projects / osm / devops.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Adding security_context flag to charms
[osm/devops.git] / installers / charm / mongodb-exporter / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25 from ipaddress import ip_network
26 import logging
27 from pathlib import Path
28 from typing import NoReturn, Optional
29 from urllib.parse import urlparse
30
31 from ops.main import main
32 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
33 from opslib.osm.interfaces.grafana import GrafanaDashboardTarget
34 from opslib.osm.interfaces.mongo import MongoClient
35 from opslib.osm.interfaces.prometheus import PrometheusScrapeTarget
36 from opslib.osm.pod import (
37 ContainerV3Builder,
38 IngressResourceV3Builder,
39 PodRestartPolicy,
40 PodSpecV3Builder,
41 )
42 from opslib.osm.validator import ModelValidator, validator
43
44
45 logger = logging.getLogger(__name__)
46
47 PORT = 9216
48
49
50 class ConfigModel(ModelValidator):
51 site_url: Optional[str]
52 cluster_issuer: Optional[str]
53 ingress_class: Optional[str]
54 ingress_whitelist_source_range: Optional[str]
55 tls_secret_name: Optional[str]
56 mongodb_uri: Optional[str]
57 image_pull_policy: str
58 security_context: bool
59
60 @validator("site_url")
61 def validate_site_url(cls, v):
62 if v:
63 parsed = urlparse(v)
64 if not parsed.scheme.startswith("http"):
65 raise ValueError("value must start with http")
66 return v
67
68 @validator("ingress_whitelist_source_range")
69 def validate_ingress_whitelist_source_range(cls, v):
70 if v:
71 ip_network(v)
72 return v
73
74 @validator("mongodb_uri")
75 def validate_mongodb_uri(cls, v):
76 if v and not v.startswith("mongodb://"):
77 raise ValueError("mongodb_uri is not properly formed")
78 return v
79
80 @validator("image_pull_policy")
81 def validate_image_pull_policy(cls, v):
82 values = {
83 "always": "Always",
84 "ifnotpresent": "IfNotPresent",
85 "never": "Never",
86 }
87 v = v.lower()
88 if v not in values.keys():
89 raise ValueError("value must be always, ifnotpresent or never")
90 return values[v]
91
92
93 class MongodbExporterCharm(CharmedOsmBase):
94 def __init__(self, *args) -> NoReturn:
95 super().__init__(*args, oci_image="image")
96
97 # Provision Kafka relation to exchange information
98 self.mongodb_client = MongoClient(self, "mongodb")
99 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
100 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
101
102 # Register relation to provide a Scraping Target
103 self.scrape_target = PrometheusScrapeTarget(self, "prometheus-scrape")
104 self.framework.observe(
105 self.on["prometheus-scrape"].relation_joined, self._publish_scrape_info
106 )
107
108 # Register relation to provide a Dasboard Target
109 self.dashboard_target = GrafanaDashboardTarget(self, "grafana-dashboard")
110 self.framework.observe(
111 self.on["grafana-dashboard"].relation_joined, self._publish_dashboard_info
112 )
113
114 def _publish_scrape_info(self, event) -> NoReturn:
115 """Publishes scraping information for Prometheus.
116
117 Args:
118 event (EventBase): Prometheus relation event.
119 """
120 if self.unit.is_leader():
121 hostname = (
122 urlparse(self.model.config["site_url"]).hostname
123 if self.model.config["site_url"]
124 else self.model.app.name
125 )
126 port = str(PORT)
127 if self.model.config.get("site_url", "").startswith("https://"):
128 port = "443"
129 elif self.model.config.get("site_url", "").startswith("http://"):
130 port = "80"
131
132 self.scrape_target.publish_info(
133 hostname=hostname,
134 port=port,
135 metrics_path="/metrics",
136 scrape_interval="30s",
137 scrape_timeout="15s",
138 )
139
140 def _publish_dashboard_info(self, event) -> NoReturn:
141 """Publish dashboards for Grafana.
142
143 Args:
144 event (EventBase): Grafana relation event.
