installers/charm/ng-ui/src/charm.py

   1 #!/usr/bin/env python3
   2 # Copyright 2021 Canonical Ltd.
   3 #
   4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
   5 # not use this file except in compliance with the License. You may obtain
   6 # a copy of the License at
   7 #
   8 #         http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  13 # License for the specific language governing permissions and limitations
  14 # under the License.
  15 #
  16 # For those usages not covered by the Apache License, Version 2.0 please
  17 # contact: legal@canonical.com
  18 #
  19 # To get in touch with the maintainers, please contact:
  20 # osm-charmers@lists.launchpad.net
  21 ##
  22
  23 # pylint: disable=E0213
  24
  25
  26 import logging
  27 from typing import Optional, NoReturn
  28 from ipaddress import ip_network
  29 from urllib.parse import urlparse
  30
  31 from ops.main import main
  32
  33 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
  34
  35 from opslib.osm.pod import (
  36     ContainerV3Builder,
  37     PodSpecV3Builder,
  38     FilesV3Builder,
  39     IngressResourceV3Builder,
  40 )
  41
  42
  43 from opslib.osm.validator import (
  44     ModelValidator,
  45     validator,
  46 )
  47
  48 from opslib.osm.interfaces.http import HttpClient
  49 from string import Template
  50 from pathlib import Path
  51
  52 logger = logging.getLogger(__name__)
  53
  54
  55 class ConfigModel(ModelValidator):
  56     port: int
  57     server_name: str
  58     max_file_size: int
  59     site_url: Optional[str]
  60     ingress_whitelist_source_range: Optional[str]
  61     tls_secret_name: Optional[str]
  62
  63     @validator("port")
  64     def validate_port(cls, v):
  65         if v <= 0:
  66             raise ValueError("value must be greater than 0")
  67         return v
  68
  69     @validator("max_file_size")
  70     def validate_max_file_size(cls, v):
  71         if v < 0:
  72             raise ValueError("value must be equal or greater than 0")
  73         return v
  74
  75     @validator("site_url")
  76     def validate_site_url(cls, v):
  77         if v:
  78             parsed = urlparse(v)
  79             if not parsed.scheme.startswith("http"):
  80                 raise ValueError("value must start with http")
  81         return v
  82
  83     @validator("ingress_whitelist_source_range")
  84     def validate_ingress_whitelist_source_range(cls, v):
  85         if v:
  86             ip_network(v)
  87         return v
  88
  89
  90 class NgUiCharm(CharmedOsmBase):
  91     def __init__(self, *args) -> NoReturn:
  92         super().__init__(*args, oci_image="image")
  93
  94         self.nbi_client = HttpClient(self, "nbi")
  95         self.framework.observe(self.on["nbi"].relation_changed, self.configure_pod)
  96         self.framework.observe(self.on["nbi"].relation_broken, self.configure_pod)
  97
  98     def _check_missing_dependencies(self, config: ConfigModel):
  99         missing_relations = []
 100
 101         if self.nbi_client.is_missing_data_in_app():
 102             missing_relations.append("nbi")
 103
 104         if missing_relations:
 105             raise RelationsMissing(missing_relations)
 106
 107     def _build_files(self, config: ConfigModel):
 108         files_builder = FilesV3Builder()
 109         files_builder.add_file(
 110             "default",
 111             Template(Path("files/default").read_text()).substitute(
 112                 port=config.port,
 113                 server_name=config.server_name,
 114                 max_file_size=config.max_file_size,
 115                 nbi_host=self.nbi_client.host,
 116                 nbi_port=self.nbi_client.port,
 117             ),
 118         )
 119         return files_builder.build()
 120
 121     def build_pod_spec(self, image_info):
 122         # Validate config
 123         config = ConfigModel(**dict(self.config))
 124         # Check relations
 125         self._check_missing_dependencies(config)
 126         # Create Builder for the PodSpec
 127         pod_spec_builder = PodSpecV3Builder()
 128         # Build Container
 129         container_builder = ContainerV3Builder(self.app.name, image_info)
 130         container_builder.add_port(name=self.app.name, port=config.port)
 131         container = container_builder.build()
 132         container_builder.add_tcpsocket_readiness_probe(
 133             config.port,
 134             initial_delay_seconds=45,
 135             timeout_seconds=5,
 136         )
 137         container_builder.add_tcpsocket_liveness_probe(
 138             config.port,
 139             initial_delay_seconds=45,
 140             timeout_seconds=15,
 141         )
 142         container_builder.add_volume_config(
 143             "configuration",
 144             "/etc/nginx/sites-available/",
 145             self._build_files(config),
 146         )
 147         # Add container to pod spec
 148         pod_spec_builder.add_container(container)
 149         # Add ingress resources to pod spec if site url exists
 150         if config.site_url:
 151             parsed = urlparse(config.site_url)
 152             annotations = {
 153                 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
 154                     str(config.max_file_size) + "m"
 155                     if config.max_file_size > 0
 156                     else config.max_file_size
 157                 ),
 158             }
 159             ingress_resource_builder = IngressResourceV3Builder(
 160                 f"{self.app.name}-ingress", annotations
 161             )
 162
 163             if config.ingress_whitelist_source_range:
 164                 annotations[
 165                     "nginx.ingress.kubernetes.io/whitelist-source-range"
 166                 ] = config.ingress_whitelist_source_range
 167
 168             if parsed.scheme == "https":
 169                 ingress_resource_builder.add_tls(
 170                     [parsed.hostname], config.tls_secret_name
 171                 )
 172             else:
 173                 annotations["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
 174
 175             ingress_resource_builder.add_rule(
 176                 parsed.hostname, self.app.name, config.port
 177             )
 178             ingress_resource = ingress_resource_builder.build()
 179             pod_spec_builder.add_ingress_resource(ingress_resource)
 180         return pod_spec_builder.build()
 181
 182
 183 if __name__ == "__main__":
 184     main(NgUiCharm)