From a8de95a313f4d929dc6e0e28719d862302395535 Mon Sep 17 00:00:00 2001
From: roybarda <roybarda@gmail.com>
Date: Sun, 30 Oct 2022 15:53:55 +0200
Subject: [PATCH] adding advanced model loading capabilities

---
 .../templates/controller-statefulset.yaml                 | 8 +++++++-
 build_system/docker/entry.sh                              | 6 ++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-statefulset.yaml b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-statefulset.yaml
index 4f5dae2..af082a3 100644
--- a/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-statefulset.yaml
+++ b/build_system/charts/open-appsec-k8s-nginx-ingress/templates/controller-statefulset.yaml
@@ -112,8 +112,10 @@ spec:
         {{- end }}
           resources:
             {{ toYaml .Values.resources | nindent 12 }}
-        {{- if .Values.appsec.persistence.enabled }}
           volumeMounts:
+          - name: advanced-model
+            mountPath: /advanced-model
+        {{- if .Values.appsec.persistence.enabled }}
           - name: appsec-conf
             mountPath: /etc/cp/conf
           - name: appsec-data
@@ -247,6 +249,10 @@ spec:
       terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
     {{- if (or .Values.controller.customTemplate.configMapName .Values.controller.extraVolumeMounts .Values.controller.admissionWebhooks.enabled .Values.controller.extraVolumes .Values.controller.extraModules) }}
       volumes:
+        - name: advanced-model
+          configMap:
+            name: advanced-model-config
+            optional: true
       {{- if .Values.controller.extraModules }}
         - name: modules
           emptyDir: {}
diff --git a/build_system/docker/entry.sh b/build_system/docker/entry.sh
index dad65af..cfac565 100644
--- a/build_system/docker/entry.sh
+++ b/build_system/docker/entry.sh
@@ -56,6 +56,12 @@ fi
 /nano-service-installers/$ATTACHMENT_REGISTRATION_SERVICE --install
 /nano-service-installers/$HTTP_TRANSACTION_HANDLER_SERVICE --install
 
+# use advanced model if exist as data for agent
+FILE=/advanced-model/open-appsec-advanced-model.tgz
+if [ -f "$FILE" ]; then
+    tar -xzvf $FILE -C /etc/cp/conf/waap
+fi
+
 touch /etc/cp/watchdog/wd.startup
 while true; do
     if [ -z "$init" ]; then