From 52a13b75c1ed53a19471852c8d6a952bbbe32bee Mon Sep 17 00:00:00 2001 From: Ruslan Aliev Date: Mon, 15 May 2023 16:00:39 -0500 Subject: [PATCH] Add whitelist of packages to bypass verification Change-Id: I459f4a241496cf98bd0bb00f3843f2b58bb397c1 Signed-off-by: Ruslan Aliev --- divingbell/templates/bin/_apt.sh.tpl | 3 ++- divingbell/templates/daemonset-exec.yaml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/divingbell/templates/bin/_apt.sh.tpl b/divingbell/templates/bin/_apt.sh.tpl index 9a2b789..2b7a6e6 100644 --- a/divingbell/templates/bin/_apt.sh.tpl +++ b/divingbell/templates/bin/_apt.sh.tpl @@ -282,9 +282,10 @@ while read -r name version; do fi done < <(apt-cache madison "${!package_info[@]}" | awk '!a[$1]++ {print $1 " " $3}') +whitelist=(attnologin atteksh attlogins cphalo) for pkg in "${!package_info[@]}"; do read -r before after available < <(echo "${package_info[$pkg]}") - if [[ "$after" != "N/A" && "$after" != "$available" ]]; then + if [[ "$after" != "N/A" && "$after" != "$available" && ! ${whitelist[*]} =~ "$pkg" ]]; then log.ERROR "Package $pkg was not properly installed/upgraded, installed version $after, available version $available" exit 1 fi diff --git a/divingbell/templates/daemonset-exec.yaml b/divingbell/templates/daemonset-exec.yaml index 2b69ef5..db3b6f2 100644 --- a/divingbell/templates/daemonset-exec.yaml +++ b/divingbell/templates/daemonset-exec.yaml @@ -14,7 +14,7 @@ # limitations under the License. */}} -{{- define "readinessProbeTemplate" }} +{{- define "readinessProbeExecTemplate" }} exec: command: - cat @@ -58,7 +58,7 @@ spec: imagePullPolicy: {{ .Values.images.pull_policy }} {{ tuple $envAll $envAll.Values.pod.resources.exec | include "helm-toolkit.snippets.kubernetes_resources" | indent 8 }} {{ dict "envAll" $envAll "application" "divingbell" "container" "exec" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }} -{{ dict "envAll" $envAll "component" "divingbell" "container" "exec" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 8 }} +{{ dict "envAll" $envAll "component" "divingbell" "container" "exec" "type" "readiness" "probeTemplate" (include "readinessProbeExecTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 8 }} command: - /tmp/{{ $daemonset }}.sh volumeMounts: