X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fmysqld-exporter%2Fsrc%2Fcharm.py;h=46588b9a07d34c0e379ef9ecbb63fe370d4ba0b7;hb=cc4378a7b1182e3c01fa94fd84af8097fa4be2b2;hp=a0015cc115fa68c4b80bf1d548540d0155f51924;hpb=0dc25b3c932a7831f23e8d93d6d75be5c284877e;p=osm%2Fdevops.git

diff --git a/installers/charm/mysqld-exporter/src/charm.py b/installers/charm/mysqld-exporter/src/charm.py
index a0015cc1..46588b9a 100755
--- a/installers/charm/mysqld-exporter/src/charm.py
+++ b/installers/charm/mysqld-exporter/src/charm.py
@@ -36,6 +36,7 @@ from opslib.osm.interfaces.prometheus import PrometheusScrapeTarget
 from opslib.osm.pod import (
     ContainerV3Builder,
     IngressResourceV3Builder,
+    PodRestartPolicy,
     PodSpecV3Builder,
 )
 from opslib.osm.validator import ModelValidator, validator
@@ -54,6 +55,7 @@ class ConfigModel(ModelValidator):
     tls_secret_name: Optional[str]
     mysql_uri: Optional[str]
     image_pull_policy: str
+    security_context: bool
 
     @validator("site_url")
     def validate_site_url(cls, v):
@@ -182,12 +184,30 @@ class MysqlExporterCharm(CharmedOsmBase):
         # Check relations
         self._check_missing_dependencies(config)
 
+        data_source = (
+            f'{config.mysql_uri.replace("mysql://", "").replace("@", "@(").split("/")[0]})/'
+            if config.mysql_uri
+            else f"root:{self.mysql_client.root_password}@({self.mysql_client.host}:{self.mysql_client.port})/"
+        )
+
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=config.security_context
+        )
+
+        # Add secrets to the pod
+        mysql_secret_name = f"{self.app.name}-mysql-secret"
+        pod_spec_builder.add_secret(
+            mysql_secret_name,
+            {"data_source": data_source},
+        )
 
         # Build container
         container_builder = ContainerV3Builder(
-            self.app.name, image_info, config.image_pull_policy
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=config.security_context,
         )
         container_builder.add_port(name=self.app.name, port=PORT)
         container_builder.add_http_readiness_probe(
@@ -206,23 +226,20 @@ class MysqlExporterCharm(CharmedOsmBase):
             timeout_seconds=30,
             failure_threshold=10,
         )
-
-        data_source = (
-            config.mysql_uri.replace("mysql://", "").split("/")[0]
-            if config.mysql_uri
-            else f"root:{self.mysql_client.root_password}@{self.mysql_client.host}:{self.mysql_client.port}"
+        container_builder.add_secret_envs(
+            mysql_secret_name, {"DATA_SOURCE_NAME": "data_source"}
         )
 
-        container_builder.add_envs(
-            {
-                "DATA_SOURCE_NAME": data_source,
-            }
-        )
         container = container_builder.build()
 
         # Add container to PodSpec
         pod_spec_builder.add_container(container)
 
+        # Add Pod restart policy
+        restart_policy = PodRestartPolicy()
+        restart_policy.add_secrets(secret_names=(mysql_secret_name))
+        pod_spec_builder.set_restart_policy(restart_policy)
+
         # Add ingress resources to PodSpec if site url exists
         if config.site_url:
             parsed = urlparse(config.site_url)
@@ -252,8 +269,6 @@ class MysqlExporterCharm(CharmedOsmBase):
             ingress_resource = ingress_resource_builder.build()
             pod_spec_builder.add_ingress_resource(ingress_resource)
 
-        logger.debug(pod_spec_builder.build())
-
         return pod_spec_builder.build()