[dev] Enable nmi in Mariner (#1103)

* initial prototype for nmi

* remove unnecessary files and clean-up spec

* add manifest and license info

* fix typo in manifest

* fix comments

* add commnets for building vendor source tarball

* fix nit comments

Co-authored-by: Henry Li <lihl@microsoft.com>

SPECS/LICENSES-AND-NOTICES/data/licenses.json

@@ -164,6 +164,7 @@
                 "ncompress",
                 "nlohmann-json",
                 "nmap",
+                "nmi",
                 "ntopng",
                 "oath-toolkit",
                 "omi",

SPECS/nmi/modify-go-build-option.patch

@@ -0,0 +1,13 @@
+diff --git a/Makefile b/Makefile
+index 418d975f..39f32b2a 100644
+--- a/Makefile
++++ b/Makefile
+@@ -106,7 +106,7 @@ build-demo: clean-demo
+ 	PKG_NAME=github.com/Azure/$(PROJECT_NAME)/cmd/$(DEMO_BINARY_NAME) ${MAKE} bin/$(PROJECT_NAME)/$(DEMO_BINARY_NAME)
+ 
+ bin/%:
+-	GOOS=$(GOOS) GOARCH=amd64 go build $(GO_BUILD_OPTIONS) -o "$(@)" "$(PKG_NAME)"
++	GOOS=$(GOOS) GOARCH=amd64 go build -mod=vendor -v $(GO_BUILD_OPTIONS) -o "$(@)" "$(PKG_NAME)"
+ 
+ .PHONY: build-identity-validator
+ build-identity-validator: clean-identity-validator

SPECS/nmi/nmi.signatures.json

@@ -0,0 +1,6 @@
+{
+ "Signatures": {
+  "nmi-1.7.0-vendor.tar.gz": "6addfc0548e96b65d3cb49f6f45ab4e9d42b854f4ba9eca524f257861b6b1374",
+  "nmi-1.7.0.tar.gz": "87d1abdba7d314dc7aadd04af679b8f926b5ed572c70107e422767e0d7c077a9"
+ }
+}

SPECS/nmi/nmi.spec

@@ -0,0 +1,67 @@
+%global debug_package %{nil}
+Summary:        Node Managed Identity
+Name:           nmi
+Version:        1.7.0
+Release:        1%{?dist}
+License:        MIT
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+Group:          System Environment/Libraries
+URL:            https://github.com/Azure/aad-pod-identity
+#Source0:       https://github.com/Azure/aad-pod-identity/archive/refs/tags/v%{version}.tar.gz
+Source0:        %{name}-%{version}.tar.gz
+# Below is a manually created tarball, no download link.
+# We're using pre-populated Go modules from this tarball, since network is disabled during build time.
+# How to re-build this file:
+#   1. wget https://github.com/Azure/aad-pod-identity/archive/refs/tags/v%%{version}.tar.gz -O aad-pod-identity-%%{version}.tar.gz
+#   2. tar -xf aad-pod-identity-%%{version}.tar.gz
+#   3. cd aad-pod-identity-%%{version}
+#   4. go mod vendor
+#   5. tar  --sort=name \
+#           --mtime="2021-04-26 00:00Z" \
+#           --owner=0 --group=0 --numeric-owner \
+#           --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
+#           -cf %%{name}-%%{version}-vendor.tar.gz vendor
+#
+Source1:        %{name}-%{version}-vendor.tar.gz
+Patch0:         modify-go-build-option.patch
+BuildRequires:  golang >= 1.15
+
+%description
+NMI is the resource that is used when your pods look to use their identity.
+
+%prep
+%autosetup -c -N -n %{name}-%{version}
+pushd aad-pod-identity-%{version}
+%patch0 -p1
+popd
+
+%build
+pushd aad-pod-identity-%{version}
+
+# create vendor folder from the vendor tarball and set vendor mode
+tar -xf %{SOURCE1} --no-same-owner
+
+make build-nmi
+popd
+
+%install
+mkdir -p %{buildroot}%{_bindir}
+pushd aad-pod-identity-%{version}
+cp ./bin/aad-pod-identity/nmi %{buildroot}%{_bindir}
+cp LICENSE ..
+popd
+
+%check
+pushd aad-pod-identity-%{version}
+make unit-test
+popd
+
+%files
+%defattr(-,root,root)
+%license LICENSE
+%{_bindir}/%{name}
+
+%changelog
+* Thu Jun 24 2021 Henry Li <lihl@microsoft.com> - 1.7.0-1
+- Original version for CBL-Mariner

cgmanifest.json

@@ -3970,6 +3970,16 @@
         }
       }
     },
+    {
+      "component": {
+        "type": "other",
+        "other": {
+          "name": "nmi",
+          "version": "1.7.0",
+          "downloadUrl": "https://github.com/Azure/aad-pod-identity/archive/refs/tags/v1.7.0.tar.gz"
+        }
+      }
+    },
     {
       "component": {
         "type": "other",