X-Git-Url: https://osm.etsi.org/gitweb/?a=blobdiff_plain;f=installers%2Fcharm%2Fpol%2Fsrc%2Fcharm.py;h=345a87f4be3b754a65a20d81befed7e126bfaf58;hb=540d93716ee0a4c4ffd070120779c1c40f6f353c;hp=36eb8c608946597fb3ef3580f0cafd187bfb1bd5;hpb=0dc25b3c932a7831f23e8d93d6d75be5c284877e;p=osm%2Fdevops.git

diff --git a/installers/charm/pol/src/charm.py b/installers/charm/pol/src/charm.py
index 36eb8c60..345a87f4 100755
--- a/installers/charm/pol/src/charm.py
+++ b/installers/charm/pol/src/charm.py
@@ -34,6 +34,7 @@ from opslib.osm.interfaces.mongo import MongoClient
 from opslib.osm.interfaces.mysql import MysqlClient
 from opslib.osm.pod import (
     ContainerV3Builder,
+    PodRestartPolicy,
     PodSpecV3Builder,
 )
 from opslib.osm.validator import ModelValidator, validator
@@ -50,6 +51,8 @@ class ConfigModel(ModelValidator):
     mongodb_uri: Optional[str]
     mysql_uri: Optional[str]
     image_pull_policy: str
+    debug_mode: bool
+    security_context: bool
 
     @validator("log_level")
     def validate_log_level(cls, v):
@@ -129,12 +132,36 @@ class PolCharm(CharmedOsmBase):
         # Check relations
         self._check_missing_dependencies(config)
 
+        security_context_enabled = (
+            config.security_context if not config.debug_mode else False
+        )
+
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=security_context_enabled
+        )
+
+        # Add secrets to the pod
+        mongodb_secret_name = f"{self.app.name}-mongodb-secret"
+        pod_spec_builder.add_secret(
+            mongodb_secret_name,
+            {"uri": config.mongodb_uri or self.mongodb_client.connection_string},
+        )
+        mysql_secret_name = f"{self.app.name}-mysql-secret"
+        pod_spec_builder.add_secret(
+            mysql_secret_name,
+            {
+                "uri": config.mysql_uri
+                or self.mysql_client.get_root_uri(DEFAULT_MYSQL_DATABASE)
+            },
+        )
 
         # Build Container
         container_builder = ContainerV3Builder(
-            self.app.name, image_info, config.image_pull_policy
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=security_context_enabled,
         )
         container_builder.add_port(name=self.app.name, port=PORT)
         container_builder.add_envs(
@@ -148,14 +175,23 @@ class PolCharm(CharmedOsmBase):
                 "OSMPOL_MESSAGE_PORT": self.kafka_client.port,
                 # Database configuration
                 "OSMPOL_DATABASE_DRIVER": "mongo",
-                "OSMPOL_DATABASE_URI": config.mongodb_uri
-                or self.mongodb_client.connection_string,
-                "OSMPOL_SQL_DATABASE_URI": config.mysql_uri
-                or self.mysql_client.get_root_uri(DEFAULT_MYSQL_DATABASE),
             }
         )
+        container_builder.add_secret_envs(
+            mongodb_secret_name, {"OSMPOL_DATABASE_URI": "uri"}
+        )
+        container_builder.add_secret_envs(
+            mysql_secret_name, {"OSMPOL_SQL_DATABASE_URI": "uri"}
+        )
         container = container_builder.build()
 
+        # Add Pod restart policy
+        restart_policy = PodRestartPolicy()
+        restart_policy.add_secrets(
+            secret_names=(mongodb_secret_name, mysql_secret_name)
+        )
+        pod_spec_builder.set_restart_policy(restart_policy)
+
         # Add container to pod spec
         pod_spec_builder.add_container(container)