From cc020bdfcabab6a24d8b2f77ca15e3f9c130996a Mon Sep 17 00:00:00 2001
From: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
Date: Tue, 30 Jun 2020 20:51:50 +0000
Subject: [PATCH] Add Apparmor for prometheus os exporter ks-user Job

 1) Updated docker image for heat to point to Stein and Bionic
 2) Enabled Apparmor Job for prometheus-openstack exporter.

Change-Id: I1ee8acb848ece3c334b087309d452d5137ea0798
Signed-off-by: diwakar thyagaraj <diwakar.chitoor.thyagaraj@att.com>
---
 .../templates/job-ks-user.yaml                |  2 ++
 prometheus-openstack-exporter/values.yaml     |  2 +-
 .../values_overrides/apparmor.yaml            | 13 +++++++
 tools/deployment/apparmor/030-mariadb.sh      |  1 +
 .../070-prometheus-openstack-exporter.sh      | 34 ++++++++++++++++++-
 .../110-openstack-exporter.sh                 |  4 +--
 zuul.d/jobs.yaml                              |  2 +-
 7 files changed, 53 insertions(+), 5 deletions(-)
 mode change 120000 => 100755 tools/deployment/apparmor/070-prometheus-openstack-exporter.sh

diff --git a/prometheus-openstack-exporter/templates/job-ks-user.yaml b/prometheus-openstack-exporter/templates/job-ks-user.yaml
index 10218dbd3..5bbe2f51d 100644
--- a/prometheus-openstack-exporter/templates/job-ks-user.yaml
+++ b/prometheus-openstack-exporter/templates/job-ks-user.yaml
@@ -27,6 +27,8 @@ spec:
     metadata:
       labels:
 {{ tuple $envAll "prometheus-openstack-exporter" "ks-user" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
+      annotations:
+{{ dict "envAll" $envAll "podName" "prometheus-openstack-exporter-ks-user" "containerNames" (list "prometheus-openstack-exporter-ks-user" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
     spec:
 {{ dict "envAll" $envAll "application" "ks_user" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
       serviceAccountName: {{ $serviceAccountName }}
diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml
index 60911557b..55a01bd25 100644
--- a/prometheus-openstack-exporter/values.yaml
+++ b/prometheus-openstack-exporter/values.yaml
@@ -20,7 +20,7 @@ images:
     prometheus_openstack_exporter: docker.io/openstackhelm/prometheus-openstack-exporter:ubuntu_bionic-20191017
     dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
     image_repo_sync: docker.io/docker:17.07.0
-    ks_user: docker.io/openstackhelm/heat:newton-ubuntu_xenial
+    ks_user: docker.io/openstackhelm/heat:stein-ubuntu_bionic
   pull_policy: IfNotPresent
   local_registry:
     active: false
diff --git a/prometheus-openstack-exporter/values_overrides/apparmor.yaml b/prometheus-openstack-exporter/values_overrides/apparmor.yaml
index eb71f1199..8852e2950 100644
--- a/prometheus-openstack-exporter/values_overrides/apparmor.yaml
+++ b/prometheus-openstack-exporter/values_overrides/apparmor.yaml
@@ -5,4 +5,17 @@ pod:
     prometheus-openstack-exporter:
       openstack-metrics-exporter: runtime/default
       init: runtime/default
+    prometheus-openstack-exporter-ks-user:
+      prometheus-openstack-exporter-ks-user: runtime/default
+      init: runtime/default
+manifests:
+  job_ks_user: true
+dependencies:
+  static:
+    prometheus_openstack_exporter:
+      jobs:
+        - prometheus-openstack-exporter-ks-user
+      services:
+        - endpoint: internal
+          service: identity
 ...
diff --git a/tools/deployment/apparmor/030-mariadb.sh b/tools/deployment/apparmor/030-mariadb.sh
index 346e69941..89c17e243 100755
--- a/tools/deployment/apparmor/030-mariadb.sh
+++ b/tools/deployment/apparmor/030-mariadb.sh
@@ -23,6 +23,7 @@ make mariadb
 : ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
 helm upgrade --install mariadb ./mariadb \
     --namespace=osh-infra \
+    --set monitoring.prometheus.enabled=true  \
     ${OSH_INFRA_EXTRA_HELM_ARGS} \
     ${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
 
diff --git a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
deleted file mode 120000
index 8fbe1fef9..000000000
--- a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
+++ /dev/null
@@ -1 +0,0 @@
-../osh-infra-monitoring/100-openstack-exporter.sh
\ No newline at end of file
diff --git a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
new file mode 100755
index 000000000..ff84e5193
--- /dev/null
+++ b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make prometheus-openstack-exporter
+
+: ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
+
+#NOTE: Deploy command
+helm upgrade --install prometheus-openstack-exporter \
+    ./prometheus-openstack-exporter \
+    --namespace=openstack \
+     ${OSH_INFRA_EXTRA_HELM_ARGS} \
+     ${OSH_INFRA_EXTRA_HELM_ARGS_PROMETHEUS_OPENSTACK_EXPORTER}
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh openstack
+
+#NOTE: Validate Deployment info
+helm status prometheus-openstack-exporter
diff --git a/tools/deployment/openstack-support/110-openstack-exporter.sh b/tools/deployment/openstack-support/110-openstack-exporter.sh
index e2559813a..825753721 100755
--- a/tools/deployment/openstack-support/110-openstack-exporter.sh
+++ b/tools/deployment/openstack-support/110-openstack-exporter.sh
@@ -16,14 +16,14 @@ set -xe
 
 #NOTE: Lint and package chart
 make prometheus-openstack-exporter
+: ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER:="$(./tools/deployment/common/get-values-overrides.sh prometheus-openstack-exporter)"}
 
 #NOTE: Deploy command
 : ${OSH_EXTRA_HELM_ARGS:=""}
 helm upgrade --install prometheus-openstack-exporter \
     ./prometheus-openstack-exporter \
     --namespace=openstack \
-    ${OSH_EXTRA_HELM_ARGS} \
-    ${OSH_EXTRA_HELM_ARGS_OS_EXPORTER}
+    ${OSH_INFRA_EXTRA_HELM_ARGS_OS_EXPORTER}
 #NOTE: Wait for deploy
 ./tools/deployment/common/wait-for-pods.sh openstack
 
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 3aa00d31f..2d3232a87 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -285,7 +285,6 @@
         - ./tools/deployment/apparmor/050-prometheus-alertmanager.sh
         - ./tools/deployment/apparmor/055-prometheus.sh
         - ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
-        - ./tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
         - ./tools/deployment/apparmor/075-prometheus-process-exporter.sh
         - ./tools/deployment/apparmor/080-grafana.sh
         - ./tools/deployment/apparmor/085-rabbitmq.sh
@@ -353,6 +352,7 @@
         - ./tools/deployment/openstack-support/070-mariadb.sh
         - ./tools/deployment/openstack-support/080-setup-client.sh
         - ./tools/deployment/openstack-support/090-keystone.sh
+        - ./tools/deployment/openstack-support/110-openstack-exporter.sh
         - ./tools/deployment/apparmor/140-ceph-radosgateway.sh
 
 - job: