projects / osm / devops.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Certificate addition support to mon and ro charms
[osm/devops.git] / installers / charm / ro / src / charm.py
diff --git a/installers/charm/ro/src/charm.py b/installers/charm/ro/src/charm.py
index 6851600..5b40c16 100755 (executable)
--- a/installers/charm/ro/src/charm.py
+++ b/installers/charm/ro/src/charm.py
@@ -22,26 +22,43 @@
 
 # pylint: disable=E0213
 
 
 # pylint: disable=E0213
 
+import base64
 import logging
 import logging
-from typing import NoReturn
+from typing import NoReturn, Optional
 
 from ops.main import main
 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
 from opslib.osm.interfaces.kafka import KafkaClient
 from opslib.osm.interfaces.mongo import MongoClient
 from opslib.osm.interfaces.mysql import MysqlClient
 
 from ops.main import main
 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
 from opslib.osm.interfaces.kafka import KafkaClient
 from opslib.osm.interfaces.mongo import MongoClient
 from opslib.osm.interfaces.mysql import MysqlClient
-from opslib.osm.pod import (
-    ContainerV3Builder,
-    PodSpecV3Builder,
-)
+from opslib.osm.pod import ContainerV3Builder, FilesV3Builder, PodSpecV3Builder
 from opslib.osm.validator import ModelValidator, validator
 
 from opslib.osm.validator import ModelValidator, validator
 
-
 logger = logging.getLogger(__name__)
 
 PORT = 9090
 
 
 logger = logging.getLogger(__name__)
 
 PORT = 9090
 
 
+def _check_certificate_data(name: str, content: str):
+    if not name or not content:
+        raise ValueError("certificate name and content must be a non-empty string")
+
+
+def _extract_certificates(certs_config: str):
+    certificates = {}
+    if certs_config:
+        cert_list = certs_config.split(",")
+        for cert in cert_list:
+            name, content = cert.split(":")
+            _check_certificate_data(name, content)
+            certificates[name] = content
+    return certificates
+
+
+def decode(content: str):
+    return base64.b64decode(content.encode("utf-8")).decode("utf-8")
+
+
 class ConfigModel(ModelValidator):
     enable_ng_ro: bool
     database_commonkey: str
 class ConfigModel(ModelValidator):
     enable_ng_ro: bool
     database_commonkey: str
@@ -49,6 +66,7 @@ class ConfigModel(ModelValidator):
     vim_database: str
     ro_database: str
     openmano_tenant: str
     vim_database: str
     ro_database: str
     openmano_tenant: str
+    certificates: Optional[str]
 
     @validator("log_level")
     def validate_log_level(cls, v):
 
     @validator("log_level")
     def validate_log_level(cls, v):
@@ -56,6 +74,16 @@ class ConfigModel(ModelValidator):
             raise ValueError("value must be INFO or DEBUG")
         return v
 
             raise ValueError("value must be INFO or DEBUG")
         return v
 
+    @validator("certificates")
+    def validate_certificates(cls, v):
+        # Raises an exception if it cannot extract the certificates
+        _extract_certificates(v)
+        return v
+
+    @property
+    def certificates_dict(cls):
+        return _extract_certificates(cls.certificates) if cls.certificates else {}
+
 
 class RoCharm(CharmedOsmBase):
     """GrafanaCharm Charm."""
 
 class RoCharm(CharmedOsmBase):
     """GrafanaCharm Charm."""
@@ -106,6 +134,15 @@ class RoCharm(CharmedOsmBase):
         if missing_relations:
             raise RelationsMissing(missing_relations)
 
         if missing_relations:
             raise RelationsMissing(missing_relations)
 
+    def _build_cert_files(
+        self,
+        config: ConfigModel,
+    ):
+        cert_files_builder = FilesV3Builder()
+        for name, content in config.certificates_dict.items():
+            cert_files_builder.add_file(name, decode(content), mode=0o600)
+        return cert_files_builder.build()
+
     def build_pod_spec(self, image_info):
         # Validate config
         config = ConfigModel(**dict(self.config))
     def build_pod_spec(self, image_info):
         # Validate config
         config = ConfigModel(**dict(self.config))
@@ -115,6 +152,9 @@ class RoCharm(CharmedOsmBase):
         pod_spec_builder = PodSpecV3Builder()
         # Build Container
         container_builder = ContainerV3Builder(self.app.name, image_info)
         pod_spec_builder = PodSpecV3Builder()
         # Build Container
         container_builder = ContainerV3Builder(self.app.name, image_info)
+        certs_files = self._build_cert_files(config)
+        if certs_files:
+            container_builder.add_volume_config("certs", "/certs", certs_files)
         container_builder.add_port(name=self.app.name, port=PORT)
         container_builder.add_http_readiness_probe(
             "/ro/" if config.enable_ng_ro else "/openmano/tenants",
         container_builder.add_port(name=self.app.name, port=PORT)
         container_builder.add_http_readiness_probe(
             "/ro/" if config.enable_ng_ro else "/openmano/tenants",