| #!/usr/bin/env python3 |
| # Copyright 2020 Canonical Ltd. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| # not use this file except in compliance with the License. You may obtain |
| # a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| # License for the specific language governing permissions and limitations |
| # under the License. |
| # |
| # For those usages not covered by the Apache License, Version 2.0 please |
| # contact: legal@canonical.com |
| # |
| # To get in touch with the maintainers, please contact: |
| # osm-charmers@lists.launchpad.net |
| ## |
| |
| import logging |
| from pydantic import ( |
| BaseModel, |
| conint, |
| constr, |
| IPvAnyNetwork, |
| PositiveInt, |
| validator, |
| ValidationError, |
| ) |
| from typing import Any, Dict, List, Optional |
| from urllib.parse import urlparse |
| |
| logger = logging.getLogger(__name__) |
| |
| |
| class ConfigData(BaseModel): |
| """Configuration data model.""" |
| |
| enable_test: bool |
| database_commonkey: constr(min_length=1) |
| log_level: constr(regex=r"^(INFO|DEBUG)$") |
| auth_backend: constr(regex=r"^(internal|keystone)$") |
| site_url: Optional[str] |
| max_file_size: Optional[conint(ge=0)] |
| ingress_whitelist_source_range: Optional[IPvAnyNetwork] |
| tls_secret_name: Optional[str] |
| |
| @validator("max_file_size", pre=True, always=True) |
| def validate_max_file_size(cls, value, values, **kwargs): |
| site_url = values.get("site_url") |
| |
| if not site_url: |
| return value |
| |
| parsed = urlparse(site_url) |
| |
| if not parsed.scheme.startswith("http"): |
| return value |
| |
| if value is None: |
| raise ValueError("max_file_size needs to be defined if site_url is defined") |
| |
| return value |
| |
| @validator("ingress_whitelist_source_range", pre=True, always=True) |
| def validate_ingress_whitelist_source_range(cls, value, values, **kwargs): |
| if not value: |
| return None |
| |
| return value |
| |
| |
| class RelationData(BaseModel): |
| """Relation data model.""" |
| |
| message_host: str |
| message_port: PositiveInt |
| database_uri: constr(regex=r"^(mongo://)") |
| prometheus_host: str |
| prometheus_port: PositiveInt |
| keystone: bool |
| keystone_host: Optional[constr(min_length=1)] |
| keystone_port: Optional[PositiveInt] |
| keystone_user_domain_name: Optional[constr(min_length=1)] |
| keystone_project_domain_name: Optional[constr(min_length=1)] |
| keystone_username: Optional[constr(min_length=1)] |
| keystone_password: Optional[constr(min_length=1)] |
| keystone_service: Optional[constr(min_length=1)] |
| |
| @validator("keystone_host", pre=True, always=True) |
| def validate_keystone_host(cls, value, values, **kwargs): |
| keystone = values.get("keystone") |
| |
| if not keystone: |
| return value |
| |
| if value is None: |
| raise ValueError( |
| "keystone_host needs to be defined if keystone is configured" |
| ) |
| |
| return value |
| |
| @validator("keystone_port", pre=True, always=True) |
| def validate_keystone_port(cls, value, values, **kwargs): |
| keystone = values.get("keystone") |
| |
| if not keystone: |
| return value |
| |
| if value is None: |
| raise ValueError( |
| "keystone_port needs to be defined if keystone is configured" |
| ) |
| |
| return value |
| |
| @validator("keystone_user_domain_name", pre=True, always=True) |
| def validate_keystone_user_domain_name(cls, value, values, **kwargs): |
| keystone = values.get("keystone") |
| |
| if not keystone: |
| return value |
| |
| if value is None: |
| raise ValueError( |
| "keystone_user_domain_name needs to be defined if keystone is configured" |
| ) |
| |
| return value |
| |
| @validator("keystone_project_domain_name", pre=True, always=True) |
| def validate_keystone_project_domain_name(cls, value, values, **kwargs): |
| keystone = values.get("keystone") |
| |
| if not keystone: |
| return value |
| |
| if value is None: |
| raise ValueError( |
| "keystone_project_domain_name needs to be defined if keystone is configured" |
