From 812c04d2610fba0eafd7463fa4294bdd07ff1a99 Mon Sep 17 00:00:00 2001
From: Guillaume Demonet <guillaume.demonet@scality.com>
Date: Fri, 5 Jun 2020 12:18:57 +0200
Subject: [PATCH] charts, build: Bump Grafana image tag to 6.7.4

This should handle the recent CVE-2020-13379.
See: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/

Fixes: #2600
---
 buildchain/buildchain/versions.py                           | 4 ++--
 charts/prometheus-operator.yaml                             | 1 +
 salt/metalk8s/addons/prometheus-operator/deployed/chart.sls | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/buildchain/buildchain/versions.py b/buildchain/buildchain/versions.py
index a374189dea..5c798b8957 100644
--- a/buildchain/buildchain/versions.py
+++ b/buildchain/buildchain/versions.py
@@ -108,8 +108,8 @@ def _version_prefix(version: str, prefix: str = 'v') -> str:
     ),
     Image(
         name='grafana',
-        version='6.4.2',
-        digest='sha256:8c2238eea9d3d39aeb6174db2e30b233fd2546128ec1fa1bc64f8058afd51e68',
+        version='6.7.4',
+        digest='sha256:b66283a8ff739e0e53f4217542278084b208065f9428a333b7b2e0d740888417',
     ),
     Image(
         name='k8s-sidecar',
diff --git a/charts/prometheus-operator.yaml b/charts/prometheus-operator.yaml
index 0674435e2c..1aab584642 100644
--- a/charts/prometheus-operator.yaml
+++ b/charts/prometheus-operator.yaml
@@ -103,6 +103,7 @@ grafana:
 
   image:
     repository: '{%- endraw -%}{{ build_image_name(\"grafana\", False) }}{%- raw -%}'
+    tag: '6.7.4'
 
   sidecar:
     image: '{%- endraw -%}{{ build_image_name(\"k8s-sidecar\", False) }}{%- raw -%}:0.1.20'
diff --git a/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls b/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
index f0d3338829..0dcd5a7ea1 100644
--- a/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
+++ b/salt/metalk8s/addons/prometheus-operator/deployed/chart.sls
@@ -25052,7 +25052,7 @@ spec:
             secretKeyRef:
               key: admin-password
               name: prometheus-operator-grafana
-        image: '{%- endraw -%}{{ build_image_name("grafana", False) }}{%- raw -%}:6.4.2'
+        image: '{%- endraw -%}{{ build_image_name("grafana", False) }}{%- raw -%}:6.7.4'
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 10