X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fmongodb-exporter%2Fsrc%2Fcharm.py;h=0ee127c821adec10c905fe4bae7232c58487f4fd;hb=HEAD;hp=149940a6e01ed9e50b588995da132f23a4873bca;hpb=d68e0b4f0bc482d61f2e2a775b899237e15f93e9;p=osm%2Fdevops.git

diff --git a/installers/charm/mongodb-exporter/src/charm.py b/installers/charm/mongodb-exporter/src/charm.py
index 149940a6..0ee127c8 100755
--- a/installers/charm/mongodb-exporter/src/charm.py
+++ b/installers/charm/mongodb-exporter/src/charm.py
@@ -36,6 +36,7 @@ from opslib.osm.interfaces.prometheus import PrometheusScrapeTarget
 from opslib.osm.pod import (
     ContainerV3Builder,
     IngressResourceV3Builder,
+    PodRestartPolicy,
     PodSpecV3Builder,
 )
 from opslib.osm.validator import ModelValidator, validator
@@ -53,6 +54,8 @@ class ConfigModel(ModelValidator):
     ingress_whitelist_source_range: Optional[str]
     tls_secret_name: Optional[str]
     mongodb_uri: Optional[str]
+    image_pull_policy: str
+    security_context: bool
 
     @validator("site_url")
     def validate_site_url(cls, v):
@@ -74,6 +77,18 @@ class ConfigModel(ModelValidator):
             raise ValueError("mongodb_uri is not properly formed")
         return v
 
+    @validator("image_pull_policy")
+    def validate_image_pull_policy(cls, v):
+        values = {
+            "always": "Always",
+            "ifnotpresent": "IfNotPresent",
+            "never": "Never",
+        }
+        v = v.lower()
+        if v not in values.keys():
+            raise ValueError("value must be always, ifnotpresent or never")
+        return values[v]
+
 
 class MongodbExporterCharm(CharmedOsmBase):
     def __init__(self, *args) -> NoReturn:
@@ -131,7 +146,7 @@ class MongodbExporterCharm(CharmedOsmBase):
         if self.unit.is_leader():
             self.dashboard_target.publish_info(
                 name="osm-mongodb",
-                dashboard=Path("files/mongodb_exporter_dashboard.json").read_text(),
+                dashboard=Path("templates/mongodb_exporter_dashboard.json").read_text(),
             )
 
     def _check_missing_dependencies(self, config: ConfigModel):
@@ -169,12 +184,33 @@ class MongodbExporterCharm(CharmedOsmBase):
         # Check relations
         self._check_missing_dependencies(config)
 
+        unparsed = (
+            config.mongodb_uri
+            if config.mongodb_uri
+            else self.mongodb_client.connection_string
+        )
+        parsed = urlparse(unparsed)
+        mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}"
+        if parsed.query:
+            mongodb_uri += f"?{parsed.query}"
+
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=config.security_context
+        )
+
+        # Add secrets to the pod
+        mongodb_secret_name = f"{self.app.name}-mongodb-secret"
+        pod_spec_builder.add_secret(mongodb_secret_name, {"uri": mongodb_uri})
 
         # Build container
-        container_builder = ContainerV3Builder(self.app.name, image_info)
-        container_builder.add_port(name=self.app.name, port=PORT)
+        container_builder = ContainerV3Builder(
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=config.security_context,
+        )
+        container_builder.add_port(name="exporter", port=PORT)
         container_builder.add_http_readiness_probe(
             path="/api/health",
             port=PORT,
@@ -192,26 +228,17 @@ class MongodbExporterCharm(CharmedOsmBase):
             failure_threshold=10,
         )
 
-        unparsed = (
-            config.mongodb_uri
-            if config.mongodb_uri
-            else self.mongodb_client.connection_string
-        )
-        parsed = urlparse(unparsed)
-        mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}"
-        if parsed.query:
-            mongodb_uri += f"?{parsed.query}"
-
-        container_builder.add_envs(
-            {
-                "MONGODB_URI": mongodb_uri,
-            }
-        )
+        container_builder.add_secret_envs(mongodb_secret_name, {"MONGODB_URI": "uri"})
         container = container_builder.build()
 
         # Add container to PodSpec
         pod_spec_builder.add_container(container)
 
+        # Add Pod restart policy
+        restart_policy = PodRestartPolicy()
+        restart_policy.add_secrets(secret_names=(mongodb_secret_name,))
+        pod_spec_builder.set_restart_policy(restart_policy)
+
         # Add ingress resources to PodSpec if site url exists
         if config.site_url:
             parsed = urlparse(config.site_url)
@@ -241,8 +268,6 @@ class MongodbExporterCharm(CharmedOsmBase):
             ingress_resource = ingress_resource_builder.build()
             pod_spec_builder.add_ingress_resource(ingress_resource)
 
-        logger.debug(pod_spec_builder.build())
-
         return pod_spec_builder.build()