145 """
146 if self.unit.is_leader():
147 self.dashboard_target.publish_info(
148 name="osm-mongodb",
149 dashboard=Path("templates/mongodb_exporter_dashboard.json").read_text(),
150 )
151
152 def _check_missing_dependencies(self, config: ConfigModel):
153 """Check if there is any relation missing.
154
155 Args:
156 config (ConfigModel): object with configuration information.
157
158 Raises:
159 RelationsMissing: if kafka is missing.
160 """
161 missing_relations = []
162
163 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
164 missing_relations.append("mongodb")
165
166 if missing_relations:
167 raise RelationsMissing(missing_relations)
168
169 def build_pod_spec(self, image_info):
170 """Build the PodSpec to be used.
171
172 Args:
173 image_info (str): container image information.
174
175 Returns:
176 Dict: PodSpec information.
177 """
178 # Validate config
179 config = ConfigModel(**dict(self.config))
180
181 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
182 raise Exception("Mongodb data cannot be provided via config and relation")
183
184 # Check relations
185 self._check_missing_dependencies(config)
186
187 unparsed = (
188 config.mongodb_uri
189 if config.mongodb_uri
190 else self.mongodb_client.connection_string
191 )
192 parsed = urlparse(unparsed)
193 mongodb_uri = f"mongodb://{parsed.netloc.split(',')[0]}{parsed.path}"
194 if parsed.query:
195 mongodb_uri += f"?{parsed.query}"
196
197 # Create Builder for the PodSpec
198 pod_spec_builder = PodSpecV3Builder(
199 enable_security_context=config.security_context
200 )
201
202 # Add secrets to the pod
203 mongodb_secret_name = f"{self.app.name}-mongodb-secret"
204 pod_spec_builder.add_secret(mongodb_secret_name, {"uri": mongodb_uri})
205
206 # Build container
207 container_builder = ContainerV3Builder(
208 self.app.name,
209 image_info,
210 config.image_pull_policy,
211 run_as_non_root=config.security_context,
212 )
213 container_builder.add_port(name=self.app.name, port=PORT)
214 container_builder.add_http_readiness_probe(
215 path="/api/health",
216 port=PORT,
217 initial_delay_seconds=10,
218 period_seconds=10,
219 timeout_seconds=5,
220 success_threshold=1,
221 failure_threshold=3,
222 )
223 container_builder.add_http_liveness_probe(
224 path="/api/health",
225 port=PORT,
226 initial_delay_seconds=60,
227 timeout_seconds=30,
228 failure_threshold=10,
229 )
230
231 container_builder.add_secret_envs(mongodb_secret_name, {"MONGODB_URI": "uri"})
232 container = container_builder.build()
233
234 # Add container to PodSpec
235 pod_spec_builder.add_container(container)
236
237 # Add Pod restart policy
238 restart_policy = PodRestartPolicy()
239 restart_policy.add_secrets(secret_names=(mongodb_secret_name,))
240 pod_spec_builder.set_restart_policy(restart_policy)
241
242 # Add ingress resources to PodSpec if site url exists
243 if config.site_url:
244 parsed = urlparse(config.site_url)
245 annotations = {}
246 if config.ingress_class:
247 annotations["kubernetes.io/ingress.class"] = config.ingress_class
248 ingress_resource_builder = IngressResourceV3Builder(
249 f"{self.app.name}-ingress", annotations
250 )
251
252 if config.ingress_whitelist_source_range:
253 annotations[
254 "nginx.ingress.kubernetes.io/whitelist-source-range"
255 ] = config.ingress_whitelist_source_range
256
257 if config.cluster_issuer:
258 annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
259
260 if parsed.scheme == "https":
261 ingress_resource_builder.add_tls(
262 [parsed.hostname], config.tls_secret_name
263 )
264 else:
265 annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
266
267 ingress_resource_builder.add_rule(parsed.hostname, self.app.name, PORT)
268 ingress_resource = ingress_resource_builder.build()
269 pod_spec_builder.add_ingress_resource(ingress_resource)
270
271 return pod_spec_builder.build()
272
273
274 if __name__ == "__main__":
275 main(MongodbExporterCharm)