| ) |
| |
| return value |
| |
| @validator("keystone_username", pre=True, always=True) |
| def validate_keystone_username(cls, value, values, **kwargs): |
| keystone = values.get("keystone") |
| |
| if not keystone: |
| return value |
| |
| if value is None: |
| raise ValueError( |
| "keystone_username needs to be defined if keystone is configured" |
| ) |
| |
| return value |
| |
| @validator("keystone_password", pre=True, always=True) |
| def validate_keystone_password(cls, value, values, **kwargs): |
| keystone = values.get("keystone") |
| |
| if not keystone: |
| return value |
| |
| if value is None: |
| raise ValueError( |
| "keystone_password needs to be defined if keystone is configured" |
| ) |
| |
| return value |
| |
| @validator("keystone_service", pre=True, always=True) |
| def validate_keystone_service(cls, value, values, **kwargs): |
| keystone = values.get("keystone") |
| |
| if not keystone: |
| return value |
| |
| if value is None: |
| raise ValueError( |
| "keystone_service needs to be defined if keystone is configured" |
| ) |
| |
| return value |
| |
| |
| def _make_pod_ports(port: int) -> List[Dict[str, Any]]: |
| """Generate pod ports details. |
| |
| Args: |
| port (int): port to expose. |
| |
| Returns: |
| List[Dict[str, Any]]: pod port details. |
| """ |
| return [{"name": "nbi", "containerPort": port, "protocol": "TCP"}] |
| |
| |
| def _make_pod_envconfig( |
| config: Dict[str, Any], relation_state: Dict[str, Any] |
| ) -> Dict[str, Any]: |
| """Generate pod environment configuration. |
| |
| Args: |
| config (Dict[str, Any]): configuration information. |
| relation_state (Dict[str, Any]): relation state information. |
| |
| Returns: |
| Dict[str, Any]: pod environment configuration. |
| """ |
| envconfig = { |
| # General configuration |
| "ALLOW_ANONYMOUS_LOGIN": "yes", |
| "OSMNBI_SERVER_ENABLE_TEST": config["enable_test"], |
| "OSMNBI_STATIC_DIR": "/app/osm_nbi/html_public", |
| # Kafka configuration |
| "OSMNBI_MESSAGE_HOST": relation_state["message_host"], |
| "OSMNBI_MESSAGE_DRIVER": "kafka", |
| "OSMNBI_MESSAGE_PORT": relation_state["message_port"], |
| # Database configuration |
| "OSMNBI_DATABASE_DRIVER": "mongo", |
| "OSMNBI_DATABASE_URI": relation_state["database_uri"], |
| "OSMNBI_DATABASE_COMMONKEY": config["database_commonkey"], |
| # Storage configuration |
| "OSMNBI_STORAGE_DRIVER": "mongo", |
| "OSMNBI_STORAGE_PATH": "/app/storage", |
| "OSMNBI_STORAGE_COLLECTION": "files", |
| "OSMNBI_STORAGE_URI": relation_state["database_uri"], |
| # Prometheus configuration |
| "OSMNBI_PROMETHEUS_HOST": relation_state["prometheus_host"], |
| "OSMNBI_PROMETHEUS_PORT": relation_state["prometheus_port"], |
| # Log configuration |
| "OSMNBI_LOG_LEVEL": config["log_level"], |
| } |
| |
| if config["auth_backend"] == "internal": |
| envconfig["OSMNBI_AUTHENTICATION_BACKEND"] = "internal" |
| elif config["auth_backend"] == "keystone": |
| envconfig.update( |
| { |
| "OSMNBI_AUTHENTICATION_BACKEND": "keystone", |
| "OSMNBI_AUTHENTICATION_AUTH_URL": relation_state["keystone_host"], |
| "OSMNBI_AUTHENTICATION_AUTH_PORT": relation_state["keystone_port"], |
| "OSMNBI_AUTHENTICATION_USER_DOMAIN_NAME": relation_state[ |
| "keystone_user_domain_name" |
| ], |
| "OSMNBI_AUTHENTICATION_PROJECT_DOMAIN_NAME": relation_state[ |
| "keystone_project_domain_name" |
| ], |
| "OSMNBI_AUTHENTICATION_SERVICE_USERNAME": relation_state[ |
| "keystone_username" |
| ], |
| "OSMNBI_AUTHENTICATION_SERVICE_PASSWORD": relation_state[ |
| "keystone_password" |
| ], |
| "OSMNBI_AUTHENTICATION_SERVICE_PROJECT": relation_state[ |
| "keystone_service" |
| ], |
| } |
| ) |
| else: |
| raise ValueError("auth_backend needs to be either internal or keystone") |
| |
| return envconfig |
| |
| |
| def _make_pod_ingress_resources( |
| config: Dict[str, Any], app_name: str, port: int |
| ) -> List[Dict[str, Any]]: |
| """Generate pod ingress resources. |
| |
