemonset.yaml (100%) rename {stx-audit-helm/stx-audit-helm/helm-charts => helm-charts/custom/audit-helm/audit-helm}/audit/values.yaml (100%) create mode 100644 helm-charts/custom/audit-helm/debian/deb_folder/audit-helm.install create mode 100644 helm-charts/custom/audit-helm/debian/deb_folder/changelog create mode 100644 helm-charts/custom/audit-helm/debian/deb_folder/control create mode 100644 helm-charts/custom/audit-helm/debian/deb_folder/copyright create mode 100755 helm-charts/custom/audit-helm/debian/deb_folder/rules create mode 100644 helm-charts/custom/audit-helm/debian/deb_folder/source/format create mode 100644 helm-charts/custom/audit-helm/debian/meta_data.yaml diff --git a/debian_pkg_dirs b/debian_pkg_dirs index 4a12ac7..d83c1ec 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -1,2 +1,3 @@ +helm-charts/custom/audit-helm python3-k8sapp-auditd stx-audit-helm diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/Makefile b/helm-charts/custom/audit-helm/audit-helm/Makefile similarity index 86% rename from stx-audit-helm/stx-audit-helm/helm-charts/Makefile rename to helm-charts/custom/audit-helm/audit-helm/Makefile index dc98968..976cb39 100644 --- a/stx-audit-helm/stx-audit-helm/helm-charts/Makefile +++ b/helm-charts/custom/audit-helm/audit-helm/Makefile @@ -1,7 +1,7 @@ # # Copyright 2017 The Openstack-Helm Authors. # -# Copyright (c) 2021 Wind River Systems, Inc. +# Copyright (c) 2024 Wind River Systems, Inc. # # SPDX-License-Identifier: Apache-2.0 # @@ -31,12 +31,11 @@ lint-%: init-% if [ -d $* ]; then helm lint $*; fi build-%: - if [ -d $* ]; then helm package $*; fi + if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi clean: @echo "Clean all build artifacts" rm -f */templates/_partials.tpl */templates/_globals.tpl - rm -f *tgz */charts/*tgz */requirements.lock rm -rf */charts */tmpcharts %: diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/.helmignore b/helm-charts/custom/audit-helm/audit-helm/audit/.helmignore similarity index 100% rename from stx-audit-helm/stx-audit-helm/helm-charts/audit/.helmignore rename to helm-charts/custom/audit-helm/audit-helm/audit/.helmignore diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/Chart.yaml b/helm-charts/custom/audit-helm/audit-helm/audit/Chart.yaml similarity index 100% rename from stx-audit-helm/stx-audit-helm/helm-charts/audit/Chart.yaml rename to helm-charts/custom/audit-helm/audit-helm/audit/Chart.yaml diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/NOTES.txt b/helm-charts/custom/audit-helm/audit-helm/audit/templates/NOTES.txt old mode 100755 new mode 100644 similarity index 100% rename from stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/NOTES.txt rename to helm-charts/custom/audit-helm/audit-helm/audit/templates/NOTES.txt diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/_helpers.tpl b/helm-charts/custom/audit-helm/audit-helm/audit/templates/_helpers.tpl old mode 100755 new mode 100644 similarity index 100% rename from stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/_helpers.tpl rename to helm-charts/custom/audit-helm/audit-helm/audit/templates/_helpers.tpl diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/configmap.yaml b/helm-charts/custom/audit-helm/audit-helm/audit/templates/configmap.yaml old mode 100755 new mode 100644 similarity index 100% rename from stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/configmap.yaml rename to helm-charts/custom/audit-helm/audit-helm/audit/templates/configmap.yaml diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml b/helm-charts/custom/audit-helm/audit-helm/audit/templates/daemonset.yaml similarity index 100% rename from stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml rename to helm-charts/custom/audit-helm/audit-helm/audit/templates/daemonset.yaml diff --git a/stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml b/helm-charts/custom/audit-helm/audit-helm/audit/values.yaml similarity index 100% rename from stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml rename to helm-charts/custom/audit-helm/audit-helm/audit/values.yaml diff --git a/helm-charts/custom/audit-helm/debian/deb_folder/audit-helm.install b/helm-charts/custom/audit-helm/debian/deb_folder/audit-helm.install new file mode 100644 index 0000000..8a0c6de --- /dev/null +++ b/helm-charts/custom/audit-helm/debian/deb_folder/audit-helm.install @@ -0,0 +1 @@ +usr/lib/helm/* diff --git a/helm-charts/custom/audit-helm/debian/deb_folder/changelog b/helm-charts/custom/audit-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..7c63939 --- /dev/null +++ b/helm-charts/custom/audit-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +audit-helm (1.0-0) unstable; urgency=medium + + * Initial release. + + -- Carmen Rata Thu, 13 Jun 2024 13:47:47 +0000 diff --git a/helm-charts/custom/audit-helm/debian/deb_folder/control b/helm-charts/custom/audit-helm/debian/deb_folder/control new file mode 100644 index 0000000..8ad06ea --- /dev/null +++ b/helm-charts/custom/audit-helm/debian/deb_folder/control @@ -0,0 +1,15 @@ +Source: audit-helm +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + helm, +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: audit-helm +Section: libs +Architecture: any +Depends: ${misc:Depends} +Description: StarlingX Audit FluxCD Helm Charts + This package contains FluxCD Helm charts for the audit application. diff --git a/helm-charts/custom/audit-helm/debian/deb_folder/copyright b/helm-charts/custom/audit-helm/debian/deb_folder/copyright new file mode 100644 index 0000000..8e77903 --- /dev/null +++ b/helm-charts/custom/audit-helm/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: audit-helm +Source: https://opendev.org/starlingx/audit-armada-app/ + +Files: * +Copyright: (c) 2013-2024 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2021 Wind River Systems, Inc +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/helm-charts/custom/audit-helm/debian/deb_folder/rules b/helm-charts/custom/audit-helm/debian/deb_folder/rules new file mode 100755 index 0000000..52415dd --- /dev/null +++ b/helm-charts/custom/audit-helm/debian/deb_folder/rules @@ -0,0 +1,28 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export ROOT = debian/tmp +export APP_FOLDER = $(ROOT)/usr/lib/helm + +export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export RELEASE = $(shell echo $(DEB_VERSION) | cut -f 1 -d '-') +export REVISION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') +export CHART_VERSION = $(RELEASE).$(REVISION) + +%: + dh $@ + +override_dh_auto_build: + # Create the TGZ file. + mkdir -p build + mv Makefile audit build + + # Build the chart + cd build && make CHART_VERSION=$(CHART_VERSION) audit + +override_dh_auto_install: + install -d -m 755 $(APP_FOLDER) + install -p -D -m 755 build/audit*.tgz $(APP_FOLDER) + +override_dh_auto_test: + diff --git a/helm-charts/custom/audit-helm/debian/deb_folder/source/format b/helm-charts/custom/audit-helm/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/helm-charts/custom/audit-helm/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/helm-charts/custom/audit-helm/debian/meta_data.yaml b/helm-charts/custom/audit-helm/debian/meta_data.yaml new file mode 100644 index 0000000..8e98574 --- /dev/null +++ b/helm-charts/custom/audit-helm/debian/meta_data.yaml @@ -0,0 +1,10 @@ +--- +debname: audit-helm +debver: 1.0-0 +src_path: audit-helm +revision: + dist: $STX_DIST + GITREVCOUNT: + stx_patch: 1 + SRC_DIR: ${MY_REPO}/stx/audit-armada-app/helm-charts/custom/audit-helm/audit-helm/audit + BASE_SRCREV: f5d03fac8a81d2443559fc4dea4f0ffea9f15969 diff --git a/stx-audit-helm/debian/deb_folder/changelog b/stx-audit-helm/debian/deb_folder/changelog index bbc5f0a..25554c0 100644 --- a/stx-audit-helm/debian/deb_folder/changelog +++ b/stx-audit-helm/debian/deb_folder/changelog @@ -1,3 +1,10 @@ +stx-audit-helm (1.0-2) unstable; urgency=medium + + * Split helm chart into separate package and apply auto versioning. + + -- Carmen Rata Thu, 13 Jun 2024 13:47:47 +0000 + + stx-audit-helm (1.0-1) unstable; urgency=medium * Initial release. diff --git a/stx-audit-helm/debian/deb_folder/control b/stx-audit-helm/debian/deb_folder/control index 2991045..5d738dd 100644 --- a/stx-audit-helm/debian/deb_folder/control +++ b/stx-audit-helm/debian/deb_folder/control @@ -4,6 +4,7 @@ Priority: optional Maintainer: StarlingX Developers Build-Depends: debhelper-compat (= 13), helm, + audit-helm, python3-k8sapp-auditd, python3-k8sapp-auditd-wheels, build-info @@ -14,5 +15,5 @@ Package: stx-audit-helm Section: libs Architecture: any Depends: ${misc:Depends} -Description: StarlingX Audit FluxCD Helm Charts - This package contains FluxCD Helm charts for the