Merge branch 'yeti' into 'development'

python fun See merge request !24

Merge branch 'yeti' into 'development'
python fun See merge request !24
4bc84fd8 · alexander.klepal · 525443bb · 1ecc7e81 · 4bc84fd8 · 4bc84fd8
Commit 4bc84fd8 authored Aug 18, 2021 by alexander.klepal
Hide whitespace changes
Inline Side-by-side

Showing with 25 additions and 186 deletions

Dockerfile Dockerfile +13 -4

hardening_manifest.yaml hardening_manifest.yaml +11 -181

scripts/startup.sh scripts/startup.sh +1 -1

No files found.
--- a/Dockerfile
+++ b/Dockerfile
@@ -27,13 +27,15 @@ USER root

 ########################################
 ## Install Python
-RUN dnf update -y && dnf install -y python38.x86_64 python38-pip-wheel.noarch openssl tar procps iputils hostname \
+RUN dnf update -y --nodocs && dnf install -y --nodocs python3 openssl tar procps iputils hostname \
    && ln -s /usr/bin/python3 /usr/bin/python \
    && ln -s /usr/bin/pip3 /usr/bin/pip \
    && alias python=python3 \
+    && alias pip=pip3 \
    && alternatives --set python /usr/bin/python3 \
    && dnf clean all \
    && rm -rf /var/cache/dnf
+    

 ## Python Installed
 ########################################
@@ -42,11 +44,18 @@ RUN dnf update -y && dnf install -y python38.x86_64 python38-pip-wheel.noarch op
 ## Add the Confluent Docker Utility Belt which helps with starting the proper applications
 ## https://github.com/confluentinc/common-docker/tree/master/utility-belt

+COPY cp-init-container-operator-6.1.2.1_UsrLocalLib64.tar.gz /usr/local/lib64/
+COPY cp-init-container-operator-6.1.2.1_1_UsrLocalLib.tar.gz /usr/local/lib/
+
 COPY confluent_docker_utils-0.0.44-py3-none-any.whl /tmp/confluent_docker_utils-0.0.44-py3-none-any.whl
 COPY *.whl /tmp/python-dependencies/
 COPY *.gz  /tmp/python-dependencies/

-RUN pip3 install --no-index --prefix=/usr/local --upgrade --find-links /tmp/python-dependencies/ /tmp/confluent_docker_utils-0.0.44-py3-none-any.whl
+## copy in the python libs and then 
+RUN cd /usr/local/lib64 && tar -xvf *_UsrLocalLib64.tar.gz && rm *_UsrLocalLib64.tar.gz \
+    && cd /usr/local/lib && tar -xvf *_UsrLocalLib.tar.gz && rm *_UsrLocalLib.tar.gz \
+    && pip3 install --no-index --prefix=/usr/local --find-links /tmp/python-dependencies/ /tmp/confluent_docker_utils-0.0.44-py3-none-any.whl
+    
 ## dub installed
 ########################################

@@ -63,10 +72,10 @@ WORKDIR /opt/
 ENV CONFIG_DIR=/mnt/config
 ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"'
 COPY scripts/licenses /licenses
-# COPY jsonnet /usr/local/bin/jsonnet
+COPY jsonnet /usr/local/bin/jsonnet
 COPY scripts/ /opt

-RUN chmod -R ag+wx "/opt"
+RUN chmod -R ag+wx "/opt" /usr/local/bin/jsonnet

 ENTRYPOINT ["/opt/startup.sh"]


--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -33,196 +33,26 @@ labels:

