X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fkeystone%2Fsrc%2Fcharm.py;h=39a7a007eee4b8f0f278a37cce3b41bd4540726a;hb=542b2f8fb3c159e7f20150ad5814872bed02cc7c;hp=808af3bef2c72b6d0303b24e9c82dd73d2309b1a;hpb=141d935cdb913100f3abdfaf52a67d90dd6b5016;p=osm%2Fdevops.git

diff --git a/installers/charm/keystone/src/charm.py b/installers/charm/keystone/src/charm.py
index 808af3be..39a7a007 100755
--- a/installers/charm/keystone/src/charm.py
+++ b/installers/charm/keystone/src/charm.py
@@ -86,6 +86,7 @@ class ConfigModel(ModelValidator):
     mysql_port: Optional[int]
     mysql_root_password: Optional[str]
     image_pull_policy: str
+    security_context: bool
 
     @validator("max_file_size")
     def validate_max_file_size(cls, v):
@@ -266,9 +267,14 @@ class KeystoneCharm(CharmedOsmBase):
         self._check_missing_dependencies(config, external_db)
 
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=config.security_context
+        )
         container_builder = ContainerV3Builder(
-            self.app.name, image_info, config.image_pull_policy
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=config.security_context,
         )
 
         # Build files
@@ -366,14 +372,14 @@ class KeystoneCharm(CharmedOsmBase):
             ldap_secrets = {
                 "authentication_domain_name": config_ldap.ldap_authentication_domain_name,
                 "url": config_ldap.ldap_url,
-                "page_size": config_ldap.ldap_page_size,
+                "page_size": str(config_ldap.ldap_page_size),
                 "user_objectclass": config_ldap.ldap_user_objectclass,
                 "user_id_attribute": config_ldap.ldap_user_id_attribute,
                 "user_name_attribute": config_ldap.ldap_user_name_attribute,
                 "user_pass_attribute": config_ldap.ldap_user_pass_attribute,
-                "user_enabled_mask": config_ldap.ldap_user_enabled_mask,
+                "user_enabled_mask": str(config_ldap.ldap_user_enabled_mask),
                 "user_enabled_default": config_ldap.ldap_user_enabled_default,
-                "user_enabled_invert": config_ldap.ldap_user_enabled_invert,
+                "user_enabled_invert": str(config_ldap.ldap_user_enabled_invert),
                 "group_objectclass": config_ldap.ldap_group_objectclass,
             }
             ldap_envs = {
@@ -423,7 +429,7 @@ class KeystoneCharm(CharmedOsmBase):
                 ldap_envs["LDAP_TLS_CACERT_BASE64"] = "tls_cacert_base64"
 
             if config_ldap.ldap_use_starttls:
-                ldap_secrets["use_starttls"] = config_ldap.ldap_use_starttls
+                ldap_secrets["use_starttls"] = str(config_ldap.ldap_use_starttls)
                 ldap_secrets["tls_cacert_base64"] = config_ldap.ldap_tls_cacert_base64
                 ldap_secrets["tls_req_cert"] = config_ldap.ldap_tls_req_cert
                 ldap_envs["LDAP_USE_STARTTLS"] = "use_starttls"