commit 141d935cdb913100f3abdfaf52a67d90dd6b5016
author David Garcia <david.garcia@canonical.com> Wed Sep 08 17:48:40 2021 +0200
committer sousaedu <eduardo.sousa@canonical.com> Tue Sep 28 11:19:42 2021 +0200
tree b41940ce5e629362586a48404930af9436c4a4bb
parent 15897d69aa392041dac421f8d9045925eed662c6

Add secret-management in Charmed OSM

Change-Id: Ic5714571c673e4d82e3a905daa57f631640b94bb
Signed-off-by: David Garcia <david.garcia@canonical.com>

installers/charm/mongodb-exporter/src/charm.py

diff --git a/installers/charm/mongodb-exporter/src/charm.py b/installers/charm/mongodb-exporter/src/charm.py
index d839d82..0b89931 100755
--- a/installers/charm/mongodb-exporter/src/charm.py
+++ b/installers/charm/mongodb-exporter/src/charm.py
@@ -36,6 +36,7 @@
 from opslib.osm.pod import (
     ContainerV3Builder,
     IngressResourceV3Builder,
+    PodRestartPolicy,
     PodSpecV3Builder,
 )
 from opslib.osm.validator import ModelValidator, validator
@@ -182,9 +183,23 @@
         # Check relations
         self._check_missing_dependencies(config)
 
+        unparsed = (
+            config.mongodb_uri
+            if config.mongodb_uri
+            else self.mongodb_client.connection_string
+        )
+        parsed = urlparse(unparsed)
+        mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}"
+        if parsed.query:
+            mongodb_uri += f"?{parsed.query}"
+
         # Create Builder for the PodSpec
         pod_spec_builder = PodSpecV3Builder()
 
+        # Add secrets to the pod
+        mongodb_secret_name = f"{self.app.name}-mongodb-secret"
+        pod_spec_builder.add_secret(mongodb_secret_name, {"uri": mongodb_uri})
+
         # Build container
         container_builder = ContainerV3Builder(
             self.app.name, image_info, config.image_pull_policy
@@ -207,26 +222,17 @@
             failure_threshold=10,
         )
 
-        unparsed = (
-            config.mongodb_uri
-            if config.mongodb_uri
-            else self.mongodb_client.connection_string
-        )
-        parsed = urlparse(unparsed)
-        mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}"
-        if parsed.query:
-            mongodb_uri += f"?{parsed.query}"
-
-        container_builder.add_envs(
-            {
-                "MONGODB_URI": mongodb_uri,
-            }
-        )
+        container_builder.add_secret_envs(mongodb_secret_name, {"MONGODB_URI": "uri"})
         container = container_builder.build()
 
         # Add container to PodSpec
         pod_spec_builder.add_container(container)
 
+        # Add Pod restart policy
+        restart_policy = PodRestartPolicy()
+        restart_policy.add_secrets(secret_names=(mongodb_secret_name,))
+        pod_spec_builder.set_restart_policy(restart_policy)
+
         # Add ingress resources to PodSpec if site url exists
         if config.site_url:
             parsed = urlparse(config.site_url)
@@ -256,8 +262,6 @@
             ingress_resource = ingress_resource_builder.build()
             pod_spec_builder.add_ingress_resource(ingress_resource)
 
-        logger.debug(pod_spec_builder.build())
-
         return pod_spec_builder.build()