 # List of resources to make available to the offline build context
 resources:
- filename: boto3-1.17.16-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/c2/03/18184037cb21cab227e392962e0ba9a7596d777a08d7c07c2d3640f939bf/boto3-1.17.16-py2.py3-none-any.whl
+- filename: cp-init-container-operator-6.1.2.1_1_UsrLocalLib.tar.gz
+  url: https://ironbank-files.s3.amazonaws.com/cp-init-container-operator-6.1.2.1_1_UsrLocalLib.tar.gz
  validation:
    type: sha256
-    value: 602eadaef665f49090344e0f87aa6a98dbe1ccdd2f20069a372ed35f2706c63c
- filename: paramiko-2.7.2-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/95/19/124e9287b43e6ff3ebb9cdea3e5e8e88475a873c05ccdf8b7e20d2c4201e/paramiko-2.7.2-py2.py3-none-any.whl
+    value: 4ebe15add0ce30f080473095cc24c58ff835e6ef5cf40f575c64685b120db338
+- filename: cp-init-container-operator-6.1.2.1_UsrLocalLib64.tar.gz
+  url: https://ironbank-files.s3.amazonaws.com/cp-init-container-operator-6.1.2.1_UsrLocalLib64.tar.gz
  validation:
    type: sha256
-    value: 4f3e316fef2ac628b05097a637af35685183111d4bc1b5979bd397c2ab7b5898
- filename: docker-4.4.4-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/c4/22/410313ad554477e87ec406d38d85f810e61ddb0d2fc44e64994857476de9/docker-4.4.4-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: f3607d5695be025fa405a12aca2e5df702a57db63790c73b927eb6a94aac60af
- filename: docker_compose-1.28.4-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/00/ff/17cdd2bc5f581cd80fc0b45b549d48c6eff7cd70d20a9f805a0c89394e69/docker_compose-1.28.4-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 92375b30ab7134e8c32470b621e7cf9a3c0771ce2c20de7e1f11cd71f83a088e
- filename: Jinja2-2.11.3-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 03e47ad063331dd6a3f04a43eddca8a966a26ba0c5b7207a9a9e4e08f1b29419
- filename: mock-4.0.3-py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/5c/03/b7e605db4a57c0f6fba744b11ef3ddf4ddebcada35022927a2b5fc623fdf/mock-4.0.3-py3-none-any.whl
-  validation:
-    type: sha256
-    value: 122fcb64ee37cfad5b3f48d7a7d51875d7031aaf3d8be7c42e2bee25044eee62
- filename: requests-2.25.1-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/29/c1/24814557f1d22c56d50280771a17307e6bf87b70727d975fd6b2ce6b014a/requests-2.25.1-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: c210084e36a42ae6b9219e00e48287def368a26d03a048ddad7bfee44f75871e
- filename: cryptography-3.4.6-cp36-abi3-manylinux2014_x86_64.whl
-  url: https://files.pythonhosted.org/packages/f8/1f/acde6ff69864c5e78b56488e3afd93c1ccc8c2651186e2a5f93d93f64859/cryptography-3.4.6-cp36-abi3-manylinux2014_x86_64.whl
-  validation:
-    type: sha256
-    value: fec7fb46b10da10d9e1d078d1ff8ed9e05ae14f431fdbd11145edd0550b9a964
- filename: s3transfer-0.3.4-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/ea/43/4b4a1b26eb03a429a4c37ca7fdf369d938bd60018fc194e94b8379b0c77c/s3transfer-0.3.4-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 1e28620e5b444652ed752cf87c7e0cb15b0e578972568c6609f0f18212f259ed
- filename: jmespath-0.10.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/07/cb/5f001272b6faeb23c1c9e0acc04d48eaaf5c862c17709d20e3469c6e0139/jmespath-0.10.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f
- filename: botocore-1.20.16-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/17/da/da506c061c22a4068163dc0b8d1f96e9ae87cf34f8086c7460e94261f90f/botocore-1.20.16-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 48350c0524fafcc6f1cf792a80080eeaf282c4ceed016e9296f1ebfda7c34fb3
- filename: python_dateutil-2.8.1-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a
- filename: urllib3-1.26.5-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/0c/cd/1e2ec680ec7b09846dc6e605f5a7709dfb9d7128e51a026e7154e18a234e/urllib3-1.26.5-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 753a0374df26658f99d826cfe40394a686d05985786d946fbe4165b5148f5a7c
- filename: cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl
-  url: https://files.pythonhosted.org/packages/5c/0f/e07df370fac0e99e938edc62c8a15e54b9d75605e11838fa0ef300118e1d/cffi-1.14.5-cp38-cp38-manylinux1_x86_64.whl
-  validation:
-    type: sha256
-    value: 6c97d7350133666fbb5cf4abdc1178c812cb205dc6f41d174a7b0f18fb93337e
- filename: pycparser-2.20-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/ae/e7/d9c3a176ca4b02024debf82342dab36efadfc5776f9c8db077e8f6e71821/pycparser-2.20-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705
- filename: websocket_client-0.57.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/4c/5f/f61b420143ed1c8dc69f9eaec5ff1ac36109d52c80de49d66e0c36c3dfdf/websocket_client-0.57.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 0fc45c961324d79c781bab301359d5a1b00b13ad1b10415a4780229ef71a5549
- filename: six-1.15.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/ee/ff/48bde5c0f013094d729fe4b0316ba2a24774b3ff1c52d924a8a4cb04078a/six-1.15.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced
- filename: docopt-0.6.2.tar.gz
-  url: https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz
-  validation:
-    type: sha256
-    value: 49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491
- filename: jsonschema-3.2.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/c5/8f/51e89ce52a085483359217bc72cdbf6e75ee595d5b1d4b5ade40c7e018b8/jsonschema-3.2.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 4e5b3cf8216f577bee9ce139cbe72eca3ea4f292ec60928ff24758ce626cd163
- filename: python_dotenv-0.15.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/32/2e/e4585559237787966aad0f8fd0fc31df1c4c9eb0e62de458c5b6cde954eb/python_dotenv-0.15.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 0c8d1b80d1a1e91717ea7d526178e3882732420b03f08afea0406db6402e220e
- filename: cached_property-1.5.2-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/48/19/f2090f7dad41e225c7f2326e4cfe6fff49e57dedb5b53636c9551f86b069/cached_property-1.5.2-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: df4f613cf7ad9a588cc381aaf4a512d26265ecebd5eb9e1ba12f1319eb85a6a0
- filename: dockerpty-0.4.1.tar.gz
-  url: https://files.pythonhosted.org/packages/8d/ee/e9ecce4c32204a6738e0a5d5883d3413794d7498fe8b06f44becc028d3ba/dockerpty-0.4.1.tar.gz
-  validation:
-    type: sha256
-    value: 69a9d69d573a0daa31bcd1c0774eeed5c15c295fe719c61aca550ed1393156ce
- filename: PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl
-  url: https://files.pythonhosted.org/packages/70/96/c7245e551b1cb496bfb95840ace55ca60f20d3d8e33d70faf8c78a976899/PyYAML-5.4.1-cp38-cp38-manylinux1_x86_64.whl
-  validation:
-    type: sha256
-    value: 8c1be557ee92a20f184922c7b6424e8ab6691788e6d86137c5d93c1a6ec1b8fb
- filename: texttable-1.6.3-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/06/f5/46201c428aebe0eecfa83df66bf3e6caa29659dbac5a56ddfd83cae0d4a4/texttable-1.6.3-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: f802f2ef8459058736264210f716c757cbf85007a30886d8541aa8c3404f1dda
- filename: distro-1.5.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/25/b7/b3c4270a11414cb22c6352ebc7a83aaa3712043be29daa05018fd5a5c956/distro-1.5.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: df74eed763e18d10d0da624258524ae80486432cd17392d9c3d96f5e83cd2799  
- filename: MarkupSafe-1.1.1-cp38-cp38-manylinux1_x86_64.whl
-  url: https://files.pythonhosted.org/packages/4b/20/f6d7648c81cb84815d0be935d5c74cd1cc0239e43eadb1a61062d34b6543/MarkupSafe-1.1.1-cp38-cp38-manylinux1_x86_64.whl
-  validation:
-    type: sha256
-    value: 13d3144e1e340870b25e7b10b98d779608c02016d5184cfb9927a9f10c689f42
- filename: importlib_metadata-3.7.0-py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/3a/0d/af9e3dce6524461fa1e8327449f392edac8a3d880b4c91ce3e2d25450d03/importlib_metadata-3.7.0-py3-none-any.whl
-  validation:
-    type: sha256
-    value: c6af5dbf1126cd959c4a8d8efd61d4d3c83bddb0459a17e554284a077574b614
