X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=installers%2Fcharm%2Fmongodb-exporter%2Fsrc%2Fcharm.py;h=500a1e3d9753a84aa631791abedc0bbad23c7ad3;hb=540d93716ee0a4c4ffd070120779c1c40f6f353c;hp=d839d82f57ae1e5234b60974ae7138726d50f265;hpb=0dc25b3c932a7831f23e8d93d6d75be5c284877e;p=osm%2Fdevops.git

diff --git a/installers/charm/mongodb-exporter/src/charm.py b/installers/charm/mongodb-exporter/src/charm.py
index d839d82f..500a1e3d 100755
--- a/installers/charm/mongodb-exporter/src/charm.py
+++ b/installers/charm/mongodb-exporter/src/charm.py
@@ -36,6 +36,7 @@ from opslib.osm.interfaces.prometheus import PrometheusScrapeTarget
 from opslib.osm.pod import (
     ContainerV3Builder,
     IngressResourceV3Builder,
+    PodRestartPolicy,
     PodSpecV3Builder,
 )
 from opslib.osm.validator import ModelValidator, validator
@@ -54,6 +55,7 @@ class ConfigModel(ModelValidator):
     tls_secret_name: Optional[str]
     mongodb_uri: Optional[str]
     image_pull_policy: str
+    security_context: bool
 
     @validator("site_url")
     def validate_site_url(cls, v):
@@ -182,12 +184,31 @@ class MongodbExporterCharm(CharmedOsmBase):
         # Check relations
         self._check_missing_dependencies(config)
 
+        unparsed = (
+            config.mongodb_uri
+            if config.mongodb_uri
+            else self.mongodb_client.connection_string
+        )
+        parsed = urlparse(unparsed)
+        mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}"
+        if parsed.query:
+            mongodb_uri += f"?{parsed.query}"
+
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=config.security_context
+        )
+
+        # Add secrets to the pod
+        mongodb_secret_name = f"{self.app.name}-mongodb-secret"
+        pod_spec_builder.add_secret(mongodb_secret_name, {"uri": mongodb_uri})
 
         # Build container
         container_builder = ContainerV3Builder(
-            self.app.name, image_info, config.image_pull_policy
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=config.security_context,
         )
         container_builder.add_port(name=self.app.name, port=PORT)
         container_builder.add_http_readiness_probe(
@@ -207,26 +228,17 @@ class MongodbExporterCharm(CharmedOsmBase):
             failure_threshold=10,
         )
 
-        unparsed = (
-            config.mongodb_uri
-            if config.mongodb_uri
-            else self.mongodb_client.connection_string
-        )
-        parsed = urlparse(unparsed)
-        mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}"
-        if parsed.query:
-            mongodb_uri += f"?{parsed.query}"
-
-        container_builder.add_envs(
-            {
-                "MONGODB_URI": mongodb_uri,
-            }
-        )
+        container_builder.add_secret_envs(mongodb_secret_name, {"MONGODB_URI": "uri"})
         container = container_builder.build()
 
         # Add container to PodSpec
         pod_spec_builder.add_container(container)
 
+        # Add Pod restart policy
+        restart_policy = PodRestartPolicy()
+        restart_policy.add_secrets(secret_names=(mongodb_secret_name,))
+        pod_spec_builder.set_restart_policy(restart_policy)
+
         # Add ingress resources to PodSpec if site url exists
         if config.site_url:
             parsed = urlparse(config.site_url)
@@ -256,8 +268,6 @@ class MongodbExporterCharm(CharmedOsmBase):
             ingress_resource = ingress_resource_builder.build()
             pod_spec_builder.add_ingress_resource(ingress_resource)
 
-        logger.debug(pod_spec_builder.build())
-
         return pod_spec_builder.build()