projects / osm / devops.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Adding security_context flag to charms
[osm/devops.git] / installers / charm / pla / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25
26 import logging
27 from typing import NoReturn, Optional
28
29 from ops.main import main
30 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
31 from opslib.osm.interfaces.kafka import KafkaClient
32 from opslib.osm.interfaces.mongo import MongoClient
33 from opslib.osm.pod import (
34 ContainerV3Builder,
35 PodRestartPolicy,
36 PodSpecV3Builder,
37 )
38 from opslib.osm.validator import ModelValidator, validator
39
40
41 logger = logging.getLogger(__name__)
42
43 PORT = 9999
44
45
46 class ConfigModel(ModelValidator):
47 database_commonkey: str
48 mongodb_uri: Optional[str]
49 log_level: str
50 image_pull_policy: str
51 security_context: bool
52
53 @validator("log_level")
54 def validate_log_level(cls, v):
55 if v not in {"INFO", "DEBUG"}:
56 raise ValueError("value must be INFO or DEBUG")
57 return v
58
59 @validator("mongodb_uri")
60 def validate_mongodb_uri(cls, v):
61 if v and not v.startswith("mongodb://"):
62 raise ValueError("mongodb_uri is not properly formed")
63 return v
64
65 @validator("image_pull_policy")
66 def validate_image_pull_policy(cls, v):
67 values = {
68 "always": "Always",
69 "ifnotpresent": "IfNotPresent",
70 "never": "Never",
71 }
72 v = v.lower()
73 if v not in values.keys():
74 raise ValueError("value must be always, ifnotpresent or never")
75 return values[v]
76
77
78 class PlaCharm(CharmedOsmBase):
79 def __init__(self, *args) -> NoReturn:
80 super().__init__(*args, oci_image="image")
81
82 self.kafka_client = KafkaClient(self, "kafka")
83 self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod)
84 self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod)
85
86 self.mongodb_client = MongoClient(self, "mongodb")
87 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
88 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
89
90 def _check_missing_dependencies(self, config: ConfigModel):
91 missing_relations = []
92
93 if self.kafka_client.is_missing_data_in_unit():
94 missing_relations.append("kafka")
95 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
96 missing_relations.append("mongodb")
97
98 if missing_relations:
99 raise RelationsMissing(missing_relations)
100
101 def build_pod_spec(self, image_info):
102 # Validate config
103 config = ConfigModel(**dict(self.config))
104
105 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
106 raise Exception("Mongodb data cannot be provided via config and relation")
107
108 # Check relations
109 self._check_missing_dependencies(config)
110
111 # Create Builder for the PodSpec
112 pod_spec_builder = PodSpecV3Builder(
113 enable_security_context=config.security_context
114 )
115
116 # Add secrets to the pod
117 mongodb_secret_name = f"{self.app.name}-mongodb-secret"
118 pod_spec_builder.add_secret(
119 mongodb_secret_name,
120 {
121 "uri": config.mongodb_uri or self.mongodb_client.connection_string,
122 "commonkey": config.database_commonkey,
123 },
124 )
125
126 # Build Container
127 container_builder = ContainerV3Builder(
128 self.app.name,
129 image_info,
130 config.image_pull_policy,
131 run_as_non_root=config.security_context,
132 )
133 container_builder.add_port(name=self.app.name, port=PORT)
134 container_builder.add_envs(
135 {
136 # General configuration
137 "ALLOW_ANONYMOUS_LOGIN": "yes",
138 "OSMPLA_GLOBAL_LOG_LEVEL": config.log_level,
139 # Kafka configuration
140 "OSMPLA_MESSAGE_DRIVER": "kafka",
141 "OSMPLA_MESSAGE_HOST": self.kafka_client.host,
142 "OSMPLA_MESSAGE_PORT": self.kafka_client.port,
143 # Database configuration
144 "OSMPLA_DATABASE_DRIVER": "mongo",
145 }
146 )
147
148 container_builder.add_secret_envs(
149 secret_name=mongodb_secret_name,
150 envs={
151 "OSMPLA_DATABASE_URI": "uri",
152 "OSMPLA_DATABASE_COMMONKEY": "commonkey",
153 },
154 )
155
156 container = container_builder.build()
157
158 # Add Pod restart policy
159 restart_policy = PodRestartPolicy()
160 restart_policy.add_secrets(secret_names=(mongodb_secret_name))
161 pod_spec_builder.set_restart_policy(restart_policy)
162
163 # Add container to pod spec
164 pod_spec_builder.add_container(container)
165
166 return pod_spec_builder.build()
167
168
169 if __name__ == "__main__":
170 main(PlaCharm)