| Args: |
| config (Dict[str, Any]): configuration information. |
| app_name (str): application name. |
| port (int): port to expose. |
| |
| Returns: |
| List[Dict[str, Any]]: pod ingress resources. |
| """ |
| site_url = config.get("site_url") |
| |
| if not site_url: |
| return |
| |
| parsed = urlparse(site_url) |
| |
| if not parsed.scheme.startswith("http"): |
| return |
| |
| max_file_size = config["max_file_size"] |
| ingress_whitelist_source_range = config["ingress_whitelist_source_range"] |
| |
| annotations = { |
| "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format( |
| max_file_size + "m" if max_file_size > 0 else max_file_size |
| ), |
| "nginx.ingress.kubernetes.io/backend-protocol": "HTTPS", |
| } |
| |
| if ingress_whitelist_source_range: |
| annotations[ |
| "nginx.ingress.kubernetes.io/whitelist-source-range" |
| ] = ingress_whitelist_source_range |
| |
| ingress_spec_tls = None |
| |
| if parsed.scheme == "https": |
| ingress_spec_tls = [{"hosts": [parsed.hostname]}] |
| tls_secret_name = config["tls_secret_name"] |
| if tls_secret_name: |
| ingress_spec_tls[0]["secretName"] = tls_secret_name |
| else: |
| annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false" |
| |
| ingress = { |
| "name": "{}-ingress".format(app_name), |
| "annotations": annotations, |
| "spec": { |
| "rules": [ |
| { |
| "host": parsed.hostname, |
| "http": { |
| "paths": [ |
| { |
| "path": "/", |
| "backend": { |
| "serviceName": app_name, |
| "servicePort": port, |
| }, |
| } |
| ] |
| }, |
| } |
| ] |
| }, |
| } |
| if ingress_spec_tls: |
| ingress["spec"]["tls"] = ingress_spec_tls |
| |
| return [ingress] |
| |
| |
| def _make_startup_probe() -> Dict[str, Any]: |
| """Generate startup probe. |
| |
| Returns: |
| Dict[str, Any]: startup probe. |
| """ |
| return { |
| "exec": {"command": ["/usr/bin/pgrep python3"]}, |
| "initialDelaySeconds": 60, |
| "timeoutSeconds": 5, |
| } |
| |
| |
| def _make_readiness_probe(port: int) -> Dict[str, Any]: |
| """Generate readiness probe. |
| |
| Args: |
| port (int): [description] |
| |
| Returns: |
| Dict[str, Any]: readiness probe. |
| """ |
| return { |
| "httpGet": { |
| "path": "/osm/", |
| "port": port, |
| }, |
| "initialDelaySeconds": 45, |
| "timeoutSeconds": 5, |
| } |
| |
| |
| def _make_liveness_probe(port: int) -> Dict[str, Any]: |
| """Generate liveness probe. |
| |
| Args: |
| port (int): [description] |
| |
| Returns: |
| Dict[str, Any]: liveness probe. |
| """ |
| return { |
| "httpGet": { |
| "path": "/osm/", |
| "port": port, |
| }, |
| "initialDelaySeconds": 45, |
| "timeoutSeconds": 5, |
| } |
| |
| |
| def make_pod_spec( |
| image_info: Dict[str, str], |
| config: Dict[str, Any], |
| relation_state: Dict[str, Any], |
| app_name: str = "nbi", |
| port: int = 9999, |
| ) -> Dict[str, Any]: |
| """Generate the pod spec information. |
| |
| Args: |
| image_info (Dict[str, str]): Object provided by |
| OCIImageResource("image").fetch(). |
| config (Dict[str, Any]): Configuration information. |
| relation_state (Dict[str, Any]): Relation state information. |
| app_name (str, optional): Application name. Defaults to "nbi". |
| port (int, optional): Port for the container. Defaults to 9999. |
| |
| Returns: |
| Dict[str, Any]: Pod spec dictionary for the charm. |
| """ |
| if not image_info: |
| return None |
| |
| ConfigData(**(config)) |
| RelationData( |
| **(relation_state), |
| keystone=True if config.get("auth_backend") == "keystone" else False, |
| ) |
| |
| ports = _make_pod_ports(port) |
| env_config = _make_pod_envconfig(config, relation_state) |
| ingress_resources = _make_pod_ingress_resources(config, app_name, port) |
| |
| return { |
| "version": 3, |
| "containers": [ |
| { |
| "name": app_name, |
| "imageDetails": image_info, |
| "imagePullPolicy": "Always", |
| "ports": ports, |
| "envConfig": env_config, |
| } |
| ], |
| "kubernetesResources": { |
| "ingressResources": ingress_resources or [], |
| }, |
| } |