Adding security_context flag to charms

[osm/devops.git] / installers / charm / nbi / src / charm.py

diff --git a/installers/charm/nbi/src/charm.py b/installers/charm/nbi/src/charm.py
index a47f618..f9088ab 100755 (executable)
--- a/installers/charm/nbi/src/charm.py
+++ b/installers/charm/nbi/src/charm.py
@@ -63,6 +63,8 @@ class ConfigModel(ModelValidator):
     tls_secret_name: Optional[str]
     mongodb_uri: Optional[str]
     image_pull_policy: str
+    debug_mode: bool
+    security_context: bool
 
     @validator("auth_backend")
     def validate_auth_backend(cls, v):
@@ -183,8 +185,14 @@ class NbiCharm(CharmedOsmBase):
         # Check relations
         self._check_missing_dependencies(config)
 
+        security_context_enabled = (
+            config.security_context if not config.debug_mode else False
+        )
+
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=security_context_enabled
+        )
 
         # Add secrets to the pod
         mongodb_secret_name = f"{self.app.name}-mongodb-secret"
@@ -211,7 +219,10 @@ class NbiCharm(CharmedOsmBase):
 
         # Build Container
         container_builder = ContainerV3Builder(
-            self.app.name, image_info, config.image_pull_policy
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=security_context_enabled,
         )
         container_builder.add_port(name=self.app.name, port=PORT)
         container_builder.add_tcpsocket_readiness_probe(