installers/charm/ng-ui/src/charm.py

   1 #!/usr/bin/env python3
   2 # Copyright 2021 Canonical Ltd.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
   5 # not use this file except in compliance with the License. You may obtain
   6 # a copy of the License at
   7 #
   8 #         http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13 # License for the specific language governing permissions and limitations
  14 # under the License.
  15 #
  16 # For those usages not covered by the Apache License, Version 2.0 please
  17 # contact: legal@canonical.com
  18 #
  19 # To get in touch with the maintainers, please contact:
  20 # osm-charmers@lists.launchpad.net
  21 ##
  22
  23 # pylint: disable=E0213
  24
  25
  26 from ipaddress import ip_network
  27 import logging
  28 from pathlib import Path
  29 from string import Template
  30 from typing import NoReturn, Optional
  31 from urllib.parse import urlparse
  32
  33 from ops.main import main
  34 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
  35 from opslib.osm.interfaces.http import HttpClient
  36 from opslib.osm.pod import (
  37     ContainerV3Builder,
  38     FilesV3Builder,
  39     IngressResourceV3Builder,
  40     PodSpecV3Builder,
  41 )
  42 from opslib.osm.validator import ModelValidator, validator
  43
  44
  45 logger = logging.getLogger(__name__)
  46
  47
  48 class ConfigModel(ModelValidator):
  49     port: int
  50     server_name: str
  51     max_file_size: int
  52     site_url: Optional[str]
  53     cluster_issuer: Optional[str]
  54     ingress_class: Optional[str]
  55     ingress_whitelist_source_range: Optional[str]
  56     tls_secret_name: Optional[str]
  57     image_pull_policy: str
  58     security_context: bool
  59
  60     @validator("port")
  61     def validate_port(cls, v):
  62         if v <= 0:
  63             raise ValueError("value must be greater than 0")
  64         return v
  65
  66     @validator("max_file_size")
  67     def validate_max_file_size(cls, v):
  68         if v < 0:
  69             raise ValueError("value must be equal or greater than 0")
  70         return v
  71
  72     @validator("site_url")
  73     def validate_site_url(cls, v):
  74         if v:
  75             parsed = urlparse(v)
  76             if not parsed.scheme.startswith("http"):
  77                 raise ValueError("value must start with http")
  78         return v
  79
  80     @validator("ingress_whitelist_source_range")
  81     def validate_ingress_whitelist_source_range(cls, v):
  82         if v:
  83             ip_network(v)
  84         return v
  85
  86     @validator("image_pull_policy")
  87     def validate_image_pull_policy(cls, v):
  88         values = {
  89             "always": "Always",
  90             "ifnotpresent": "IfNotPresent",
  91             "never": "Never",
  92         }
  93         v = v.lower()
  94         if v not in values.keys():
  95             raise ValueError("value must be always, ifnotpresent or never")
  96         return values[v]
  97
  98
  99 class NgUiCharm(CharmedOsmBase):
 100     def __init__(self, *args) -> NoReturn:
 101         super().__init__(*args, oci_image="image")
 102
 103         self.nbi_client = HttpClient(self, "nbi")
 104         self.framework.observe(self.on["nbi"].relation_changed, self.configure_pod)
 105         self.framework.observe(self.on["nbi"].relation_broken, self.configure_pod)
 106
 107     def _check_missing_dependencies(self, config: ConfigModel):
 108         missing_relations = []
 109
 110         if self.nbi_client.is_missing_data_in_app():
 111             missing_relations.append("nbi")
 112
 113         if missing_relations:
 114             raise RelationsMissing(missing_relations)
 115
 116     def _build_files(self, config: ConfigModel):
 117         files_builder = FilesV3Builder()
 118         files_builder.add_file(
 119             "default",
 120             Template(Path("templates/default.template").read_text()).substitute(
 121                 port=config.port,
 122                 server_name=config.server_name,
 123                 max_file_size=config.max_file_size,
 124                 nbi_host=self.nbi_client.host,
 125                 nbi_port=self.nbi_client.port,
 126             ),
 127         )
 128         return files_builder.build()
 129
 130     def build_pod_spec(self, image_info):
 131         # Validate config
 132         config = ConfigModel(**dict(self.config))
 133         # Check relations
 134         self._check_missing_dependencies(config)
 135         # Create Builder for the PodSpec
 136         pod_spec_builder = PodSpecV3Builder(
 137             enable_security_context=config.security_context
 138         )
 139         # Build Container
 140         container_builder = ContainerV3Builder(
 141             self.app.name,
 142             image_info,
 143             config.image_pull_policy,
 144             run_as_non_root=config.security_context,
 145         )
 146         container_builder.add_port(name=self.app.name, port=config.port)
 147         container = container_builder.build()
 148         container_builder.add_tcpsocket_readiness_probe(
 149             config.port,
 150             initial_delay_seconds=45,
 151             timeout_seconds=5,
 152         )
 153         container_builder.add_tcpsocket_liveness_probe(
 154             config.port,
 155             initial_delay_seconds=45,
 156             timeout_seconds=15,
 157         )
 158         container_builder.add_volume_config(
 159             "configuration",
 160             "/etc/nginx/sites-available/",
 161             self._build_files(config),
 162         )
 163         # Add container to pod spec
 164         pod_spec_builder.add_container(container)
 165         # Add ingress resources to pod spec if site url exists
 166         if config.site_url:
 167             parsed = urlparse(config.site_url)
 168             annotations = {
 169                 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
 170                     str(config.max_file_size) + "m"
 171                     if config.max_file_size > 0
 172                     else config.max_file_size
 173                 )
 174             }
 175             if config.ingress_class:
 176                 annotations["kubernetes.io/ingress.class"] = config.ingress_class
 177             ingress_resource_builder = IngressResourceV3Builder(
 178                 f"{self.app.name}-ingress", annotations
 179             )
 180
 181             if config.ingress_whitelist_source_range:
 182                 annotations[
 183                     "nginx.ingress.kubernetes.io/whitelist-source-range"
 184                 ] = config.ingress_whitelist_source_range
 185
 186             if config.cluster_issuer:
 187                 annotations["cert-manager.io/cluster-issuer"] = config.cluster_issuer
 188
 189             if parsed.scheme == "https":
 190                 ingress_resource_builder.add_tls(
 191                     [parsed.hostname], config.tls_secret_name
 192                 )
 193             else:
 194                 annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
 195
 196             ingress_resource_builder.add_rule(
 197                 parsed.hostname, self.app.name, config.port
 198             )
 199             ingress_resource = ingress_resource_builder.build()
 200             pod_spec_builder.add_ingress_resource(ingress_resource)
 201         return pod_spec_builder.build()
 202
 203
 204 if __name__ == "__main__":
 205     main(NgUiCharm)