Add Debian packaging for oidc-auth app

Create Debian packages for dex-helm, oidc-auth-tools,
python-k8sapp-oidc and stx-oidc-auth-helm packages.

In order to adhere to python3 package naming conventions,
the oidc-auth-tools package is named python3-oidcauthtools.

Story: 2009101
Task: 43840

Signed-off-by: Tracey Bogue <tracey.bogue@windriver.com>
Change-Id: Ic2b9a0534897f96e5ce439c6630d9abf175ead4f

debian_pkg_dirs

@@ -0,0 +1,4 @@
+dex-helm
+stx-oidc-auth-helm
+oidc-auth-tools
+python-k8sapp-oidc

dex-helm/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+dex-helm (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ --  Tracey Bogue <tracey.bogue@windriver.com>  Wed, 3 Nov 2021 08:42:42 +0000

dex-helm/debian/deb_folder/control

@@ -0,0 +1,15 @@
+Source: dex-helm
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ helm
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: dex-helm
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}
+Description: StarlingX Dex Helm Charts
+ This package contains Dex helm charts for the OIDC auth application.

dex-helm/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: dex-helm
+Source: https://opendev.org/starlingx/oidc-auth-armada-app/
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

dex-helm/debian/deb_folder/dex-helm.install

@@ -0,0 +1 @@
+usr/lib/helm/*

dex-helm/debian/deb_folder/rules

@@ -0,0 +1,30 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export ROOT = debian/tmp
+export HELM_FOLDER = $(ROOT)/usr/lib/helm
+
+%:
+	dh $@
+
+override_dh_auto_build:
+	# Move the source files from the extracted root directory to build root.
+	mv helm-charts/* .
+	# Apply the openstack-helm patches.
+	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0001-Update-Dex-chart-for-Kubernetes-API-1.16.patch
+	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0002-add-image-pull-secrets.patch
+	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0003-Add-affinity-support.patch
+	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0004-Automatically-roll-deployments.patch
+	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0005-Update-Dex-chart-for-Helm-v3.patch
+	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0006-Create-new-config-value-extraStaticClients.patch
+	patch --no-backup-if-mismatch --fuzz=0 -p1 < 0007-Add-tolerance-in-dex-helm-chart.patch
+	# Create the chart TGZ files.
+	cp Makefile stable
+	cd stable && make dex
+
+override_dh_auto_install:
+	# Install the app tar file.
+	install -d -m 755 $(HELM_FOLDER)
+	install -p -D -m 755 stable/*.tgz $(HELM_FOLDER)
+
+override_dh_auto_test:

dex-helm/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

dex-helm/debian/dl_hook

@@ -0,0 +1,25 @@
+#!/bin/bash
+set -x
+
+PKG_BUILD_NAME=$1
+PKG_BUILD_ROOT=$(realpath `pwd`/${PKG_BUILD_NAME})
+PKG_DIR="dex-helm"
+STX_BASE=$(realpath ${MY_REPO}/stx)
+SRC=$(realpath ${STX_BASE}/oidc-auth-armada-app/${PKG_DIR})
+
+mkdir -p ${PKG_BUILD_ROOT}
+pushd ${PKG_BUILD_ROOT}
+
+# Local mirror workaround until CGCS_BASE mirror is supported.
+STX_MIRROR=$(realpath "/import/mirrors/starlingx")
+
+# Download dex helm chart source package.
+DEX_PKG="helm-charts-92b6289ae93816717a8453cfe62bad51cbdb8ad0.tar.gz"
+DEX_SRC_PATH=$(realpath ${STX_MIRROR}/downloads/${DEX_PKG})
+cp ${DEX_SRC_PATH} ${PKG_BUILD_ROOT}
+
+# Extract the dex helm chart tar file.
+tar xfzvv ${DEX_PKG}
+
+# Copy source files to the build directory.
+cp -pr ${SRC}/files/* ${PKG_BUILD_ROOT}

dex-helm/debian/meta_data.yaml

@@ -0,0 +1,7 @@
+---
+debname: dex-helm
+debver: 1.0-1
+dl_hook: dl_hook
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

oidc-auth-tools/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+python3-oidcauthtools (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ --  Tracey Bogue <tracey.bogue@windriver.com>  Wed, 3 Nov 2021 09:20:42 +0000

oidc-auth-tools/debian/deb_folder/control

@@ -0,0 +1,32 @@
+Source: python3-oidcauthtools
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ dh-python,
+ python3-all,
+ python3-pbr (>= 2.0.0),
+ python3-setuptools,
+ python3-wheel
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: python3-oidcauthtools
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends},
+ python3-html5lib,
+ python3-mechanize,
+ python3-pbr (>= 2.0.0),
+ python3-webencodings
+Description: OIDC Authentication Tools
+ This package contains OIDC authentication tools to obtain a token
+ from DEX and setup kubernetes credentials for a user.
+
+Package: python3-oidcauthtools-wheels
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel
+Description: OIDC Authentication Tools Wheels
+ This package contains python wheels for the OIDC authentication
+ tools.

oidc-auth-tools/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: python3-oidcauthtools
+Source: https://opendev.org/starlingx/oidc-auth-armada-app/
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

oidc-auth-tools/debian/deb_folder/python3-oidcauthtools-wheels.install

@@ -0,0 +1 @@
+wheels/*

oidc-auth-tools/debian/deb_folder/python3-oidcauthtools.install

@@ -0,0 +1,3 @@
+usr/bin/oidc-auth
+usr/lib/python3/dist-packages/oidcauthtools-1.0.0.egg-info/*
+usr/lib/python3/dist-packages/oidcauthtools/*

oidc-auth-tools/debian/deb_folder/rules

@@ -0,0 +1,19 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export PBR_VERSION=1.0.0
+export ROOT=$(CURDIR)/debian/tmp
+
+%:
+	dh $@ --with=python3 --buildsystem=pybuild
+
+override_dh_auto_install:
+	python3 setup.py install \
+		--install-layout=deb \
+		--root $(ROOT) \
+		--prefix=/usr \
+		--install-data=/usr/share \
+		--single-version-externally-managed
+	python3 setup.py bdist_wheel \
+		--universal \
+		-d $(ROOT)/wheels

oidc-auth-tools/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

oidc-auth-tools/debian/meta_data.yaml

@@ -0,0 +1,7 @@
+---
+debname: python3-oidcauthtools
+debver: 1.0-1
+src_path: oidcauthtools
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

python-k8sapp-oidc/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+python3-k8sapp-oidc (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ --  Tracey Bogue <tracey.bogue@windriver.com>  Wed, 3 Nov 2021 09:53:42 +0000

python-k8sapp-oidc/debian/deb_folder/control

@@ -0,0 +1,28 @@
+Source: python3-k8sapp-oidc
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ dh-python,
+ python3-all,
+ python3-pbr,
+ python3-setuptools,
+ python3-wheel
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: python3-k8sapp-oidc
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends}
+Description: StarlingX Sysinv OIDC Auth Extensions
+ This package contains sysinv plugins for the OIDC authentication
+ K8S app.
+
+Package: python3-k8sapp-oidc-wheels
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel
+Description: StarlingX Sysinv OIDC Auth Extension Wheels
+ This package contains python wheels for the OIDC authentication
+ K8S app plugins.

python-k8sapp-oidc/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: python3-k8sapp-oidc
+Source: https://opendev.org/starlingx/oidc-auth-armada-app/
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

python-k8sapp-oidc/debian/deb_folder/python3-k8sapp-oidc-wheels.install

@@ -0,0 +1 @@
+plugins/oidc-auth-apps/*.whl

python-k8sapp-oidc/debian/deb_folder/python3-k8sapp-oidc.install

@@ -0,0 +1,2 @@
+usr/lib/python3/dist-packages/k8sapp_oidc-1.0.0.egg-info/*
+usr/lib/python3/dist-packages/k8sapp_oidc/*

python-k8sapp-oidc/debian/deb_folder/rules

@@ -0,0 +1,22 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export APP_NAME=oidc-auth-apps
+export PBR_VERSION=1.0.0
+export PYBUILD_NAME=k8sapp_oidc
+export ROOT=debian/tmp
+
+%:
+	dh $@ --with=python3 --buildsystem=pybuild
+
+override_dh_auto_install:
+	python3 setup.py install --install-layout=deb --root $(ROOT)
+	python3 setup.py bdist_wheel \
+		--universal \
+		-d $(ROOT)/plugins/$(APP_NAME)
+
+ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS)))
+override_dh_auto_test:
+	# (tbogue) FIXME
+	PYTHONDIR=$(CURDIR) stestr run || true
+endif

python-k8sapp-oidc/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

python-k8sapp-oidc/debian/meta_data.yaml

@@ -0,0 +1,7 @@
+---
+debname: python3-k8sapp-oidc
+debver: 1.0-1
+src_path: k8sapp_oidc
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

stx-oidc-auth-helm/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+stx-oidc-auth-helm (1.0-1) unstable; urgency=medium
+
+  * Initial release.
+
+ --  Tracey Bogue <tracey.bogue@windriver.com>  Wed, 3 Nov 2021 10:50:42 +0000

stx-oidc-auth-helm/debian/deb_folder/control

@@ -0,0 +1,19 @@
+Source: stx-oidc-auth-helm
+Section: libs
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13),
+ dex-helm,
+ helm,
+ python3-k8sapp-oidc,
+ python3-k8sapp-oidc-wheels
+Standards-Version: 4.5.1
+Homepage: https://www.starlingx.io
+
+Package: stx-oidc-auth-helm
+Section: libs
+Architecture: any
+Depends: ${misc:Depends}, dex-helm
+Description: StarlingX OIDC Authorization Helm Charts
+ This package contains Armada helm charts for the OIDC authorization
+ application.

