From 863fc7261ef21cdfc5dcb11c2a5202b690b6bc7b Mon Sep 17 00:00:00 2001
From: David Houck <dhoucgitter@users.noreply.github.com>
Date: Thu, 20 Jun 2024 09:31:10 -0400
Subject: [PATCH 1/2] feat: (IAC-1476) DAC - Security scan 2024.06 (#558)

---
 Dockerfile        | 8 ++++----
 requirements.txt  | 4 +++-
 requirements.yaml | 2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ac03900b..b399e6e8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,9 +17,9 @@ RUN curl -sLO https://storage.googleapis.com/kubernetes-release/release/v$kubect
 
 # Installation
 FROM baseline
-ARG helm_version=3.14.2
-ARG aws_cli_version=2.15.22
-ARG gcp_cli_version=472.0.0-0
+ARG helm_version=3.15.2
+ARG aws_cli_version=2.16.5
+ARG gcp_cli_version=479.0.0-0
 
 # Add extra packages
 RUN apt-get update && apt-get install --no-install-recommends -y gzip wget git jq ssh sshpass skopeo rsync \
@@ -54,7 +54,7 @@ RUN pip install -r ./requirements.txt \
   && pip cache purge \
   && chmod -R g=u /etc/passwd /etc/group /viya4-deployment/ \
   && chmod 755 /viya4-deployment/docker-entrypoint.sh \
-  && git config --system --add safe.directory /viya4-deployment
+  && git config --system --add safe.directory /viya4-deployment ||:
 
 ENV PLAYBOOK=playbook.yaml
 ENV VIYA4_DEPLOYMENT_TOOLING=docker
diff --git a/requirements.txt b/requirements.txt
index fe66b94e..c84a323f 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,6 +1,8 @@
-ansible==9.2.0 # 9.1.0 # 8.6.0 # 2.10.7
+ansible==9.6.0 # 9.2.0 # 9.1.0 # 8.6.0 # 2.10.7
 openshift==0.13.2 # 0.13.1 # 0.12.0
 kubernetes==27.2.0 # 26.1.0 # 12.0.1
 dnspython==2.6.1 # 2.3.0 # 2.1.0
 docker==7.1.0 # 7.0.0 # 5.0.3
 urllib3==1.26.18
+wheel>=0.38.1
+setuptools>=65.5.1
diff --git a/requirements.yaml b/requirements.yaml
index 6f39b79a..fa944b26 100644
--- a/requirements.yaml
+++ b/requirements.yaml
@@ -1,7 +1,7 @@
 ---
 collections:
   - name: ansible.utils
-    version: 3.1.0 # 2.3.0
+    version: 4.1.0 # 3.1.0 # 2.3.0
   - name: community.docker
     version: 3.10.3 # 3.8.0 # 2.7.8
   - name: kubernetes.core

From 1fee2a4b6f3a08a4fe28a2bf22ff90785ab30b19 Mon Sep 17 00:00:00 2001
From: Jay Patel <78554593+jarpat@users.noreply.github.com>
Date: Fri, 12 Jul 2024 10:58:47 -0400
Subject: [PATCH 2/2] fix: (PSKD-398) Update v4m storage class deletion
 behavior (#559)

---
 roles/monitoring/tasks/main.yaml | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/roles/monitoring/tasks/main.yaml b/roles/monitoring/tasks/main.yaml
index eb6ee5dd..9b9d5054 100644
--- a/roles/monitoring/tasks/main.yaml
+++ b/roles/monitoring/tasks/main.yaml
@@ -50,6 +50,30 @@
   tags:
     - cluster-logging
 
+- name: V4M - check if storage class is being used
+  ansible.builtin.shell: |
+    kubectl --kubeconfig {{ KUBECONFIG }} get pv --output=custom-columns='PORT:.spec.storageClassName' | grep -o v4m | wc -l
+  register: sc_users
+  when:
+    - PROVIDER is not none
+    - PROVIDER in ["azure","aws","gcp"]
+    - V4_CFG_MANAGE_STORAGE is not none
+    - V4_CFG_MANAGE_STORAGE|bool
+  tags:
+    - uninstall
+
+- name: V4M - storageclass uninstall status
+  ansible.builtin.debug:
+    msg: "Persistent Volumes still referring to the v4m Storage Class, skipping deletion"
+  when:
+    - PROVIDER is not none
+    - PROVIDER in ["azure","aws","gcp"]
+    - V4_CFG_MANAGE_STORAGE is not none
+    - V4_CFG_MANAGE_STORAGE|bool
+    - sc_users.stdout | int > 0
+  tags:
+    - uninstall
+
 - name: V4M - remove storageclass
   kubernetes.core.k8s:
     kubeconfig: "{{ KUBECONFIG }}"
@@ -57,8 +81,9 @@
     src: "{{ role_path }}/files/{{ PROVIDER }}-storageclass.yaml"
   when:
     - PROVIDER is not none
-    - PROVIDER == "azure"
+    - PROVIDER in ["azure","aws","gcp"]
     - V4_CFG_MANAGE_STORAGE is not none
     - V4_CFG_MANAGE_STORAGE|bool
+    - sc_users.stdout | int == 0
   tags:
     - uninstall