# pylint: disable=E0213
+import base64
from ipaddress import ip_network
import logging
from typing import NoReturn, Optional
from urllib.parse import urlparse
+import bcrypt
from oci_image import OCIImageResource
from ops.framework import EventBase
from ops.main import main
enable_web_admin_api: bool
image_pull_policy: str
security_context: bool
+ web_config_username: str
+ web_config_password: str
@validator("web_subpath")
def validate_web_subpath(cls, v):
else:
event.fail(f"status-code: {result.status_code}")
- def _build_files(self, config: ConfigModel):
+ def _build_config_file(self, config: ConfigModel):
files_builder = FilesV3Builder()
files_builder.add_file(
"prometheus.yml",
)
return files_builder.build()
+ def _build_webconfig_file(self):
+ files_builder = FilesV3Builder()
+ files_builder.add_file("web.yml", "web-config-file", secret=True)
+ return files_builder.build()
+
def build_pod_spec(self, image_info):
# Validate config
config = ConfigModel(**dict(self.config))
backup_image_info = backup_image.fetch()
backup_container_builder = ContainerV3Builder("prom-backup", backup_image_info)
backup_container = backup_container_builder.build()
+
# Add backup container to pod spec
pod_spec_builder.add_container(backup_container)
+ # Add pod secrets
+ prometheus_secret_name = f"{self.app.name}-secret"
+ pod_spec_builder.add_secret(
+ prometheus_secret_name,
+ {
+ "web-config-file": (
+ "basic_auth_users:\n"
+ f" {config.web_config_username}: {self._hash_password(config.web_config_password)}\n"
+ )
+ },
+ )
+
# Build Container
container_builder = ContainerV3Builder(
self.app.name,
run_as_non_root=config.security_context,
)
container_builder.add_port(name=self.app.name, port=PORT)
+ token = self._base64_encode(
+ f"{config.web_config_username}:{config.web_config_password}"
+ )
container_builder.add_http_readiness_probe(
"/-/ready",
PORT,
initial_delay_seconds=10,
timeout_seconds=30,
+ http_headers=[("Authorization", f"Basic {token}")],
)
container_builder.add_http_liveness_probe(
"/-/healthy",
PORT,
initial_delay_seconds=30,
period_seconds=30,
+ http_headers=[("Authorization", f"Basic {token}")],
)
command = [
"/bin/prometheus",
"--config.file=/etc/prometheus/prometheus.yml",
+ "--web.config.file=/etc/prometheus/web-config/web.yml",
"--storage.tsdb.path=/prometheus",
"--web.console.libraries=/usr/share/prometheus/console_libraries",
"--web.console.templates=/usr/share/prometheus/consoles",
command.append("--web.enable-admin-api")
container_builder.add_command(command)
container_builder.add_volume_config(
- "config", "/etc/prometheus", self._build_files(config)
+ "config", "/etc/prometheus", self._build_config_file(config)
+ )
+ container_builder.add_volume_config(
+ "web-config",
+ "/etc/prometheus/web-config",
+ self._build_webconfig_file(),
+ secret_name=prometheus_secret_name,
)
container = container_builder.build()
# Add container to pod spec
pod_spec_builder.add_ingress_resource(ingress_resource)
return pod_spec_builder.build()
+ def _hash_password(self, password):
+ hashed_password = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
+ return hashed_password.decode()
+
+ def _base64_encode(self, phrase: str) -> str:
+ return base64.b64encode(phrase.encode("utf-8")).decode("utf-8")
+
if __name__ == "__main__":
main(PrometheusCharm)
projects / osm / devops.git / commitdiff