starlingx/audit-armada-app
Code Issues Proposed changes

Auto-increment chart versions for auditd app

Browse Source 
To guarantee the helm chart version is incremented when a helm chart
change is submitted, a top level hierarchy for helm charts to
differentiate between upstream and custom charts:
helm-charts/{custom,upstream}, has been created.
For auditd app, only the "helm-charts/custom" directory fits this app
where the tarball is platform owned.

Test Plan:
PASS - Successfully built packages generating the helm chart and the
       application tarball.
PASS - Verified that the app tarball version was incremented by 1.
PASS - Verified basic application lifecycle operations:
       upload/apply/remove/delete.
PASS - Verified the auditd container is running and the audit logs
       are updated with new events that can be viewed on the host.

Story: 2010929
Task: 50330

Change-Id: If72f6c765139a60117a56b898c5c11d71c735597
Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
This commit is contained in:
Carmen Rata 2024-06-13 13:47:47 +00:00
parent f5d03fac8a
commit a478913e5e
22 changed files with 138 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian_pkg_dirs
View File

@ -1,2 +1,3 @@
helm-charts/custom/audit-helm
python3-k8sapp-auditd python3-k8sapp-auditd
stx-audit-helm stx-audit-helm

5
stx-audit-helm/stx-audit-helm/helm-charts/Makefile → helm-charts/custom/audit-helm/audit-helm/Makefile
View File

@ -1,7 +1,7 @@
# #
# Copyright 2017 The Openstack-Helm Authors. # Copyright 2017 The Openstack-Helm Authors.
# #
# Copyright (c) 2021 Wind River Systems, Inc. # Copyright (c) 2024 Wind River Systems, Inc.
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
@ -31,12 +31,11 @@ lint-%: init-%
if [ -d $* ]; then helm lint $*; fi if [ -d $* ]; then helm lint $*; fi
build-%: build-%:
if [ -d $* ]; then helm package $*; fi if [ -d $* ]; then helm package --version $(CHART_VERSION) $*; fi
clean: clean:
@echo "Clean all build artifacts" @echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -f *tgz */charts/*tgz */requirements.lock
rm -rf */charts */tmpcharts rm -rf */charts */tmpcharts
%: %:

0
stx-audit-helm/stx-audit-helm/helm-charts/audit/.helmignore → helm-charts/custom/audit-helm/audit-helm/audit/.helmignore
View File

0
stx-audit-helm/stx-audit-helm/helm-charts/audit/Chart.yaml → helm-charts/custom/audit-helm/audit-helm/audit/Chart.yaml
View File

0
stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/NOTES.txt → helm-charts/custom/audit-helm/audit-helm/audit/templates/NOTES.txt Executable file → Normal file
View File

0
stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/_helpers.tpl → helm-charts/custom/audit-helm/audit-helm/audit/templates/_helpers.tpl Executable file → Normal file
View File

0
stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/configmap.yaml → helm-charts/custom/audit-helm/audit-helm/audit/templates/configmap.yaml Executable file → Normal file
View File

0
stx-audit-helm/stx-audit-helm/helm-charts/audit/templates/daemonset.yaml → helm-charts/custom/audit-helm/audit-helm/audit/templates/daemonset.yaml
View File

0
stx-audit-helm/stx-audit-helm/helm-charts/audit/values.yaml → helm-charts/custom/audit-helm/audit-helm/audit/values.yaml
View File

1
helm-charts/custom/audit-helm/debian/deb_folder/audit-helm.install Normal file
View File

@ -0,0 +1 @@
usr/lib/helm/*

5
helm-charts/custom/audit-helm/debian/deb_folder/changelog Normal file
View File

@ -0,0 +1,5 @@
audit-helm (1.0-0) unstable; urgency=medium
* Initial release.
-- Carmen Rata <carmen.rata@windriver.com> Thu, 13 Jun 2024 13:47:47 +0000

15
helm-charts/custom/audit-helm/debian/deb_folder/control Normal file
View File

@ -0,0 +1,15 @@
Source: audit-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
helm,
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: audit-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Audit FluxCD Helm Charts
This package contains FluxCD Helm charts for the audit application.

