2 # Copyright 2021 Canonical Ltd.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
23 # pylint: disable=E0213
27 from typing
import Optional
, NoReturn
28 from ipaddress
import ip_network
29 from urllib
.parse
import urlparse
31 from ops
.main
import main
33 from opslib
.osm
.charm
import CharmedOsmBase
, RelationsMissing
35 from opslib
.osm
.pod
import (
39 IngressResourceV3Builder
,
43 from opslib
.osm
.validator
import (
48 from opslib
.osm
.interfaces
.http
import HttpClient
49 from string
import Template
50 from pathlib
import Path
52 logger
= logging
.getLogger(__name__
)
55 class ConfigModel(ModelValidator
):
59 site_url
: Optional
[str]
60 ingress_whitelist_source_range
: Optional
[str]
61 tls_secret_name
: Optional
[str]
64 def validate_port(cls
, v
):
66 raise ValueError("value must be greater than 0")
69 @validator("max_file_size")
70 def validate_max_file_size(cls
, v
):
72 raise ValueError("value must be equal or greater than 0")
75 @validator("site_url")
76 def validate_site_url(cls
, v
):
79 if not parsed
.scheme
.startswith("http"):
80 raise ValueError("value must start with http")
83 @validator("ingress_whitelist_source_range")
84 def validate_ingress_whitelist_source_range(cls
, v
):
90 class NgUiCharm(CharmedOsmBase
):
91 def __init__(self
, *args
) -> NoReturn
:
92 super().__init
__(*args
, oci_image
="image")
94 self
.nbi_client
= HttpClient(self
, "nbi")
95 self
.framework
.observe(self
.on
["nbi"].relation_changed
, self
.configure_pod
)
96 self
.framework
.observe(self
.on
["nbi"].relation_broken
, self
.configure_pod
)
98 def _check_missing_dependencies(self
, config
: ConfigModel
):
99 missing_relations
= []
101 if self
.nbi_client
.is_missing_data_in_app():
102 missing_relations
.append("nbi")
104 if missing_relations
:
105 raise RelationsMissing(missing_relations
)
107 def _build_files(self
, config
: ConfigModel
):
108 files_builder
= FilesV3Builder()
109 files_builder
.add_file(
111 Template(Path("files/default").read_text()).substitute(
113 server_name
=config
.server_name
,
114 max_file_size
=config
.max_file_size
,
115 nbi_host
=self
.nbi_client
.host
,
116 nbi_port
=self
.nbi_client
.port
,
119 return files_builder
.build()
121 def build_pod_spec(self
, image_info
):
123 config
= ConfigModel(**dict(self
.config
))
125 self
._check
_missing
_dependencies
(config
)
126 # Create Builder for the PodSpec
127 pod_spec_builder
= PodSpecV3Builder()
129 container_builder
= ContainerV3Builder(self
.app
.name
, image_info
)
130 container_builder
.add_port(name
=self
.app
.name
, port
=config
.port
)
131 container
= container_builder
.build()
132 container_builder
.add_tcpsocket_readiness_probe(
134 initial_delay_seconds
=45,
137 container_builder
.add_tcpsocket_liveness_probe(
139 initial_delay_seconds
=45,
142 container_builder
.add_volume_config(
144 "/etc/nginx/sites-available/",
145 self
._build
_files
(config
),
147 # Add container to pod spec
148 pod_spec_builder
.add_container(container
)
149 # Add ingress resources to pod spec if site url exists
151 parsed
= urlparse(config
.site_url
)
153 "nginx.ingress.kubernetes.io/proxy-body-size": "{}".format(
154 str(config
.max_file_size
) + "m"
155 if config
.max_file_size
> 0
156 else config
.max_file_size
159 ingress_resource_builder
= IngressResourceV3Builder(
160 f
"{self.app.name}-ingress", annotations
163 if config
.ingress_whitelist_source_range
:
165 "nginx.ingress.kubernetes.io/whitelist-source-range"
166 ] = config
.ingress_whitelist_source_range
168 if parsed
.scheme
== "https":
169 ingress_resource_builder
.add_tls(
170 [parsed
.hostname
], config
.tls_secret_name
173 annotations
["nginx.ingress.kubernetes.io/ssl-redirect"] = "false"
175 ingress_resource_builder
.add_rule(
176 parsed
.hostname
, self
.app
.name
, config
.port
178 ingress_resource
= ingress_resource_builder
.build()
179 pod_spec_builder
.add_ingress_resource(ingress_resource
)
180 return pod_spec_builder
.build()
183 if __name__
== "__main__":