- filename: attrs-20.3.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/c3/aa/cb45262569fcc047bf070b5de61813724d6726db83259222cd7b4c79821a/attrs-20.3.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 31b2eced602aa8423c2aea9c76a724617ed67cf9513173fd3a4f03e3a929c7e6
- filename: pyrsistent-0.17.3.tar.gz
-  url: https://files.pythonhosted.org/packages/4d/70/fd441df751ba8b620e03fd2d2d9ca902103119616f0f6cc42e6405035062/pyrsistent-0.17.3.tar.gz
-  validation:
-    type: sha256
-    value: 2e636185d9eb976a18a8a8e96efce62f2905fea90041958d8cc2a189756ebf3e
- filename: PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl
-  url: https://files.pythonhosted.org/packages/9d/57/2f5e6226a674b2bcb6db531e8b383079b678df5b10cdaa610d6cf20d77ba/PyNaCl-1.4.0-cp35-abi3-manylinux1_x86_64.whl
-  validation:
-    type: sha256
-    value: 30f9b96db44e09b3304f9ea95079b1b7316b2b4f3744fe3aaecccd95d547063d
- filename: bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl
-  url: https://files.pythonhosted.org/packages/26/70/6d218afbe4c73538053c1016dd631e8f25fffc10cd01f5c272d7acf3c03d/bcrypt-3.2.0-cp36-abi3-manylinux2010_x86_64.whl
-  validation:
-    type: sha256
-    value: cd1ea2ff3038509ea95f687256c46b79f5fc382ad0aa3664d200047546d511d1
- filename: certifi-2020.12.5-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/5e/a0/5f06e1e1d463903cf0c0eebeb751791119ed7a4b3737fdc9a77f1cdfb51f/certifi-2020.12.5-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: 719a74fb9e33b9bd44cc7f3a8d94bc35e4049deebe19ba7d8e108280cfd59830
- filename: chardet-4.0.0-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/19/c7/fa589626997dd07bd87d9269342ccb74b1720384a4d739a1872bd84fbe68/chardet-4.0.0-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: f864054d66fd9118f2e67044ac8981a54775ec5b67aed0441892edb553d21da5
- filename: idna-2.10-py2.py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/a2/38/928ddce2273eaa564f6f50de919327bf3a00f091b5baba8dfa9460f3a8a8/idna-2.10-py2.py3-none-any.whl
-  validation:
-    type: sha256
-    value: b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0
- filename: typing_extensions-3.7.4.3-py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/60/7a/e881b5abb54db0e6e671ab088d079c57ce54e8a01a3ca443f561ccadb37e/typing_extensions-3.7.4.3-py3-none-any.whl
-  validation:
-    type: sha256
-    value: 7cb407020f00f7bfc3cb3e7881628838e69d8f3fcab2f64742a5e76b2f841918
- filename: zipp-3.4.0-py3-none-any.whl
-  url: https://files.pythonhosted.org/packages/41/ad/6a4f1a124b325618a7fb758b885b68ff7b058eec47d9220a12ab38d90b1f/zipp-3.4.0-py3-none-any.whl
-  validation:
-    type: sha256
-    value: 102c24ef8f171fd729d46599845e95c7ab894a4cf45f5de11a44cc7444fb1108
- filename: jsonnet-0.17.0.tar.gz
-  url: https://files.pythonhosted.org/packages/42/40/6f16e5ac994b16fa71c24310f97174ce07d3a97b433275589265c6b94d2b/jsonnet-0.17.0.tar.gz
-  validation:
-    type: sha256
-    value: 23ffcd4d03a10af7b20b53feee16627debe28345a4d7d5ed07881b7444553bfb 
+    value: a495791c5dc10cddc79e75bebf0353924d269196f235a3c5bcc2c27e3c1c519c
 - filename: confluent_docker_utils-0.0.44-py3-none-any.whl
  url: https://ironbank-files.s3.amazonaws.com/confluent_docker_utils-0.0.44-py3-none-any.whl
  validation:
    type: sha256
    value: 7e2622a934f04a2e5b23a355f920473ccf0144e946b433bc619a9802c1e3785c
+- filename: jsonnet
+  url: https://ironbank-files.s3.amazonaws.com/jsonnet
+  validation:
+    type: sha256
+    value: 9ce7dfdedd3b742bd9a0afb8aa25afe3f5e040e80754aba01868f4a6ae163a2a 

 # List of project maintainers
 maintainers:

--- a/scripts/startup.sh
+++ b/scripts/startup.sh
@@ -10,7 +10,7 @@ fi
 pod_name=${POD_NAME}
 id=${pod_name##*-};
 component_name=${POD_NAME%-*}
-
+./buil
 if [ -e "/mnt/config/pod/${component_name}/template.jsonnet" ]; then
  cat < /mnt/config/pod/"${component_name}"/template.jsonnet | base64 -d > /opt/template.jsonnet
  /usr/local/bin/jsonnet /opt/template.jsonnet --ext-str id="${id}" -o /opt/"${component_name}".json