(charmed-osm) Add auth to prometheus and update kafka/zk

[osm/devops.git] / installers / charm / ro / src / charm.py

diff --git a/installers/charm/ro/src/charm.py b/installers/charm/ro/src/charm.py
index 3b6b7e2..67ba518 100755 (executable)
--- a/installers/charm/ro/src/charm.py
+++ b/installers/charm/ro/src/charm.py
@@ -79,6 +79,8 @@ class ConfigModel(ModelValidator):
     openmano_tenant: str
     certificates: Optional[str]
     image_pull_policy: str
+    debug_mode: bool
+    security_context: bool
 
     @validator("log_level")
     def validate_log_level(cls, v):
@@ -166,7 +168,10 @@ class RoCharm(CharmedOsmBase):
         missing_relations = []
 
         if config.enable_ng_ro:
-            if self.kafka_client.is_missing_data_in_unit():
+            if (
+                self.kafka_client.is_missing_data_in_unit()
+                and self.kafka_client.is_missing_data_in_app()
+            ):
                 missing_relations.append("kafka")
             if not config.mongodb_uri and self.mongodb_client.is_missing_data_in_unit():
                 missing_relations.append("mongodb")
@@ -216,12 +221,21 @@ class RoCharm(CharmedOsmBase):
         # Check relations
         self._check_missing_dependencies(config)
 
+        security_context_enabled = (
+            config.security_context if not config.debug_mode else False
+        )
+
         # Create Builder for the PodSpec
-        pod_spec_builder = PodSpecV3Builder()
+        pod_spec_builder = PodSpecV3Builder(
+            enable_security_context=security_context_enabled
+        )
 
         # Build Container
         container_builder = ContainerV3Builder(
-            self.app.name, image_info, config.image_pull_policy
+            self.app.name,
+            image_info,
+            config.image_pull_policy,
+            run_as_non_root=security_context_enabled,
         )
         certs_files = self._build_cert_files(config)