41
helm-charts/custom/audit-helm/debian/deb_folder/copyright Normal file
View File

@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: audit-helm
Source: https://opendev.org/starlingx/audit-armada-app/
Files: *
Copyright: (c) 2013-2024 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2021 Wind River Systems, Inc
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

28
helm-charts/custom/audit-helm/debian/deb_folder/rules Executable file
View File

@ -0,0 +1,28 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export ROOT = debian/tmp
export APP_FOLDER = $(ROOT)/usr/lib/helm
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export RELEASE = $(shell echo $(DEB_VERSION) | cut -f 1 -d '-')
export REVISION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export CHART_VERSION = $(RELEASE).$(REVISION)
%:
dh $@
override_dh_auto_build:
# Create the TGZ file.
mkdir -p build
mv Makefile audit build
# Build the chart
cd build && make CHART_VERSION=$(CHART_VERSION) audit
override_dh_auto_install:
install -d -m 755 $(APP_FOLDER)
install -p -D -m 755 build/audit*.tgz $(APP_FOLDER)
override_dh_auto_test:

1
helm-charts/custom/audit-helm/debian/deb_folder/source/format Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

10
helm-charts/custom/audit-helm/debian/meta_data.yaml Normal file
View File

@ -0,0 +1,10 @@
---
debname: audit-helm
debver: 1.0-0
src_path: audit-helm
revision:
dist: $STX_DIST
GITREVCOUNT:
stx_patch: 1
SRC_DIR: ${MY_REPO}/stx/audit-armada-app/helm-charts/custom/audit-helm/audit-helm/audit
BASE_SRCREV: f5d03fac8a81d2443559fc4dea4f0ffea9f15969

7
stx-audit-helm/debian/deb_folder/changelog
View File

@ -1,3 +1,10 @@
stx-audit-helm (1.0-2) unstable; urgency=medium
* Split helm chart into separate package and apply auto versioning.
-- Carmen Rata <carmen.rata@windriver.com> Thu, 13 Jun 2024 13:47:47 +0000
stx-audit-helm (1.0-1) unstable; urgency=medium stx-audit-helm (1.0-1) unstable; urgency=medium
* Initial release. * Initial release.

5
stx-audit-helm/debian/deb_folder/control
View File

@ -4,6 +4,7 @@ Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io> Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13), Build-Depends: debhelper-compat (= 13),
helm, helm,
audit-helm,
python3-k8sapp-auditd, python3-k8sapp-auditd,
python3-k8sapp-auditd-wheels, python3-k8sapp-auditd-wheels,
build-info build-info
@ -14,5 +15,5 @@ Package: stx-audit-helm
Section: libs Section: libs
Architecture: any Architecture: any
Depends: ${misc:Depends} Depends: ${misc:Depends}
Description: StarlingX Audit FluxCD Helm Charts Description: StarlingX Audit FluxCD application
This package contains FluxCD Helm charts for the audit application. This package contains FluxCD manifests for the audit application.

4
stx-audit-helm/debian/deb_folder/copyright
View File

@ -3,7 +3,7 @@ Upstream-Name: stx-audit-helm
Source: https://opendev.org/starlingx/audit-armada-app/ Source: https://opendev.org/starlingx/audit-armada-app/
Files: * Files: *
Copyright: (c) 2013-2021 Wind River Systems, Inc Copyright: (c) 2013-2024 Wind River Systems, Inc
License: Apache-2 License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.
@ -23,7 +23,7 @@ License: Apache-2
# If you want to use GPL v2 or later for the /debian/* files use # If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines # the following clauses, or change it to suit. Delete these two lines
Files: debian/* Files: debian/*
Copyright: 2021 Wind River Systems, Inc Copyright: 2024 Wind River Systems, Inc
License: Apache-2 License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License. you may not use this file except in compliance with the License.

