+#!/usr/bin/env python3
+# Copyright 2020 Canonical Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import sys
+import logging
+import base64
+
+sys.path.append("lib")
+
+from ops.charm import CharmBase
+from ops.framework import StoredState, Object
+from ops.main import main
+from ops.model import (
+ ActiveStatus,
+ MaintenanceStatus,
+ BlockedStatus,
+ ModelError,
+ WaitingStatus,
+)
+
+from glob import glob
+from pathlib import Path
+from string import Template
+
+logger = logging.getLogger(__name__)
+
+
+class NGUICharm(CharmBase):
+ state = StoredState()
+
+ def __init__(self, framework, key):
+ super().__init__(framework, key)
+ self.state.set_default(spec=None)
+ self.state.set_default(nbi_host=None)
+ self.state.set_default(nbi_port=None)
+
+ # Observe Charm related events
+ self.framework.observe(self.on.config_changed, self.on_config_changed)
+ self.framework.observe(self.on.start, self.on_start)
+ self.framework.observe(self.on.upgrade_charm, self.on_upgrade_charm)
+ self.framework.observe(
+ self.on.nbi_relation_changed, self.on_nbi_relation_changed
+ )
+
+ # SSL Certificate path
+ self.ssl_folder = "/certs"
+ self.ssl_crt_name = "ssl_certificate.crt"
+ self.ssl_key_name = "ssl_certificate.key"
+
+ def _apply_spec(self):
+ # Only apply the spec if this unit is a leader.
+ unit = self.model.unit
+ if not unit.is_leader():
+ unit.status = ActiveStatus("ready")
+ return
+ if not self.state.nbi_host or not self.state.nbi_port:
+ unit.status = WaitingStatus("Waiting for NBI")
+ return
+ unit.status = MaintenanceStatus("Applying new pod spec")
+
+ new_spec = self.make_pod_spec()
+ if new_spec == self.state.spec:
+ unit.status = ActiveStatus("ready")
+ return
+ self.framework.model.pod.set_spec(new_spec)
+ self.state.spec = new_spec
+ unit.status = ActiveStatus("ready")
+
+ def make_pod_spec(self):
+ config = self.framework.model.config
+
+ config_spec = {
+ "http_port": config["port"],
+ "https_port": config["https_port"],
+ "server_name": config["server_name"],
+ "client_max_body_size": config["client_max_body_size"],
+ "nbi_host": self.state.nbi_host or config["nbi_host"],
+ "nbi_port": self.state.nbi_port or config["nbi_port"],
+ "ssl_crt": "",
+ "ssl_crt_key": "",
+ }
+
+ ssl_certificate = None
+ ssl_certificate_key = None
+ ssl_enabled = False
+
+ if "ssl_certificate" in config and "ssl_certificate_key" in config:
+ # Get bytes of cert and key
+ cert_b = base64.b64decode(config["ssl_certificate"])
+ key_b = base64.b64decode(config["ssl_certificate_key"])
+ # Decode key and cert
+ ssl_certificate = cert_b.decode("utf-8")
+ ssl_certificate_key = key_b.decode("utf-8")
+ # Get paths
+ cert_path = "{}/{}".format(self.ssl_folder, self.ssl_crt_name)
+ key_path = "{}/{}".format(self.ssl_folder, self.ssl_key_name)
+
+ config_spec["port"] = "{} ssl".format(config["https_port"])
+ config_spec["ssl_crt"] = "ssl_certificate {};".format(cert_path)
+ config_spec["ssl_crt_key"] = "ssl_certificate_key {};".format(key_path)
+ ssl_enabled = True
+ else:
+ config_spec["ssl_crt"] = ""
+ config_spec["ssl_crt_key"] = ""
+
+ files = [
+ {
+ "name": "configuration",
+ "mountPath": "/etc/nginx/sites-available/",
+ "files": {
+ Path(filename)
+ .name: Template(Path(filename).read_text())
+ .substitute(config_spec)
+ for filename in glob("files/*")
+ },
+ }
+ ]
+ port = config["https_port"] if ssl_enabled else config["port"]
+ ports = [
+ {"name": "port", "containerPort": port, "protocol": "TCP", },
+ ]
+
+ kubernetes = {
+ "readinessProbe": {
+ "tcpSocket": {"port": port},
+ "timeoutSeconds": 5,
+ "periodSeconds": 5,
+ "initialDelaySeconds": 10,
+ },
+ "livenessProbe": {
+ "tcpSocket": {"port": port},
+ "timeoutSeconds": 5,
+ "initialDelaySeconds": 45,
+ },
+ }
+
+ if ssl_certificate and ssl_certificate_key:
+ files.append(
+ {
+ "name": "ssl",
+ "mountPath": self.ssl_folder,
+ "files": {
+ self.ssl_crt_name: ssl_certificate,
+ self.ssl_key_name: ssl_certificate_key,
+ },
+ }
+ )
+ logger.debug(files)
+ spec = {
+ "version": 2,
+ "containers": [
+ {
+ "name": self.framework.model.app.name,
+ "image": "{}".format(config["image"]),
+ "ports": ports,
+ "kubernetes": kubernetes,
+ "files": files,
+ }
+ ],
+ }
+
+ return spec
+
+ def on_config_changed(self, event):
+ """Handle changes in configuration"""
+ self._apply_spec()
+
+ def on_start(self, event):
+ """Called when the charm is being installed"""
+ self._apply_spec()
+
+ def on_upgrade_charm(self, event):
+ """Upgrade the charm."""
+ unit = self.model.unit
+ unit.status = MaintenanceStatus("Upgrading charm")
+ self.on_start(event)
+
+ def on_nbi_relation_changed(self, event):
+ unit = self.model.unit
+ if not unit.is_leader():
+ return
+ self.state.nbi_host = event.relation.data[event.unit].get("host")
+ self.state.nbi_port = event.relation.data[event.unit].get("port")
+ self._apply_spec()
+
+
+if __name__ == "__main__":
+ main(NGUICharm)