X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Flcm%2Fsrc%2Fcharm.py;h=aac1813a9bc4eb4ca26738145318c8351009325c;hb=72ac65cee3fd3307338c96036f5c0ed06daa3617;hp=af407e928a308228d0cb8f6f53a4678a866c87df;hpb=d680be4f261d4c580fcdf75abe11cfc29003915d;p=osm%2Fdevops.git diff --git a/installers/charm/lcm/src/charm.py b/installers/charm/lcm/src/charm.py index af407e92..aac1813a 100755 --- a/installers/charm/lcm/src/charm.py +++ b/installers/charm/lcm/src/charm.py @@ -32,7 +32,7 @@ from opslib.osm.charm import CharmedOsmBase, RelationsMissing from opslib.osm.interfaces.http import HttpClient from opslib.osm.interfaces.kafka import KafkaClient from opslib.osm.interfaces.mongo import MongoClient -from opslib.osm.pod import ContainerV3Builder, PodSpecV3Builder +from opslib.osm.pod import ContainerV3Builder, PodRestartPolicy, PodSpecV3Builder from opslib.osm.validator import ModelValidator, validator @@ -110,7 +110,9 @@ class ConfigModel(ModelValidator): vca_model_config_update_status_hook_interval: Optional[str] vca_stablerepourl: Optional[str] vca_helm_ca_certs: Optional[str] - image_pull_policy: Optional[str] + image_pull_policy: str + debug_mode: bool + security_context: bool @validator("log_level") def validate_log_level(cls, v): @@ -161,7 +163,10 @@ class LcmCharm(CharmedOsmBase): def _check_missing_dependencies(self, config: ConfigModel): missing_relations = [] - if self.kafka_client.is_missing_data_in_unit(): + if ( + self.kafka_client.is_missing_data_in_unit() + and self.kafka_client.is_missing_data_in_app() + ): missing_relations.append("kafka") if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit(): missing_relations.append("mongodb") @@ -181,12 +186,32 @@ class LcmCharm(CharmedOsmBase): # Check relations self._check_missing_dependencies(config) + security_context_enabled = ( + config.security_context if not config.debug_mode else False + ) + # Create Builder for the PodSpec - pod_spec_builder = PodSpecV3Builder() + pod_spec_builder = PodSpecV3Builder( + enable_security_context=security_context_enabled + ) + + # Add secrets to the pod + lcm_secret_name = f"{self.app.name}-lcm-secret" + pod_spec_builder.add_secret( + lcm_secret_name, + { + "uri": config.mongodb_uri or self.mongodb_client.connection_string, + "commonkey": config.database_commonkey, + "helm_ca_certs": config.vca_helm_ca_certs, + }, + ) # Build Container container_builder = ContainerV3Builder( - self.app.name, image_info, config.image_pull_policy + self.app.name, + image_info, + config.image_pull_policy, + run_as_non_root=security_context_enabled, ) container_builder.add_port(name=self.app.name, port=PORT) container_builder.add_envs( @@ -204,32 +229,50 @@ class LcmCharm(CharmedOsmBase): "OSMLCM_MESSAGE_PORT": self.kafka_client.port, # Database configuration "OSMLCM_DATABASE_DRIVER": "mongo", - "OSMLCM_DATABASE_URI": config.mongodb_uri - or self.mongodb_client.connection_string, - "OSMLCM_DATABASE_COMMONKEY": config.database_commonkey, # Storage configuration "OSMLCM_STORAGE_DRIVER": "mongo", "OSMLCM_STORAGE_PATH": "/app/storage", "OSMLCM_STORAGE_COLLECTION": "files", - "OSMLCM_STORAGE_URI": config.mongodb_uri - or self.mongodb_client.connection_string, "OSMLCM_VCA_STABLEREPOURL": config.vca_stablerepourl, - "OSMLCM_VCA_HELM_CA_CERTS": config.vca_helm_ca_certs, } ) + container_builder.add_secret_envs( + secret_name=lcm_secret_name, + envs={ + "OSMLCM_DATABASE_URI": "uri", + "OSMLCM_DATABASE_COMMONKEY": "commonkey", + "OSMLCM_STORAGE_URI": "uri", + "OSMLCM_VCA_HELM_CA_CERTS": "helm_ca_certs", + }, + ) if config.vca_host: - container_builder.add_envs( + vca_secret_name = f"{self.app.name}-vca-secret" + pod_spec_builder.add_secret( + vca_secret_name, { + "host": config.vca_host, + "port": str(config.vca_port), + "user": config.vca_user, + "pubkey": config.vca_pubkey, + "secret": config.vca_secret, + "cacert": config.vca_cacert, + "cloud": config.vca_cloud, + "k8s_cloud": config.vca_k8s_cloud, + }, + ) + container_builder.add_secret_envs( + secret_name=vca_secret_name, + envs={ # VCA configuration - "OSMLCM_VCA_HOST": config.vca_host, - "OSMLCM_VCA_PORT": config.vca_port, - "OSMLCM_VCA_USER": config.vca_user, - "OSMLCM_VCA_PUBKEY": config.vca_pubkey, - "OSMLCM_VCA_SECRET": config.vca_secret, - "OSMLCM_VCA_CACERT": config.vca_cacert, - "OSMLCM_VCA_CLOUD": config.vca_cloud, - "OSMLCM_VCA_K8S_CLOUD": config.vca_k8s_cloud, - } + "OSMLCM_VCA_HOST": "host", + "OSMLCM_VCA_PORT": "port", + "OSMLCM_VCA_USER": "user", + "OSMLCM_VCA_PUBKEY": "pubkey", + "OSMLCM_VCA_SECRET": "secret", + "OSMLCM_VCA_CACERT": "cacert", + "OSMLCM_VCA_CLOUD": "cloud", + "OSMLCM_VCA_K8S_CLOUD": "k8s_cloud", + }, ) if config.vca_apiproxy: container_builder.add_env("OSMLCM_VCA_APIPROXY", config.vca_apiproxy) @@ -246,13 +289,18 @@ class LcmCharm(CharmedOsmBase): # Add container to pod spec pod_spec_builder.add_container(container) + # Add restart policy + restart_policy = PodRestartPolicy() + restart_policy.add_secrets() + pod_spec_builder.set_restart_policy(restart_policy) + return pod_spec_builder.build() VSCODE_WORKSPACE = { "folders": [ {"path": "/usr/lib/python3/dist-packages/osm_lcm"}, - {"path": "/usr/lib/python3/dist-packages/osm_n2vc"}, + {"path": "/usr/lib/python3/dist-packages/n2vc"}, {"path": "/usr/lib/python3/dist-packages/osm_common"}, ], "settings": {},