X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fng-ui%2Fsrc%2Fcharm.py;h=39675d05732a0831abb3b2e5f6911d8b36e50748;hb=540d93716ee0a4c4ffd070120779c1c40f6f353c;hp=5388466e8a47ec783ca9e4fbd661dd2e4e0f1883;hpb=d68e0b4f0bc482d61f2e2a775b899237e15f93e9;p=osm%2Fdevops.git

diff --git a/installers/charm/ng-ui/src/charm.py b/installers/charm/ng-ui/src/charm.py
index 5388466e..39675d05 100755
--- a/installers/charm/ng-ui/src/charm.py
+++ b/installers/charm/ng-ui/src/charm.py
@@ -54,6 +54,8 @@ class ConfigModel(ModelValidator):
     ingress_class: Optional[str]
     ingress_whitelist_source_range: Optional[str]
     tls_secret_name: Optional[str]
+    image_pull_policy: str
+    security_context: bool
 
     @validator("port")
     def validate_port(cls, v):
@@ -81,6 +83,18 @@ class ConfigModel(ModelValidator):
             ip_network(v)
         return v
 
+    @validator("image_pull_policy")
+    def validate_image_pull_policy(cls, v):
+        values = {
+            "always": "Always",
+            "ifnotpresent": "IfNotPresent",
+            "never": "Never",
+        }
+        v = v.lower()
+        if v not in values.keys():
+            raise ValueError("value must be always, ifnotpresent or never")
+        return values[v]
+
 
 class NgUiCharm(CharmedOsmBase):
     def __init__(self, *args) -> NoReturn:
@@ -103,7 +117,7 @@ class NgUiCharm(CharmedOsmBase):
         files_builder = FilesV3Builder()
         files_builder.add_file(
             "default",
-            Template(Path("files/default").read_text()).substitute(
+            Template(Path("templates/default.template").read_text()).substitute(
                 port=config.port,
                 server_name=config.server_name,
                 max_file_size=config.max_file_size,
@@ -119,9 +133,16 @@ class NgUiCharm(CharmedOsmBase):
         # Check relations
         self._check_missing_dependencies(config)
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=config.security_context
+        )
         # Build Container
-        container_builder = ContainerV3Builder(self.app.name, image_info)
+        container_builder = ContainerV3Builder(
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=config.security_context,
+        )
         container_builder.add_port(name=self.app.name, port=config.port)
         container = container_builder.build()
         container_builder.add_tcpsocket_readiness_probe(