stx-oidc-auth-helm/debian/deb_folder/copyright

@@ -0,0 +1,41 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: stx-oidc-auth-helm
+Source: https://opendev.org/starlingx/oidc-auth-armada-app/
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.
+
+# If you want to use GPL v2 or later for the /debian/* files use
+# the following clauses, or change it to suit. Delete these two lines
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

stx-oidc-auth-helm/debian/deb_folder/rules

@@ -0,0 +1,50 @@
+#!/usr/bin/make -f
+# export DH_VERBOSE = 1
+
+export ROOT = debian/tmp
+export APP_FOLDER = $(ROOT)/usr/local/share/applications/helm
+
+export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
+export MAJOR = $(shell echo $(DEB_VERSION) | cut -f 1 -d '.')
+export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 2 -d '.')
+
+export APP_NAME = oidc-auth-apps
+export APP_VERSION = $(MAJOR).$(MINOR_PATCH)
+export APP_TARBALL = $(APP_NAME)-$(APP_VERSION).tgz
+export HELM_FOLDER = /usr/lib/helm
+export HELM_REPO = stx-platform
+export STAGING = staging
+
+%:
+	dh $@
+
+override_dh_auto_build:
+	# Create the TGZ file.
+	cd helm-charts && make oidc-client
+	cd helm-charts && make secret-observer
+	# Setup the staging directory.
+	mkdir -p $(STAGING)
+	cp files/metadata.yaml $(STAGING)
+	cp manifests/manifest.yaml $(STAGING)
+	mkdir -p $(STAGING)/charts
+	cp helm-charts/*.tgz $(STAGING)/charts
+	cp $(HELM_FOLDER)/dex*.tgz $(STAGING)/charts
+	# Populate metadata.
+	sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml
+	sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml
+	sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml
+	# Copy the plugins: installed in the buildroot
+	mkdir -p $(STAGING)/plugins
+	cp /plugins/$(APP_NAME)/*.whl $(STAGING)/plugins
+	# Create the app package.
+	cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
+	tar cfz $(APP_TARBALL) -C $(STAGING)/ .
+	# Cleanup staging
+	rm -rf $(STAGING)
+
+override_dh_auto_install:
+	# Install the app tar file.
+	install -d -m 755 $(APP_FOLDER)
+	install -p -D -m 755 $(APP_TARBALL) $(APP_FOLDER)
+
+override_dh_usrlocal:

stx-oidc-auth-helm/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

stx-oidc-auth-helm/debian/deb_folder/stx-oidc-auth-helm.install

@@ -0,0 +1 @@
+usr/local/share/applications/helm/*

stx-oidc-auth-helm/debian/dl_hook

@@ -0,0 +1,18 @@
+#!/bin/bash
+set -x
+
+PKG_BUILD_NAME=$1
+PKG_BUILD_ROOT=$(realpath `pwd`/${PKG_BUILD_NAME})
+PKG_DIR="stx-oidc-auth-helm"
+
+STX_BASE=$(realpath ${MY_REPO}/stx)
+SRC=$(realpath ${STX_BASE}/oidc-auth-armada-app/${PKG_DIR}/${PKG_DIR})
+SECRET_HELM_CHARTS=$(realpath ${STX_BASE}/helm-charts/secret-observer/secret-observer/helm-charts)
+
+mkdir -p ${PKG_BUILD_ROOT}
+
+# Copy PSP rolebinding helm charts to the build directory.
+cp -pr ${SECRET_HELM_CHARTS} ${PKG_BUILD_ROOT}
+cp -pr ${SRC}/files ${PKG_BUILD_ROOT}
+cp -pr ${SRC}/helm-charts/* ${PKG_BUILD_ROOT}/helm-charts
+cp -pr ${SRC}/manifests ${PKG_BUILD_ROOT}

stx-oidc-auth-helm/debian/meta_data.yaml

@@ -0,0 +1,7 @@
+---
+debname: stx-oidc-auth-helm
+debver: 1.0-1
+dl_hook: dl_hook
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true