projects / osm / devops.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Adding security_context flag to charms
[osm/devops.git] / installers / charm / keystone / src / charm.py
diff --git a/installers/charm/keystone/src/charm.py b/installers/charm/keystone/src/charm.py
index 808af3b..4560ff5 100755 (executable)
--- a/installers/charm/keystone/src/charm.py
+++ b/installers/charm/keystone/src/charm.py
@@ -86,6 +86,7 @@ class ConfigModel(ModelValidator):
     mysql_port: Optional[int]
     mysql_root_password: Optional[str]
     image_pull_policy: str
+    security_context: bool
 
     @validator("max_file_size")
     def validate_max_file_size(cls, v):
@@ -266,9 +267,14 @@ class KeystoneCharm(CharmedOsmBase):
         self._check_missing_dependencies(config, external_db)
 
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=config.security_context
+        )
         container_builder = ContainerV3Builder(
-            self.app.name, image_info, config.image_pull_policy
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=config.security_context,
         )
 
         # Build files