From fd7fc3c8bb4798bfb79bce9d8e86048138e3553b Mon Sep 17 00:00:00 2001
From: Corey Daley <cdaley@redhat.com>
Date: Wed, 17 Jul 2024 23:00:31 -0400
Subject: [PATCH] Add persistent volume for future audit log

Add the creating and mounting of a persistent valume at /var/log/audit
for the future audit logs to be written to using a default install
---
 charts/backstage/Chart.yaml         |  2 +-
 charts/backstage/README.md          |  2 +-
 charts/backstage/templates/pvc.yaml | 10 ++++++++++
 charts/backstage/values.schema.json | 10 ++++++++++
 charts/backstage/values.yaml        |  8 ++++++--
 5 files changed, 28 insertions(+), 4 deletions(-)
 create mode 100644 charts/backstage/templates/pvc.yaml

diff --git a/charts/backstage/Chart.yaml b/charts/backstage/Chart.yaml
index 5c39e73c..c48f080d 100644
--- a/charts/backstage/Chart.yaml
+++ b/charts/backstage/Chart.yaml
@@ -45,4 +45,4 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.16.7
+version: 2.16.8
diff --git a/charts/backstage/README.md b/charts/backstage/README.md
index d786b99e..4506f532 100644
--- a/charts/backstage/README.md
+++ b/charts/backstage/README.md
@@ -2,7 +2,7 @@
 # RHDH Backstage Helm Chart for OpenShift
 
 [![Artifact Hub](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/rhdh-chart&style=flat-square)](https://artifacthub.io/packages/search?repo=rhdh-chart)
-![Version: 2.16.7](https://img.shields.io/badge/Version-2.16.7-informational?style=flat-square)
+![Version: 2.16.8](https://img.shields.io/badge/Version-2.16.8-informational?style=flat-square)
 ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A Helm chart for deploying Red Hat Developer Hub.
diff --git a/charts/backstage/templates/pvc.yaml b/charts/backstage/templates/pvc.yaml
new file mode 100644
index 00000000..c889ced2
--- /dev/null
+++ b/charts/backstage/templates/pvc.yaml
@@ -0,0 +1,10 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ printf "%s-audit-log" .Release.Name }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
diff --git a/charts/backstage/values.schema.json b/charts/backstage/values.schema.json
index 17184787..71e37f99 100644
--- a/charts/backstage/values.schema.json
+++ b/charts/backstage/values.schema.json
@@ -2530,6 +2530,10 @@
                                 {
                                     "mountPath": "/opt/app-root/src/dynamic-plugins-root",
                                     "name": "dynamic-plugins-root"
+                                },
+                                {
+                                    "mountPath": "/var/log/audit",
+                                    "name": "audit-log-data"
                                 }
                             ],
                             "items": {
@@ -2588,6 +2592,12 @@
                                     },
                                     "name": "dynamic-plugins-root"
                                 },
+                                {
+                                    "name": "audit-log-data",
+                                    "persistentVolumeClaim": {
+                                        "claimName": "{{ printf \"%s-audit-log\" .Release.Name }}"
+                                    }
+                                },
                                 {
                                     "configMap": {
                                         "defaultMode": 420,
diff --git a/charts/backstage/values.yaml b/charts/backstage/values.yaml
index 21d3cb86..00ffda51 100644
--- a/charts/backstage/values.yaml
+++ b/charts/backstage/values.yaml
@@ -110,7 +110,6 @@ upstream:
           secretKeyRef:
             key: postgres-password
             name: '{{- include "janus-idp.postgresql.secretName" . }}'
-
     args:
       # This additional `app-config`` file is generated by the initContainer below, and contains the merged configuration of installed dynamic plugins.
       - '--config'
@@ -119,6 +118,9 @@ upstream:
       # The initContainer below will install dynamic plugins in this volume mount.
       - name: dynamic-plugins-root
         mountPath: /opt/app-root/src/dynamic-plugins-root
+      # Audit Log data will be stored in this volume mount.
+      - name: audit-log-data
+        mountPath: /var/log/audit
     extraVolumes:
       # -- Ephemeral volume that will contain the dynamic plugins installed by the initContainer below at start.
       - name: dynamic-plugins-root
@@ -131,7 +133,9 @@ upstream:
                 requests:
                   # -- Size of the volume that will contain the dynamic plugins. It should be large enough to contain all the plugins.
                   storage: 2Gi
-
+      - name: audit-log-data
+        persistentVolumeClaim:
+          claimName: '{{ printf "%s-audit-log" .Release.Name }}'
       # Volume that will expose the `dynamic-plugins.yaml` file from the `dynamic-plugins` config map.
       # The `dynamic-plugins` config map is created by the helm chart from the content of the `global.dynamic` field.
       - name: dynamic-plugins