From fd6f4311e24cbba1dfbea8e624d43e0f9359b708 Mon Sep 17 00:00:00 2001
From: Michel Thebeau <Michel.Thebeau@windriver.com>
Date: Fri, 20 Sep 2024 20:42:40 +0000
Subject: [PATCH] allow vault-manager chart disable

In order to disable a chart the k8sapp plugin needs to override the
execute_kustomize_updates method.  Copy Bob's fluxcd kustomize example
in platform-integ-apps:

  https://opendev.org/starlingx/platform-armada-app/commit/928c047b

Note: Disabling the vault-manager suggests that another process will
unseal the vault. The vault server will not be unsealed vault-manager.
If it remains sealed the server's readinessprobe will fail and this will
prevent application-apply. Set vault values.yaml
server.readinessProbe.enabled 'false' if necessary to allow the
application-apply to complete.  The same applies for initialization of
the vault.

Test Plan:
PASS  system helm-chart-attribute-modify works to enable and disable the
     vault-manager chart
PASS  vault sanity
PASS  USM upgrade with vault applied

Story: 2011073
Task: 51071

Change-Id: Icda71ceef89cdb84ecaca8d927f41db92a4626bb
Signed-off-by: Michel Thebeau <Michel.Thebeau@windriver.com>
---
 .../k8sapp_vault/helm/vault_manager.py        |  7 +++++
 .../k8sapp_vault/kustomize/__init__.py        | 19 +++++++++++++
 .../k8sapp_vault/kustomize/kustomize_vault.py | 28 +++++++++++++++++++
 python3-k8sapp-vault/k8sapp_vault/setup.cfg   |  3 ++
 4 files changed, 57 insertions(+)
 create mode 100644 python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/__init__.py
 create mode 100644 python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/kustomize_vault.py

diff --git a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py
index 7d41951..a9f837a 100644
--- a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/helm/vault_manager.py
@@ -41,6 +41,13 @@ class VaultManagerHelm(base.FluxCDBaseHelm):
     CHART = app_constants.HELM_CHART_VAULT_MANAGER
     HELM_RELEASE = app_constants.HELM_RELEASE_VAULT_MANAGER
 
+    def execute_kustomize_updates(self, operator):
+        # On application load this chart is enabled. Only disable if
+        # specified by the user
+        if not self._is_enabled(operator.APP, self.CHART,
+                                common.HELM_NS_VAULT):
+            operator.helm_release_resource_delete(self.CHART)
+
     def get_namespaces(self):
         """Return the list of supported namespaces"""
         return self.SUPPORTED_NAMESPACES
diff --git a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/__init__.py b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/__init__.py
new file mode 100644
index 0000000..06516bf
--- /dev/null
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/__init__.py
@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+import yaml
+
+
+class quoted_str(str):
+    pass
+
+
+# force strings to be single-quoted to avoid interpretation as numeric values
+def quoted_presenter(dumper, data):
+    return dumper.represent_scalar(u'tag:yaml.org,2002:str', data, style="'")
+
+
+yaml.add_representer(quoted_str, quoted_presenter)
diff --git a/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/kustomize_vault.py b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/kustomize_vault.py
new file mode 100644
index 0000000..bce0cd1
--- /dev/null
+++ b/python3-k8sapp-vault/k8sapp_vault/k8sapp_vault/kustomize/kustomize_vault.py
@@ -0,0 +1,28 @@
+#
+# Copyright (c) 2024 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# All Rights Reserved.
+#
+
+""" System inventory Kustomization resource operator."""
+
+from sysinv.common import constants
+from sysinv.helm import kustomize_base as base
+
+
+class VaultFluxCDKustomizeOperator(base.FluxCDKustomizeOperator):
+
+    APP = constants.HELM_APP_VAULT
+
+    def platform_mode_kustomize_updates(self, dbapi, mode):
+        """ Update the top-level kustomization resource list
+
+        Make changes to the top-level kustomization resource list based
+        on the platform mode
+
+        :param dbapi: DB api object
+        :param mode: mode to control when to update the resource list
+        """
+        pass
diff --git a/python3-k8sapp-vault/k8sapp_vault/setup.cfg b/python3-k8sapp-vault/k8sapp_vault/setup.cfg
index 6513d18..81c9b82 100644
--- a/python3-k8sapp-vault/k8sapp_vault/setup.cfg
+++ b/python3-k8sapp-vault/k8sapp_vault/setup.cfg
@@ -36,6 +36,9 @@ systemconfig.helm_plugins.vault =
     001_vault = k8sapp_vault.helm.vault:VaultHelm
     002_vault-manager = k8sapp_vault.helm.vault_manager:VaultManagerHelm
 
+systemconfig.fluxcd.kustomize_ops =
+    vault = k8sapp_vault.kustomize.kustomize_vault:VaultFluxCDKustomizeOperator
+
 systemconfig.app_lifecycle =
     vault = k8sapp_vault.lifecycle.lifecycle_vault:VaultAppLifecycleOperator