From a2c636f4663fd0102c662392188a5f99848da135 Mon Sep 17 00:00:00 2001
From: Pradipta Banerjee <pradipta.banerjee@gmail.com>
Date: Mon, 8 Jan 2024 16:11:13 +0530
Subject: [PATCH] podvm: Allow policy file specification in container builds

Agent policy file can be specified as part of containerised
builds.

The build arg is DEFAULT_AGENT_POLICY_FILE and it takes a policy file
name kept under podvm/files/etc/kata-opa

Signed-off-by: Pradipta Banerjee <pradipta.banerjee@gmail.com>
---
 podvm/Dockerfile.podvm_binaries        | 5 +++++
 podvm/Dockerfile.podvm_binaries.fedora | 4 ++++
 podvm/Dockerfile.podvm_binaries.rhel   | 5 +++++
 3 files changed, 14 insertions(+)

diff --git a/podvm/Dockerfile.podvm_binaries b/podvm/Dockerfile.podvm_binaries
index c260c41efd..16d3953502 100644
--- a/podvm/Dockerfile.podvm_binaries
+++ b/podvm/Dockerfile.podvm_binaries
@@ -12,9 +12,14 @@ ARG PODVM_DISTRO=ubuntu
 ARG AA_KBC=offline_fs_kbc
 # If not provided, uses system architecture
 ARG ARCH
+#This is the name of the policy file under 
+#files/etc/kata-opa
+ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego
+
 ENV PODVM_DISTRO ${PODVM_DISTRO}
 ENV AA_KBC ${AA_KBC}
 ENV ARCH ${ARCH}
+ENV DEFAULT_AGENT_POLICY_FILE ${DEFAULT_AGENT_POLICY_FILE}
 
 COPY . /src/cloud-api-adaptor
 
diff --git a/podvm/Dockerfile.podvm_binaries.fedora b/podvm/Dockerfile.podvm_binaries.fedora
index d8dba0fb9f..114a34574c 100644
--- a/podvm/Dockerfile.podvm_binaries.fedora
+++ b/podvm/Dockerfile.podvm_binaries.fedora
@@ -15,6 +15,9 @@ ARG GUEST_COMPONENTS_REPO
 ARG AA_KBC="offline_fs_kbc"
 # If not provided, uses system architecture
 ARG ARCH
+#This is the name of the policy file under
+#files/etc/kata-opa
+ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego
 
 ENV CLOUD_PROVIDER ${CLOUD_PROVIDER}
 ENV PODVM_DISTRO ${PODVM_DISTRO}
@@ -22,6 +25,7 @@ ENV GUEST_COMPONENTS_VERSION ${GUEST_COMPONENTS_VERSION}
 ENV GUEST_COMPONENTS_REPO ${GUEST_COMPONENTS_REPO}
 ENV AA_KBC ${AA_KBC}
 ENV ARCH ${ARCH}
+ENV DEFAULT_AGENT_POLICY_FILE ${DEFAULT_AGENT_POLICY_FILE}
 
 # Set these as they are required in the Makefile
 ENV IMAGE_URL "none"
diff --git a/podvm/Dockerfile.podvm_binaries.rhel b/podvm/Dockerfile.podvm_binaries.rhel
index 9eea3766f4..a23c0a5c6f 100644
--- a/podvm/Dockerfile.podvm_binaries.rhel
+++ b/podvm/Dockerfile.podvm_binaries.rhel
@@ -12,9 +12,14 @@ ARG PODVM_DISTRO=rhel
 ARG AA_KBC="offline_fs_kbc"
 # If not provided, uses system architecture
 ARG ARCH
+#This is the name of the policy file under
+#files/etc/kata-opa
+ARG DEFAULT_AGENT_POLICY_FILE=allow-all.rego
+
 ENV PODVM_DISTRO ${PODVM_DISTRO}
 ENV AA_KBC ${AA_KBC}
 ENV ARCH ${ARCH}
+ENV DEFAULT_AGENT_POLICY_FILE ${DEFAULT_AGENT_POLICY_FILE}
 
 COPY . /src/cloud-api-adaptor