audit application. +Description: StarlingX Audit FluxCD application + This package contains FluxCD manifests for the audit application. diff --git a/stx-audit-helm/debian/deb_folder/copyright b/stx-audit-helm/debian/deb_folder/copyright index da64b02..d94c200 100644 --- a/stx-audit-helm/debian/deb_folder/copyright +++ b/stx-audit-helm/debian/deb_folder/copyright @@ -3,7 +3,7 @@ Upstream-Name: stx-audit-helm Source: https://opendev.org/starlingx/audit-armada-app/ Files: * -Copyright: (c) 2013-2021 Wind River Systems, Inc +Copyright: (c) 2013-2024 Wind River Systems, Inc License: Apache-2 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ License: Apache-2 # If you want to use GPL v2 or later for the /debian/* files use # the following clauses, or change it to suit. Delete these two lines Files: debian/* -Copyright: 2021 Wind River Systems, Inc +Copyright: 2024 Wind River Systems, Inc License: Apache-2 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/stx-audit-helm/debian/deb_folder/rules b/stx-audit-helm/debian/deb_folder/rules index 54087a2..3c5ad33 100755 --- a/stx-audit-helm/debian/deb_folder/rules +++ b/stx-audit-helm/debian/deb_folder/rules @@ -11,7 +11,8 @@ export REVISION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') export APP_NAME = auditd export APP_VERSION = $(RELEASE)-$(REVISION) -export APP_TARBALL_FLUXCD = $(APP_NAME)-$(APP_VERSION).tgz +export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz +export HELM_FOLDER = /usr/lib/helm export HELM_REPO = stx-platform export STAGING = staging @@ -19,15 +20,26 @@ export STAGING = staging dh $@ override_dh_auto_build: - # Create the TGZ file. - cd helm-charts && make # Setup the staging directory. mkdir -p $(STAGING) cp files/metadata.yaml $(STAGING) + cp -Rv fluxcd-manifests $(STAGING) mkdir -p $(STAGING)/charts - cp helm-charts/*.tgz $(STAGING)/charts + cp /usr/lib/helm/*.tgz $(STAGING)/charts - # Populate metadata. + # Adjust the helmrelease yamls based on the chart versions + for c in $(STAGING)/charts/*; do \ + chart=$$(basename $$c .tgz); \ + chart_name=$${chart%-*}; \ + chart_version=$${chart##*-}; \ + echo "Found $$chart; name: $$chart_name, version: $$chart_version"; \ + chart_manifest=$$(find $(STAGING)/fluxcd-manifests -name helmrelease.yaml -exec grep -q "chart:.*$$chart_name" {} \; -print); \ + echo "Updating manifest: $$chart_manifest"; \ + sed -i "s/REPLACE_HELM_CHART_VERSION/$$chart_version/g" $$chart_manifest; \ + grep version $$chart_manifest; \ + done + + # Populate metadata. sed -i 's/APP_REPLACE_NAME/$(APP_NAME)/g' $(STAGING)/metadata.yaml sed -i 's/APP_REPLACE_VERSION/$(APP_VERSION)/g' $(STAGING)/metadata.yaml sed -i 's/HELM_REPLACE_REPO/$(HELM_REPO)/g' $(STAGING)/metadata.yaml @@ -36,12 +48,9 @@ override_dh_auto_build: mkdir -p $(STAGING)/plugins cp /plugins/*.whl $(STAGING)/plugins - # package fluxcd - cp -R fluxcd-manifests $(STAGING)/ - - # calculate checksum of all files in app_staging + # Create the app package. cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 - tar cfz $(APP_TARBALL_FLUXCD) -C $(STAGING)/ . + tar cfz $(APP_TARBALL) -C $(STAGING)/ . # Cleanup staging. rm -rf $(STAGING) @@ -49,7 +58,7 @@ override_dh_auto_build: override_dh_auto_install: # Install the app tar file. install -d -m 755 $(APP_FOLDER) - install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER) + install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER) install -d -m 755 $(LOGROTATE_FOLDER) install -m 644 -p -D files/auditd.logrotate $(LOGROTATE_FOLDER) diff --git a/stx-audit-helm/debian/meta_data.yaml b/stx-audit-helm/debian/meta_data.yaml index 077753d..0893f10 100644 --- a/stx-audit-helm/debian/meta_data.yaml +++ b/stx-audit-helm/debian/meta_data.yaml @@ -1,6 +1,6 @@ --- debname: stx-audit-helm -debver: 1.0-1 +debver: 1.0-2 src_path: stx-audit-helm revision: dist: $STX_DIST diff --git a/stx-audit-helm/stx-audit-helm/fluxcd-manifests/auditd/helmrelease.yaml b/stx-audit-helm/stx-audit-helm/fluxcd-manifests/auditd/helmrelease.yaml index ee0dfb9..714d8bd 100644 --- a/stx-audit-helm/stx-audit-helm/fluxcd-manifests/auditd/helmrelease.yaml +++ b/stx-audit-helm/stx-audit-helm/fluxcd-manifests/auditd/helmrelease.yaml @@ -14,7 +14,7 @@ spec: chart: spec: chart: auditd - version: 1.0.0 + version: REPLACE_HELM_CHART_VERSION sourceRef: kind: HelmRepository name: stx-platform