From a98da6fd9d977c1c166217e0f44278e0b373f854 Mon Sep 17 00:00:00 2001
From: Isaiah Stapleton <istaplet@redhat.com>
Date: Tue, 11 Jun 2024 16:51:10 -0400
Subject: [PATCH] Add assign-oauth-image gatekeeper policy (#6)

This allows the rhods oauth container to pull oauth image from internal registry rather than externally.

Relevant issue: nerc-project/operations#506

Signed-off-by: Isaiah Stapleton <istaplet@redhat.com>
---
 .../use-internal-oauth-proxy-image.yaml       | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 policy/overlays/nerc-ocp-prod/use-internal-oauth-proxy-image.yaml

diff --git a/policy/overlays/nerc-ocp-prod/use-internal-oauth-proxy-image.yaml b/policy/overlays/nerc-ocp-prod/use-internal-oauth-proxy-image.yaml
new file mode 100644
index 0000000..de41544
--- /dev/null
+++ b/policy/overlays/nerc-ocp-prod/use-internal-oauth-proxy-image.yaml
@@ -0,0 +1,22 @@
+apiVersion: mutations.gatekeeper.sh/v1alpha1
+kind: AssignImage
+metadata:
+  name: use-internal-oauth-proxy-image
+spec:
+  applyTo:
+  - groups: [""]
+    kinds: ["Pod"]
+    versions: ["v1"]
+  location: "spec.containers[name:oauth-proxy].image"
+  parameters:
+    assignDomain: "image-registry.openshift-image-registry.svc:5000"
+    assignPath: "redhat-ods-applications/oauth-proxy"
+    assignTag: ":latest"
+  match:
+    source: "All"
+    scope: Namespaced
+    kinds:
+    - apiGroups: ["*"]
+      kinds: ["Pod"]
+    namespaces: ["rhods-notebooks"]
+    name: jupyter-nb*