Add secret-management in Charmed OSM
Change-Id: Ic5714571c673e4d82e3a905daa57f631640b94bb
Signed-off-by: David Garcia <david.garcia@canonical.com>
diff --git a/installers/charm/ro/src/charm.py b/installers/charm/ro/src/charm.py
index 9b2934f..3b6b7e2 100755
--- a/installers/charm/ro/src/charm.py
+++ b/installers/charm/ro/src/charm.py
@@ -31,7 +31,12 @@
from opslib.osm.interfaces.kafka import KafkaClient
from opslib.osm.interfaces.mongo import MongoClient
from opslib.osm.interfaces.mysql import MysqlClient
-from opslib.osm.pod import ContainerV3Builder, FilesV3Builder, PodSpecV3Builder
+from opslib.osm.pod import (
+ ContainerV3Builder,
+ FilesV3Builder,
+ PodRestartPolicy,
+ PodSpecV3Builder,
+)
from opslib.osm.validator import ModelValidator, validator
logger = logging.getLogger(__name__)
@@ -247,6 +252,15 @@
)
if config.enable_ng_ro:
+ # Add secrets to the pod
+ mongodb_secret_name = f"{self.app.name}-mongodb-secret"
+ pod_spec_builder.add_secret(
+ mongodb_secret_name,
+ {
+ "uri": config.mongodb_uri or self.mongodb_client.connection_string,
+ "commonkey": config.database_commonkey,
+ },
+ )
container_builder.add_envs(
{
"OSMRO_MESSAGE_DRIVER": "kafka",
@@ -254,11 +268,18 @@
"OSMRO_MESSAGE_PORT": self.kafka_client.port,
# MongoDB configuration
"OSMRO_DATABASE_DRIVER": "mongo",
- "OSMRO_DATABASE_URI": config.mongodb_uri
- or self.mongodb_client.connection_string,
- "OSMRO_DATABASE_COMMONKEY": config.database_commonkey,
}
)
+ container_builder.add_secret_envs(
+ secret_name=mongodb_secret_name,
+ envs={
+ "OSMRO_DATABASE_URI": "uri",
+ "OSMRO_DATABASE_COMMONKEY": "commonkey",
+ },
+ )
+ restart_policy = PodRestartPolicy()
+ restart_policy.add_secrets(secret_names=(mongodb_secret_name,))
+ pod_spec_builder.set_restart_policy(restart_policy)
else:
container_builder.add_envs(