projects
/
osm
/
devops.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Fixing LDAP bool variable convertion for secret population
[osm/devops.git]
/
installers
/
charm
/
lcm
/
src
/
charm.py
diff --git
a/installers/charm/lcm/src/charm.py
b/installers/charm/lcm/src/charm.py
index
b034624
..
2fb90e8
100755
(executable)
--- a/
installers/charm/lcm/src/charm.py
+++ b/
installers/charm/lcm/src/charm.py
@@
-111,6
+111,8
@@
class ConfigModel(ModelValidator):
vca_stablerepourl: Optional[str]
vca_helm_ca_certs: Optional[str]
image_pull_policy: str
vca_stablerepourl: Optional[str]
vca_helm_ca_certs: Optional[str]
image_pull_policy: str
+ debug_mode: bool
+ security_context: bool
@validator("log_level")
def validate_log_level(cls, v):
@validator("log_level")
def validate_log_level(cls, v):
@@
-181,8
+183,14
@@
class LcmCharm(CharmedOsmBase):
# Check relations
self._check_missing_dependencies(config)
# Check relations
self._check_missing_dependencies(config)
+ security_context_enabled = (
+ config.security_context if not config.debug_mode else False
+ )
+
# Create Builder for the PodSpec
# Create Builder for the PodSpec
- pod_spec_builder = PodSpecV3Builder()
+ pod_spec_builder = PodSpecV3Builder(
+ enable_security_context=security_context_enabled
+ )
# Add secrets to the pod
lcm_secret_name = f"{self.app.name}-lcm-secret"
# Add secrets to the pod
lcm_secret_name = f"{self.app.name}-lcm-secret"
@@
-197,7
+205,10
@@
class LcmCharm(CharmedOsmBase):
# Build Container
container_builder = ContainerV3Builder(
# Build Container
container_builder = ContainerV3Builder(
- self.app.name, image_info, config.image_pull_policy
+ self.app.name,
+ image_info,
+ config.image_pull_policy,
+ run_as_non_root=security_context_enabled,
)
container_builder.add_port(name=self.app.name, port=PORT)
container_builder.add_envs(
)
container_builder.add_port(name=self.app.name, port=PORT)
container_builder.add_envs(