31
stx-audit-helm/debian/deb_folder/rules
View File

@ -11,7 +11,8 @@ export REVISION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export APP_NAME = auditd export APP_NAME = auditd
export APP_VERSION = $(RELEASE)-$(REVISION) export APP_VERSION = $(RELEASE)-$(REVISION)
export APP_TARBALL_FLUXCD = $(APP_NAME)-$(APP_VERSION).tgz export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz
export HELM_FOLDER = /usr/lib/helm
export HELM_REPO = stx-platform export HELM_REPO = stx-platform
export STAGING = staging export STAGING = staging
@ -19,15 +20,26 @@ export STAGING = staging
dh $@ dh $@
override_dh_auto_build: override_dh_auto_build:
# Create the TGZ file.
cd helm-charts && make
# Setup the staging directory. # Setup the staging directory.
mkdir -p $(STAGING) mkdir -p $(STAGING)
cp files/metadata.yaml $(STAGING) cp files/metadata.yaml $(STAGING)
cp -Rv fluxcd-manifests $(STAGING)
mkdir -p $(STAGING)/charts mkdir -p $(STAGING)/charts
cp helm-charts/*.tgz $(STAGING)/charts cp /usr/lib/helm/*.tgz $(STAGING)/charts
# Populate metadata. # Adjust the helmrelease yamls based on the chart versions
for c in $(STAGING)/charts/*; do \
chart=$$(basename $$c .tgz); \
chart_name=$${chart%-*}; \
chart_version=$${chart##*-}; \
echo "Found $$chart; name: $$chart_name, version: $$chart_version"; \
chart_manifest=$$(find $(STAGING)/fluxcd-manifests -name helmrelease.yaml -exec grep -q "chart:.*$$chart_name" {} \; -print); \
echo "Updating manifest: $$chart_manifest"; \
sed -i "s/REPLACE_HELM_CHART_VERSION/$$chart_version/g" $$chart_manifest; \
grep version $$chart_manifest; \
done
# Populate metadata.
sed -i 's/APP_REPLACE_NAME/$(APP_NAME)/g' $(STAGING)/metadata.yaml sed -i 's/APP_REPLACE_NAME/$(APP_NAME)/g' $(STAGING)/metadata.yaml
sed -i 's/APP_REPLACE_VERSION/$(APP_VERSION)/g' $(STAGING)/metadata.yaml sed -i 's/APP_REPLACE_VERSION/$(APP_VERSION)/g' $(STAGING)/metadata.yaml
sed -i 's/HELM_REPLACE_REPO/$(HELM_REPO)/g' $(STAGING)/metadata.yaml sed -i 's/HELM_REPLACE_REPO/$(HELM_REPO)/g' $(STAGING)/metadata.yaml
@ -36,12 +48,9 @@ override_dh_auto_build:
mkdir -p $(STAGING)/plugins mkdir -p $(STAGING)/plugins
cp /plugins/*.whl $(STAGING)/plugins cp /plugins/*.whl $(STAGING)/plugins
# package fluxcd # Create the app package.
cp -R fluxcd-manifests $(STAGING)/
# calculate checksum of all files in app_staging
cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
tar cfz $(APP_TARBALL_FLUXCD) -C $(STAGING)/ . tar cfz $(APP_TARBALL) -C $(STAGING)/ .
# Cleanup staging. # Cleanup staging.
rm -rf $(STAGING) rm -rf $(STAGING)
@ -49,7 +58,7 @@ override_dh_auto_build:
override_dh_auto_install: override_dh_auto_install:
# Install the app tar file. # Install the app tar file.
install -d -m 755 $(APP_FOLDER) install -d -m 755 $(APP_FOLDER)
install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER) install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER)
install -d -m 755 $(LOGROTATE_FOLDER) install -d -m 755 $(LOGROTATE_FOLDER)
install -m 644 -p -D files/auditd.logrotate $(LOGROTATE_FOLDER) install -m 644 -p -D files/auditd.logrotate $(LOGROTATE_FOLDER)

2
stx-audit-helm/debian/meta_data.yaml
View File

@ -1,6 +1,6 @@
--- ---
debname: stx-audit-helm debname: stx-audit-helm
debver: 1.0-1 debver: 1.0-2
src_path: stx-audit-helm src_path: stx-audit-helm
revision: revision:
dist: $STX_DIST dist: $STX_DIST

2
stx-audit-helm/stx-audit-helm/fluxcd-manifests/auditd/helmrelease.yaml
View File

@ -14,7 +14,7 @@ spec:
chart: chart:
spec: spec:
chart: auditd chart: auditd
version: 1.0.0 version: REPLACE_HELM_CHART_VERSION
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: stx-platform name: stx-platform