projects / osm / devops.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add secret-management in Charmed OSM
[osm/devops.git] / installers / charm / pla / src / charm.py
1 #!/usr/bin/env python3
2 # Copyright 2021 Canonical Ltd.
3 #
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
7 #
8 # http://www.apache.org/licenses/LICENSE-2.0
9 #
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
14 # under the License.
15 #
16 # For those usages not covered by the Apache License, Version 2.0 please
17 # contact: legal@canonical.com
18 #
19 # To get in touch with the maintainers, please contact:
20 # osm-charmers@lists.launchpad.net
21 ##
22
23 # pylint: disable=E0213
24
25
26 import logging
27 from typing import NoReturn, Optional
28
29 from ops.main import main
30 from opslib.osm.charm import CharmedOsmBase, RelationsMissing
31 from opslib.osm.interfaces.kafka import KafkaClient
32 from opslib.osm.interfaces.mongo import MongoClient
33 from opslib.osm.pod import (
34 ContainerV3Builder,
35 PodRestartPolicy,
36 PodSpecV3Builder,
37 )
38 from opslib.osm.validator import ModelValidator, validator
39
40
41 logger = logging.getLogger(__name__)
42
43 PORT = 9999
44
45
46 class ConfigModel(ModelValidator):
47 database_commonkey: str
48 mongodb_uri: Optional[str]
49 log_level: str
50 image_pull_policy: str
51
52 @validator("log_level")
53 def validate_log_level(cls, v):
54 if v not in {"INFO", "DEBUG"}:
55 raise ValueError("value must be INFO or DEBUG")
56 return v
57
58 @validator("mongodb_uri")
59 def validate_mongodb_uri(cls, v):
60 if v and not v.startswith("mongodb://"):
61 raise ValueError("mongodb_uri is not properly formed")
62 return v
63
64 @validator("image_pull_policy")
65 def validate_image_pull_policy(cls, v):
66 values = {
67 "always": "Always",
68 "ifnotpresent": "IfNotPresent",
69 "never": "Never",
70 }
71 v = v.lower()
72 if v not in values.keys():
73 raise ValueError("value must be always, ifnotpresent or never")
74 return values[v]
75
76
77 class PlaCharm(CharmedOsmBase):
78 def __init__(self, *args) -> NoReturn:
79 super().__init__(*args, oci_image="image")
80
81 self.kafka_client = KafkaClient(self, "kafka")
82 self.framework.observe(self.on["kafka"].relation_changed, self.configure_pod)
83 self.framework.observe(self.on["kafka"].relation_broken, self.configure_pod)
84
85 self.mongodb_client = MongoClient(self, "mongodb")
86 self.framework.observe(self.on["mongodb"].relation_changed, self.configure_pod)
87 self.framework.observe(self.on["mongodb"].relation_broken, self.configure_pod)
88
89 def _check_missing_dependencies(self, config: ConfigModel):
90 missing_relations = []
91
92 if self.kafka_client.is_missing_data_in_unit():
93 missing_relations.append("kafka")
94 if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
95 missing_relations.append("mongodb")
96
97 if missing_relations:
98 raise RelationsMissing(missing_relations)
99
100 def build_pod_spec(self, image_info):
101 # Validate config
102 config = ConfigModel(**dict(self.config))
103
104 if config.mongodb_uri and not self.mongodb_client.is_missing_data_in_unit():
105 raise Exception("Mongodb data cannot be provided via config and relation")
106
107 # Check relations
108 self._check_missing_dependencies(config)
109
110 # Create Builder for the PodSpec
111 pod_spec_builder = PodSpecV3Builder()
112
113 # Add secrets to the pod
114 mongodb_secret_name = f"{self.app.name}-mongodb-secret"
115 pod_spec_builder.add_secret(
116 mongodb_secret_name,
117 {
118 "uri": config.mongodb_uri or self.mongodb_client.connection_string,
119 "commonkey": config.database_commonkey,
120 },
121 )
122
123 # Build Container
124 container_builder = ContainerV3Builder(
125 self.app.name, image_info, config.image_pull_policy
126 )
127 container_builder.add_port(name=self.app.name, port=PORT)
128 container_builder.add_envs(
129 {
130 # General configuration
131 "ALLOW_ANONYMOUS_LOGIN": "yes",
132 "OSMPLA_GLOBAL_LOG_LEVEL": config.log_level,
133 # Kafka configuration
134 "OSMPLA_MESSAGE_DRIVER": "kafka",
135 "OSMPLA_MESSAGE_HOST": self.kafka_client.host,
136 "OSMPLA_MESSAGE_PORT": self.kafka_client.port,
137 # Database configuration
138 "OSMPLA_DATABASE_DRIVER": "mongo",
139 }
140 )
141
142 container_builder.add_secret_envs(
143 secret_name=mongodb_secret_name,
144 envs={
145 "OSMPLA_DATABASE_URI": "uri",
146 "OSMPLA_DATABASE_COMMONKEY": "commonkey",
147 },
148 )
149
150 container = container_builder.build()
151
152 # Add Pod restart policy
153 restart_policy = PodRestartPolicy()
154 restart_policy.add_secrets(secret_names=(mongodb_secret_name))
155 pod_spec_builder.set_restart_policy(restart_policy)
156
157 # Add container to pod spec
158 pod_spec_builder.add_container(container)
159
160 return pod_spec_builder.build()
161
162
163 if __name__ == "__main__":
164 main(PlaCharm)