From 51de975f79cae1ba6478da8ef7313ba0289f2566 Mon Sep 17 00:00:00 2001
From: Scott Stroud <sstroud@confluent.io>
Date: Wed, 31 Jul 2024 10:11:37 -0600
Subject: [PATCH] init

---
 .gitignore                 |  2 ++
 Dockerfile                 |  6 +++---
 hardening_manifest.yaml    | 16 ++++++++--------
 scripts/importArtifacts.sh | 27 ++++++++++-----------------
 4 files changed, 23 insertions(+), 28 deletions(-)

diff --git a/.gitignore b/.gitignore
index 64da4f0..2027397 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,5 @@
 *.tar.gz
 *.rpm
 build-image.sh
+scripts/importArtifacts.sh
+scripts/importArtifacts.sh
diff --git a/Dockerfile b/Dockerfile
index ebcc0b6..9dedcfe 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,11 @@
 ARG CONFLUENT_OPERATOR_BASE_IMAGE=confluentinc/confluent-operator
-ARG CONFLUENT_OPERATOR_BASE_TAG=0.771.68
+ARG CONFLUENT_OPERATOR_BASE_TAG=0.1033.3
 
 ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=redhat/ubi/ubi8
 ARG BASE_TAG=8.9
 
-FROM ${CONFLUENT_OPERATOR_BASE_IMAGE}:${CONFLUENT_OPERATOR_BASE_TAG} as base
+FROM ${CONFLUENT_OPERATOR_BASE_IMAGE}:${CONFLUENT_OPERATOR_BASE_TAG} AS base
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
 WORKDIR /opt
@@ -21,11 +21,11 @@ COPY hardening_manifest.yaml /etc/confluent/ironbank/
 ## copy from dockerhub image
 COPY --from=base /licenses /licenses
 COPY --from=base /opt/manager /opt/manager
+
 COPY scripts/entrypoint.sh /entrypoint.sh
 
 RUN echo "===> Dependency update" \
         && dnf update -y --nodocs \
-        && chmod gu-s /usr/bin/write \
     && echo "===> Clean up, Clean up" \
         && dnf clean all \
         && yum clean all \
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 3e7e271..80897a5 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,15 +8,15 @@ name: "confluentinc/confluent-operator"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dso.mil
 tags:
-  - "2.6.4"
-  - "2.6"
-  - "0.771.68"
-  - "0.771"
+  - "2.9.0"
+  - "2.9"
+  - "0.1033.3"
+  - "0.1033"
   
 # Build args passed to Dockerfile ARGs
 args:
   CONFLUENT_OPERATOR_BASE_IMAGE: "confluentinc/confluent-operator"
-  CONFLUENT_OPERATOR_BASE_TAG: "0.771.68"
+  CONFLUENT_OPERATOR_BASE_TAG: "0.1033.3"
   BASE_IMAGE: "redhat/ubi/ubi8"
   BASE_TAG: "8.9"
 
@@ -27,14 +27,14 @@ labels:
   org.opencontainers.image.licenses: "CONFLUENT ENTERPRISE LICENSE"
   org.opencontainers.image.url: "https://docs.confluent.io/current/installation/operator/index.html"
   org.opencontainers.image.vendor: "Confluent"
-  org.opencontainers.image.version: "0.771.68"
+  org.opencontainers.image.version: "0.1033.3"
   mil.dso.ironbank.image.keywords: "confluent,kafka,zookeeper,operator"
   mil.dso.ironbank.image.type: "commercial"
   mil.dso.ironbank.product.name: "Confluent Platform"
 
 resources:
-  - tag: confluentinc/confluent-operator:0.771.68
-    url: docker://docker.io/confluentinc/confluent-operator:0.771.68
+  - tag: "confluentinc/confluent-operator:0.1033.3"
+    url: "docker://docker.io/confluentinc/confluent-operator@sha256:81883a6d37e17fa0c73b941fc6ee9de310432f97b9e319f14d046c28b0628621"
 
 # List of project maintainers
 maintainers:
diff --git a/scripts/importArtifacts.sh b/scripts/importArtifacts.sh
index f6b0d24..3213270 100755
--- a/scripts/importArtifacts.sh
+++ b/scripts/importArtifacts.sh
@@ -24,6 +24,9 @@ importArtifacts() {
     echo -e "\nImporting ${httpdomain} artifacts ..."
 
     maniDir=$(dirname "$manifestPath")
+    if [[ ! -f "$maniDir/build-image.sh" ]]; then
+        cp build-image.sh $maniDir/
+    fi
 
     # (re)set the filelist.txt
     mkdir -p $resourceDir    
@@ -33,19 +36,11 @@ importArtifacts() {
             url=${line##*$prefix}
             filename=$(basename "$url")
             
-            local=$(find $RESOURCE_HOME -name $filename)
-            echo "local $local"
-
-            if [[ -f "$filename" ]]; then
-                echo "AA"
-                echo "Using existing $filename. Run ./clean.sh if thats not desired."
-            elif [[ ! -z "$local" ]]; then
-                echo "BB"
-                echo "Using existing $local. Run ./clean.sh if thats not desired."
-                cp $local $maniDir/
-            else
+            if [[ ! -f "$filename" ]]; then
                 echo "downloading ${url} ..."
                 wget $url            
+            else
+                echo "Using existing $filename. Run ./clean.sh if thats not desired."
             fi
 
             if [[ ! -f "$maniDir/$filename" ]]; then
@@ -60,14 +55,12 @@ mani=$(realpath "../hardening_manifest.yaml")
 
 importArtifacts $mani 'ironbank-files.s3.amazonaws.com' "$RESOURCE_HOME/ironbank-files"
 importArtifacts $mani 'packages.confluent.io' "$RESOURCE_HOME/confluent"
-importArtifacts $mani 's3.us-west-2.amazonaws.com/staging-confluent-packages' "$RESOURCE_HOME/confluent"
 importArtifacts $mani 'files.pythonhosted.org' "$RESOURCE_HOME/pythonhosted"
-importArtifacts $mani 'repo1.maven.org' "$RESOURCE_HOME/maven"
 
-# echo "Generating hardening_manifest_template.yaml ..."
-# $SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/ironbank-files"
-# $SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/confluent"
-# $SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/pythonhosted"
+echo "Generating hardening_manifest_template.yaml ..."
+$SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/ironbank-files"
+$SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/confluent"
+$SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/pythonhosted"
 
 end=`date +%s`
 duration=$((end-start))
-- 
GitLab