From 8ed0c1dd2b338f0f982077bfe890e058493d733e Mon Sep 17 00:00:00 2001
From: Randeep Jalli <rj2083@att.com>
Date: Fri, 5 Apr 2019 13:25:14 -0400
Subject: [PATCH] This commit adds docker-default apparmor profile for
 prometheus-openstack-exporter.

Change-Id: I1461246505f42c41051cebd981217c0064d39928
---
 prometheus-openstack-exporter/values.yaml     |  4 --
 .../070-prometheus-openstack-exporter.sh      | 45 +++++++++++++++++++
 zuul.d/jobs.yaml                              |  1 +
 3 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100755 tools/deployment/apparmor/070-prometheus-openstack-exporter.sh

diff --git a/prometheus-openstack-exporter/values.yaml b/prometheus-openstack-exporter/values.yaml
index f8686f010..821846571 100644
--- a/prometheus-openstack-exporter/values.yaml
+++ b/prometheus-openstack-exporter/values.yaml
@@ -38,10 +38,6 @@ labels:
     node_selector_value: enabled
 
 pod:
-  mandatory_access_control:
-    type: apparmor
-    openstack-metrics-exporter:
-      openstack-metrics-exporter: localhost/docker-default
   security_context:
     openstack_exporter:
       pod:
diff --git a/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
new file mode 100755
index 000000000..c708780cf
--- /dev/null
+++ b/tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Copyright 2019 The Openstack-Helm Authors.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make prometheus-openstack-exporter
+
+#NOTE: Deploy command
+tee /tmp/prometheus-openstack-exporter.yaml << EOF
+manifests:
+  job_ks_user: false
+dependencies:
+  static:
+    prometheus_openstack_exporter:
+      jobs: null
+      services: null
+pod:
+  mandatory_access_control:
+    type: apparmor
+    prometheus-openstack-exporter:
+      openstack-metrics-exporter: localhost/docker-default
+EOF
+helm upgrade --install prometheus-openstack-exporter ./prometheus-openstack-exporter \
+    --namespace=openstack \
+    --values=/tmp/prometheus-openstack-exporter.yaml
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh openstack
+
+#NOTE: Validate Deployment info
+helm status prometheus-openstack-exporter
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 214d86f4e..8addff656 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -210,6 +210,7 @@
         - ./tools/deployment/apparmor/005-deploy-k8s.sh
         - ./tools/deployment/apparmor/040-memcached.sh
         - ./tools/deployment/apparmor/060-prometheus-node-exporter.sh
+        - ./tools/deployment/apparmor/070-prometheus-openstack-exporter.sh
         - ./tools/deployment/apparmor/080-prometheus-process-exporter.sh
         - ./tools/deployment/apparmor/020-ceph.sh